build(deps): bump github.com/docker/docker from 23.0.2+incompatible to 23.0.3+incompatible #548

dependabot · 2023-04-05T14:03:36Z

Bumps github.com/docker/docker from 23.0.2+incompatible to 23.0.3+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v23.0.3

23.0.3

Note

Due to an issue with CentOS 9 Stream's package repositories, packages for CentOS 9 are currently unavailable. Packages for CentOS 9 may be added later, or as part of the next (23.0.4) patch release.

Bug fixes and enhancements

Fixed a number of issues that can cause Swarm encrypted overlay networks to fail to uphold their guarantees, addressing CVE-2023-28841, CVE-2023-28840, and CVE-2023-28842.

A lack of kernel support for encrypted overlay networks now reports as an error.

Encrypted overlay networks are eagerly set up, rather than waiting for multiple nodes to attach.

Encrypted overlay networks are now usable on Red Hat Enterprise Linux 9 through the use of the xt_bpf kernel module.

Users of Swarm overlay networks should review GHSA-vwm3-crmr-xfxw to ensure that unintentional exposure has not occurred.

Packaging Updates

Update containerd to v1.6.20.

Update runc to v1.1.5.

Commits

59118bf Merge pull request from GHSA-232p-vwff-86mp
b87f7f1 libnet/d/overlay: insert the input-drop rule
98cbcb8 libnet/d/overlay: add BPF-powered VNI matcher
5c5fac2 libnet/d/overlay: extract VNI match rule builder
c492a22 libn/d/overlay: enforce encryption on sandbox init
018edb0 libnet/d/overlay: document some encryption code
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.2+incompatible to 23.0.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v23.0.2...v23.0.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#546) Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * envoy: fix SPIFFE path parsing for non-default partitions in Consul Enterprise (#547) * build(deps): bump golang.org/x/tools from 0.7.0 to 0.8.0 (#550) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/containerd/containerd from 1.6.11 to 1.6.18 (#551) Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.6.11 to 1.6.18. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.6.11...v1.6.18) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.5 (#552) Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.2 to 1.1.5. - [Release notes](https://github.com/opencontainers/runc/releases) - [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md) - [Commits](opencontainers/runc@v1.1.2...v1.1.5) --- updated-dependencies: - dependency-name: github.com/opencontainers/runc dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/docker/docker (#548) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.2+incompatible to 23.0.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v23.0.2...v23.0.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/hashicorp/vault/sdk from 0.8.1 to 0.9.0 (#554) Bumps [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](hashicorp/vault@v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/prometheus/client_golang (#556) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.14.0 to 1.15.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.14.0...v1.15.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump sigs.k8s.io/e2e-framework from 0.1.0 to 0.2.0 (#557) Bumps [sigs.k8s.io/e2e-framework](https://github.com/kubernetes-sigs/e2e-framework) from 0.1.0 to 0.2.0. - [Release notes](https://github.com/kubernetes-sigs/e2e-framework/releases) - [Changelog](https://github.com/kubernetes-sigs/e2e-framework/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/e2e-framework@v0.1.0...v0.2.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/e2e-framework dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/hashicorp/vault/api from 1.9.0 to 1.9.1 (#561) Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](hashicorp/vault@v1.9.0...v1.9.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/docker/docker (#563) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.3+incompatible to 23.0.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v23.0.3...v23.0.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump sigs.k8s.io/controller-tools from 0.11.3 to 0.11.4 (#562) * build(deps): bump sigs.k8s.io/controller-tools from 0.11.3 to 0.11.4 Bumps [sigs.k8s.io/controller-tools](https://github.com/kubernetes-sigs/controller-tools) from 0.11.3 to 0.11.4. - [Release notes](https://github.com/kubernetes-sigs/controller-tools/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-tools/blob/master/RELEASE.md) - [Commits](kubernetes-sigs/controller-tools@v0.11.3...v0.11.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: update controller-runtime version annotation on CRDs --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com> * build(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 (#564) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.90.1 to 2.100.1. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](kubernetes/klog@v2.90.1...v2.100.1) --- updated-dependencies: - dependency-name: k8s.io/klog/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/prometheus/client_golang (#566) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.15.0 to 1.15.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.15.0...v1.15.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 (#567) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.9.0 to 0.10.0. - [Commits](golang/net@v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/docker/distribution (#568) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](distribution/distribution@v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * go: build w/ Go 1.19.9 (#570) * Build w/ Go 1.19.9 * Add changelog entry * build(deps): bump golang.org/x/tools from 0.8.0 to 0.9.1 (#569) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.8.0 to 0.9.1. - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.8.0...v0.9.1) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/docker/docker (#571) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.5+incompatible to 23.0.6+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v23.0.5...v23.0.6) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>

dependabot bot added dependencies pr/no-changelog Skip the CI check that requires a changelog entry labels Apr 5, 2023

mikemorris enabled auto-merge (squash) April 7, 2023 20:12

mikemorris approved these changes Apr 10, 2023

View reviewed changes

mikemorris merged commit 37ec614 into main Apr 10, 2023

mikemorris deleted the dependabot/go_modules/github.com/docker/docker-23.0.3incompatible branch April 10, 2023 14:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump github.com/docker/docker from 23.0.2+incompatible to 23.0.3+incompatible #548

build(deps): bump github.com/docker/docker from 23.0.2+incompatible to 23.0.3+incompatible #548

dependabot bot commented on behalf of github Apr 5, 2023

build(deps): bump github.com/docker/docker from 23.0.2+incompatible to 23.0.3+incompatible #548

build(deps): bump github.com/docker/docker from 23.0.2+incompatible to 23.0.3+incompatible #548

Conversation

dependabot bot commented on behalf of github Apr 5, 2023

v23.0.3

23.0.3

Bug fixes and enhancements

Packaging Updates