search

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://aquasecurity.github.io/trivy
Apache License 2.0
23.11k stars 2.28k forks source link

chore(deps): bump the docker group with 2 updates #7116

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps the docker group with 2 updates: github.com/docker/docker and github.com/moby/buildkit.

Updates github.com/docker/docker from 26.1.4+incompatible to 27.0.3+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v27.0.3

27.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Fix a regression that incorrectly reported a port mapping from a host IPv6 address to an IPv4-only container as an error. moby/moby#48090
  • Fix a regression that caused duplicate subnet allocations when creating networks. moby/moby#48089
  • Fix a regression resulting in "fail to register layer: failed to Lchown" errors when trying to pull an image with rootless enabled on a system that supports native overlay with user-namespaces. moby/moby#48086

v27.0.2

27.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

Removed

  • api/types: deprecate ContainerJSONBase.Node field and ContainerNode type. These definitions were used by the standalone ("classic") Swarm API, but never implemented in the Docker Engine itself. moby/moby#48055

v27.0.1

27.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

New

  • containerd image store: Add --platform flag to docker image push and improve the default behavior when not all platforms of the multi-platform image are available locally. docker/cli#4984, moby/moby#47679
  • Add support to docker stack deploy for driver_opts in a service's networks. docker/cli#5125
  • Consider additional /usr/local/libexec and /usr/libexec paths when looking up the userland proxy binaries by a name with a docker- prefix. moby/moby#47804

Bug fixes and enhancements

... (truncated)

Commits
  • 662f78c Merge pull request #48090 from thaJeztah/27.0_backport_48067_fix_specific_ipv...
  • b86d9bd Merge pull request #48086 from thaJeztah/27.0_backport_fix_rootless_pull
  • 0dbc3ac Merge pull request #48087 from thaJeztah/27.0_backport_gofmt
  • 276a648 Fix incorrect validation of port mapping
  • 22aa07b Merge pull request #48089 from robmry/backport-27.0/48069_fix_overlapping_sub...
  • 23b8b02 Fix duplicate subnet allocations
  • bf222d6 fix some gofmt issues reported by goreportcard
  • f8231b5 daemon/graphdriver/overlay2: set TarOptions.InUserNS for native differ
  • b951474 pkg/archive: createTarFile: consistently use the same value for userns
  • c5794e2 pkg/archive: handleTarTypeBlockCharFifo: don't discard EPERM errors
  • Additional commits viewable in compare view


Updates github.com/moby/buildkit from 0.13.2 to 0.14.1

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.14.1

Welcome to the 0.14.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • Talon Bowler
  • Akihiro Suda
  • Tõnis Tiigi
  • Paweł Gronowski

Notable Changes

  • Builtin Dockerfile frontend has been updated to v1.8.1 changelog
  • Fix possible issue on pushing blobs with rewrite-timestamp=true option #5040
  • Fix possible concurrency issue on handling HTTPS to HTTP fallbacks for insecure registries #5044

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.14.0

v0.14.0

Welcome to the 0.14.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • Tõnis Tiigi
  • CrazyMax
  • Talon James Bowler
  • Akihiro Suda
  • Jonathan A. Sternberg
  • Justin Chadwell
  • David Karlsson
  • Sebastiaan van Stijn
  • Anthony Nandaa
  • Erik Sipsma
  • Aleksa Sarai
  • Adam Perlin
  • Shaun Thompson

... (truncated)

Commits
  • eb864a8 Merge pull request #5053 from tonistiigi/v0.14.1-cherry-picks
  • dedaef0 shell: handle empty string for var replacements
  • b45ab30 Initialize build args from stage base
  • e34c21a Consolidate instruction casing lint rules
  • 050e3b6 Updates lint output to print detail instead of description
  • 2bf5cbf util/resolver: Make httpFallback concurrent safe
  • 49dd5f4 Adds 'WARNING' prefix to the rule check output and update lint
  • 05bd56b Merge pull request #5040 from AkihiroSuda/cherrypick-5008-0.14
  • 5a7352c Fix content not found with push=true,rewrite-timestamp=true
  • 4d9a4e5 Merge pull request #5017 from crazy-max/fix-history-exporters
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
knqyf263 commented 3 months ago

@DmitriyLewen Looks like Dependabot group works now. Closing PR probably breaks Dependabot.

DmitriyLewen commented 3 months ago

Looks like Dependabot group works now.

This is good news!

Closing PR probably breaks Dependabot.

I thought it was related. But when I checked the issue, i didn't find these dependencies in the ignore list. I don't know how Dependabot marks them (if you're right) and how to fix problems like this...

knqyf263 commented 3 months ago

@DmitriyLewen Can you please bump testcontainers-go? https://github.com/testcontainers/testcontainers-go/pull/2593

DmitriyLewen commented 3 months ago

@knqyf263 Done

knqyf263 commented 3 months ago

Thanks!