Update dependency docker/docker to v25.0.13

[renovate]

This PR contains the following updates:

Package	Update	Change
docker/docker	patch	25.0.2 → 25.0.13

---

Release Notes

docker/docker (docker/docker)

v25.0.13

Compare Source

25.0.13

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 25.0.13 milestone
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Prevent restoration of iptables rules for deleted networks and containers on firewalld reload. moby/moby#50445
• Fix Swarm services becoming unreachable from published ports after a firewalld reload. moby/moby#50445
• Improve the reliability of the Swarm overlay network control plane by fixing longstanding issues with NetworkDB. moby/moby#50511
• Improve the reliability of Swarm overlay container networks by fixing longstanding issues with the overlay network driver. moby/moby#50551

v25.0.12

Compare Source

25.0.12

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 25.0.12 milestone
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Fix an issue where all new tasks in the Swarm could get stuck in the PENDING state forever after scaling up a service with placement preferences. moby/moby#50203
• Fix an issue which made DNS service discovery for Swarm services unreliable. moby/moby#50230

Packaging updates

• Update Go toolchain to go1.23.9. moby/moby#50053

v25.0.11

Compare Source

25.0.11

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 25.0.11 milestone
• Changes to the Engine API, see API version history.

Networking

• [25.0] Backport network fixes by @​dperny in moby/moby#50005

Known Issues

• Some Swarm services are not discoverable over DNS moby/moby#50129

Full Changelog: moby/moby@v25.0.10...v25.0.11

v25.0.10

Compare Source

25.0.10

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 25.0.10 milestone
• Changes to the Engine API, see API version history.

Packaging updates

• [25.0] vendor: github.com/golang-jwt/jwt/v4 v4.5.2 by @​pendo324 in moby/moby#49790
• [25.0] Update remaining Ubuntu 20.04 GHA uses to 22.04 and 24.04 #​49775 by @​aepifanov in moby/moby#49804
• [25.0]Bump golang 1.23 by @​aepifanov in moby/moby#49967
• [25.0] Dockerfile: update containerd binary to v1.7.27 by @​aepifanov in moby/moby#49970

Full Changelog: moby/moby@v25.0.9...v25.0.10

v25.0.9

Compare Source

25.0.9

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 25.0.9 milestone
• Changes to the Engine API, see API version history.

Packaging updates

• [25.0 backport] ci: update bake-action to v6 by @​austinvazquez in moby/moby#49346
• [25.0 backport] ci: switch from jenkins to gha for arm64 build and tests (and set correct go version for branch) by @​thaJeztah in moby/moby#49321
• [25.0 backport] update to go1.22.11 (fix CVE-2024-45341, CVE-2024-45336) by @​austinvazquez in moby/moby#49345
• [25.0 backport] update to go1.22.12 by @​vvoland in moby/moby#49400
• [25.0 backport] Dockerfile: update runc binary to v1.2.5 by @​austinvazquez in moby/moby#49488

Full Changelog: moby/moby@v25.0.8...v25.0.9

v25.0.8

Compare Source

25.0.8

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• docker/cli, 25.0.8 milestone
• moby/moby, 25.0.8 milestone
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• [25.0 backport] volume/mounts: fix anonymous volume not being labeled by @​austinvazquez in moby/moby#48787
• [25.0 backport] daemon: use OwnCgroupPath in withCgroups by @​thaJeztah in moby/moby#48928
• [25.0 backport] Jenkinsfile: modprobe br_netfilter by @​thaJeztah in moby/moby#48997
• [25.0 backport] c8d/tag: Don't log a warning if the source image is not dangling by @​vvoland in moby/moby#49011
• [25.0 backport] Dockerd rootless: make {/etc,/var/run}/cdi available by @​thaJeztah in moby/moby#49029
• [25.0 backport] libnetwork/drivers/bridge: setupIPChains: fix defer checking wrong err by @​thaJeztah in moby/moby#49112

Packaging updates

• [25.0 backport] vendor: github.com/golang-jwt/jwt/v4@​v4.5.1 by @​austinvazquez in moby/moby#48920
• [25.0 backport] update xx to v1.6.1 for compatibility with alpine 3.21 by @​thaJeztah in moby/moby#49082
• [25.0 backport] Dockerfile: update containerd to v1.7.25 by @​austinvazquez in moby/moby#49268
• [25.0 backport] Dockerfile: update runc binary to v1.2.4 by @​austinvazquez in moby/moby#49269
• [25.0 backport] update to go1.22.10 by @​austinvazquez in moby/moby#49048

Full Changelog: moby/moby@v25.0.7...v25.0.8

v25.0.7

Compare Source

25.0.7

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 25.0.7 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• [25.0 backport] api: adjust health start interval on swarm update by @​austinvazquez in moby/moby#48253
• [25.0 backport] Move dockerd man page back from docker/cli by @​corhere in moby/moby#48379
• [25.0 backport] seccomp: add riscv64 mapping to seccomp_linux.go by @​gdams in moby/moby#48465
• [25.0 backport] Explicitly disable nvidia device injection for --gpus=0 by @​austinvazquez in moby/moby#48493
• [25.0 backport] man: dockerd: add description for --log-format option by @​thaJeztah in moby/moby#48507
• [25.0 backport] cmd/dockerd: Add workaround for OTEL meter leak by @​austinvazquez in moby/moby#48711
• [25.0 backport] Fix: setup user chains during libnetwork controller initialization by @​pendo324 in moby/moby#48717

Packaging updates

• [25.0 backport] bump containerd v1.7.22 by @​dperny in moby/moby#48548
• [25.0 backport] update to go1.22.8 by @​austinvazquez in moby/moby#48582

Full Changelog: moby/moby@v25.0.6...v25.0.7

v25.0.6

Compare Source

25.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 25.0.6 milestone
• moby/moby, 25.0.6 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq that impacted setups using authorization plugins (AuthZ) for access control.

Bug fixes and enhancements

• [25.0] remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47695
• [25.0 backport] Fix a nil dereference when getting image history for images having layers without the Created value set. moby/moby#47759
• [25.0 backport] apparmor: Allow confined runc to kill containers. moby/moby#47830
• [25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. moby/moby#47869
• [25.0 backport] don't depend on containerd platform.Parse to return a typed error. moby/moby#47890
• [25.0 backport] builder/mobyexporter: Add missing nil check moby/moby#47987

Packaging updates

• Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver. moby/moby#47724
• Update Go runtime to 1.21.12, which contains security fixes for CVE-2024-24791 moby/moby#48146
• Update Containerd (static binaries only) to v1.7.20. moby/moby#48199

Full Changelog: moby/moby@v25.0.5...v25.0.6

v25.0.5

Compare Source

25.0.5

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 25.0.5 milestone
• moby/moby, 25.0.5 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.

Bug fixes and enhancements

• CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
• plugin: fix mounting /etc/hosts when running in UserNS. moby/moby#47588
• rootless: fix open /etc/docker/plugins: permission denied. moby/moby#47587
• Fix multiple parallel docker build runs leaking disk space. moby/moby#47527

v25.0.4

Compare Source

25.0.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 25.0.4 milestone
• moby/moby, 25.0.4 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Restore DNS names for containers in the default "nat" network on Windows. moby/moby#47490
• Fix docker start failing when used with --checkpoint moby/moby#47466
• Don't enforce new validation rules for existing swarm networks moby/moby#47482
• Restore IP connectivity between the host and containers on an internal bridge network. moby/moby#47481
• Fix a regression introduced in v25.0 that prevented the classic builder from ADDing a tar archive with xattrs created on a non-Linux OS moby/moby#47483
• containerd image store: Fix image pull not emitting Pulling fs layer status moby/moby#47484

API

• To preserve backwards compatibility, make read-only mounts not recursive by default when using older clients (API version < v1.44). moby/moby#47393
• GET /images/{id}/json omits the Created field (previously it was 0001-01-01T00:00:00Z) if the Created field is missing from the image config. moby/moby#47451
• Populate a missing Created field in GET /images/{id}/json with 0001-01-01T00:00:00Z for API version <= 1.43. moby/moby#47387
• Fix a regression that caused API socket connection failures to report an API version negotiation failure instead. moby/moby#47470
• Preserve supplied endpoint configuration in a container-create API request, when a container-wide MAC address is specified, but NetworkMode name-or-id is not the same as the name-or-id used in NetworkSettings.Networks. moby/moby#47510

Packaging updates

• Upgrade Go runtime to 1.21.8. moby/moby#47503
• Upgrade RootlessKit to v2.0.2. moby/moby#47508
• Upgrade Compose to v2.24.7. docker/docker-ce-packaging#998
• Upgrade Buildx to v0.13.0. docker/docker-ce-packaging#997

Full Changelog: moby/moby@v25.0.3...v25.0.4

v25.0.3

Compare Source

25.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 25.0.3 milestone
• moby/moby, 25.0.3 milestone

Bug fixes and enhancements

• containerd image store: Fix a bug where docker image history would fail if a manifest wasn't found in the content store. moby/moby#47348

• Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47304

  Note

  • Containers created with Docker Engine version 25.0.0 may have duplicate MAC addresses.
    They must be re-created.
  • Containers with user-defined MAC addresses created with Docker Engine versions 25.0.0 or 25.0.1
    receive new MAC addresses when started using Docker Engine version 25.0.2.
    They must also be re-created.

• Fix docker save <image>@&#8203;<digest> producing an OCI archive with index without manifests. moby/moby#47294
• Fix a bug preventing bridge networks from being created with an MTU higher than 1500 on RHEL and CentOS 7. moby/moby#47308, moby/moby#47311
• Fix a bug where containers are unable to communicate over an internal network. moby/moby#47303
• Fix a bug where the value of the ipv6 daemon option was ignored. moby/moby#47310
• Fix a bug where trying to install a pulling using a digest revision would cause a panic. moby/moby#47323
• Fix a potential race condition in the managed containerd supervisor. moby/moby#47313
• Fix an issue with the journald log driver preventing container logs from being followed correctly with systemd version 255. moby/moby47243
• seccomp: Update the builtin seccomp profile to include syscalls added in kernel v5.17 - v6.7 to align the profile with the profile used by containerd. moby/moby#47341
• Windows: Fix cache not being used when building images based on Windows versions older than the host's version. moby/moby#47307, moby/moby#47337

Packaging updates

• Removed support for Ubuntu Lunar (23.04). docker/ce-packaging#986

---

Configuration

📅 Schedule: Branch creation - "after 6am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.