Fix MUI license injection

[benja-M-1]

Version 1.1.5 (which is the latest at the time of writing) does not contain the MUI license, and thus, the watermark appears.I am not able to explain why, but if you install the version from this PR, the MUI watermark is not present.

What did I do?

• changed the license key in the secrets used by the GHA
• added commas on each secret as specified on https://docs.docker.com/build/ci/github-actions/secrets/
• used a single RUN instruction to mount the Bugsnag key and the MUI license key

However, I am not 100% confident those changes are what fixed the issue. I rather suspect something in the actions we use to build and push images.

Anyway, the built image of this PR works so I'd be keen on releasing a new version once this PR got merged.

[github-actions[bot]]

:mag: Vulnerabilities of docker/volumes-backup-extension:pr-131

:package: Image Reference docker/volumes-backup-extension:pr-131

digest	sha256:03490cc3aaee2df01cd16179b8742c29eb25f6043064c2fb7e59aef07d368ec3
vulnerabilities
size	45 MB
packages	52

:package: Base Image busybox:1.35

also known as	1.35-uclibc 1.35.0 1.35.0-uclibc unstable unstable-uclibc
digest	sha256:505e5e20edbb5f2ac0abe3622358daf2f4a4c818eea0498445b7248e39db6728
vulnerabilities

golang.org/x/net 0.10.0 (golang) pkg:golang/golang.org/x/net@0.10.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50889 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

[github-actions[bot]]

Docker image tag(s) pushed:

docker/volumes-backup-extension:pr-131

Labels added to images:

org.opencontainers.image.created=2024-04-18T21:45:50.688Z
org.opencontainers.image.description=Back up, clone, restore, and share Docker volumes effortlessly.
org.opencontainers.image.licenses=Apache-2.0
org.opencontainers.image.revision=
org.opencontainers.image.source=https://github.com/docker/volumes-backup-extension
org.opencontainers.image.title=volumes-backup-extension
org.opencontainers.image.url=https://github.com/docker/volumes-backup-extension
org.opencontainers.image.version=pr-131

[github-actions[bot]]

Overview

Image reference	docker/volumes-backup-extension:latest	docker/volumes-backup-extension:pr-131
- digest	d3f412f78f51	03490cc3aaee
- provenance	https://github.com/docker/volumes-backup-extension.git#df1718760ffc42139e8afee52f11c104e4fe7589/commit/df1718760ffc42139e8afee52f11c104e4fe7589
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	40 MB	45 MB (+5.0 MB)
- packages	51	52 (+1)
Base Image	busybox:1.35 also known as: • 1.35-uclibc • 1.35.0 • 1.35.0-uclibc	busybox:1.35 also known as: • 1.35-uclibc • 1.35.0 • 1.35.0-uclibc
- vulnerabilities

Environment Variables (2 changes)

> * `±` 2 changed > * _1 unchanged_ ```diff -BUGSNAG_APP_VERSION= +BUGSNAG_APP_VERSION=latest -BUGSNAG_RELEASE_STAGE=production +BUGSNAG_RELEASE_STAGE=local PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ```

Labels (2 changes)

> * `-` 2 removed > * _11 unchanged_ ```diff com.docker.desktop.extension.api.version=>= 0.2.3 com.docker.desktop.extension.icon=https://raw.githubusercontent.com/docker/volumes-backup-extension/main/icon.svg com.docker.extension.additional-urls=[ {"title":"Support", "url":"https://github.com/docker/volumes-backup-extension/issues"} ] com.docker.extension.categories=volumes com.docker.extension.changelog=

• Fixed current image vulnerabilities (CVEs) using Docker Scout.

com.docker.extension.detailed-description=

The functionality in this extension is now available as a Beta feature in the Volumes tab in Docker Desktop versions 4.29.0 and later. This extension will be deprecated once the features are out of Beta. Learn more

With Volumes Backup & Share you can easily create copies of your volumes and also share them with others through SSH or pushing them to a registry.

✨ What can you do with this extension?

• Export a volume:
• To a compressed file in your local filesystem
• To an existing local image
• To a new local image
• To a new image in Docker Hub (or another registry)
• Import data into a new container or into an existing container:
• From a compressed file in your local filesystem
• From an existing image
• From an existing image in Docker Hub (or another registry)
• Transfer a volume via SSH to another host that runs Docker Desktop or Docker engine.
• Clone, empty or delete a volume

Acknowledgements

• Vackup project by Bret Fisher
• Building Vackup - LiveStream on YouTube
com.docker.extension.publisher-url=https://www.docker.com/ com.docker.extension.screenshots=[ {"alt": "Home page - list of volumes", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/1-table.png"}, {"alt": "Import data into a new volume", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/2-import-new.png"}, {"alt": "Export volume dialog", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/3-export.png"}, {"alt": "Transfer volume to another host", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/4-transfer.png"}, {"alt": "Clone volume dialog", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/5-clone.png"}, {"alt": "Delete volume dialog", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/6-delete.png"} ] org.opencontainers.image.description=Backup, clone, restore, and share Docker volumes effortlessly. Also available as a Beta feature in the Volumes tab in Docker Desktop version 4.29.0 and later. This extension will be soon deprecated. -org.opencontainers.image.revision=df1718760ffc42139e8afee52f11c104e4fe7589 -org.opencontainers.image.source=https://github.com/docker/volumes-backup-extension org.opencontainers.image.title=Volumes Backup & Share org.opencontainers.image.vendor=Docker Inc. ```

Policies (1 improved, 1 worsened, 1 missing data)

| Policy Name | `docker/volumes-backup-extension:latest` | `docker/volumes-backup-extension:pr-131` | Change | Standing | |-------------|---------------|--------------------|--------|---| |Copyleft licenses | :white_check_mark: | :white_check_mark: | | No Change | |Default non-root user | :warning: | :warning: | | No Change | |Fixable critical and high vulnerabilities | :warning: 1 | :warning: 1 | | No Change | |High-profile vulnerabilities | :warning: 1 | :white_check_mark: | -1 | Improved | |Outdated base images | :white_check_mark: | :question: No data | | | |Supply chain attestations | :white_check_mark: | :warning: 2 | +2 | Worsened |

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

> * :infinity: 1 packages changed > * 49 packages unchanged

Changes for packages of type golang (1 changes)

	Package	Version docker/volumes-backup-extension:latest	Version docker/volumes-backup-extension:pr-131
:infinity:	stdlib	1.21.9	go1.21.9