Skip to content

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jul 30, 2025

Bumps github.com/docker/docker from 27.5.1+incompatible to 28.3.3+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v28.3.3

28.3.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release fixes an issue where, after a firewalld reload, published container ports could be accessed directly from the local network, even when they were intended to be accessible only via a loopback address. CVE-2025-54388 / GHSA-x4rx-4gw3-53p4 / moby/moby#50506.

Packaging updates

Go SDK

  • cli/command/formatter: add TrunateID() utility as alternative for github.com/docker/docker/pkg/stringid.TrunateID(). docker/cli#6180

28.3.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Fix --use-api-socket not working correctly when targeting a remote daemon. docker/cli#6157
  • Fix stray "otel error" logs being printed if debug logging is enabled. docker/cli#6160
  • Quote SSH arguments when connecting to a remote daemon over an SSH connection to avoid unexpected expansion. docker/cli#6147
  • Warn when DOCKER_AUTH_CONFIG is set during docker login and docker logout. docker/cli#6163

Packaging updates

28.3.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

... (truncated)

Commits
  • bea959c Merge pull request #50506 from robmry/backport-28.x/fix_firewalld_reload
  • 3e9ff78 bridge: Reapply endpoint iptables rules on firewalld reload
  • 29ed80a bridge: Trigger firewalld reload during bridge integration tests
  • da489a1 Merge pull request #50478 from thaJeztah/28.x_backport_gha_bump_bk
  • f173e45 Merge pull request #50480 from austinvazquez/cherry-pick-ea29dffaa541289591aa...
  • e4b1f89 daemon/server: remove compatibility with API v1.4 auth-config on push
  • 0c9e14d hack/buildkit-ref: temporarily bump BuildKit to head of v0.23 branch
  • bf6d688 Merge pull request #50471 from austinvazquez/cherry-pick-b1ce0c89f0214cc6711c...
  • 4205776 client: always send (empty) body on push
  • e77ff99 Merge pull request #50354 from vvoland/50353-28.x
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 30, 2025
@dependabot dependabot bot requested a review from remyleone as a code owner July 30, 2025 07:56
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 30, 2025
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/docker/docker-28.3.3incompatible branch from a3cb758 to 31eef32 Compare August 4, 2025 11:17
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 27.5.1+incompatible to 28.3.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v27.5.1...v28.3.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-version: 28.3.3+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/docker/docker-28.3.3incompatible branch from 31eef32 to 994eb08 Compare August 14, 2025 18:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants