Bump github.com/docker/docker from 20.10.23+incompatible to 23.0.3+incompatible

[dependabot[bot]]

Bumps github.com/docker/docker from 20.10.23+incompatible to 23.0.3+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v23.0.3

23.0.3

Note

Due to an issue with CentOS 9 Stream's package repositories, packages for CentOS 9 are currently unavailable. Packages for CentOS 9 may be added later, or as part of the next (23.0.4) patch release.

Bug fixes and enhancements

• Fixed a number of issues that can cause Swarm encrypted overlay networks to fail to uphold their guarantees, addressing CVE-2023-28841, CVE-2023-28840, and CVE-2023-28842.
  • A lack of kernel support for encrypted overlay networks now reports as an error.
  • Encrypted overlay networks are eagerly set up, rather than waiting for multiple nodes to attach.
  • Encrypted overlay networks are now usable on Red Hat Enterprise Linux 9 through the use of the xt_bpf kernel module.
  • Users of Swarm overlay networks should review GHSA-vwm3-crmr-xfxw to ensure that unintentional exposure has not occurred.

Packaging Updates

• Update containerd to v1.6.20.
• Update runc to v1.1.5.

v23.0.2

23.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 23.0.2 milestone
• moby/moby, 23.0.2 milestone

Bug fixes and enhancements

• Fully resolve missing checks for apparmor_parser when an AppArmor enabled kernel is detected. containerd/containerd#8087, moby/moby#45043
• Ensure that credentials are redacted from Git URLs when generating BuildKit buildinfo. Fixes CVE-2023-26054. moby/moby#45110
• Fix anonymous volumes created by a VOLUME line in a Dockerfile being excluded from volume prune. moby/moby#45159
• Fix a failure to properly propagate errors during removal of volumes on a Swarm node. moby/moby#45155
• Temporarily work around a bug in BuildKit COPY --link by disabling mergeop/diffop optimization. moby/moby#45112
• Properly clean up child tasks when a parent Swarm job is removed. moby/swarmkit#3112, moby/moby#45107
• Fix Swarm service creation logic so that both a GenericResource and a non-default network can be used together. moby/swarmkit#3082, moby/moby#45107
• Fix Swarm CSI support requiring the CSI plugin to offer staging endpoints in order to publish a volume. moby/swarmkit#3116, moby/moby#45107
• Fix a panic caused by log buffering in some configurations. containerd/fifo#47, moby/moby#45051
• Log errors in the REST to Swarm gRPC API translation layer at the debug level to reduce redundancy and noise. moby/moby#45016
• Fix a DNS resolution issue affecting containers created with --dns-opt or --dns-search when systemd-resolved is used outside the container. moby/moby#45000

... (truncated)

Commits

• 59118bf Merge pull request from GHSA-232p-vwff-86mp
• 219f21b Merge pull request #45196 from vvoland/integration-restart-race-23
• b87f7f1 libnet/d/overlay: insert the input-drop rule
• c6bf307 StartWithLogFile: Fix d.cmd race
• 7f49ca2 TestDaemonRestartKillContainers: Fix loop capture
• 98cbcb8 libnet/d/overlay: add BPF-powered VNI matcher
• 5c5fac2 libnet/d/overlay: extract VNI match rule builder
• c492a22 libn/d/overlay: enforce encryption on sandbox init
• 018edb0 libnet/d/overlay: document some encryption code
• a1fd2f2 Merge pull request #45157 from thaJeztah/23.0_backport_update_shfmt
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)