Commit 11706de
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
chore(deps): bump github.com/docker/docker from 28.5.1+incompatible to 28.5.2+incompatible (#277)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
28.5.1+incompatible to 28.5.2+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v28.5.2</h2>
<h2>28.5.2</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.5.2">docker/cli,
28.5.2 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.5.2">moby/moby,
28.5.2 milestone</a></li>
</ul>
<blockquote>
<p>[!CAUTION]
This release contains fixes for three high-severity security
vulnerabilities in runc:</p>
<ul>
<li><a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2">CVE-2025-31133</a></li>
<li><a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r">CVE-2025-52565</a></li>
<li><a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm">CVE-2025-52881</a></li>
</ul>
<p>All three vulnerabilities ultimately allow (through different
methods) for full container breakouts by bypassing runc's restrictions
for writing to arbitrary <code>/proc</code> files.</p>
</blockquote>
<h3>Packaging updates</h3>
<ul>
<li>Update runc to <a
href="https://github.com/opencontainers/runc/releases/tag/v1.3.3">v1.3.3</a>.
<a
href="https://redirect.github.com/moby/moby/pull/51394">moby/moby#51394</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>dockerd-rootless.sh: if slirp4netns is not installed, try using
pasta (passt). <a
href="https://redirect.github.com/moby/moby/pull/51162">moby/moby#51162</a></li>
<li>Update Go runtime to <a
href="https://go.dev/doc/devel/release#go1.24.9">1.24.9</a>. <a
href="https://redirect.github.com/moby/moby/pull/51387">moby/moby#51387</a>,
<a
href="https://redirect.github.com/docker/cli/pull/6613">docker/cli#6613</a></li>
</ul>
<h3>Deprecations</h3>
<ul>
<li>Go-SDK: cli/command/image/build: deprecate
<code>DefaultDockerfileName</code>, <code>DetectArchiveReader</code>,
<code>WriteTempDockerfile</code>,
<code>ResolveAndValidateContextPath</code>. These utilities were only
used internally and will be removed in the next release. <a
href="https://redirect.github.com/docker/cli/pull/6610">docker/cli#6610</a></li>
<li>Go-SDK: cli/command/image/build: deprecate IsArchive utility. <a
href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li>
<li>Go-SDK: opts: deprecate <code>ValidateMACAddress</code>. <a
href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li>
<li>Go-SDK: opts: deprecate ListOpts.Delete(). <a
href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/moby/moby/commit/89c5e8fd66634b6128fc4c0e6f1236e2540e46e0"><code>89c5e8f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/51396">#51396</a>
from thaJeztah/28.x_backport_api_docs</li>
<li><a
href="https://github.com/moby/moby/commit/9b93878308cae892878febfa52ff0b5799bea7b0"><code>9b93878</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/51395">#51395</a>
from thaJeztah/28.x_backport_rootless_reject</li>
<li><a
href="https://github.com/moby/moby/commit/6178456763b64c360983c5a5ea35d4258171e91c"><code>6178456</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/51398">#51398</a>
from vvoland/51397-28.x</li>
<li><a
href="https://github.com/moby/moby/commit/0cae4e5c8f76756eaba81dbd23ef57fccac3033f"><code>0cae4e5</code></a>
vendor: github.com/moby/buildkit v0.25.2</li>
<li><a
href="https://github.com/moby/moby/commit/33cc06f6169ddba8f00c50a8c12494b54b1cb2fc"><code>33cc06f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/51394">#51394</a>
from vvoland/51393-28.x</li>
<li><a
href="https://github.com/moby/moby/commit/d525277410726d5f99e46b8b2ba60ea9b7011afa"><code>d525277</code></a>
api/docs: remove BuildCache.Parent field for API v1.42 and up</li>
<li><a
href="https://github.com/moby/moby/commit/2fbc51b4f895c75749896bf4655f7888a300bb9d"><code>2fbc51b</code></a>
dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host</li>
<li><a
href="https://github.com/moby/moby/commit/bd98008c078ab4a4d99f0c1577e641dbfe191cfd"><code>bd98008</code></a>
integration-cli: Adjust nofile limits</li>
<li><a
href="https://github.com/moby/moby/commit/19675151a3d3b947501fcad1dcacbd00e6f4b23e"><code>1967515</code></a>
Dockerfile: update runc binary to v1.3.3</li>
<li><a
href="https://github.com/moby/moby/commit/44896604b8f50d9ba38199c25ed2c7d2d40318a7"><code>4489660</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/51387">#51387</a>
from thaJeztah/28.x_bump_go</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v28.5.1...v28.5.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent 203fc95 commit 11706de
2 files changed
+3
-3
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
8 | | - | |
| 8 | + | |
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
139 | 139 | | |
140 | 140 | | |
141 | 141 | | |
142 | | - | |
143 | | - | |
| 142 | + | |
| 143 | + | |
144 | 144 | | |
145 | 145 | | |
146 | 146 | | |
| |||
0 commit comments