Bump the go_modules group across 1 directory with 6 updates

[dependabot]

Bumps the go_modules group with 6 updates in the / directory:

Package	From	To
github.com/containerd/containerd	1.7.11	1.7.16
github.com/docker/distribution	2.8.2+incompatible	2.8.3+incompatible
github.com/docker/docker	24.0.9+incompatible	26.1.0+incompatible
github.com/quic-go/quic-go	0.38.1	0.42.0
golang.org/x/image	0.10.0	0.15.0
google.golang.org/grpc	1.59.0	1.63.2

Updates github.com/containerd/containerd from 1.7.11 to 1.7.16

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.16

Welcome to the v1.7.16 release of containerd!

The sixteenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

• Update AppArmor template to allow confined runc to kill containers (#10129)
• Fix config import relative path glob (#9834)
• Update AppArmor template to better support rootlesskit (#10116)
• Update HTTP fallback to better account for TLS timeout and previous attempts (#10112)
• Add support for HPC port forwarding (#10008)
• Prevent GC from schedule itself with 0 period. (#10102)
• Fix issue with using invalid token to retry fetching layer (#10065)
• Automatically decompress archives for transfer service import (#9989)
• Fix HTTPFallback fails when pushing manifest (#10044)
• Add support for configuring otel from env and config deprecation notice (#9992)
• Fix deadlock during NRI plugin registration (containerd/nri#79)

Build and Release Toolchain

• Update Go to 1.21.9 and 1.22.2 with net/http security fix (#10115)

Container Runtime Interface (CRI)

• Fix CRI snapshotter root path when not under containerd root (#10096)
• Fix network creation failure from CreatedAt time as 269 years ago (#10122)
• Include userns info in PodSandboxStatus (#9865)
• Fix default working directory Windows HostProcess containers (#10071)
• Fix ListPodSandboxStats to skip sandboxes with missing tasks (#10042)

Deprecations

• Add support for configuring otel from env and config deprecation notice (#9992)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Samuel Karp
• Wei Fu
• Danny Canter
• Kazuyoshi Kato
• Kirtana Ashok
• Maksym Pavlenko
• Phil Estes
• Sebastiaan van Stijn
• Brian Goff

... (truncated)

Commits

• 8303183 Merge pull request #10124 from kiashok/new-1.7.16-tag
• fb2d43a Merge pull request #10129 from k8s-infra-cherrypick-robot/cherry-pick-10123-t...
• 1c62308 Add release notes for v1.7.16
• 18a2c36 apparmor: Allow confined runc to kill containers
• ae97657 Merge pull request #9834 from neoaggelos/fix/config-relative
• c4a8642 Merge pull request #10096 from Kern--/cri-remote-snapshotter-stats
• 733d456 Merge pull request #10122 from AkihiroSuda/cherrypick-9673-1.7
• 293f515 pod: CreatedAt time will be 269 years ago while creating cri network failed.
• e412ca7 Merge pull request #10116 from AkihiroSuda/cherrypick-10111-1.7
• d8acdaf Merge pull request #10115 from thaJeztah/1.7_backport_go1.21.9
• Additional commits viewable in compare view

Updates github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible

Release notes

Sourced from github.com/docker/distribution's releases.

v2.8.3

What's Changed

• Pass BUILDTAGS argument to go build by @​marcusirgens in distribution/distribution#3926
• Enable Go build tags by @​thaJeztah in distribution/distribution#4009
• reference: replace deprecated function SplitHostname by @​thaJeztah in distribution/distribution#4032
• Dont parse errors as JSON unless Content-Type is set to JSON by @​thaJeztah in distribution/distribution#4054
• update to go 1.20.8 by @​thaJeztah in distribution/distribution#4056
• Set Content-Type header in registry client ReadFrom by @​thaJeztah in distribution/distribution#4053
• deprecate reference package, migrate to github.com/distribution/reference by @​thaJeztah in distribution/distribution#4063
• digestset: deprecate package in favor of go-digest/digestset by @​thaJeztah in distribution/distribution#4064
• Do not close HTTP request body in HTTP handler by @​milosgajdos in distribution/distribution#4068
• Add v2.8.3 release notes by @​milosgajdos in distribution/distribution#4088

New Contributors

• @​marcusirgens made their first contribution in distribution/distribution#3926

Full Changelog: distribution/distribution@v2.8.2...v2.8.3

Commits

• 4772604 Merge pull request #4088 from distribution/2.8.3-release-notes
• a4fa699 Add v2.8.3 release notes
• 1eb2c30 Merge pull request #4068 from milosgajdos/2_8-dont-close-request-body
• 5e6b1b5 Do not close HTTP request body in HTTP handler
• 2b76378 Merge pull request #4064 from thaJeztah/2.8_backport_nodigestset
• 29b00e8 digestset: deprecate package in favor of go-digest/digestset
• d1ab243 [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0
• 11eb419 Merge pull request #4063 from thaJeztah/2.8_backport_switch_reference
• 3dda067 deprecate reference package, migrate to github.com/distribution/reference
• da05539 Merge pull request #4053 from thaJeztah/2.8_backport_set-content-type-client-...
• Additional commits viewable in compare view

Updates github.com/docker/docker from 24.0.9+incompatible to 26.1.0+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v26.1.0

26.1.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.1.0 milestone
• moby/moby, 26.1.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

New

• Add configurable OpenTelemetry utilities and basic instrumentation to commands. For more information, see OpenTelemetry for the Docker CLI. docker/cli#4889

Bug fixes and enhancements

• Native Windows containers are configured with an internal DNS server for container name resolution, and external DNS servers for other lookups. Not all resolvers, including nslookup, fall back to the external resolvers when they get a SERVFAIL answer from the internal server. So, the internal DNS server can now be configured to forward requests to the external resolvers, by setting "features": {"windows-dns-proxy": true } in the daemon.json file. moby/moby#47584

[!NOTE] This will be the new default behavior in Docker Engine 27.0.

[!WARNING] The windows-dns-proxy feature flag will be removed in a future release.

• Swarm: Fix Subpath not being passed to the container config. moby/moby#47711
• Classic builder: Fix cache miss on WORKDIR <directory>/ build step (directory with a trailing slash). moby/moby#47723
• containerd image store: Fix docker images failing when any image in the store has unexpected target. moby/moby#47738

v26.0.2

26.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.0.2 milestone
• moby/moby, 26.0.2 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a security fix for CVE-2024-32473, an unexpected configuration of IPv6 on IPv4-only interfaces.

Bug fixes and enhancements

• CVE-2024-32473: Ensure IPv6 is disabled on interfaces only allocated an IPv4 address by the engine. moby#GHSA-x84c-p2g9-rqv9

v26.0.1

... (truncated)

Commits

• c8af8eb Merge pull request #47738 from vvoland/c8d-walk-image-badimagetarget
• 7d95fe8 c8d/list: Ignore unexpected image target
• 801fd16 Merge pull request #47735 from cpuguy83/better_walk_error
• 6667e96 Include more details in errnotManifestOrIndex
• ee8b788 Merge pull request #47734 from krissetto/image-history-timestamp-dereference
• 96c9353 Merge pull request #47723 from vvoland/builder-fix-workdir-slash
• ab570ab nil dereference fix on image history Created value
• 7532420 container/SetupWorkingDirectory: Don't mutate config
• a4d5b6b builder/normalizeWorkdir: Always return cleaned path
• e829cca Merge pull request #47584 from robmry/upstream_dns_windows
• Additional commits viewable in compare view

Updates github.com/quic-go/quic-go from 0.38.1 to 0.42.0

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.42.0

New Features

• added a qlog tracer for events that happen before / outside of established connection: #4305

Notable Changes

• added a ClientHelloInfo.AddrVerified field: #4360
• move callback controlling address verification (VerifySourceAddress) to the Transport: #4253 and #4362
• connections that are closed before being accepted are not removed from the server's accept queue: #4245
• http3: added a RoundTripOpt.CheckSettings callback to check the server's SETTINGS: #4355
• http3: send the HTTP/3 settings value for Extended CONNECT (RFC 9220): #4341
• http3: don't modify the user's quic.Config to enable QUIC datagram support: #4340

Fixes

• mitigate a memory exhaustion attack against QUIC's connection ID mechanism: #4369
• don't delay acknowledgments for packets during the handshake: #4279
• fix deadlock when closing both Listener and Transport: #4332
• fix handling of IPv4-mapped IPv6 addresses: #4309
• fix duplicate logging of the key_discarded event for Handshake packets: #4274
• send CONNECTION_REFUSED when refusing connections: #4250
• http3: tighten validation logic for the :protocol pseudo header: #4261

What's Changed

• remove shutdown method on the Connection by @​marten-seemann in quic-go/quic-go#4249
• send the CONNECTION_REFUSED error when refusing a connection by @​marten-seemann in quic-go/quic-go#4250
• don't remove closed connections from the server's accept queue by @​marten-seemann in quic-go/quic-go#4245
• handshake: unexport Set{Read,Write}Key methods on the cryptoSetup by @​marten-seemann in quic-go/quic-go#4254
• handshake: fix documentation for updatableAEAD.SetWriteKey by @​putyWang in quic-go/quic-go#4256
• add Transport config options to limit the number of handshakes by @​marten-seemann in quic-go/quic-go#4248
• remove the RequireAddressValidation callback from the Config by @​marten-seemann in quic-go/quic-go#4253
• fix incorrect statement about connection ID lengths in the Transport by @​marten-seemann in quic-go/quic-go#4247
• remove unneeded nil check for new connections in the server by @​marten-seemann in quic-go/quic-go#4260
• ci: update to Go 1.22rc2 by @​marten-seemann in quic-go/quic-go#4267
• fix flaky handshake limiting test by @​marten-seemann in quic-go/quic-go#4270
• http3: only use :protocol pseudo-header for Extended CONNECT by @​taoso in quic-go/quic-go#4261
• fix flaky accept queue test by @​marten-seemann in quic-go/quic-go#4280
• fix flaky handshake limiting test by @​marten-seemann in quic-go/quic-go#4281
• only log the discarding of Handshake keys once by @​marten-seemann in quic-go/quic-go#4274
• testutils: add a perspective function parameter to ComposeInitialPacket by @​marten-seemann in quic-go/quic-go#4276
• fix flaky outgoing streams map test by @​marten-seemann in quic-go/quic-go#4283
• wire: remove FrameParser interface, expose FrameParser struct by @​marten-seemann in quic-go/quic-go#4284
• ackhandler: remove unused RTTStats from the received packet handler by @​marten-seemann in quic-go/quic-go#4287
• testutils: make the package public by @​marten-seemann in quic-go/quic-go#4290
• ci: remove unused depguard check for qtls by @​marten-seemann in quic-go/quic-go#4291
• ci: make Codecov ignore testutils and testdata by @​marten-seemann in quic-go/quic-go#4292
• testutils: expose aliases for all frames by @​marten-seemann in quic-go/quic-go#4293
• ackhandler: don't delay ACKs for Initial and Handshake packets by @​marten-seemann in quic-go/quic-go#4288
• protocol: rename VersionNumber to Version by @​marten-seemann in quic-go/quic-go#4295

... (truncated)

Commits

• 4a99b81 close connection when an abnormally large number of frames are queued (#4369)
• 9971fed use Transport.VerifySourceAddress to control the Retry Mechanism (#4362)
• 497d3f5 http3: add a RoundTripOpt to check the server's SETTINGS frame (#4355)
• ca787d6 add an AddrVerified field to the ClientHelloInfo (#4360)
• f147639 update gomock to v0.4.0 (#4361)
• 06b4214 remove unused ReceiveStream.CloseRemote method (#4357)
• 5fd5d77 Merge pull request #4305 from quic-go/qlog-tracer
• 30e01b9 use the transport tracer in integration tests
• 55c05ac qlog: log sent packets outside of a QUIC connection
• aff90a6 qlog: log sent Version Negotiation packets
• Additional commits viewable in compare view

Updates golang.org/x/image from 0.10.0 to 0.15.0

Commits

• 9e190ae webp: disallow multiple VP8X chunks
• 445ab0e go.mod: update golang.org/x dependencies
• 240a51a font/sfnt: support early version 0 OS/2 tables
• c20bbc3 draw: simplify some calls to fmt.Fprintf
• 491771c draw: merge draw_go117.go into draw.go
• 4aa0222 go.mod: update go directive to 1.18
• 3aac9c6 draw: add fast paths for RGBA64Image
• fa10be5 go.mod: update golang.org/x dependencies
• 2b687b5 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates google.golang.org/grpc from 1.59.0 to 1.63.2

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.63.2

Bugs

• Fix the user agent string

Release 1.63.1

Bugs

• grpc: fixed subchannel log messages to properly reference the parent channel (#7101)
  • Special thanks: @​daniel-weisse

API Changes

• grpc: remove Deprecated tag from Dial and DialContext; these will be deprecated in v1.64 instead (#7103)

Release 1.63.0

Behavior Changes

• grpc: Return canonical target string from resolver.Address.String() (experimental) (#6923)
• client & server: when using write buffer pooling, use input value for buffer size instead of size*2 (#6983)
  • Special Thanks: @​raghav-stripe

New Features

• grpc: add ClientConn.CanonicalTarget() to return the canonical target string. (#7006)
• xds: implement LRS named metrics support (gRFC A64) (#7027)
  • Special Thanks: @​danielzhaotongliu
• grpc: introduce grpc.NewClient to allow users to create new clients in idle mode and with "dns" as the default resolver (#7010)
  • Special Thanks: @​bruuuuuuuce

API Changes

• grpc: stabilize experimental method ClientConn.Target() (#7006)

Bug Fixes

• xds: fix an issue that would cause the client to send an empty list of resources for LDS/CDS upon reconnecting with the management server (#7026)
• server: Fix some errors returned by a server when using a grpc.Server as an http.Handler with the Go stdlib HTTP server (#6989)
• resolver/dns: add SetResolvingTimeout to allow configuring the DNS resolver's global timeout (#6917)
  • Special Thanks: @​and1truong
• Set the security level of Windows named pipes to NoSecurity (#6956)
  • Special Thanks: @​irsl

Release 1.62.2

Dependencies

• Update http2 library to address vulnerability CVE-2023-45288

Release 1.62.1

Bug Fixes

• xds: fix a bug that results in no matching virtual host found RPC errors due to a difference between the target and LDS resource names (#6997)
• server: fixed stats handler data InPayload.Length for unary RPC calls (#6766)

... (truncated)

Commits

• d32e66c Change version to 1.63.2 (#7104)
• 92f6dd0 channelz: pass parent pointer instead of parent ID to RegisterSubChannel (#7101)
• 0f6ef0f grpc: un-deprecate Dial and DialContext
• 58dc749 Change version to 1.63.1-dev (#7051)
• c68f456 Change version to 1.63.0 (#7050)
• 6369167 *: update http2 dependency (#7082)
• 8854761 cherry-pick: channelz: fix race accessing channelMap without lock (#7079) (#7...
• e62770d channelz: add LocalAddr to listen sockets and test (#7062) (#7063)
• 4ffccf1 googlec2p: use xdstp style template for client LDS resource name (#7048)
• faf9964 gracefulswitch: add ParseConfig and make UpdateClientConnState call SwitchTo ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #551.