Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump github.com/docker/docker from 25.0.5+incompatible to 26.0.0+inco…
…mpatible (#907) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.5+incompatible to 26.0.0+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v26.0.0</h2> <h2>26.0.0</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A26.0.0">docker/cli, 26.0.0 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A26.0.0">moby/moby, 26.0.0 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v26.0.0/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v26.0.0/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Security</h3> <p>This release contains a security fix for [CVE-2024-29018], a potential data exfiltration from 'internal' networks via authoritative DNS servers.</p> <h3>New</h3> <ul> <li>Add <code>Subpath</code> field to the <code>VolumeOptions</code> making it possible to mount a subpath of a volume. <a href="https://redirect.github.com/moby/moby/pull/45687">moby/moby#45687</a></li> <li>Add <code>volume-subpath</code> support to the mount flag (<code>--mount type=volume,...,volume-subpath=<subpath></code>). <a href="https://redirect.github.com/docker/cli/pull/4331">docker/cli#4331</a></li> <li>Accept <code>=</code> separators and <code>[ipv6]</code> in compose files for <code>docker stack deploy</code>. <a href="https://redirect.github.com/docker/cli/pull/4860">docker/cli#4860</a></li> <li>rootless: Add support for enabling host loopback by setting the <code>DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK</code> environment variable to <code>false</code> (defaults to <code>true</code>). This lets containers connect to the host by using IP address <code>10.0.2.2</code>. <a href="https://redirect.github.com/moby/moby/pull/47352">moby/moby#47352</a></li> <li>containerd image store: <code>docker image ls</code> no longer creates duplicates entries for multi-platform images. <a href="https://redirect.github.com/moby/moby/pull/45967">moby/moby#45967</a></li> <li>containerd image store: Send Prometheus metrics. <a href="https://redirect.github.com/moby/moby/pull/47555">moby/moby#47555</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>[CVE-2024-29018]: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. <a href="https://redirect.github.com/moby/moby/pull/47589">moby/moby#47589</a></li> <li>Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. <a href="https://redirect.github.com/moby/moby/pull/47233">moby/moby#47233</a></li> </ul> <blockquote> <p>[!WARNING]</p> <p>Containers created using Docker Engine 25.0.0 may have duplicate MAC addresses, they must be re-created. Containers created using version 25.0.0 or 25.0.1 with user-defined MAC addresses will get generated MAC addresses when they are started using 25.0.2. They must also be re-created.</p> </blockquote> <ul> <li>Always attempt to enable IPv6 on a container's loopback interface, and only include IPv6 in <code>/etc/hosts</code> if successful. <a href="https://redirect.github.com/moby/moby/pull/47062">moby/moby#47062</a></li> </ul> <blockquote> <p>[!NOTE]</p> <p>By default, IPv6 will remain enabled on a container's loopback interface when the container is not connected to an IPv6-enabled network. For example, containers that are only connected to an IPv4-only network now have the <code>::1</code> address on their loopback interface.</p> <p>To disable IPv6 in a container, use option <code>--sysctl net.ipv6.conf.all.disable_ipv6=1</code> in the <code>create</code> or <code>run</code> command, or the equivalent <code>sysctls</code> option in the service configuration section of a Compose file.</p> <p>If IPv6 is not available in a container because it has been explicitly disabled for the container, or the host's networking stack does not have IPv6 enabled (or for any other reason) the container's <code>/etc/hosts</code> file will not include IPv6 entries.</p> </blockquote> <ul> <li>Fix <code>ADD</code> Dockerfile instruction failing with <code>lsetxattr <file>: operation not supported</code> when unpacking archive with xattrs onto a filesystem that doesn't support them. <a href="https://redirect.github.com/moby/moby/pull/47175">moby/moby#47175</a></li> <li>Fix <code>docker container start</code> failing when used with <code>--checkpoint</code>. <a href="https://redirect.github.com/moby/moby/pull/47456">moby/moby#47456</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/moby/commit/8b79278316b532d396048bc8c2fa015a85d53a53"><code>8b79278</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47599">#47599</a> from neersighted/short_id_aliases_removal</li> <li><a href="https://github.com/moby/moby/commit/22726fb63b707a961800047d77810cb34cf45d65"><code>22726fb</code></a> api: document changed behavior of the <code>Aliases</code> field in v1.45</li> <li><a href="https://github.com/moby/moby/commit/963e1f3eed52024629557c11503c56f28d578f55"><code>963e1f3</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47597">#47597</a> from vvoland/c8d-list-fix-shared-size</li> <li><a href="https://github.com/moby/moby/commit/3312b8251545f1179bdc2d481019216f32875119"><code>3312b82</code></a> c8d/list: Add a test case for images sharing a top layer</li> <li><a href="https://github.com/moby/moby/commit/ad8a5a5732ee3e66100d92f70de8298bd7dfdb1e"><code>ad8a5a5</code></a> c8d/list: Fix diffIDs being outputted instead of chainIDs</li> <li><a href="https://github.com/moby/moby/commit/0c2d83b5fb1d284897dbb2339ee74c7c56eedd0b"><code>0c2d83b</code></a> c8d/list: Handle unpacked layers when calculating shared size</li> <li><a href="https://github.com/moby/moby/commit/330d777c53fbbf734178d6a35c9dc0a5070ba4ac"><code>330d777</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47591">#47591</a> from vvoland/api-1.45</li> <li><a href="https://github.com/moby/moby/commit/3d2a56e7cf3c73971032d5a9934ba86409ff2781"><code>3d2a56e</code></a> docs/api: add documentation for API v1.45</li> <li><a href="https://github.com/moby/moby/commit/4531a371f222e6bacced0111b7140e4b4bfba18a"><code>4531a37</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47580">#47580</a> from vvoland/c8d-list-slow</li> <li><a href="https://github.com/moby/moby/commit/731a64069fac5738d56fe8752493e4f632b383bb"><code>731a640</code></a> c8d/list: Generate image summary concurrently</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v25.0.5...v26.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
- Loading branch information
