Bump the go_modules group group in /backend with 4 updates

[dependabot]

Bumps the go_modules group group in /backend with 4 updates: github.com/docker/docker, golang.org/x/crypto, golang.org/x/net and google.golang.org/grpc.

Updates github.com/docker/docker from 20.10.14+incompatible to 20.10.27+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v20.10.27

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 20.10.27 milestone
• moby/moby, 20.10.27 milestone

Bug Fixes and Enhancements

• Fix dockerd-rootless-setuptools.sh when user name contains a backslash. moby/moby#46424
• Add IP_NF_MANGLE to check-config.sh to the "generally required" list in check-config.sh because it is required by Swarm. moby/moby#46674
• Fix a deadlock in libnetwork which could prevent containers from starting. moby/moby#46693
• Write overlay2 layer metadata atomically. moby/moby#46705
• Support building with Go 1.20. moby/moby#46694 moby/moby#46695 moby/moby#46696

Packaging Updates

• Update to go1.20.10, golang/org/x/net v0.17.0. moby/moby#46692

Security

• Deny containers access to /sys/devices/virtual/powercap by default. This change hardens against CVE-2020-8694, CVE-2020-8695, and CVE-2020-12912, and an attack known as the PLATYPUS attack. For more details, see advisory, commit.

v20.10.26

20.10.26

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 20.10.26 milestone
• moby/moby, 20.10.26 milestone

Bug Fixes and Enhancements

• Support filesystems which do not support extended file attributes with the VFS graph driver. moby/moby#45466
• Fix AppArmor profile docker-default /proc/sys rule. moby/moby#45716
• seccomp: always allow name_to_handle_at(2). moby/moby#45835
• Fix an issue which prevented volumes mounted to a live-restored container from being removed. moby/moby#45840
• client: resolve an incompatibility with Go 1.20.6, Go 1.20.7, Go 1.19.11 and Go 1.19.12. moby/moby#45972
• windows: fix --register-service when executed from within binary directory. moby/moby#46217

Packaging Updates

• Update Go to 1.19.12. moby/moby#46142
• Update containerd to v1.6.22. moby/moby#46105
• Update runc to v1.1.8. moby/moby#46031
• Delete Upstart init scripts and clean up sysvinit. moby/moby#46047

v20.10.25

Bug fixes and enhancements

• Fix log loss with the AWSLogs log driver moby/moby#45349

... (truncated)

Commits

• 81ebe71 Merge pull request from GHSA-jq35-85cj-fj4p
• fb63665 Merge pull request #46705 from thaJeztah/20.10_backport_atomic-layer-data-write
• b967d89 Merge pull request #46692 from corhere/backport-20.10/update-x-net-v0.17
• 2c22bd5 vendor: golang.org/x/net v0.17.0
• d862c21 Update to go1.20.10
• cb47414 Merge pull request #46696 from corhere/backport-20.10/go1.20-enablement
• ea4eb73 Merge pull request #46695 from corhere/backport-20.10/safer-fileinfo
• 6c523aa hack: fix suppressing Xattrs lint errors
• 31b8374 pkg/archive: audit gosec file-traversal lints
• 8e44855 Remove local fork of archive/tar package
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.1.0 to 0.17.0

Commits

• 9d2ee97 ssh: implement strict KEX protocol changes
• 4e5a261 ssh: close net.Conn on all NewServerConn errors
• 152cdb1 x509roots/fallback: update bundle
• fdfe1f8 ssh: defer channel window adjustment
• b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
• 7e6fbd8 ssh: wrap errors from client handshake
• bda2f3f argon2: avoid clobbering BP
• 325b735 ssh/test: skip TestSSHCLIAuth on Windows
• 1eadac5 go.mod: update golang.org/x dependencies
• b2d7c26 ssh: add (*Client).DialContext method
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.2.0 to 0.10.0

Commits

• daac0ce go.mod: update golang.org/x dependencies
• 82780d6 http2: don't reuse connections that are experiencing errors
• 0bfab66 ipv4, ipv6: drop redundant skip checks based on GOOS
• 938ff15 ipv4, ipv6, nettest: skip unsupported tests on wasip1
• eb1572c html: another shot at security doc
• 9001ca7 nettest: re-enable unixpacket tests on netbsd/386
• 3d5a8ee internal/socks: permit authenticating with an empty password
• 694cff8 go.mod: update golang.org/x dependencies
• 6960703 http2: log the correct error when retrying in (*Transport).RoundTripOpt
• 9f24bb4 http2: properly discard data received after request/response body is closed
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.43.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

• server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

  In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

• client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

• client: support channel idleness using WithIdleTimeout dial option (#6263)
  • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
• client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
• xds: Add support for Custom LB Policies (gRFC A52) (#6224)
• xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
• client: add support for pickfirst address shuffling (gRFC A62) (#6311)
• xds: Add support for String Matcher Header Matcher in RDS (#6313)
• xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • Special Thanks: @​s-matyukevich
• xds: enable RLS in xDS by default (#6343)
• orca: add support for application_utilization field and missing range checks on several metrics setters
• balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
• authz: add conversion of json to RBAC Audit Logging config (#6192)
• authz: add support for stdout logger (#6230 and #6298)
• authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

• orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
• xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
• xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

• orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

• xds: enable federation support by default (#6151)
• status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

• 1055b48 Update version.go to 1.56.3 (#6713)
• 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
• bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
• faab873 Update version.go to v1.56.2 (#6432)
• 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
• ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
• cd6a794 Update version.go to v1.56.2-dev (#6387)
• 5b67e5e Update version.go to v1.56.1 (#6386)
• d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
• 997c1ea Change version to 1.56.1-dev (#6345)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #396.