Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/docker/docker from 24.0.7+incompatible to 26.0.1+incompatible #410

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 15, 2024

Bumps github.com/docker/docker from 24.0.7+incompatible to 26.0.1+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v26.0.1

26.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Fix a regression that meant network interface specific --sysctl options prevented container startup. moby/moby#47646
  • Remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47694
  • containerd image store: OCI archives produced by docker save will now have a non-empty mediaType field in index.json moby/moby#47701
  • Fix a regression that prevented the internal resolver from forwarding requests from IPvlan L3 networks to external resolvers. moby/moby#47705
  • Prevent the use of external resolvers in IPvlan and Macvlan networks created with no parent interface specified. moby/moby#47705

Packaging updates

v26.0.0

26.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for [CVE-2024-29018], a potential data exfiltration from 'internal' networks via authoritative DNS servers.

New

  • Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume. moby/moby#45687
  • Add volume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>). docker/cli#4331
  • Accept = separators and [ipv6] in compose files for docker stack deploy. docker/cli#4860
  • rootless: Add support for enabling host loopback by setting the DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable to false (defaults to true). This lets containers connect to the host by using IP address 10.0.2.2. moby/moby#47352
  • containerd image store: docker image ls no longer creates duplicates entries for multi-platform images. moby/moby#45967
  • containerd image store: Send Prometheus metrics. moby/moby#47555

Bug fixes and enhancements

  • [CVE-2024-29018]: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
  • Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47233

... (truncated)

Commits
  • 60b9add Merge pull request #47705 from robmry/backport-26.0/47662_ipvlan_l3_dns
  • 8ad7f86 Run ipvlan tests even if 'modprobe ipvlan' fails
  • dc27552 Stop macvlan with no parent from using ext-dns
  • 7b570f0 Enable DNS proxying for ipvlan-l3
  • 8cdcc4f Move dummy DNS server to integration/internal/network
  • ed752f6 Merge pull request #47701 from vvoland/v26.0-47691
  • 9db1b6f Merge pull request #47702 from vvoland/v26.0-47647
  • 6261281 Merge pull request #47700 from vvoland/v26.0-47673
  • 90355e5 Merge pull request #47696 from vvoland/v26.0-47658
  • 72615b1 github/ci: Check if backport is opened against the expected branch
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 26.0.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v24.0.7...v26.0.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 15, 2024
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 22, 2024

Superseded by #415.

@dependabot dependabot bot closed this Apr 22, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/docker/docker-26.0.1incompatible branch April 22, 2024 08:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants