Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump the docker-dependencies group with 2 updates #336

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 12, 2024

Bumps the docker-dependencies group with 2 updates: github.com/docker/cli and github.com/docker/docker.

Updates github.com/docker/cli from 24.0.7+incompatible to 26.0.1+incompatible

Commits
  • d260a54 Merge pull request #5007 from vvoland/vendor-docker
  • 3369ffe vendor: github.com/docker/docker v26.0.1-dev (60b9add796ae)
  • 3cf84fb Merge pull request #5006 from vvoland/v26.0-5005
  • b1b03b3 cli-bin/windows: Add .exe extension
  • 57d2fbb Merge pull request #4999 from thaJeztah/26.0_backport_bump_x_net
  • c33cc92 vendor: golang.org/x/net v0.23.0
  • 156e20c vendor: golang.org/x/net v0.22.0, golang.org/x/crypto v0.21.0
  • 7522a62 vendor: golang.org/x/term v0.18.0
  • 073e4e8 vendor: golang.org/x/sys v0.18.0
  • 6d46ff7 Merge pull request #4987 from vvoland/v26.0-4986
  • Additional commits viewable in compare view

Updates github.com/docker/docker from 24.0.7+incompatible to 26.0.1+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v26.0.1

26.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Fix a regression that meant network interface specific --sysctl options prevented container startup. moby/moby#47646
  • Remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47694
  • containerd image store: OCI archives produced by docker save will now have a non-empty mediaType field in index.json moby/moby#47701
  • Fix a regression that prevented the internal resolver from forwarding requests from IPvlan L3 networks to external resolvers. moby/moby#47705
  • Prevent the use of external resolvers in IPvlan and Macvlan networks created with no parent interface specified. moby/moby#47705

Packaging updates

v26.0.0

26.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for [CVE-2024-29018], a potential data exfiltration from 'internal' networks via authoritative DNS servers.

New

  • Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume. moby/moby#45687
  • Add volume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>). docker/cli#4331
  • Accept = separators and [ipv6] in compose files for docker stack deploy. docker/cli#4860
  • rootless: Add support for enabling host loopback by setting the DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable to false (defaults to true). This lets containers connect to the host by using IP address 10.0.2.2. moby/moby#47352
  • containerd image store: docker image ls no longer creates duplicates entries for multi-platform images. moby/moby#45967
  • containerd image store: Send Prometheus metrics. moby/moby#47555

Bug fixes and enhancements

  • [CVE-2024-29018]: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
  • Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47233

... (truncated)

Commits
  • 60b9add Merge pull request #47705 from robmry/backport-26.0/47662_ipvlan_l3_dns
  • 8ad7f86 Run ipvlan tests even if 'modprobe ipvlan' fails
  • dc27552 Stop macvlan with no parent from using ext-dns
  • 7b570f0 Enable DNS proxying for ipvlan-l3
  • 8cdcc4f Move dummy DNS server to integration/internal/network
  • ed752f6 Merge pull request #47701 from vvoland/v26.0-47691
  • 9db1b6f Merge pull request #47702 from vvoland/v26.0-47647
  • 6261281 Merge pull request #47700 from vvoland/v26.0-47673
  • 90355e5 Merge pull request #47696 from vvoland/v26.0-47658
  • 72615b1 github/ci: Check if backport is opened against the expected branch
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the docker-dependencies group with 2 updates: [github.com/docker/cli](https://github.com/docker/cli) and [github.com/docker/docker](https://github.com/docker/docker).


Updates `github.com/docker/cli` from 24.0.7+incompatible to 26.0.1+incompatible
- [Commits](docker/cli@v24.0.7...v26.0.1)

Updates `github.com/docker/docker` from 24.0.7+incompatible to 26.0.1+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v24.0.7...v26.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: docker-dependencies
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: docker-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/docker-dependencies-48cdbfb615 branch from 8f11d6b to 9ea0c3f Compare April 15, 2024 06:19
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 19, 2024

Superseded by #338.

@dependabot dependabot bot closed this Apr 19, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/docker-dependencies-48cdbfb615 branch April 19, 2024 06:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants