Merge branch 'v3' into rebase-374

.github/ISSUE_TEMPLATE/BUG-REPORT.yml

@@ -28,7 +28,7 @@ body:
             "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
             "I am signed up to the [Ory Security Patch
-            Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
+            Newsletter](https://www.ory.sh/l/sign-up-newsletter)."
     id: checklist
     type: checkboxes
   - attributes:

.github/ISSUE_TEMPLATE/DESIGN-DOC.yml

@@ -39,7 +39,7 @@ body:
             "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
             "I am signed up to the [Ory Security Patch
-            Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
+            Newsletter](https://www.ory.sh/l/sign-up-newsletter)."
     id: checklist
     type: checkboxes
   - attributes:

.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml

@@ -32,7 +32,7 @@ body:
             "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
             "I am signed up to the [Ory Security Patch
-            Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
+            Newsletter](https://www.ory.sh/l/sign-up-newsletter)."
     id: checklist
     type: checkboxes
   - attributes:

.github/workflows/cve-scanner.yaml

@@ -0,0 +1,44 @@
+name: Go Source Scanners
+on:
+  push:
+    branches:
+      - "master"
+      - "v*.*.*"
+      - "v*"
+    tags:
+      - "v*.*.*"
+  pull_request:
+    branches:
+      - "master"
+      - "v*.*.*"
+      - "v*"
+
+jobs:
+  scanners:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Env
+        id: vars
+        shell: bash
+        run: |
+          echo "SHA_SHORT=$(git rev-parse --short HEAD)" >> "${GITHUB_ENV}"
+      - name: Run Gosec Security Scanner
+        continue-on-error: true
+        uses: securego/gosec@master
+        with:
+          args: ./...
+      - name: Run Govulncheck Scanner
+        continue-on-error: true
+        uses: golang/govulncheck-action@v1
+        with:
+          go-package: ./...
+          go-version-input: "1.22"
+      - name: Run Trivy vulnerability scanner in repo mode
+        continue-on-error: true
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: "fs"
+          ignore-unfixed: true
+          format: "json"

.github/workflows/format.yml

@@ -9,9 +9,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
-          go-version: "1.21"
+          go-version: 1.22
       - run: make format
       - name: Indicate formatting issues
         run: git diff HEAD --exit-code --color

.github/workflows/licenses.yml

@@ -1,3 +1,6 @@
+# AUTO-GENERATED, DO NOT EDIT!
+# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/licenses.yml
+
 name: Licenses
 
 on:
@@ -8,14 +11,24 @@ on:
       - master
 
 jobs:
-  check:
+  licenses:
+    name: License compliance
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - name: Install script
+        uses: ory/ci/licenses/setup@master
         with:
-          go-version: "1.21"
-      - uses: actions/[email protected]
+          token: ${{ secrets.ORY_BOT_PAT || secrets.GITHUB_TOKEN }}
+      - name: Check licenses
+        uses: ory/ci/licenses/check@master
+      - name: Write, commit, push licenses
+        uses: ory/ci/licenses/write@master
+        if:
+          ${{ github.ref == 'refs/heads/main' || github.ref ==
+          'refs/heads/master' }}
         with:
-          node-version: "18"
-      - run: make licenses
+          author-email:
+            ${{ secrets.ORY_BOT_PAT &&
+            '[email protected]' ||
+            format('{0}@users.noreply.github.com', github.actor) }}
+          author-name: ${{ secrets.ORY_BOT_PAT && 'ory-bot' || github.actor }}

.github/workflows/test.yml

@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
-          go-version: "1.21"
+          go-version: "1.22"
       - run: make test
       - name: WriteGoList
         run: go list -json -deps ./... > go.list

CONTRIBUTING.md

@@ -67,7 +67,7 @@ or the [Ory Chat](https://www.ory.sh/chat).
   [a Contributors License Agreement?](https://cla-assistant.io/ory/dockertest)
 
 - I would like updates about new versions of Ory Dockertest.
-  [How are new releases announced?](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)
+  [How are new releases announced?](https://www.ory.sh/l/sign-up-newsletter)
 
 ## How can I contribute?
 
@@ -147,7 +147,9 @@ checklist to contribute an example:
 1. Add a descriptive prefix to commits. This ensures a uniform commit history
    and helps structure the changelog. Please refer to this
    [Convential Commits configuration](https://github.com/ory/dockertest/blob/master/.github/workflows/conventional_commits.yml)
-   for the list of accepted prefixes. You can read more about the Conventional Commit specification [at their site](https://www.conventionalcommits.org/en/v1.0.0/).
+   for the list of accepted prefixes. You can read more about the Conventional
+   Commit specification
+   [at their site](https://www.conventionalcommits.org/en/v1.0.0/).
 1. Create a `README.md` that explains how to use the example. (Use
    [the README template](https://github.com/ory/examples/blob/master/_common/README.md)).
 1. Open a pull request and maintainers will review and merge your example.
@@ -175,7 +177,9 @@ request, go through this checklist:
 1. Add a descriptive prefix to commits. This ensures a uniform commit history
    and helps structure the changelog. Please refer to this
    [Convential Commits configuration](https://github.com/ory/dockertest/blob/master/.github/workflows/conventional_commits.yml)
-   for the list of accepted prefixes. You can read more about the Conventional Commit specification [at their site](https://www.conventionalcommits.org/en/v1.0.0/).
+   for the list of accepted prefixes. You can read more about the Conventional
+   Commit specification
+   [at their site](https://www.conventionalcommits.org/en/v1.0.0/).
 
 If a pull request is not ready to be reviewed yet
 [it should be marked as a "Draft"](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request).

README.md

@@ -45,12 +45,6 @@ To install dockertest, run
 go get -u github.com/ory/dockertest/v3
 ```
 
-or
-
-```
-dep ensure -add github.com/ory/[email protected]
-```
-
 ### Using Dockertest
 
 ```go
@@ -100,14 +94,15 @@ func TestMain(m *testing.M) {
 		log.Fatalf("Could not connect to database: %s", err)
 	}
 
-	code := m.Run()
+	// as of go1.15 testing.M returns the exit code of m.Run(), so it is safe to use defer here
+    defer func() {
+      if err := pool.Purge(resource); err != nil {
+        log.Fatalf("Could not purge resource: %s", err)
+      }
 
-	// You can't defer this because os.Exit doesn't care for defer
-	if err := pool.Purge(resource); err != nil {
-		log.Fatalf("Could not purge resource: %s", err)
-	}
+    }()
 
-	os.Exit(code)
+	m.Run()
 }
 
 func TestSomething(t *testing.T) {

SECURITY.md

@@ -1,30 +1,56 @@
 <!-- AUTO-GENERATED, DO NOT EDIT! -->
 <!-- Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/SECURITY.md -->
 
-<!-- START doctoc generated TOC please keep comment here to allow auto update -->
-<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
-
-- [Security Policy](#security-policy)
-  - [Supported Versions](#supported-versions)
-  - [Reporting a Vulnerability](#reporting-a-vulnerability)
-
-<!-- END doctoc generated TOC please keep comment here to allow auto update -->
-
-# Security Policy
-
-## Supported Versions
-
-We release patches for security vulnerabilities. Which versions are eligible for
-receiving such patches depends on the CVSS v3.0 Rating:
-
-| CVSS v3.0 | Supported Versions                        |
-| --------- | ----------------------------------------- |
-| 9.0-10.0  | Releases within the previous three months |
-| 4.0-8.9   | Most recent release                       |
+# Ory Security Policy
+
+This policy outlines Ory's security commitments and practices for users across
+different licensing and deployment models.
+
+To learn more about Ory's security service level agreements (SLAs) and
+processes, please [contact us](https://www.ory.sh/contact/).
+
+## Ory Network Users
+
+- **Security SLA:** Ory addresses vulnerabilities in the Ory Network according
+  to the following guidelines:
+  - Critical: Typically addressed within 14 days.
+  - High: Typically addressed within 30 days.
+  - Medium: Typically addressed within 90 days.
+  - Low: Typically addressed within 180 days.
+  - Informational: Addressed as necessary.  
+    These timelines are targets and may vary based on specific circumstances.
+- **Release Schedule:** Updates are deployed to the Ory Network as
+  vulnerabilities are resolved.
+- **Version Support:** The Ory Network always runs the latest version, ensuring
+  up-to-date security fixes.
+
+## Ory Enterprise License Customers
+
+- **Security SLA:** Ory addresses vulnerabilities based on their severity:
+  - Critical: Typically addressed within 14 days.
+  - High: Typically addressed within 30 days.
+  - Medium: Typically addressed within 90 days.
+  - Low: Typically addressed within 180 days.
+  - Informational: Addressed as necessary.  
+    These timelines are targets and may vary based on specific circumstances.
+- **Release Schedule:** Updates are made available as vulnerabilities are
+  resolved. Ory works closely with enterprise customers to ensure timely updates
+  that align with their operational needs.
+- **Version Support:** Ory may provide security support for multiple versions,
+  depending on the terms of the enterprise agreement.
+
+## Apache 2.0 License Users
+
+- **Security SLA:** Ory does not provide a formal SLA for security issues under
+  the Apache 2.0 License.
+- **Release Schedule:** Releases prioritize new functionality and include fixes
+  for known security vulnerabilities at the time of release. While major
+  releases typically occur one to two times per year, Ory does not guarantee a
+  fixed release schedule.
+- **Version Support:** Security patches are only provided for the latest release
+  version.
 
 ## Reporting a Vulnerability
 
-Please report (suspected) security vulnerabilities to
-**[[email protected]](mailto:[email protected])**. You will receive a response from
-us within 48 hours. If the issue is confirmed, we will release a patch as soon
-as possible depending on complexity but historically within a few days.
+For details on how to report security vulnerabilities, visit our
+[security policy documentation](https://www.ory.sh/docs/ecosystem/security).

docker/README.markdown

@@ -111,15 +111,6 @@ Running `make test` will check all of these. If your editor does not
 automatically call `gofmt -s`, `make fmt` will format all go files in this
 repository.
 
-## Vendoring
-
-go-dockerclient uses [dep](https://github.com/golang/dep/) for vendoring. If
-you're using dep, you should be able to pick go-dockerclient releases and get
-the proper dependencies.
-
-With other vendoring tools, users might need to specify go-dockerclient's
-dependencies manually.
-
 ## Using with Docker 1.9 and Go 1.4
 
 There's a tag for using go-dockerclient with Docker 1.9 (which requires