Bump the go_modules group across 1 directory with 6 updates

[dependabot]

Bumps the go_modules group with 6 updates in the / directory:

Package	From	To
github.com/containerd/containerd	1.7.11	1.7.15
github.com/docker/distribution	2.8.2+incompatible	2.8.3+incompatible
github.com/docker/docker	24.0.9+incompatible	26.0.1+incompatible
github.com/quic-go/quic-go	0.38.1	0.42.0
golang.org/x/image	0.10.0	0.15.0
google.golang.org/grpc	1.59.0	1.63.2

Updates github.com/containerd/containerd from 1.7.11 to 1.7.15

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.15

Welcome to the v1.7.15 release of containerd!

The fifteenth patch release for containerd 1.7 contains various fixes; one for a regression introduced in v1.7.14 in the way process exits were handled.

Highlights

• Adds mediatype to OCI index record on export (#9990)

Runtime

• Fix runc shim to only defer init process exits (#10037)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Phil Estes
• Austin Vazquez
• Laura Brehm
• Sebastiaan van Stijn
• Talon

Changes

• Prepare for v1.7.15 release (#10039)
  • 4d4759b54 Prep v1.7.15 release
• Fix runc shim to only defer init process exits (#10037)
  • 21df46766 runc-shim: only defer init process exits
• Fix compile from version control system (source) use case (#10012)
  • 2a054213e Fix compile from version control system (source) use case
• Adds mediatype to OCI index record on export (#9990)
  • 6605c47a4 adds mediatype to oci index record
• vendor: google.golang.org/protobuf 1.33.0, github.com/golang/protobuf v1.5.4 (#9975)
  • e6d91d843 vendor: github.com/golang/protobuf v1.5.4
  • 2d136c5f5 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
  • a1a7af7a3 build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0

Dependency Changes

• github.com/golang/protobuf v1.5.3 -> v1.5.4
• google.golang.org/protobuf v1.31.0 -> v1.33.0

... (truncated)

Commits

• 926c958 Merge pull request #10039 from estesp/prep-1.7.15
• 4d4759b Prep v1.7.15 release
• 52fc8ab Merge pull request #10037 from laurazard/backport-1.7-exec-fix
• 21df467 runc-shim: only defer init process exits
• 0dcf21c Merge pull request #10012 from austinvazquez/release-1.7-fix-offline-compilation
• 2a05421 Fix compile from version control system (source) use case
• ec5222f Merge pull request #9990 from daghack/oci-add-mediatype-1.7
• 6605c47 adds mediatype to oci index record
• be5ec97 Merge pull request #9975 from thaJeztah/1.7_bump_protobuf
• e6d91d8 vendor: github.com/golang/protobuf v1.5.4
• Additional commits viewable in compare view

Updates github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible

Release notes

Sourced from github.com/docker/distribution's releases.

v2.8.3

What's Changed

• Pass BUILDTAGS argument to go build by @​marcusirgens in distribution/distribution#3926
• Enable Go build tags by @​thaJeztah in distribution/distribution#4009
• reference: replace deprecated function SplitHostname by @​thaJeztah in distribution/distribution#4032
• Dont parse errors as JSON unless Content-Type is set to JSON by @​thaJeztah in distribution/distribution#4054
• update to go 1.20.8 by @​thaJeztah in distribution/distribution#4056
• Set Content-Type header in registry client ReadFrom by @​thaJeztah in distribution/distribution#4053
• deprecate reference package, migrate to github.com/distribution/reference by @​thaJeztah in distribution/distribution#4063
• digestset: deprecate package in favor of go-digest/digestset by @​thaJeztah in distribution/distribution#4064
• Do not close HTTP request body in HTTP handler by @​milosgajdos in distribution/distribution#4068
• Add v2.8.3 release notes by @​milosgajdos in distribution/distribution#4088

New Contributors

• @​marcusirgens made their first contribution in distribution/distribution#3926

Full Changelog: distribution/distribution@v2.8.2...v2.8.3

Commits

• 4772604 Merge pull request #4088 from distribution/2.8.3-release-notes
• a4fa699 Add v2.8.3 release notes
• 1eb2c30 Merge pull request #4068 from milosgajdos/2_8-dont-close-request-body
• 5e6b1b5 Do not close HTTP request body in HTTP handler
• 2b76378 Merge pull request #4064 from thaJeztah/2.8_backport_nodigestset
• 29b00e8 digestset: deprecate package in favor of go-digest/digestset
• d1ab243 [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0
• 11eb419 Merge pull request #4063 from thaJeztah/2.8_backport_switch_reference
• 3dda067 deprecate reference package, migrate to github.com/distribution/reference
• da05539 Merge pull request #4053 from thaJeztah/2.8_backport_set-content-type-client-...
• Additional commits viewable in compare view

Updates github.com/docker/docker from 24.0.9+incompatible to 26.0.1+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v26.0.1

26.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.0.1 milestone
• moby/moby, 26.0.1 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Fix a regression that meant network interface specific --sysctl options prevented container startup. moby/moby#47646
• Remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47694
• containerd image store: OCI archives produced by docker save will now have a non-empty mediaType field in index.json moby/moby#47701
• Fix a regression that prevented the internal resolver from forwarding requests from IPvlan L3 networks to external resolvers. moby/moby#47705
• Prevent the use of external resolvers in IPvlan and Macvlan networks created with no parent interface specified. moby/moby#47705

Packaging updates

• Update Go runtime to 1.21.9 moby/moby#47671, docker/cli#4987
• Update Compose to v1.26.1 , docker/docker-ce-packaging#1009
• Update containerd to v1.7.15 (static binaries only) moby/moby#47692

v26.0.0

26.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.0.0 milestone
• moby/moby, 26.0.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a security fix for [CVE-2024-29018], a potential data exfiltration from 'internal' networks via authoritative DNS servers.

New

• Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume. moby/moby#45687
• Add volume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>). docker/cli#4331
• Accept = separators and [ipv6] in compose files for docker stack deploy. docker/cli#4860
• rootless: Add support for enabling host loopback by setting the DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable to false (defaults to true). This lets containers connect to the host by using IP address 10.0.2.2. moby/moby#47352
• containerd image store: docker image ls no longer creates duplicates entries for multi-platform images. moby/moby#45967
• containerd image store: Send Prometheus metrics. moby/moby#47555

Bug fixes and enhancements

• [CVE-2024-29018]: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
• Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47233

... (truncated)

Commits

• 60b9add Merge pull request #47705 from robmry/backport-26.0/47662_ipvlan_l3_dns
• 8ad7f86 Run ipvlan tests even if 'modprobe ipvlan' fails
• dc27552 Stop macvlan with no parent from using ext-dns
• 7b570f0 Enable DNS proxying for ipvlan-l3
• 8cdcc4f Move dummy DNS server to integration/internal/network
• ed752f6 Merge pull request #47701 from vvoland/v26.0-47691
• 9db1b6f Merge pull request #47702 from vvoland/v26.0-47647
• 6261281 Merge pull request #47700 from vvoland/v26.0-47673
• 90355e5 Merge pull request #47696 from vvoland/v26.0-47658
• 72615b1 github/ci: Check if backport is opened against the expected branch
• Additional commits viewable in compare view

Updates github.com/quic-go/quic-go from 0.38.1 to 0.42.0

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.42.0

New Features

• added a qlog tracer for events that happen before / outside of established connection: #4305

Notable Changes

• added a ClientHelloInfo.AddrVerified field: #4360
• move callback controlling address verification (VerifySourceAddress) to the Transport: #4253 and #4362
• connections that are closed before being accepted are not removed from the server's accept queue: #4245
• http3: added a RoundTripOpt.CheckSettings callback to check the server's SETTINGS: #4355
• http3: send the HTTP/3 settings value for Extended CONNECT (RFC 9220): #4341
• http3: don't modify the user's quic.Config to enable QUIC datagram support: #4340

Fixes

• mitigate a memory exhaustion attack against QUIC's connection ID mechanism: #4369
• don't delay acknowledgments for packets during the handshake: #4279
• fix deadlock when closing both Listener and Transport: #4332
• fix handling of IPv4-mapped IPv6 addresses: #4309
• fix duplicate logging of the key_discarded event for Handshake packets: #4274
• send CONNECTION_REFUSED when refusing connections: #4250
• http3: tighten validation logic for the :protocol pseudo header: #4261

What's Changed

• remove shutdown method on the Connection by @​marten-seemann in quic-go/quic-go#4249
• send the CONNECTION_REFUSED error when refusing a connection by @​marten-seemann in quic-go/quic-go#4250
• don't remove closed connections from the server's accept queue by @​marten-seemann in quic-go/quic-go#4245
• handshake: unexport Set{Read,Write}Key methods on the cryptoSetup by @​marten-seemann in quic-go/quic-go#4254
• handshake: fix documentation for updatableAEAD.SetWriteKey by @​putyWang in quic-go/quic-go#4256
• add Transport config options to limit the number of handshakes by @​marten-seemann in quic-go/quic-go#4248
• remove the RequireAddressValidation callback from the Config by @​marten-seemann in quic-go/quic-go#4253
• fix incorrect statement about connection ID lengths in the Transport by @​marten-seemann in quic-go/quic-go#4247
• remove unneeded nil check for new connections in the server by @​marten-seemann in quic-go/quic-go#4260
• ci: update to Go 1.22rc2 by @​marten-seemann in quic-go/quic-go#4267
• fix flaky handshake limiting test by @​marten-seemann in quic-go/quic-go#4270
• http3: only use :protocol pseudo-header for Extended CONNECT by @​taoso in quic-go/quic-go#4261
• fix flaky accept queue test by @​marten-seemann in quic-go/quic-go#4280
• fix flaky handshake limiting test by @​marten-seemann in quic-go/quic-go#4281
• only log the discarding of Handshake keys once by @​marten-seemann in quic-go/quic-go#4274
• testutils: add a perspective function parameter to ComposeInitialPacket by @​marten-seemann in quic-go/quic-go#4276
• fix flaky outgoing streams map test by @​marten-seemann in quic-go/quic-go#4283
• wire: remove FrameParser interface, expose FrameParser struct by @​marten-seemann in quic-go/quic-go#4284
• ackhandler: remove unused RTTStats from the received packet handler by @​marten-seemann in quic-go/quic-go#4287
• testutils: make the package public by @​marten-seemann in quic-go/quic-go#4290
• ci: remove unused depguard check for qtls by @​marten-seemann in quic-go/quic-go#4291
• ci: make Codecov ignore testutils and testdata by @​marten-seemann in quic-go/quic-go#4292
• testutils: expose aliases for all frames by @​marten-seemann in quic-go/quic-go#4293
• ackhandler: don't delay ACKs for Initial and Handshake packets by @​marten-seemann in quic-go/quic-go#4288
• protocol: rename VersionNumber to Version by @​marten-seemann in quic-go/quic-go#4295

... (truncated)

Commits

• 4a99b81 close connection when an abnormally large number of frames are queued (#4369)
• 9971fed use Transport.VerifySourceAddress to control the Retry Mechanism (#4362)
• 497d3f5 http3: add a RoundTripOpt to check the server's SETTINGS frame (#4355)
• ca787d6 add an AddrVerified field to the ClientHelloInfo (#4360)
• f147639 update gomock to v0.4.0 (#4361)
• 06b4214 remove unused ReceiveStream.CloseRemote method (#4357)
• 5fd5d77 Merge pull request #4305 from quic-go/qlog-tracer
• 30e01b9 use the transport tracer in integration tests
• 55c05ac qlog: log sent packets outside of a QUIC connection
• aff90a6 qlog: log sent Version Negotiation packets
• Additional commits viewable in compare view

Updates golang.org/x/image from 0.10.0 to 0.15.0

Commits

• 9e190ae webp: disallow multiple VP8X chunks
• 445ab0e go.mod: update golang.org/x dependencies
• 240a51a font/sfnt: support early version 0 OS/2 tables
• c20bbc3 draw: simplify some calls to fmt.Fprintf
• 491771c draw: merge draw_go117.go into draw.go
• 4aa0222 go.mod: update go directive to 1.18
• 3aac9c6 draw: add fast paths for RGBA64Image
• fa10be5 go.mod: update golang.org/x dependencies
• 2b687b5 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates google.golang.org/grpc from 1.59.0 to 1.63.2

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.63.2

Bugs

• Fix the user agent string

Release 1.63.1

Bugs

• grpc: fixed subchannel log messages to properly reference the parent channel (#7101)
  • Special thanks: @​daniel-weisse

API Changes

• grpc: remove Deprecated tag from Dial and DialContext; these will be deprecated in v1.64 instead (#7103)

Release 1.63.0

Behavior Changes

• grpc: Return canonical target string from resolver.Address.String() (experimental) (#6923)
• client & server: when using write buffer pooling, use input value for buffer size instead of size*2 (#6983)
  • Special Thanks: @​raghav-stripe

New Features

• grpc: add ClientConn.CanonicalTarget() to return the canonical target string. (#7006)
• xds: implement LRS named metrics support (gRFC A64) (#7027)
  • Special Thanks: @​danielzhaotongliu
• grpc: introduce grpc.NewClient to allow users to create new clients in idle mode and with "dns" as the default resolver (#7010)
  • Special Thanks: @​bruuuuuuuce

API Changes

• grpc: stabilize experimental method ClientConn.Target() (#7006)

Bug Fixes

• xds: fix an issue that would cause the client to send an empty list of resources for LDS/CDS upon reconnecting with the management server (#7026)
• server: Fix some errors returned by a server when using a grpc.Server as an http.Handler with the Go stdlib HTTP server (#6989)
• resolver/dns: add SetResolvingTimeout to allow configuring the DNS resolver's global timeout (#6917)
  • Special Thanks: @​and1truong
• Set the security level of Windows named pipes to NoSecurity (#6956)
  • Special Thanks: @​irsl

Release 1.62.2

Dependencies

• Update http2 library to address vulnerability CVE-2023-45288

Release 1.62.1

Bug Fixes

• xds: fix a bug that results in no matching virtual host found RPC errors due to a difference between the target and LDS resource names (#6997)
• server: fixed stats handler data InPayload.Length for unary RPC calls (#6766)

... (truncated)

Commits

• d32e66c Change version to 1.63.2 (#7104)
• 92f6dd0 channelz: pass parent pointer instead of parent ID to RegisterSubChannel (#7101)
• 0f6ef0f grpc: un-deprecate Dial and DialContext
• 58dc749 Change version to 1.63.1-dev (#7051)
• c68f456 Change version to 1.63.0 (#7050)
• 6369167 *: update http2 dependency (#7082)
• 8854761 cherry-pick: channelz: fix race accessing channelMap without lock (#7079) (#7...
• e62770d channelz: add LocalAddr to listen sockets and test (#7062) (#7063)
• 4ffccf1 googlec2p: use xdstp style template for client LDS resource name (#7048)
• faf9964 gracefulswitch: add ParseConfig and make UpdateClientConnState call SwitchTo ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #538.