search

xeol-io / xeol

A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
https://www.xeol.io/
Apache License 2.0
332 stars 18 forks source link

Bump github.com/docker/docker from 24.0.6+incompatible to 26.0.0+incompatible #320

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps github.com/docker/docker from 24.0.6+incompatible to 26.0.0+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v26.0.0

26.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for [CVE-2024-29018], a potential data exfiltration from 'internal' networks via authoritative DNS servers.

New

  • Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume. moby/moby#45687
  • Add volume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>). docker/cli#4331
  • Accept = separators and [ipv6] in compose files for docker stack deploy. docker/cli#4860
  • rootless: Add support for enabling host loopback by setting the DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable to false (defaults to true). This lets containers connect to the host by using IP address 10.0.2.2. moby/moby#47352
  • containerd image store: docker image ls no longer creates duplicates entries for multi-platform images. moby/moby#45967
  • containerd image store: Send Prometheus metrics. moby/moby#47555

Bug fixes and enhancements

  • [CVE-2024-29018]: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
  • Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47233

[!WARNING]

Containers created using Docker Engine 25.0.0 may have duplicate MAC addresses, they must be re-created. Containers created using version 25.0.0 or 25.0.1 with user-defined MAC addresses will get generated MAC addresses when they are started using 25.0.2. They must also be re-created.

  • Always attempt to enable IPv6 on a container's loopback interface, and only include IPv6 in /etc/hosts if successful. moby/moby#47062

[!NOTE]

By default, IPv6 will remain enabled on a container's loopback interface when the container is not connected to an IPv6-enabled network. For example, containers that are only connected to an IPv4-only network now have the ::1 address on their loopback interface.

To disable IPv6 in a container, use option --sysctl net.ipv6.conf.all.disable_ipv6=1 in the create or run command, or the equivalent sysctls option in the service configuration section of a Compose file.

If IPv6 is not available in a container because it has been explicitly disabled for the container, or the host's networking stack does not have IPv6 enabled (or for any other reason) the container's /etc/hosts file will not include IPv6 entries.

  • Fix ADD Dockerfile instruction failing with lsetxattr <file>: operation not supported when unpacking archive with xattrs onto a filesystem that doesn't support them. moby/moby#47175
  • Fix docker container start failing when used with --checkpoint. moby/moby#47456

... (truncated)

Commits
  • 8b79278 Merge pull request #47599 from neersighted/short_id_aliases_removal
  • 22726fb api: document changed behavior of the Aliases field in v1.45
  • 963e1f3 Merge pull request #47597 from vvoland/c8d-list-fix-shared-size
  • 3312b82 c8d/list: Add a test case for images sharing a top layer
  • ad8a5a5 c8d/list: Fix diffIDs being outputted instead of chainIDs
  • 0c2d83b c8d/list: Handle unpacked layers when calculating shared size
  • 330d777 Merge pull request #47591 from vvoland/api-1.45
  • 3d2a56e docs/api: add documentation for API v1.45
  • 4531a37 Merge pull request #47580 from vvoland/c8d-list-slow
  • 731a640 c8d/list: Generate image summary concurrently
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.