From cfc52552a465e4421be4655521c166f9b85d0dd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Ells=C3=A4sser?= Date: Mon, 11 May 2026 20:40:16 +0200 Subject: [PATCH 01/10] Update image tags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Wolfgang Ellsässer --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6c2c317..33811ff 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # socket-proxy ## Latest image -- `wollomatic/socket-proxy:1.12.0` / `ghcr.io/wollomatic/socket-proxy:1.12.0` +- `wollomatic/socket-proxy:1.12.1` / `ghcr.io/wollomatic/socket-proxy:1.12.1` - `wollomatic/socket-proxy:1` / `ghcr.io/wollomatic/socket-proxy:1` > [!IMPORTANT] From faf043b144a3ddaa786e460dd0cd4adfccaa6051 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 May 2026 07:29:20 +0000 Subject: [PATCH 02/10] Bump step-security/harden-runner from 2.19.1 to 2.19.3 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.1 to 2.19.3. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...ab7a9404c0f3da075243ca237b5fac12c98deaa5) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 0aa79fb..632ecef 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit From 330dd2084d009692faaffead022b8db791aec49c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 May 2026 07:11:07 +0000 Subject: [PATCH 03/10] Bump docker/build-push-action from 7.1.0 to 7.2.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 7.1.0 to 7.2.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/bcafcacb16a39f128d818304e6c9c0c18556b85f...f9f3042f7e2789586610d6e8b85c8f03e5195baf) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-image-release.yaml | 4 ++-- .github/workflows/docker-image-testing.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker-image-release.yaml b/.github/workflows/docker-image-release.yaml index 448faf1..e659c17 100644 --- a/.github/workflows/docker-image-release.yaml +++ b/.github/workflows/docker-image-release.yaml @@ -58,7 +58,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push Docker Hub image - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 id: push-dockerhub with: context: . @@ -76,7 +76,7 @@ jobs: COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} - name: Build and push GHCR image - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 id: push-ghcr with: context: . diff --git a/.github/workflows/docker-image-testing.yaml b/.github/workflows/docker-image-testing.yaml index 1d3e655..e37be9e 100644 --- a/.github/workflows/docker-image-testing.yaml +++ b/.github/workflows/docker-image-testing.yaml @@ -56,7 +56,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push image to Docker Hub and GHCR - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 id: push-all with: context: . @@ -70,7 +70,7 @@ jobs: ghcr.io/wollomatic/socket-proxy:testing-${{ github.sha }} # - name: Build and push Docker Hub image -# uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 +# uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 # id: push-dockerhub # with: # context: . @@ -88,7 +88,7 @@ jobs: # COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} # # - name: Build and push GHCR image -# uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 +# uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 # id: push-ghcr # with: # context: . From e95f9520bd191c5cfac5beb54f0b07cb138cd014 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 May 2026 07:11:10 +0000 Subject: [PATCH 04/10] Bump step-security/harden-runner from 2.19.3 to 2.19.4 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.3 to 2.19.4. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/ab7a9404c0f3da075243ca237b5fac12c98deaa5...9af89fc71515a100421586dfdb3dc9c984fbf411) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 632ecef..43b538f 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit From 93540e336a1d859fb73f4d2d9d525be7783f89a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 May 2026 07:11:14 +0000 Subject: [PATCH 05/10] Bump docker/setup-buildx-action from 4.0.0 to 4.1.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-image-release.yaml | 2 +- .github/workflows/docker-image-testing.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-image-release.yaml b/.github/workflows/docker-image-release.yaml index 448faf1..eb43157 100644 --- a/.github/workflows/docker-image-release.yaml +++ b/.github/workflows/docker-image-release.yaml @@ -42,7 +42,7 @@ jobs: cosign-release: 'v2.6.1' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Login to Docker Hub uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 diff --git a/.github/workflows/docker-image-testing.yaml b/.github/workflows/docker-image-testing.yaml index 1d3e655..64ec33b 100644 --- a/.github/workflows/docker-image-testing.yaml +++ b/.github/workflows/docker-image-testing.yaml @@ -40,7 +40,7 @@ jobs: # cosign-release: 'v2.6.0' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Login to Docker Hub uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 From cb1eaedad9b0704931099abd03470001c2086fbd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 19:34:14 +0000 Subject: [PATCH 06/10] Bump docker/login-action from 4.1.0 to 4.2.0 Bumps [docker/login-action](https://github.com/docker/login-action) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-image-release.yaml | 4 ++-- .github/workflows/docker-image-testing.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-image-release.yaml b/.github/workflows/docker-image-release.yaml index d75980c..bc6ebd4 100644 --- a/.github/workflows/docker-image-release.yaml +++ b/.github/workflows/docker-image-release.yaml @@ -45,13 +45,13 @@ jobs: uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Login to Docker Hub - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/docker-image-testing.yaml b/.github/workflows/docker-image-testing.yaml index 661c3bb..be65937 100644 --- a/.github/workflows/docker-image-testing.yaml +++ b/.github/workflows/docker-image-testing.yaml @@ -43,13 +43,13 @@ jobs: uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Login to Docker Hub - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} From 65632af8728b0219df5ea67289cb15c4556137c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Ells=C3=A4sser?= Date: Thu, 4 Jun 2026 17:33:57 +0200 Subject: [PATCH 07/10] add wollomatic/socket-proxy-configurator hint, remove old news about GHCR registry MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Wolfgang Ellsässer --- README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 33811ff..16005c1 100644 --- a/README.md +++ b/README.md @@ -25,9 +25,6 @@ The allowlist is configured for each HTTP method separately using the Go regexp The source code is available on [GitHub: wollomatic/socket-proxy](https://github.com/wollomatic/socket-proxy) -> [!NOTE] -> Starting with version 1.6.0, the socket-proxy container image is also available on GHCR. - ## Getting Started Some examples can be found in the [wiki](https://github.com/wollomatic/socket-proxy/wiki) and in the `examples` directory of the repo. @@ -49,6 +46,15 @@ There may be an additional docker image with the `testing`-tag. This image is on Every socket-proxy release image is signed with Cosign. The public key is available on [GitHub: wollomatic/socket-proxy/main/cosign.pub](https://raw.githubusercontent.com/wollomatic/socket-proxy/main/cosign.pub) and [https://wollomatic.de/socket-proxy/cosign.pub](https://wollomatic.de/socket-proxy/cosign.pub). For more information, please refer to the [Security Policy](https://github.com/wollomatic/socket-proxy/blob/main/SECURITY.md). As of version 1.6, all multi-arch images are signed. +### Migrating from other Docker socket proxies + +> [!TIP] +> If you are coming from `tecnativa/docker-socket-proxy` or `linuxserver/docker-socket-proxy`, configuring a regular expression allowlist may seem more complex at first. +> +> To simplify migration, you can use the [Socket Proxy Configuration Converter](https://socket-proxy-configurator.wollomatic.dev/). The tool runs entirely in your browser and converts existing `docker-socket-proxy` environment variable configurations into equivalent regular expression allowlists for `wollomatic/socket-proxy`. +> +> The converter is fully open source. Its source code is available at [wollomatic/socket-proxy-configurator](https://github.com/wollomatic/socket-proxy-configurator). + ### Allowing access Because of the secure-by-default design, you need to allow every access explicitly. From 186fbf7a0e1ddfc4f61465c14d2b1bb9c06e23dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jun 2026 05:23:34 +0000 Subject: [PATCH 08/10] Bump golang from 1.26.3-alpine3.23 to 1.26.4-alpine3.23 Bumps golang from 1.26.3-alpine3.23 to 1.26.4-alpine3.23. --- updated-dependencies: - dependency-name: golang dependency-version: 1.26.4-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e867961..370fe90 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1 -FROM --platform=$BUILDPLATFORM golang:1.26.3-alpine3.23@sha256:91eda9776261207ea25fd06b5b7fed8d397dd2c0a283e77f2ab6e91bfa71079d AS build +FROM --platform=$BUILDPLATFORM golang:1.26.4-alpine3.23@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS build WORKDIR /application COPY . ./ ARG TARGETOS From efb561a5aa24bd5862e199b82ee802200259f256 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jun 2026 05:23:36 +0000 Subject: [PATCH 09/10] Bump actions/checkout from 6.0.2 to 6.0.3 Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-review.yml | 2 +- .github/workflows/docker-image-release.yaml | 2 +- .github/workflows/docker-image-testing.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 43b538f..5aed537 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -22,6 +22,6 @@ jobs: egress-policy: audit - name: 'Checkout Repository' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: 'Dependency Review' uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 diff --git a/.github/workflows/docker-image-release.yaml b/.github/workflows/docker-image-release.yaml index bc6ebd4..8263b15 100644 --- a/.github/workflows/docker-image-release.yaml +++ b/.github/workflows/docker-image-release.yaml @@ -17,7 +17,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 diff --git a/.github/workflows/docker-image-testing.yaml b/.github/workflows/docker-image-testing.yaml index be65937..64783bb 100644 --- a/.github/workflows/docker-image-testing.yaml +++ b/.github/workflows/docker-image-testing.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 From 730fea8c84a340731da6f1256e6b7407b4f12f68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20Ells=C3=A4sser?= Date: Tue, 9 Jun 2026 10:15:26 +0200 Subject: [PATCH 10/10] prepare 1.12.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Wolfgang Ellsässer --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 16005c1..a892439 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # socket-proxy ## Latest image -- `wollomatic/socket-proxy:1.12.1` / `ghcr.io/wollomatic/socket-proxy:1.12.1` +- `wollomatic/socket-proxy:1.12.2` / `ghcr.io/wollomatic/socket-proxy:1.12.2` - `wollomatic/socket-proxy:1` / `ghcr.io/wollomatic/socket-proxy:1` > [!IMPORTANT]