Build(deps): Bump github.com/docker/docker from 27.5.0+incompatible to 28.0.2+incompatible

[dependabot]

Bumps github.com/docker/docker from 27.5.0+incompatible to 28.0.2+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v28.0.2

28.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.0.2 milestone
• moby/moby, 28.0.2 milestone

Bug fixes and enhancements

• Fix CLI-specific attributes (docker.cli.*) being unintentionally passed to downstream OTel services. docker/cli#5842
• Fix an issue where user-specified OTEL_RESOURCE_ATTRIBUTES were being overridden by CLI's internal telemetry attributes. The CLI now properly merges user-specified attributes with internal ones, allowing both to coexist. docker/cli#5842
• Fix daemon failing to start on Windows when a container created before v28.0.0 was present. moby/moby#49626
• Fix possible error on docker buildx prune with the --min-free-space. moby/moby#49623
• Fix spurious io: read/write on closed pipe error in the daemon log when closing container. moby/moby#49590
• Fix the Docker daemon failing too early if the containerd socket isn't immediately available. moby/moby#49603
• Mask Linux thermal interrupt info in a container's /proc and /sys by default. moby/moby#49560
• Update contrib/check-config.sh to check for more kernel modules related to iptables. moby/moby#49622
• containerd image store: Fix integer overflow in User ID handling passed via --user. moby/moby#49652
• containerd image store: Fix spurious reference for unknown type: application/vnd.in-toto+json warning being logged to the daemon's log. moby/moby#49652
• containerd image store: Improve performance of docker ps when running large number of containers. moby/moby#49365

Packaging updates

• Update BuildKit to v0.20.1. moby/moby#49587
• Update Buildx to v0.22.0. docker/docker-ce-packaging#1175
• Update Compose to v2.34.0. docker/docker-ce-packaging#1172
• Update Go runtime to 1.23.7. docker/cli#5890, docker/docker-ce-packaging#1171, moby/moby#49580
• Update RootlessKit to v2.3.4. moby/moby#49614
• Update containerd (static binaries only) to v1.7.27. moby/moby#49656

Networking

• Add environment variable DOCKER_INSECURE_NO_IPTABLES_RAW=1 to allow Docker to run on systems where the Linux kernel can't provide CONFIG_IP_NF_RAW support. When enabled, Docker will not create rules in the iptables raw table. Warning: This is not recommended for production environments as it reduces security by allowing other hosts on the local network to route to ports published to host addresses, even when they are published to 127.0.0.1. This option bypasses some of the security hardening introduced in Docker Engine 28.0.0. moby/moby#49621
• Allow container startup when an endpoint is attached to a macvlan network where the parent interface is down. moby/moby#49630
• Do not skip DNAT for packets originating in a gateway_mode=routed network. moby/moby#49577
• Fix a bug causing docker ps to inconsistently report dual-stack port mappings. moby/moby#49657
• Fix a bug that could cause docker-proxy to stop forwarding UDP datagrams to containers. moby/moby#49649
• Fix a bug that was causing docker-proxy to close UDP connections to containers eagerly and resulting in the source address to change needlessly. moby/moby#49649

Go SDK

• Move various types and consts from cli-plugins/manager to a separate package. docker/cli#5902
• Update minimum required Go version to go1.23. moby/moby#49541
• cli/command: Move PrettyPrint utility to cli/command/formatter. docker/cli#5916
• runconfig/errors: split ErrConflictHostNetwork into ErrConflictConnectToHostNetwork and ErrConflictDisconnectFromHostNetwork. moby/moby#49605

Deprecations

• Go-SDK: Deprecate cli-plugins/manager.ResourceAttributesEnvvar constant. It was used internally, but holds the OTEL_RESOURCE_ATTRIBUTES name, which is part of the OpenTelemetry specification. Users of this constant should define their own. It will be removed in the next release. docker/cli#5881

... (truncated)

Commits

• bea4de2 Merge pull request #49656 from austinvazquez/bump-container-1.7.27-binary
• 97ee08e Merge pull request #49657 from akerouanton/fix-missing-port-mappings
• f2a183a daemon: return port-mappings from all endpoints
• 6b3b479 daemon: getEndpointPortMapInfo: err is never used
• 35766af Dockerfile: update containerd binary to v1.7.27
• b2363f0 Merge pull request #49602 from thaJeztah/remove_layerstore_experimental
• c9a763e daemon: remove redundant call to getEndpointPortMapInfo
• 2043aa9 Merge pull request #49652 from vvoland/vendor-containerd
• 7cdd1b5 Merge pull request #49649 from akerouanton/proxy-concurrent-write-close
• fb3cce1 vendor: github.com/containerd/containerd/v2 v2.0.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign prezha for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[minikube-bot]

Can one of the admins verify this patch?

[dependabot]

Superseded by #20588.