[PR #170] Bump github.com/docker/docker from 28.5.1+incompatible to 28.5.2+incompatible in the prod-patch-updates group #161

New Issue

Open

opened 2025-11-19 07:15:22 -06:00 by GiteaMirror · 0 comments

GiteaMirror commented 2025-11-19 07:15:22 -06:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/fosrl/newt/pull/170
Author: @dependabot[bot]
Created: 11/6/2025
Status: 🔄 Open

Base: main ← Head: dependabot/go_modules/prod-patch-updates-e67280ac4a

---

📝 Commits (1)

• 8b66cf9 Bump github.com/docker/docker in the prod-patch-updates group

📊 Changes

2 files changed (+43 additions, -5 deletions)

View changed files

📝 go.mod (+1 -2)
📝 go.sum (+42 -3)

📄 Description

Bumps the prod-patch-updates group with 1 update: github.com/docker/docker.

Updates github.com/docker/docker from 28.5.1+incompatible to 28.5.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.5.2

28.5.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.5.2 milestone
• moby/moby, 28.5.2 milestone

[!CAUTION] This release contains fixes for three high-severity security vulnerabilities in runc:

• CVE-2025-31133
• CVE-2025-52565
• CVE-2025-52881

All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files.

Packaging updates

• Update runc to v1.3.3. moby/moby#51394

Bug fixes and enhancements

• dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). moby/moby#51162
• Update Go runtime to 1.24.9. moby/moby#51387, docker/cli#6613

Deprecations

• Go-SDK: cli/command/image/build: deprecate DefaultDockerfileName, DetectArchiveReader, WriteTempDockerfile, ResolveAndValidateContextPath. These utilities were only used internally and will be removed in the next release. docker/cli#6610
• Go-SDK: cli/command/image/build: deprecate IsArchive utility. docker/cli#6560
• Go-SDK: opts: deprecate ValidateMACAddress. docker/cli#6560
• Go-SDK: opts: deprecate ListOpts.Delete(). docker/cli#6560

Commits

• 89c5e8f Merge pull request #51396 from thaJeztah/28.x_backport_api_docs
• 9b93878 Merge pull request #51395 from thaJeztah/28.x_backport_rootless_reject
• 6178456 Merge pull request #51398 from vvoland/51397-28.x
• 0cae4e5 vendor: github.com/moby/buildkit v0.25.2
• 33cc06f Merge pull request #51394 from vvoland/51393-28.x
• d525277 api/docs: remove BuildCache.Parent field for API v1.42 and up
• 2fbc51b dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host
• bd98008 integration-cli: Adjust nofile limits
• 1967515 Dockerfile: update runc binary to v1.3.3
• 4489660 Merge pull request #51387 from thaJeztah/28.x_bump_go
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/newt/pull/170 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 11/6/2025 **Status:** 🔄 Open **Base:** `main` ← **Head:** `dependabot/go_modules/prod-patch-updates-e67280ac4a` --- ### 📝 Commits (1) - [`8b66cf9`](https://github.com/fosrl/newt/commit/8b66cf9bf467d04018a0c211beaf2553d153426d) Bump github.com/docker/docker in the prod-patch-updates group ### 📊 Changes **2 files changed** (+43 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+1 -2) 📝 `go.sum` (+42 -3) </details> ### 📄 Description Bumps the prod-patch-updates group with 1 update: [github.com/docker/docker](https://github.com/docker/docker). Updates `github.com/docker/docker` from 28.5.1+incompatible to 28.5.2+incompatible <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v28.5.2</h2> <h2>28.5.2</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.5.2">docker/cli, 28.5.2 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.5.2">moby/moby, 28.5.2 milestone</a></li> </ul> <blockquote> <p>[!CAUTION] This release contains fixes for three high-severity security vulnerabilities in runc:</p> <ul> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2">CVE-2025-31133</a></li> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r">CVE-2025-52565</a></li> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm">CVE-2025-52881</a></li> </ul> <p>All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary <code>/proc</code> files.</p> </blockquote> <h3>Packaging updates</h3> <ul> <li>Update runc to <a href="https://github.com/opencontainers/runc/releases/tag/v1.3.3">v1.3.3</a>. <a href="https://redirect.github.com/moby/moby/pull/51394">moby/moby#51394</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). <a href="https://redirect.github.com/moby/moby/pull/51162">moby/moby#51162</a></li> <li>Update Go runtime to <a href="https://go.dev/doc/devel/release#go1.24.9">1.24.9</a>. <a href="https://redirect.github.com/moby/moby/pull/51387">moby/moby#51387</a>, <a href="https://redirect.github.com/docker/cli/pull/6613">docker/cli#6613</a></li> </ul> <h3>Deprecations</h3> <ul> <li>Go-SDK: cli/command/image/build: deprecate <code>DefaultDockerfileName</code>, <code>DetectArchiveReader</code>, <code>WriteTempDockerfile</code>, <code>ResolveAndValidateContextPath</code>. These utilities were only used internally and will be removed in the next release. <a href="https://redirect.github.com/docker/cli/pull/6610">docker/cli#6610</a></li> <li>Go-SDK: cli/command/image/build: deprecate IsArchive utility. <a href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li> <li>Go-SDK: opts: deprecate <code>ValidateMACAddress</code>. <a href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li> <li>Go-SDK: opts: deprecate ListOpts.Delete(). <a href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/moby/commit/89c5e8fd66634b6128fc4c0e6f1236e2540e46e0"><code>89c5e8f</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51396">#51396</a> from thaJeztah/28.x_backport_api_docs</li> <li><a href="https://github.com/moby/moby/commit/9b93878308cae892878febfa52ff0b5799bea7b0"><code>9b93878</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51395">#51395</a> from thaJeztah/28.x_backport_rootless_reject</li> <li><a href="https://github.com/moby/moby/commit/6178456763b64c360983c5a5ea35d4258171e91c"><code>6178456</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51398">#51398</a> from vvoland/51397-28.x</li> <li><a href="https://github.com/moby/moby/commit/0cae4e5c8f76756eaba81dbd23ef57fccac3033f"><code>0cae4e5</code></a> vendor: github.com/moby/buildkit v0.25.2</li> <li><a href="https://github.com/moby/moby/commit/33cc06f6169ddba8f00c50a8c12494b54b1cb2fc"><code>33cc06f</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51394">#51394</a> from vvoland/51393-28.x</li> <li><a href="https://github.com/moby/moby/commit/d525277410726d5f99e46b8b2ba60ea9b7011afa"><code>d525277</code></a> api/docs: remove BuildCache.Parent field for API v1.42 and up</li> <li><a href="https://github.com/moby/moby/commit/2fbc51b4f895c75749896bf4655f7888a300bb9d"><code>2fbc51b</code></a> dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host</li> <li><a href="https://github.com/moby/moby/commit/bd98008c078ab4a4d99f0c1577e641dbfe191cfd"><code>bd98008</code></a> integration-cli: Adjust nofile limits</li> <li><a href="https://github.com/moby/moby/commit/19675151a3d3b947501fcad1dcacbd00e6f4b23e"><code>1967515</code></a> Dockerfile: update runc binary to v1.3.3</li> <li><a href="https://github.com/moby/moby/commit/44896604b8f50d9ba38199c25ed2c7d2d40318a7"><code>4489660</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51387">#51387</a> from thaJeztah/28.x_bump_go</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v28.5.1...v28.5.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2025-11-19 07:15:22 -06:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

msg-opt

dependabot/go_modules/prod-patch-updates-3194e6d214

dependabot/docker/minor-updates-1134f52710

ssh-agent

msg-delivery

icmp2

port-firewall

platform

hp-multi-client

holepunch

updown

1.10.2

v1.10.2

1.10.1

v1.10.1

1.10.0

v1.10.0

1.9.5

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

v1.9.0

1.8.1

v1.8.1

v1.8.0

1.8.0

1.8.0-rc.0

1.7.0

1.6.1

1.7.0-rc.0

1.6.0

v1.0.1

1.4.9

1.5.2

1.5.1

1.5.0

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.1.3

1.1.2

1.1.1

1.1.0

1.0.0

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

bug

enhancement

good first issue

help wanted

Improvement

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/newt#161