chore(deps): update dependency moby/moby to v27.4.0

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
moby/moby	minor	27.3.1 -> 27.4.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

moby/moby (moby/moby)

v27.4.0

Compare Source

27.4.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 27.4.0 milestone
• moby/moby, 27.4.0 milestone

API

• GET /images/json with the manifests option enabled now preserves the original order in which manifests appeared in the manifest-index. moby/moby#48712

Bug fixes and enhancements

• When reading logs with the jsonfile or local log drivers, any errors while trying to read or parse underlying log files will cause the rest of the file to be skipped and move to the next log file (if one exists) rather than returning an error to the client and closing the stream. The errors are viewable in the Docker Daemon logs and exported to traces when tracing is configured. moby/moby#48842
• When reading log files, compressed log files are now only decompressed when needed rather than decompressing all files before starting the log stream. moby/moby#48842
• Fix an issue that meant published ports from one container on a bridge network were not accessible from another container on the same network with userland-proxy disabled, if the kernel's br_netfilter module was not loaded and enabled. The daemon will now attempt to load the module and enable bridge-nf-call-iptables or bridge-nf-call-ip6tables when creating a network with the userland proxy disabled. moby/moby#48685
• Fix loading of bridge and br_netfilter kernel modules. moby/moby#48966
• containerd image store: Fix Docker daemon failing to fully start with a "context deadline exceeded error" with containerd snapshotter and many builds/images. moby/moby#48954
• containerd image-store: Fix partially pulled images not being garbage-collected. moby#48910, moby/moby#48957
• containerd image store: Fix docker image inspect outputting duplicate references in RepoDigests. moby/moby#48785
• containerd image store: Fix not being able to connect to some insecure registries in cases where the HTTPS request failed due to a non-TLS related error. moby/moby#48758
• containerd image store: Remove a confusing warning log when tagging a non-dangling image. moby/moby#49010
• dockerd-rootless-setuptool.sh: let --force ignore smoke test errors moby/moby#48695
• Disable IPv6 Duplicate Address Detection (DAD) for addresses assigned to the bridges belonging to bridge networks. moby/moby#48684
• Remove BuildKit init timeout. moby/moby#48963
• Ignore "dataset does not exist" error when removing dataset on ZFS. moby/moby#48968
• Client: Prevent idle connections leaking FDs. moby/moby#48764
• Fix anonymous volumes being created through the --mount option not being marked as anonymous. moby/moby#48755
• After a daemon restart with live-restore, ensure an iptables jump to the DOCKER-USER chain is placed before other rules. moby/moby#48714
• Fix a possible memory leak caused by OTel meters. moby/moby#48693
• Create distinct build history db for each store. moby/moby#48688
• Fix an issue that caused excessive memory usage when DNS resolution was made in a tight loop. moby/moby#48840
• containerd image store: Do not underline names in docker image ls --tree. docker/cli#5519
• containerd image store: Change name of USED column in docker image ls --tree to IN USE. docker/cli#5518
• Fix a bug preventing image pulls from being cancelled during docker run. docker/cli#5654
• Port some completions from the bash completion to the new cobra based completion. docker/cli#5618
• The docker login and docker logout command no longer update the configuration file if the credentials didn't change. docker/cli#5569
• Optimise docker stats to reduce flickering issues. docker/cli#5588, docker/cli#5635
• Fix inaccessible plugins paths preventing plugins from being detected. docker/cli#5652
• Add support for events --filter in cobra generated shell completions. docker/cli#5614
• Fix bash completion for events --filter daemon=. docker/cli#5563
• Improve shell-completion of containers for docker rm. docker/cli#5540
• Add shell-completion for --platform flags. docker/cli#5540
• rootless: Make /etc/cdi and /var/run/cdi accessible by the Container Device Interface (CDI) integration. moby/moby#49027

Removed

• Deprecate Daemon.Exists() and Daemon.IsPaused(). These functions are no longer used and will be removed in the next release. moby/moby#48719
• Deprecate container.ErrNameReserved and container.ErrNameNotReserved. moby/moby#48697
• Deprecate pkg/platform - this package is only used internally, and will be removed in the next release. moby/moby#48863
• Deprecate RepositoryInfo.Class. This field is no longer used, and will be removed in the next release. moby/moby#49013
• Go SDK: Fix deprecation of cli/command.ConfigureAuth(), which was deprecated since v27.2.1. docker/cli#5552
• Go SDK: Deprecate cli.Errors type in favour of Go's errors.Join docker/cli#5548

Packaging updates

• Update Go runtime to 1.22.10. moby/moby#49026, docker/cli#5669, docker/docker-ce-packaging#1120.
• Update Compose to v2.31.0. docker/docker-ce-packaging#1100
• Update BuildKit to v0.17.3. moby/moby#49024
• Update Buildx to v0.19.1. docker/docker-ce-packaging#1115
• Update containerd to v1.7.24. moby/moby#48934
• Update containerd (static binaries only) to v1.7.24. moby/moby#48919
• Update runc to v1.2.2. moby/moby#48919

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/docker:27.4.0

📦 Image Reference ghcr.io/uniget-org/tools/docker:27.4.0

digest	sha256:4eb781402869f7e2f4ae791b5da8248915c601c6b10e6c266427e184ddc7d1b8
vulnerabilities
platform	linux/amd64
size	98 MB
packages	229

github.com/opencontainers/runc 1.1.14 (golang) pkg:golang/github.com/opencontainers/runc@1.1.14 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <1.2.0-rc.1 Fixed version 1.2.0-rc.1 CVSS Score 7.2 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Description Withdrawn Advisory This advisory has been withdrawn because it was incorrectly attributed to runc. Please see the issue here for more information. Original Description A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. This issue has its root in how runc handles Config Annotations lists.