build(deps): bump the dependencies group across 1 directory with 5 updates #4986

dependabot · 2025-06-01T02:04:21Z

Bumps the dependencies group with 4 updates in the / directory: github.com/docker/cli, github.com/docker/docker, github.com/go-git/go-git/v5 and dario.cat/mergo.

Updates github.com/docker/cli from 28.0.4+incompatible to 28.2.2+incompatible

Commits

e6534b4 Merge pull request #6116 from vvoland/vendor-docker
5c3128e vendor: github.com/docker/docker v28.2.2-dev (45873be4ae3f)
879ac3f Merge pull request #6110 from thaJeztah/bump_engine
92fa1e1 vendor: github.com/docker/docker 0e2cc22d36ae (v28.2-dev)
4bec3a6 Merge pull request #6114 from thaJeztah/deprecate_non_compliant_registries
a007d1a Merge pull request #6113 from thaJeztah/config_suppress_err
bbfbd54 docs: deprecated: fallback for non-OCI-compliant registries is removed
2d21e1f cli/config/configfile: explicitly ignore error
bc9be0b Merge pull request #6112 from thaJeztah/bump_tools
3fe7dc5 Dockerfile: update compose to v2.36.2
Additional commits viewable in compare view

Updates github.com/docker/docker from 28.0.4+incompatible to 28.2.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

28.2.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.2.2 milestone

moby/moby, 28.2.2 milestone

Bug fixes and enhancements

containerd image store: Fix a regression causing docker build --push to fail. This reverts the fix for docker build not persisting overridden images as dangling. moby/moby#50105

Networking

When creating the iptables DOCKER-USER chain, do not add an explicit RETURN rule, allowing users to append as well as insert their own rules. Existing rules are not removed on upgrade, but it won't be replaced after a reboot. moby/moby#50098

28.2.1

Packaging updates

Fix packaging regression in v28.2.0 which broke creating the docker group/user on fresh installations. docker-ce-packaging#1209

28.2.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.2.0 milestone

moby/moby, 28.2.0 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

[!NOTE] RHEL packages are currently not available and will be released later.

New

Add {{.Platform}} as formatting option for docker ps to show the platform of the image the container is running. docker/cli#6042

Add support for relative parent paths (../) on bind mount sources when using docker run/create with -v/--volume or --mount type=bind options. docker/cli#4966

CDI is now enabled by default. moby/moby#49963

Show discovered CDI devices in docker info. docker/cli#6078

docker image rm: add --platform option to remove a variant from multi-platform images. docker/cli#6109

containerd image store: Initial BuildKit support for building Windows container images on Windows (requires an opt-in with DOCKER_BUILDKIT=1). moby/moby#49740

Bug fixes and enhancements

Add a new log option for fluentd log driver (fluentd-write-timeout), which enables specifying wr 8000 ite timeouts for fluentd connections. moby/moby#49911

Add support for DOCKER_AUTH_CONFIG for the experimental --use-api-socket option. docker/cli#6019

Fix docker exec waiting for 10 seconds if a non-existing user or group was specified. moby/moby#49868

Fix docker swarm init ignoring cacert option of --external-ca. docker/cli#5995

Fix an issue where the CLI would not correctly save the configuration file (~/.docker/config.json) if it was a relative symbolic link. docker/cli#5282

Fix containers with --restart always policy using CDI devices failing to start on daemon restart. moby/moby#49990

... (truncated)

Commits

45873be Merge pull request #50105 from jsternberg/revert-build-dangling
7994426 Revert "containerd: images overridden by a build are kept dangling"
f144264 Merge pull request #50090 from corhere/libn/overlay-netip
768cfae Merge pull request #50050 from robmry/nftables_internal_dns
d3289dd Add nftables NAT rules for internal DNS resolver
7a0bf74 Merge pull request #50038 from ctalledo/fix-for-50037
b43afbf Merge pull request #50098 from robmry/remove_docker-user_return_rule
c299ba3 Update worker.Platforms() in builder-next worker.
0e2cc22 Merge pull request #50049 from robmry/nftables_env_var_enable
e37efd4 Merge pull request #50068 from mmorel-35/github.com/containerd/errdefs
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.14.0 to 5.16.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.0

What's Changed

[v5] plumbing: support mTLS for HTTPS protocol by @hiddeco in go-git/go-git#1510

v5: plumbing: transport, Reintroduce SetHostKeyCallback. Fix #1514 by @pjbgf in go-git/go-git#1515

Full Changelog: go-git/go-git@v5.15.0...v5.16.0

v5.15.0

What's Changed

plumbing: add cert auth support to releases/v5.x by @Javier-varez in go-git/go-git#1482

v5: Bump dependencies by @pjbgf in go-git/go-git#1505

Full Changelog: go-git/go-git@v5.14.0...v5.15.0

Commits

6d4a5c6 Merge pull request #1515 from pjbgf/regre
beedd6b plumbing: transport, Reintroduce SetHostKeyCallback. Fix #1514
763ce2e Merge pull request #1510 from hiddeco/mtls-support
5320e1b plumbing: surface transport configuration errors
9bbc93b plumbing: fix unintended pointer mutation in test
f3783f4 plumbing: support mTLS for HTTPS protocol
6f444d3 Merge pull request #1505 from pjbgf/bump
9996069 v5: Bump dependencies
768fda7 Merge pull request #1482 from Javier-varez/add-cert-auth-support-v5.x
ba9d693 plumbing: support setting custom host key algorithms along with host key call...
Additional commits viewable in compare view

Updates golang.org/x/term from 0.30.0 to 0.31.0

Commits

5d2308b go.mod: update golang.org/x dependencies
e770ddd x/term: disabling auto-completion around GetPassword()
See full diff in compare view

Updates dario.cat/mergo from 1.0.1 to 1.0.2

Release notes

Sourced from dario.cat/mergo's releases.

v1.0.2

What's Changed

Drops gopkg.in/yaml.v3, only used for loading fixtures. Thanks @trim21 for bringing to my attention (#262) that this library is no longer maintained.

Full Changelog: darccio/mergo@v1.0.1...v1.0.2

Commits

7b33b2b refactor: migrate from YAML to JSON for test data and update related functions
229a214 chore(.well-known): add funding manifest URLs file
6be20c6 chore(SECURITY.md): update supported versions to reflect current versioning
9007623 chore(README) : remove kubernetes from the list of users
2b1eb9c Update FUNDING.yml
2ceb994 Create FUNDING.json
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…dates Bumps the dependencies group with 4 updates in the / directory: [github.com/docker/cli](https://github.com/docker/cli), [github.com/docker/docker](https://github.com/docker/docker), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [dario.cat/mergo](https://github.com/imdario/mergo). Updates `github.com/docker/cli` from 28.0.4+incompatible to 28.2.2+incompatible - [Commits](docker/cli@v28.0.4...v28.2.2) Updates `github.com/docker/docker` from 28.0.4+incompatible to 28.2.2+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.0.4...v28.2.2) Updates `github.com/go-git/go-git/v5` from 5.14.0 to 5.16.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.14.0...v5.16.0) Updates `golang.org/x/term` from 0.30.0 to 0.31.0 - [Commits](golang/term@v0.30.0...v0.31.0) Updates `dario.cat/mergo` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/imdario/mergo/releases) - [Commits](darccio/mergo@v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 28.2.2+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/docker/docker dependency-version: 28.2.2+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: golang.org/x/term dependency-version: 0.31.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: dario.cat/mergo dependency-version: 1.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

codecov · 2025-06-01T02:22:00Z

Codecov Report

Attention: Patch coverage is 90.90909% with 2 lines in your changes missing coverage. Please review.

Project coverage is 74.70%. Comparing base (bd4bc99) to head (81ca08b).
Report is 7 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/container/docker_cli.go	94.73%	0 Missing and 1 partial ⚠️
pkg/container/docker_images.go	50.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4986      +/-   ##
==========================================
+ Coverage   74.65%   74.70%   +0.05%     
==========================================
  Files          73       73              
  Lines       11139    11158      +19     
==========================================
+ Hits         8316     8336      +20     
  Misses       2186     2186              
+ Partials      637      636       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

* do not use deprecated types / functions

github-actions · 2025-06-02T13:01:34Z

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Errors	Elapsed time
✅ EDITORCONFIG	editorconfig-checker	4	0	0.01s
✅ REPOSITORY	gitleaks	yes	no	2.73s
✅ REPOSITORY	git_diff	yes	no	0.01s
✅ REPOSITORY	grype	yes	no	10.77s
✅ REPOSITORY	secretlint	yes	no	1.25s
✅ REPOSITORY	trivy-sbom	yes	no	0.38s
✅ REPOSITORY	trufflehog	yes	no	3.88s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 1, 2025

pull-request-size bot added the size/M label Jun 1, 2025

mergify bot added the needs-work Extra attention is needed label Jun 1, 2025

chore(deps): Migrate docker api usage

80691ea

* do not use deprecated types / functions

mergify bot removed the needs-work Extra attention is needed label Jun 2, 2025

Merge branch 'master' into dependabot/go_modules/dependencies-502eada1d6

81ca08b

mergify bot merged commit 1622c21 into master Jun 2, 2025
12 checks passed

mergify bot deleted the dependabot/go_modules/dependencies-502eada1d6 branch June 2, 2025 17:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

build(deps): bump the dependencies group across 1 directory with 5 updates #4986

build(deps): bump the dependencies group across 1 directory with 5 updates #4986

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

build(deps): bump the dependencies group across 1 directory with 5 updates #4986

build(deps): bump the dependencies group across 1 directory with 5 updates #4986

Conversation

28.2.2

Bug fixes and enhancements

Networking

28.2.1

Packaging updates

28.2.0

New

Bug fixes and enhancements

v5.16.0

What's Changed

v5.15.0

What's Changed

v1.0.2

What's Changed

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

🦙 MegaLinter status: ✅ SUCCESS

Uh oh!

Uh oh!

Uh oh!