Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump github.com/docker/docker from 25.0.5+incompatible to 26.0.1+incompatible #2130

Closed
wants to merge 12 commits into from
Closed

build(deps): bump github.com/docker/docker from 25.0.5+incompatible to 26.0.1+incompatible #2130

wants to merge 12 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 17, 2024

Bumps github.com/docker/docker from 25.0.5+incompatible to 26.0.1+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v26.0.1

26.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Fix a regression that meant network interface specific --sysctl options prevented container startup. moby/moby#47646
  • Remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47694
  • containerd image store: OCI archives produced by docker save will now have a non-empty mediaType field in index.json moby/moby#47701
  • Fix a regression that prevented the internal resolver from forwarding requests from IPvlan L3 networks to external resolvers. moby/moby#47705
  • Prevent the use of external resolvers in IPvlan and Macvlan networks created with no parent interface specified. moby/moby#47705

Packaging updates

v26.0.0

26.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for [CVE-2024-29018], a potential data exfiltration from 'internal' networks via authoritative DNS servers.

New

  • Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume. moby/moby#45687
  • Add volume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>). docker/cli#4331
  • Accept = separators and [ipv6] in compose files for docker stack deploy. docker/cli#4860
  • rootless: Add support for enabling host loopback by setting the DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable to false (defaults to true). This lets containers connect to the host by using IP address 10.0.2.2. moby/moby#47352
  • containerd image store: docker image ls no longer creates duplicates entries for multi-platform images. moby/moby#45967
  • containerd image store: Send Prometheus metrics. moby/moby#47555

Bug fixes and enhancements

  • [CVE-2024-29018]: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
  • Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47233

... (truncated)

Commits
  • 60b9add Merge pull request #47705 from robmry/backport-26.0/47662_ipvlan_l3_dns
  • 8ad7f86 Run ipvlan tests even if 'modprobe ipvlan' fails
  • dc27552 Stop macvlan with no parent from using ext-dns
  • 7b570f0 Enable DNS proxying for ipvlan-l3
  • 8cdcc4f Move dummy DNS server to integration/internal/network
  • ed752f6 Merge pull request #47701 from vvoland/v26.0-47691
  • 9db1b6f Merge pull request #47702 from vvoland/v26.0-47647
  • 6261281 Merge pull request #47700 from vvoland/v26.0-47673
  • 90355e5 Merge pull request #47696 from vvoland/v26.0-47658
  • 72615b1 github/ci: Check if backport is opened against the expected branch
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump github.com/docker/docker
ad44b6d 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.5+incompatible to 26.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v25.0.5...v26.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested review from a team as code owners April 17, 2024 20:46
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code type/chore Issue that requests non-user facing changes. labels Apr 17, 2024
@dependabot
build(deps): bump github.com/docker/cli
f15a7d4 
Bumps [github.com/docker/cli](https://github.com/docker/cli) from 25.0.3+incompatible to 26.0.1+incompatible.
- [Commits](docker/cli@v25.0.3...v26.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot mentioned this pull request Apr 17, 2024
Closed
@github-actions github-actions bot added this to the 0.34.0 milestone Apr 17, 2024
@jjbustamante
bumping imgutil version
0649c60 
Signed-off-by: Juan Bustamante <jbustamante@vmware.com>
@jjbustamante
fixing lint error for docker 26.0
a6a4acf 
Signed-off-by: Juan Bustamante <jbustamante@vmware.com>
@github-actions github-actions bot added the type/enhancement Issue that requests a new feature or improvement. label Apr 17, 2024
jjbustamante and others added 8 commits April 17, 2024 18:02
@jjbustamante
pointing to the lifecycle commit with the latest imgutil version
21a0f21 
Signed-off-by: Juan Bustamante <jbustamante@vmware.com>
@jjbustamante
restoring imgutil.MakeFileSafeName method to convert the image name t…
66a3f43 
…o a valid directory name

Signed-off-by: Juan Bustamante <jbustamante@vmware.com>
@jjbustamante
ContainerStartOptions and ContainerRemoveOptions were removed in dock…
0974c25 
…er 26.0

Signed-off-by: Juan Bustamante <jbustamante@vmware.com>
@jjbustamante
bumping bump github.com/docker/cli from 25.0.3+incompatible to 26.0.1…
482fc08 
…+incompatible

Signed-off-by: Juan Bustamante <jbustamante@vmware.com>
@jjbustamante
Merge branch 'main' into dependabot/go_modules/github.com/docker/dock…
8495396 
…er-26.0.1incompatible

Signed-off-by: Juan Bustamante <juan.bustamante@broadcom.com>
@jjbustamante
Merge branch 'main' into dependabot/go_modules/github.com/docker/dock…
81fe53e 
…er-26.0.1incompatible

Signed-off-by: Juan Bustamante <juan.bustamante@broadcom.com>
@jjbustamante
bumping imgutil to the same version lifecycle 0.19.3 is using
b08647d 
Signed-off-by: Juan Bustamante <jbustamante@vmware.com>
@jjbustamante
WIP - logging messages for debugging
b31d2ab 
Signed-off-by: Juan Bustamante <jbustamante@vmware.com>
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 29, 2024

A newer version of github.com/docker/docker exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@jjbustamante jjbustamante removed this from the 0.34.0 milestone May 8, 2024
@jjbustamante
Copy link
Member

@dependabot close

We update the dependency with #2136

@dependabot dependabot bot closed this May 8, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/docker/docker-26.0.1incompatible branch May 8, 2024 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code type/chore Issue that requests non-user facing changes. type/enhancement Issue that requests a new feature or improvement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jjbustamante