paketo-buildpacks / stacks

stacks
Apache License 2.0
35 stars 23 forks source link

Bump github.com/docker/docker from 20.10.17+incompatible to 20.10.18+incompatible in /create-stack #164

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps github.com/docker/docker from 20.10.17+incompatible to 20.10.18+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v20.10.18

This release of Docker Engine comes with a fix for a low-severity security issue, some minor bug fixes, and updated versions of Docker Compose, Docker Buildx, containerd, and runc.

Client

Builder

  • Fix an issue where file-capabilities were not preserved during build moby/moby#43876.
  • Fix an issue that could result in a panic caused by a concurrent map read and map write moby/moby#44067

Daemon

  • Fix a security vulnerability relating to supplementary group permissions, which could allow a container process to bypass primary group restrictions within the container CVE-2022-36109, GHSA-rc4r-wh2q-q6c4.
  • seccomp: add support for Landlock syscalls in default policy moby/moby#43991.
  • seccomp: update default policy to support new syscalls introduced in kernel 5.12 - 5.16 moby/moby#43991.
  • Fix an issue where cache lookup for image manifests would fail, resulting in a redundant round-trip to the image registry moby/moby#44109.
  • Fix an issue where exec processes and healthchecks were not terminated when they timed out moby/moby#44018.

Packaging

Commits
  • e42327a Merge pull request #44120 from thaJeztah/20.10_backport_update_tests
  • fcd4df9 Update some tests for supplementary group permissions
  • bb0197c Merge pull request from GHSA-rc4r-wh2q-q6c4
  • d348775 Merge pull request #44109 from rumpl/20.10-fix-local-context
  • 6a0186b Wrap local calls to the content and lease service
  • b73e9c2 Merge pull request #44098 from thaJeztah/20.10_backport_swagger_updates
  • 4855c28 Merge pull request #44101 from thaJeztah/20.10_backport_bump_golang_1.18.6
  • 3d4616f Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
  • d56101e Merge pull request #44093 from thaJeztah/20.10_backport_remove_tereshkova
  • 23c7d84 docs: api: adjust ContainerWaitResponse error as optional
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)