Update module github.com/docker/docker/v23 to v24

This MR contains the following updates:

Package	Type	Update	Change
github.com/docker/docker/v23	require	major	v23.0.2 -> v24.0.4

---

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

---

Release Notes

docker/docker

v24.0.4

Compare Source

24.0.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.4 milestone
• moby/moby, 24.0.4 milestone

Bug fixes and enhancements

• Fix a regression introduced during 24.0.3 that causes a panic during live-restore of containers with bind mounts. moby/moby#​45903

v24.0.3

Compare Source

24.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.3 milestone
• moby/moby, 24.0.3 milestone

Bug fixes and enhancements

• containerd image store: Fix an issue where multi-platform images that did not include a manifest for the default platform could not be interacted with. moby/moby#​45849
• containerd image store: Fix specious attempts to cache FROM scratch in container builds. moby/moby#​45822
• containerd image store: Fix docker cp with snapshotters that cannot mount the same content multiple times. moby/moby#​45780, moby/moby#​45786
• containerd image store: Fix builds with type=image not being correctly unpacked/stored. moby/moby#​45692
• containerd image store: Fix incorrectly attempting to unpack pseudo-images (including attestations) in docker load. moby/moby#​45688
• containerd image store: Correctly set the user agent, and include additional information like the snapshotter when interacting with registries. moby/moby#​45671, moby/moby#​45684
• containerd image store: Fix a failure to unpack already-pulled content after switching between snapshotters. moby/moby#​45678
• containerd image store: Fix images that have been re-tagged or with all tags removed being pruned while still in use. moby/moby#​45857
• Fix a Swarm CSI issue where the Topology field was not propagated into NodeCSIInfo. moby/moby#​45810
• Fix failures to add new Swarm managers caused by a very large raft log. moby/moby#​45703, moby/swarmkit#​3122, moby/swarmkit#​3128
• name_to_handle_at(2) is now always allowed in the default seccomp profile. moby/moby#​45833
• Fix an issue that prevented encrypted Swarm overlay networks from working on ports other than the default (4789). moby/moby#​45637
• Fix a failure to restore mount reference-counts during live-restore. moby/moby#​45824
• Fix various networking-related failures during live-restore. moby/moby#​45658, moby/moby#​45659
• Fix running containers restoring with a zero (successful) exit status when the daemon is unexpectedly terminated. moby/moby#​45801
• Fix a potential panic while executing healthcheck probes. moby/moby#​45798
• Fix a panic caused by a race condition in container exec start. moby/moby#​45794
• Fix an exception caused by attaching a terminal to an exec with a non-existant command. moby/moby#​45643
• Fix host-gateway with BuildKit by passing the IP as a label (also requires docker/buildx#​1894). moby/moby#​45790
• Fix an issue where POST /containers/{id}/stop would forcefully terminate the container when the request was canceled, instead of waiting until the specified timeout for a 'graceful' stop. moby/moby#​45774
• Fix an issue where docker cp -a from the root (/) directory would fail. moby/moby#​45748
• Improve compatibility with non-runc container runtimes by more correctly setting resource constraint parameters in the OCI config. moby/moby#​45746
• Fix an issue caused by overlapping subuid/subgid ranges in certain configurations (e.g. LDAP) in rootless mode. moby/moby#​45747, rootless-containers/rootlesskit#​369
• Greatly reduce CPU and memory usage while populating the Debug section of GET /info. moby/moby#​45856
• Fix an issue where debug information was not correctly printed during docker info when only the client is in debug mode. docker/cli#​4393
• Fix issues related to hung connections when connecting to hosts over a SSH connection. docker/cli#​4395

Packaging updates

• Upgrade Go to go1.20.5. moby/moby#​45745, docker/cli#​4351, docker/docker-ce-packaging#​904
• Upgrade Compose to v2.19.1. docker/docker-ce-packaging#​916
• Upgrade buildx to v0.11.1. docker/docker-ce-packaging#​918

v24.0.2

Compare Source

24.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.2 milestone
• moby/moby, 24.0.2 milestone

Bug fixes and enhancements

• Fix a panic during build when referencing locally tagged images. moby/buildkit#​3899, moby/moby#​45582
• Fix builds potentially failing with exit code: 4294967295 when performing many concurrent build stages. moby/moby#​45620
• Fix DNS resolution on Windows ignoring etc/hosts (%WINDIR%\System32\Drivers\etc\hosts), including resolution of localhost. moby/moby#​45562
• Apply a workaround for a containerd bug that causes concurrent docker exec commands to take significantly longer than expected. moby/moby#​45625
• containerd image store: Fix an issue where the image Created field would contain an incorrect value. moby/moby#​45623
• containerd image store: Adjust the output of image pull progress so that the output has the same format regardless of whether the containerd image store is enabled. moby/moby#​45602
• containerd image store: Switching between the default and containerd image store now requires a daemon restart. moby/moby#​45616

v24.0.1

Compare Source

24.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.1 milestone
• moby/moby, 24.0.1 milestone

Removed

• Remove CLI completions for storage drivers removed in the 24.0 major release. docker/cli#​4302

Bug fixes and enhancements

• Fix an issue where DNS query NXDOMAIN replies from external servers were forwarded to the client as SERVFAIL. moby/moby#​45573
• Fix an issue where docker pull --platform would report No such image regarding another tag pointing to the same image. moby/moby#​45562
• Fix an issue where insecure registry configuration would be forgotten during config reload. moby/moby#​45571
• containerd image store: Fix an issue where images which have no layers would not be listed in docker images -a moby/moby#​45588
• API: Fix an issue where GET /images/{id}/json would return null instead of empty RepoTags and RepoDigests. moby/moby#​45564
• API: Fix an issue where POST /commit did not accept an empty request body. moby/moby#​45568

Packaging updates

• Upgrade Compose to v2.18.1. docker/docker-ce-packaging#​896

v24.0.0

Compare Source

24.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.0 milestone
• moby/moby, 24.0.0 milestone

New

• Introduce experimental support for containerd as the content store (replacing the existing storage drivers). moby/moby#​43735, other moby/moby pull requests
• The --host CLI flag now supports a path component in a ssh:// host address, allowing use of an alternate socket path without configuration on the remote host. docker/cli#​4073
• The docker info CLI command now reports a version and platform field. docker/cli#​4180
• Introduce the daemon flag --default-network-opt to configure options for newly created networks. moby/moby#​43197
• Restrict access to AF_VSOCK in the socket(2) family of syscalls in the default seccomp profile. moby/moby#​44562
• Introduce support for setting OCI runtime annotations on containers. docker/cli#​45025, moby/moby#​45025
• Alternative runtimes can now be configured in daemon.json, enabling runtime names to be aliased and options to be passed. moby/moby#​45032
• The docker-init binary will now be discovered in FHS-compliant libexec directories, in addition to the PATH. moby/moby#​45198
• API: Surface the daemon-level --no-new-privileges in GET /info. moby/moby#​45320

Removed

• docker info no longer reports IndexServiceAddress. docker/cli#​4204
• libnetwork: Remove fallback code for obsolete kernel versions. moby/moby#​44684, moby/moby#​44802
• libnetwork: Remove unused code related to classic Swarm. moby/moby#​44965
• libnetwork: Remove usage of the xt_u32 kernel module from encrypted Swarm overlay networks. moby/moby#​45281
• Remove support for buildkit's deprecated buildinfo in favor of standard provenance attestations. moby/moby#​45097
• Remove the deprecated AUFS and legacy overlay storage drivers. moby/moby#​45342, moby/moby#​45359
• Remove the deprecated overlay2.override_kernel_check storage driver option. moby/moby#​45368
• Remove workarounds for obsolete versions of apparmor_parser from the AppArmor profiles. moby/moby#​45500
• API: GET /images/json no longer represents empty RepoTags and RepoDigests as<none>:<none>/<none>@&#8203;<none>. Empty arrays are be returned instead on API >= 1.43. moby/moby#​45068

Deprecated

• Deprecate the --oom-score-adjust daemon option. moby/moby#​45315
• API: Deprecate the VirtualSize field in GET /images/json and GET /images/{id}/json. moby/moby#​45346

Bug fixes and enhancements

• The docker stack command no longer validates the build section of Compose files. docker/cli#​4214
• Fix lingering healthcheck processes after timeout is reached. moby/moby#​43739
• Reduce the overhead of container startup when using the overlay2 storage driver. moby/moby#​44285
• API: Handle multiple before= and since= filters in GET /images. moby/moby#​44503
• Fix numerous bugs in the embedded DNS resolver implementation used by user-defined networks. moby/moby#​44664
• Add execDuration field to the map of event attributes. moby/moby#​45494
• Swarm-level networks can now be created with the Windows internal, l2bridge, and nat drivers. moby/swarmkit#​3121, moby/moby#​45291

Packaging updates

• Update Go to 1.20.4. docker/cli#​4253, moby/moby#​45456
• Update containerd to v1.7.1. moby/moby#​45537
• Update buildkit to v0.11.6. moby/moby#​45367

v23.0.6

Compare Source

23.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 23.0.6 milestone
• moby/moby, 23.0.6 milestone

Bug fixes and enhancements

• Fix vfs storage driver not working on NFS. moby/moby#​45465

Packaging Updates

• Upgrade Go to 1.19.9. docker/docker-ce-packaging#​889, docker/cli#​4254, moby/moby#​45455
• Upgrade containerd to v1.6.21
• Upgrade runc to v1.1.7

v23.0.5

Compare Source

23.0.5

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 23.0.5 milestone
• moby/moby, 23.0.5 milestone

Bug fixes and enhancements

• Add the --all / -a option when pruning volumes. docker/cli#​4229
• Add --format=json for docker info. docker/cli#​4320
• Fix log loss with the AWSLogs log driver. moby/moby#​45350
• Fix a regression introduced in v23.0.4 where dockerd would refuse to start if the fixed-cidr config parameter is provided but not bip. moby/moby#​45403
• Fix a panic in libnetwork during daemon start moby/moby#​45376
• Fix "tag" event not being sent when an image is built with buildx. moby/moby#​45410

Packaging Updates

• Upgrade Compose to 2.17.3. docker/docker-ce-packaging#​883

v23.0.4

Compare Source

23.0.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 23.0.4 milestone
• moby/moby, 23.0.4 milestone

Bug fixes and enhancements

• Fix a performance regression in Docker CLI 23.0.0 docker/cli#​4141.
• Fix progress indicator on docker cp not functioning as intended docker/cli#​4157.
• Fix shell completion for docker compose --file docker/cli#​4177.
• Fix an error caused by incorrect handling of "default-address-pools" in daemon.json moby/moby#​45246.

Packaging Updates

• Fix missing packages for CentOS 9 Stream.
• Upgrade Go to 1.19.8. docker/docker-ce-packaging#​878, docker/cli#​4164, moby/moby#​45277, which contains fixes for CVE-2023-24537, CVE-2023-24538, CVE-2023-24534, and CVE-2023-24536

v23.0.3

Compare Source

23.0.3

Note

Due to an issue with CentOS 9 Stream's package repositories, packages for CentOS 9 are currently unavailable. Packages for CentOS 9 may be added later, or as part of the next (23.0.4) patch release.

Bug fixes and enhancements

• Fixed a number of issues that can cause Swarm encrypted overlay networks to fail to uphold their guarantees, addressing CVE-2023-28841, CVE-2023-28840, and CVE-2023-28842.
  • A lack of kernel support for encrypted overlay networks now reports as an error.
  • Encrypted overlay networks are eagerly set up, rather than waiting for multiple nodes to attach.
  • Encrypted overlay networks are now usable on Red Hat Enterprise Linux 9 through the use of the xt_bpf kernel module.
  • Users of Swarm overlay networks should review GHSA-vwm3-crmr-xfxw to ensure that unintentional exposure has not occurred.

Packaging Updates

• Update containerd to v1.6.20.
• Update runc to v1.1.5.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.