Fix a regression that could result in a ResourceExhausted desc = grpc: received message larger than max error when building from a large Dockerfile. moby/moby#48245
This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq
that impacted setups using authorization plugins (AuthZ)
for access control. No other changes are included in this release, and this
release is otherwise identical for users not using AuthZ plugins.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot]
commented
1 month ago
Bumps the go group with 8 updates in the / directory:
1.7.111.7.2027.0.3+incompatible27.1.2+incompatible27.0.3+incompatible27.1.2+incompatible1.0.81.1.10.19.20.20.22.17.12.18.00.25.00.26.00.4.00.5.0Updates
github.com/containerd/containerdfrom 1.7.11 to 1.7.20Release notes
Sourced from github.com/containerd/containerd's releases.
... (truncated)
Commits
8fc6bcfMerge pull request #10481 from dmcgowan/prepare-v1.7.207f2d4cdPrepare release notes for v1.7.207eb0501Merge pull request #10413 from austinvazquez/cherry-pick-78421616e0a6ba76ac25...34ea461Merge pull request #10461dims/automated-cherry-pick-of-#836787c908eMerge pull request #10462dims/automated-cherry-pick-of-#9730b06e353Merge pull request #10469dims/automated-cherry-pick-of-#8356209ee4fCRI: An empty DNSConfig != unspecifiedce65228Support for dropping inheritable capabilitiesdf86bddCRI Sbserver: Make PodSandboxStatus friendlier to shim crashes923bb1fMerge pull request #10423 from dims/cri-ttrpc-closed-during-ListPodSandboxStatsUpdates
github.com/docker/clifrom 27.0.3+incompatible to 27.1.2+incompatibleCommits
d01f264Merge pull request #5333 from thaJeztah/27.x_bump_engine65dec14vendor: github.com/docker/docker f9522e5e96c3 (v27.1.2-dev)1f80c54Merge pull request #5339 from thaJeztah/27.x_backport_fix_bps_limit33573e2Merge pull request #5343 from dvdksn/cp-docs-manuals-refactor-linkfix73452e3docs: update internal links after refactorbcd90bedocs: fix link to http proxy documentf62c68eMerge pull request #5337 from vvoland/5327-27.x946d109run: fix GetList return empty issue for throttledevice096e42bMerge pull request #5335 from vvoland/5310-27.x984ef90plugins: don't panic on Close if PluginServer nilUpdates
github.com/docker/dockerfrom 27.0.3+incompatible to 27.1.2+incompatibleRelease notes
Sourced from github.com/docker/docker's releases.
... (truncated)
Commits
f9522e5Merge pull request #48315 from vvoland/48169-27.xa037b72Merge pull request #48314 from vvoland/48275-27.xfc0150bdaemon/containerd: rm use of regexp73c01d0image/v1: rm regexp usec93fe4alayer: rm regexp use31459c8docs/api: swagger: fix x-nullable for SystemInfo.Containerd (api v1.46)35d430capi/swagger: fix x-nullable for SystemInfo.Containerdf5fa090Merge pull request #48308 from thaJeztah/27.x_backport_migrate_usernsa17f5d4Merge pull request #48294 from austinvazquez/cherry-pick-2b5ffa0b63c76e8bb4eb...80a59c2migrate to github.com/moby/sys/usernsUpdates
github.com/go-test/deepfrom 1.0.8 to 1.1.1Release notes
Sourced from github.com/go-test/deep's releases.
Changelog
Sourced from github.com/go-test/deep's changelog.
Commits
9e863ffRelease v1.1.1dc5b2f6Update SECURITY.md185886dRestore 100% test coverage (NilPointersAreZero case)47ae1b8Merge pull request #61 from seveas/nil-pointers-are-zero93c35acMerge branch 'master' into nil-pointers-are-zero2982c5cUpdate test matrix to latest 3 Go versions2b8252eAdd an option to consider nil pointers to be equivalent to zero values95fb3b1Merge pull request #58 from bartleyg/patch-11127c84fix copy pasta test7ff4e92Update changelog for v1.1.0Updates
github.com/google/go-containerregistryfrom 0.19.2 to 0.20.2Release notes
Sourced from github.com/google/go-containerregistry's releases.
Commits
c195f15deps: bump docker dep (#1991)c3d1dccCreateremote.Push(#1978)d36047aRestore blind-write to remote.Put (#1970)9915a85Referrer API must return correct Content-Type (#1968)Updates
github.com/sylabs/sif/v2from 2.17.1 to 2.18.0Release notes
Sourced from github.com/sylabs/sif/v2's releases.
Commits
a2a8352Merge pull request #374 from tri-adam/delete-objects68683b4feat: add DeleteObjects94b0b65build(deps): bump github.com/google/go-containerregistry (#376)48f265fMerge pull request #373 from tri-adam/compactione8dad67refactor: improve delete compaction logic8783e3brefactor: improve compaction logic for AddObjecte3aa617Merge pull request #375 from tri-adam/update-readme8f557d5docs: update links to Go docsUpdates
golang.org/x/cryptofrom 0.25.0 to 0.26.0Commits
5bcd010go.mod: update golang.org/x dependencies3375612ssh: add support for unpadded RSA signaturesbb80217ssh: don't use dsa keys in integration tests6879722ssh: remove go 1.21+ dependency on slicese983fa2sha3: Avo port of keccakf_amd64.s80fd972LICENSE: update per Google Legalf2bc3a6x509roots/fallback/internal/goissue52287: deleted66d9c3x509roots/fallback: update bundleUpdates
github.com/docker/go-connectionsfrom 0.4.0 to 0.5.0Commits
fa09c95Merge pull request #108 from thaJeztah/carry_67a67a58Swap CloseRead and CloseWrite481d3d2Merge pull request #107 from thaJeztah/drop_legacy_go9548f9ftlsconfig: remove deprecated io/ioutilc564c21drop support for go1.17 and older7cbebcfgha: update actions2cf423ftlsconfig: move allTLSVersions vardca283btlsconfig: drop support for go1.12 and older21876c5tlsconfig: drop support for go1.6 and older4d174dbtlsconfig: drop support for go1.4 and olderDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show