Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump github.com/docker/docker from 24.0.7+incompatible to 25.0.6+incompatible in /misc/loop in the go_modules group across 1 directory #3155

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 19, 2024

Bumps the go_modules group with 1 update in the /misc/loop directory: github.com/docker/docker.

Updates github.com/docker/docker from 24.0.7+incompatible to 25.0.6+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v25.0.6

25.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq that impacted setups using authorization plugins (AuthZ) for access control.

Bug fixes and enhancements

  • [25.0] remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47695
  • [25.0 backport] Fix a nil dereference when getting image history for images having layers without the Created value set. moby/moby#47759
  • [25.0 backport] apparmor: Allow confined runc to kill containers. moby/moby#47830
  • [25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. moby/moby#47869
  • [25.0 backport] don't depend on containerd platform.Parse to return a typed error. moby/moby#47890
  • [25.0 backport] builder/mobyexporter: Add missing nil check moby/moby#47987

Packaging updates

Full Changelog: moby/moby@v25.0.5...v25.0.6

v25.0.5

25.0.5

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.

Bug fixes and enhancements

  • CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589

  • plugin: fix mounting /etc/hosts when running in UserNS. moby/moby#47588

  • rootless: fix open /etc/docker/plugins: permission denied. moby/moby#47587

  • Fix multiple parallel docker build runs leaking disk space. moby/moby#47527

... (truncated)

Commits
  • b08a51f Merge pull request #48231 from austinvazquez/backport-vendor-otel-v0.46.1-to-...
  • d151b0f vendor: OTEL v0.46.1 / v1.21.0
  • c6ba9a5 Merge pull request #48225 from austinvazquez/backport-workflow-artifact-reten...
  • 4673a3c Merge pull request #48227 from austinvazquez/backport-backport-branch-check-t...
  • 30f8908 github/ci: Check if backport is opened against the expected branch
  • 7454d6a ci: update workflow artifacts retention
  • 65cc597 Merge commit from fork
  • b722836 Merge pull request #48199 from austinvazquez/update-containerd-binary-to-1.7.20
  • e8ecb9c update containerd binary to v1.7.20
  • e6cae1f update containerd binary to v1.7.19
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Update to the dependencies go Pull requests that update Go code labels Nov 19, 2024
Copy link

codecov bot commented Nov 19, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

@jefft0 jefft0 added the review/triage-pending PRs opened by external contributors that are waiting for the 1st review label Nov 19, 2024
@jefft0 jefft0 self-requested a review November 19, 2024 16:16
Copy link
Contributor

@jefft0 jefft0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This changes go.mod in the "misc/loop" subfolder (not the top-level go.mod). All CI tests pass, including "docker-integration".

@jefft0
Copy link
Contributor

jefft0 commented Nov 19, 2024

Removed the review/triage-pending label because it was approved by a review team member. Ready for review by core devs, perhaps someone working on the portal loop.

@jefft0 jefft0 removed the review/triage-pending PRs opened by external contributors that are waiting for the 1st review label Nov 19, 2024
@dependabot dependabot bot force-pushed the dependabot/go_modules/misc/loop/go_modules-d85902239e branch from 1782a82 to 251c674 Compare November 22, 2024 09:51
@dependabot dependabot bot force-pushed the dependabot/go_modules/misc/loop/go_modules-d85902239e branch from 251c674 to c49c320 Compare December 7, 2024 20:45
@Gno2D2
Copy link
Collaborator

Gno2D2 commented Dec 7, 2024

I'm a bot that assists the Gno Core team in maintaining this repository. My role is to ensure that contributors understand and follow our guidelines, helping to streamline the development process.

The following requirements must be fulfilled before a pull request can be merged.
Some requirement checks are automated and can be verified by the CI, while others need manual verification by a staff member.

These requirements are defined in this configuration file.

Automated Checks

🟢 The pull request head branch must be up-to-date with its base (more info)

Manual Checks

  • The pull request description provides enough details
Debug
Automated Checks
The pull request head branch must be up-to-date with its base (more info)

If

🟢 Condition met
└── 🟢 On every pull request

Then

🟢 Requirement satisfied
└── 🟢 Head branch (dependabot/go_modules/misc/loop/go_modules-d85902239e) is up to date with base (master): behind by 0 / ahead by 1

Manual Checks
The pull request description provides enough details

If

🟢 Condition met
└── 🟢 Not (🔴 Pull request author is a member of the team: core-contributors)

Can be checked by

  • team core-contributors

@jefft0 jefft0 mentioned this pull request Dec 8, 2024
@dependabot dependabot bot force-pushed the dependabot/go_modules/misc/loop/go_modules-d85902239e branch from c49c320 to 59f6520 Compare December 8, 2024 18:21
Bumps the go_modules group with 1 update in the /misc/loop directory: [github.com/docker/docker](https://github.com/docker/docker).


Updates `github.com/docker/docker` from 24.0.7+incompatible to 25.0.6+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v24.0.7...v25.0.6)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/misc/loop/go_modules-d85902239e branch from 59f6520 to 430a819 Compare December 9, 2024 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Update to the dependencies go Pull requests that update Go code
Projects
Status: In Review
Development

Successfully merging this pull request may close these issues.

2 participants