nemunaire/minifaas
Archived
1
0
Fork 0
Code Issues Pull requests 3 Releases Activity

Update module github.com/docker/docker to v20.10.8 #2

Merged
nemunaire merged 1 commit from renovate/github.com-docker-docker-20.x into master 2021-08-18 07:48:47 +00:00
Conversation 0 Commits 1 Files changed 2 +3 -1
renovate-bot commented 2021-08-17 18:43:12 +00:00
Contributor
Copy link

This PR contains the following updates:

Package Type Update Change
github.com/docker/docker require patch v20.10.6+incompatible -> v20.10.8

Release Notes

docker/docker

v20.10.8

Compare Source

20.10.8

IMPORTANT

Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs. Refer to the HTTP/HTTPS proxy section in the documentation to learn how to configure the Docker Daemon to use a proxy server.

Deprecation
  • Deprecate support for encrypted TLS private keys. Legacy PEM encryption as
    specified in RFC 1423 is insecure by design. Because it does not authenticate
    the ciphertext, it is vulnerable to padding oracle attacks that can let an
    attacker recover the plaintext. Support for encrypted TLS private keys is now
    marked as deprecated, and will be removed in an upcoming release. docker/cli#​3219
  • Deprecate Kubernetes stack support. Following the deprecation of Compose on Kubernetes,
    support for Kubernetes in the stack and context commands in the Docker CLI
    is now marked as deprecated, and will be removed in an upcoming release docker/cli#​3174.
Client
Rootless
  • Avoid can't open lock file /run/xtables.lock: Permission denied error on
    SELinux hosts moby/moby#​42462.
  • Disable overlay2 when running with SELinux to prevent permission denied errors moby/moby#​42462.
  • Fix x509: certificate signed by unknown authority error on openSUSE Tumbleweed moby/moby#​42462.
Runtime
  • Print a warning when using the --platform option to pull a single-arch image
    that does not match the specified architecture moby/moby#​42633.
  • Fix incorrect Your kernel does not support swap memory limit warning when
    running with cgroups v2 moby/moby#​42479.
  • Windows: Fix a situation where containers were not stopped if HcsShutdownComputeSystem
    returned an ERROR_PROC_NOT_FOUND error moby/moby#​42613

Swarm

  • Fix a possibility where overlapping IP addresses could exist as a result of the
    node failing to clean up its old loadbalancer IPs moby/moby#​42538
  • Fix a deadlock in log broker ("dispatcher is stopped") moby/moby#​42537
Packaging

Known issue

The ctr binary shipping with the static packages of this release is not
statically linked, and will not run in Docker images using alpine as a base
image. Users can install the libc6-compat package, or download a previous
version of the ctr binary as a workaround. Refer to the containerd ticket
related to this issue for more details: containerd/containerd#​5824.

v20.10.7

Compare Source

20.10.7

Client
  • Suppress warnings for deprecated cgroups docker/cli#​3099.
  • Prevent sending SIGURG signals to container on Linux and macOS. The Go runtime
    (starting with Go 1.14) uses SIGURG signals internally as an interrupt to
    support preemptable syscalls. In situations where the Docker CLI was attached
    to a container, these interrupts were forwarded to the container. This fix
    changes the Docker CLI to ignore SIGURG signals docker/cli#​3107,
    moby/moby#​42421.
Builder
  • Update BuildKit to version v0.8.3-3-g244e8cde moby/moby#​42448:
    • Transform relative mountpoints for exec mounts in the executor to work around
      a breaking change in runc v1.0.0-rc94 and up. moby/buildkit#​2137.
    • Add retry on image push 5xx errors. moby/buildkit#​2043.
    • Fix build-cache not being invalidated when renaming a file that is copied using
      a COPY command with a wildcard. Note that this change invalidates
      existing build caches for copy commands that use a wildcard. moby/buildkit#​2018.
    • Fix build-cache not being invalidated when using mounts moby/buildkit#​2076.
  • Fix build failures when FROM image is not cached when using legacy schema 1 images moby/moby#​42382.
Logging
Rootless
  • Fix capabilities not being honored when an image was built on a daemon with
    user-namespaces enabled moby/moby#​42352.
Networking
  • Update libnetwork to fix publishing ports on environments with kernel boot
    parameter ipv6.disable=1, and to fix a deadlock causing internal DNS lookups
    to fail moby/moby#​42413.
Contrib
  • Update rootlesskit to v0.14.2 to fix a timeout when starting the userland proxy
    with the slirp4netns port driver moby/moby#​42294.
  • Fix "Device or resource busy" errors when running docker-in-docker on a rootless
    daemon moby/moby#​42342.
Packaging

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/docker/docker](https://github.com/docker/docker) | require | patch | `v20.10.6+incompatible` -> `v20.10.8` | --- ### Release Notes <details> <summary>docker/docker</summary> ### [`v20.10.8`](https://github.com/docker/docker/releases/v20.10.8) [Compare Source](https://github.com/docker/docker/compare/v20.10.7...v20.10.8) #### 20.10.8 > **IMPORTANT** > > Due to [net/http changes](https://github.com/golang/go/issues/40909) in [Go 1.16](https://golang.org/doc/go1.16#net/http), HTTP proxies configured through the `$HTTP_PROXY` environment variable are no longer used for TLS (`https://`) connections. Make sure you also set an `$HTTPS_PROXY` environment variable for handling requests to `https://` URLs. Refer to the [HTTP/HTTPS proxy section in the documentation](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy) to learn how to configure the Docker Daemon to use a proxy server. ##### Deprecation - Deprecate support for encrypted TLS private keys. Legacy PEM encryption as specified in RFC 1423 is insecure by design. Because it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. Support for encrypted TLS private keys is now marked as deprecated, and will be removed in an upcoming release. [docker/cli#&#8203;3219](https://github.com/docker/cli/pull/3219) - Deprecate Kubernetes stack support. Following the deprecation of [Compose on Kubernetes](https://github.com/docker/compose-on-kubernetes), support for Kubernetes in the `stack` and `context` commands in the Docker CLI is now marked as deprecated, and will be removed in an upcoming release [docker/cli#&#8203;3174](https://github.com/docker/cli/pull/3174). ##### Client - Fix `Invalid standard handle identifier` errors on Windows [docker/cli#&#8203;3132](https://github.com/docker/cli/pull/3132). ##### Rootless - Avoid `can't open lock file /run/xtables.lock: Permission denied` error on SELinux hosts [moby/moby#&#8203;42462](https://github.com/moby/moby/pull/42462). - Disable overlay2 when running with SELinux to prevent permission denied errors [moby/moby#&#8203;42462](https://github.com/moby/moby/pull/42462). - Fix `x509: certificate signed by unknown authority` error on openSUSE Tumbleweed [moby/moby#&#8203;42462](https://github.com/moby/moby/pull/42462). ##### Runtime - Print a warning when using the `--platform` option to pull a single-arch image that does not match the specified architecture [moby/moby#&#8203;42633](https://github.com/moby/moby/pull/42633). - Fix incorrect `Your kernel does not support swap memory limit` warning when running with cgroups v2 [moby/moby#&#8203;42479](https://github.com/moby/moby/pull/42479). - Windows: Fix a situation where containers were not stopped if `HcsShutdownComputeSystem` returned an `ERROR_PROC_NOT_FOUND` error [moby/moby#&#8203;42613](https://github.com/moby/moby/pull/42613) #### Swarm - Fix a possibility where overlapping IP addresses could exist as a result of the node failing to clean up its old loadbalancer IPs [moby/moby#&#8203;42538](https://github.com/moby/moby/pull/42538) - Fix a deadlock in log broker ("dispatcher is stopped") [moby/moby#&#8203;42537](https://github.com/moby/moby/pull/42537) ##### Packaging > **Known issue** > > The `ctr` binary shipping with the static packages of this release is not > statically linked, and will not run in Docker images using alpine as a base > image. Users can install the `libc6-compat` package, or download a previous > version of the `ctr` binary as a workaround. Refer to the containerd ticket > related to this issue for more details: [containerd/containerd#&#8203;5824](https://github.com/containerd/containerd/issues/5824). - Remove packaging for Ubuntu 16.04 "Xenial" and Fedora 32, as they reached EOL [docker/docker-ce-packaging#&#8203;560](https://github.com/docker/docker-ce-packaging/pull/560) - Update Golang runtime to Go 1.16.6 - Update the bundled buildx version to v0.6.1 for rpm and deb packages [docker/docker-ce-packaging#&#8203;562](https://github.com/docker/docker-ce-packaging/pull/562) - Update static binaries and containerd.io rpm and deb packages to containerd v1.4.9 and runc v1.0.1: [docker/containerd-packaging#&#8203;241](https://github.com/docker/containerd-packaging/pull/241), [docker/containerd-packaging#&#8203;245](https://github.com/docker/containerd-packaging/pull/245), [docker/containerd-packaging#&#8203;247](https://github.com/docker/containerd-packaging/pull/247). ### [`v20.10.7`](https://github.com/docker/docker/releases/v20.10.7) [Compare Source](https://github.com/docker/docker/compare/v20.10.6...v20.10.7) #### 20.10.7 ##### Client - Suppress warnings for deprecated cgroups [docker/cli#&#8203;3099](https://github.com/docker/cli/pull/3099). - Prevent sending `SIGURG` signals to container on Linux and macOS. The Go runtime (starting with Go 1.14) uses `SIGURG` signals internally as an interrupt to support preemptable syscalls. In situations where the Docker CLI was attached to a container, these interrupts were forwarded to the container. This fix changes the Docker CLI to ignore `SIGURG` signals [docker/cli#&#8203;3107](https://github.com/docker/cli/pull/3107), [moby/moby#&#8203;42421](https://github.com/moby/moby/pull/42421). ##### Builder - Update BuildKit to version v0.8.3-3-g244e8cde [moby/moby#&#8203;42448](https://github.com/moby/moby/pull/42448): - Transform relative mountpoints for exec mounts in the executor to work around a breaking change in runc v1.0.0-rc94 and up. [moby/buildkit#&#8203;2137](https://github.com/moby/buildkit/pull/2137). - Add retry on image push 5xx errors. [moby/buildkit#&#8203;2043](https://github.com/moby/buildkit/pull/2043). - Fix build-cache not being invalidated when renaming a file that is copied using a `COPY` command with a wildcard. Note that this change invalidates existing build caches for copy commands that use a wildcard. [moby/buildkit#&#8203;2018](https://github.com/moby/buildkit/pull/2018). - Fix build-cache not being invalidated when using mounts [moby/buildkit#&#8203;2076](https://github.com/moby/buildkit/pull/2076). - Fix build failures when `FROM` image is not cached when using legacy schema 1 images [moby/moby#&#8203;42382](https://github.com/moby/moby/pull/42382). ##### Logging - Update the hcsshim SDK to make daemon logs on Windows less verbose [moby/moby#&#8203;42292](https://github.com/moby/moby/pull/42292). ##### Rootless - Fix capabilities not being honored when an image was built on a daemon with user-namespaces enabled [moby/moby#&#8203;42352](https://github.com/moby/moby/pull/42352). ##### Networking - Update libnetwork to fix publishing ports on environments with kernel boot parameter `ipv6.disable=1`, and to fix a deadlock causing internal DNS lookups to fail [moby/moby#&#8203;42413](https://github.com/moby/moby/pull/42413). ##### Contrib - Update rootlesskit to v0.14.2 to fix a timeout when starting the userland proxy with the `slirp4netns` port driver [moby/moby#&#8203;42294](https://github.com/moby/moby/pull/42294). - Fix "Device or resource busy" errors when running docker-in-docker on a rootless daemon [moby/moby#&#8203;42342](https://github.com/moby/moby/pull/42342). ##### Packaging - Update containerd to v1.4.6, runc v1.0.0-rc95 to address [CVE-2021-30465](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30465) [moby/moby#&#8203;42398](https://github.com/moby/moby/pull/42398), [moby/moby#&#8203;42395](https://github.com/moby/moby/pull/42395), [ocker/containerd-packaging#&#8203;234](https://github.com/docker/containerd-packaging/pull/234) - Update containerd to v1.4.5, runc v1.0.0-rc94 [moby/moby#&#8203;42372](https://github.com/moby/moby/pull/42372), [moby/moby#&#8203;42388](https://github.com/moby/moby/pull/42388), [docker/containerd-packaging#&#8203;232](https://github.com/docker/containerd-packaging/pull/232). - Update Docker Scan plugin packages (`docker-scan-plugin`) to v0.8 [docker/docker-ce-packaging#&#8203;545](https://github.com/docker/docker-ce-packaging/pull/545). </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
renovate-bot force-pushed renovate/github.com-docker-docker-20.x from 9f9f0892bf to 7f6f9b8c8c 2021-08-17 22:08:03 +00:00 Compare
nemunaire merged commit 7f6f9b8c8c into master 2021-08-18 07:48:46 +00:00
Commenting is not possible because the repository is archived.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
nemunaire/minifaas!2
No description provided.