chore(deps): bump the go_modules group across 1 directory with 2 updates

[dependabot]

Bumps the go_modules group with 2 updates in the / directory: github.com/docker/docker and github.com/go-viper/mapstructure/v2.

Updates github.com/docker/docker from 27.1.1+incompatible to 28.0.0+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.0.0

28.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.0.0 milestone
• moby/moby, 28.0.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

New

• Add ability to mount an image inside a container via --mount type=image. moby/moby#48798
  • You can also specify --mount type=image,image-subpath=[subpath],... option to mount a specific path from the image. docker/cli#5755
• docker images --tree now shows metadata badges. docker/cli#5744
• docker load, docker save, and docker history now support a --platform flag allowing you to choose a specific platform for single-platform operations on multi-platform images. docker/cli#5331
• Add OOMScoreAdj to docker service create and docker stack. docker/cli#5145
• docker buildx prune now supports reserved-space, max-used-space, min-free-space and keep-bytes filters. moby/moby#48720
• Windows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. moby/moby#47955

Networking

• The docker-proxy binary has been updated, older versions will not work with the updated dockerd. moby/moby#48132
  • Close a window in which the userland proxy (docker-proxy) could accept TCP connections, that would then fail after iptables NAT rules were set up.
  • The executable rootlesskit-docker-proxy is no longer used, it has been removed from the build and distribution.
• DNS nameservers read from the host's /etc/resolv.conf are now always accessed from the host's network namespace. moby/moby#48290
  • When the host's /etc/resolv.conf contains no nameservers and there are no --dns overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers.
• Container interfaces in bridge and macvlan networks now use randomly generated MAC addresses. moby/moby#48808
  • Gratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address.
  • IPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address.
• The deprecated OCI prestart hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. moby/moby#47406
• Add a new gw-priority option to docker run, docker container create, and docker network connect. This option will be used by the Engine to determine which network provides the default gateway for a container. On docker run, this option is only available through the extended --network syntax. docker/cli#5664
• Add a new netlabel com.docker.network.endpoint.ifname to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. moby/moby#49155
  • When a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example eth, the container might fail to start.
  • The recommended practice is to use a different prefix, for example en0, or a numerical suffix high enough to never collide, for example eth100.
  • This label can be specified on docker network connect via the --driver-opt flag, for example docker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar ….
  • Or via the long-form --network flag on docker run, for example docker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …
• If a custom network driver reports capability GwAllocChecker then, before a network is created, it will get a GwAllocCheckerRequest with the network's options. The custom driver may then reply that no gateway IP address should be allocated. moby/moby#49372

Port publishing in bridge networks

• dockerd now requires ipset support in the Linux kernel. moby/moby#48596
  • The iptables and ip6tables rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native nftables support in a future release. moby/moby#48815
  • If it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use iptables -F and ip6tables -F to flush all existing iptables rules from the filter table before starting the older version of the daemon. When that is not possible, run the following commands as root:
    • iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    • iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER
    • If you were previously running with the iptables filter-FORWARD policy set to ACCEPT and need to restore access to unpublished ports, also delete per-bridge-network rules from the DOCKER chains. For example, iptables -D DOCKER ! -i docker0 -o docker0 -j DROP.
• Fix a security issue that was allowing remote hosts to connect directly to a container on its published ports. moby/moby#49325
• Fix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. moby/moby#49325

... (truncated)

Commits

• af898ab Merge pull request #49495 from vvoland/update-buildkit
• d67f035 vendor: github.com/moby/buildkit v0.20.0
• 00ab386 Merge pull request #49491 from vvoland/update-buildkit
• 1fde8c4 builder-next: fix cdi manager
• cde9f07 vendor: github.com/moby/buildkit v0.20.0-rc3
• 89e1429 Merge pull request #49490 from thaJeztah/dockerfile_linting
• b2b5590 Dockerfile: fix linting warnings
• 62bc597 Merge pull request #49480 from thaJeztah/docs_api_1.48
• 670cd81 Merge pull request #49485 from vvoland/c8d-list-panic
• a3628f3 docs/api: add documentation for API v1.48
• Additional commits viewable in compare view

Updates github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.3.0

What's Changed

• build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in go-viper/mapstructure#46
• build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @​dependabot in go-viper/mapstructure#47
• [enhancement] Add check for reflect.Value in ComposeDecodeHookFunc by @​mahadzaryab1 in go-viper/mapstructure#52
• build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @​dependabot in go-viper/mapstructure#51
• build(deps): bump actions/checkout from 4.2.0 to 4.2.2 by @​dependabot in go-viper/mapstructure#50
• build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @​dependabot in go-viper/mapstructure#55
• build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by @​dependabot in go-viper/mapstructure#58
• ci: add Go 1.24 to the test matrix by @​sagikazarmark in go-viper/mapstructure#74
• build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0 by @​dependabot in go-viper/mapstructure#72
• build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by @​dependabot in go-viper/mapstructure#76
• build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by @​dependabot in go-viper/mapstructure#78
• feat: add decode hook for netip.Prefix by @​tklauser in go-viper/mapstructure#85
• Updates by @​sagikazarmark in go-viper/mapstructure#86
• build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by @​dependabot in go-viper/mapstructure#87
• build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @​dependabot in go-viper/mapstructure#93
• build(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by @​dependabot in go-viper/mapstructure#92
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by @​dependabot in go-viper/mapstructure#97
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot in go-viper/mapstructure#96
• Update README.md by @​peczenyj in go-viper/mapstructure#90
• Add omitzero tag. by @​Crystalix007 in go-viper/mapstructure#98
• Use error structs instead of duplicated strings by @​m1k1o in go-viper/mapstructure#102
• build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @​dependabot in go-viper/mapstructure#101
• feat: add common error interface by @​sagikazarmark in go-viper/mapstructure#105
• update linter by @​sagikazarmark in go-viper/mapstructure#106
• Feature allow unset pointer by @​rostislaved in go-viper/mapstructure#80

New Contributors

• @​tklauser made their first contribution in go-viper/mapstructure#85
• @​peczenyj made their first contribution in go-viper/mapstructure#90
• @​Crystalix007 made their first contribution in go-viper/mapstructure#98
• @​rostislaved made their first contribution in go-viper/mapstructure#80

Full Changelog: go-viper/mapstructure@v2.2.1...v2.3.0

Commits

• 8c61ec1 Merge pull request #80 from rostislaved/feature-allow-unset-pointer
• df765f4 Merge pull request #106 from go-viper/update-linter
• 5f34b05 update linter
• 36de1e1 Merge pull request #105 from go-viper/error-refactor
• 6a283a3 chore: update error type doc
• 599cb73 Merge pull request #101 from go-viper/dependabot/github_actions/github/codeql...
• ed3f921 feat: remove value from error messages
• a3f8b22 revert: error message change
• 9661f6d feat: add common error interface
• f12f6c7 Merge pull request #102 from m1k1o/prettify-errors2
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
github.com/docker/docker	[>= 25.a, < 25.999999]
github.com/docker/docker	[>= 26.a, < 26.1000000]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[dogancanbakir]

@dependabot merge