build(deps): bump the dependencies group with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates:

Package	From	To
github.com/docker/cli	28.3.0+incompatible	28.3.3+incompatible
github.com/docker/docker	28.3.0+incompatible	28.3.3+incompatible
github.com/spf13/pflag	1.0.6	1.0.7
golang.org/x/term	0.32.0	0.33.0
github.com/golang-jwt/jwt/v5	5.2.2	5.3.0

Updates github.com/docker/cli from 28.3.0+incompatible to 28.3.3+incompatible

Commits

• 980b856 Merge pull request #6183 from thaJeztah/diff_simplify
• 9c25614 Merge pull request #6181 from thaJeztah/fork_readCloserWrapper
• bc01f84 Merge pull request #6182 from thaJeztah/fork_longpath
• ea2a0c3 Merge pull request #6177 from thaJeztah/rm_aliases
• 3d98579 cli/command: remove some redundant import-aliases
• f5f3b02 Merge pull request #6178 from thaJeztah/bump_dev_tools
• 143f361 Merge pull request #6179 from thaJeztah/bump_gotestsum
• d7181e4 Merge pull request #6185 from thaJeztah/alpine_doc
• 8b6436e Dockerfile: document ALPINE_VERSION build-arg
• 7d574b8 Merge pull request #6180 from thaJeztah/truncate_id
• Additional commits viewable in compare view

Updates github.com/docker/docker from 28.3.0+incompatible to 28.3.3+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.3.3

28.3.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.3.3 milestone
• moby/moby, 28.3.3 milestone

Security

This release fixes an issue where, after a firewalld reload, published container ports could be accessed directly from the local network, even when they were intended to be accessible only via a loopback address. CVE-2025-54388 / GHSA-x4rx-4gw3-53p4 / moby/moby#50506.

Packaging updates

• Update Buildx to v0.26.1. docker/docker-ce-packaging#1230
• Update Compose to v2.39.1. docker/docker-ce-packaging#1234
• Update Docker Model CLI plugin to v0.1.36. docker/docker-ce-packaging#1233

Go SDK

• cli/command/formatter: add TrunateID() utility as alternative for github.com/docker/docker/pkg/stringid.TrunateID(). docker/cli#6180

28.3.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.3.2 milestone
• moby/moby, 28.3.2 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Fix --use-api-socket not working correctly when targeting a remote daemon. docker/cli#6157
• Fix stray "otel error" logs being printed if debug logging is enabled. docker/cli#6160
• Quote SSH arguments when connecting to a remote daemon over an SSH connection to avoid unexpected expansion. docker/cli#6147
• Warn when DOCKER_AUTH_CONFIG is set during docker login and docker logout. docker/cli#6163

Packaging updates

• Update Compose to v2.38.2. docker/docker-ce-packaging#1225
• Update Docker Model CLI plugin to v0.1.33. docker/docker-ce-packaging#1227
• Update Go runtime to 1.24.5. moby/moby#50354

28.3.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.3.1 milestone

... (truncated)

Commits

• bea959c Merge pull request #50506 from robmry/backport-28.x/fix_firewalld_reload
• 3e9ff78 bridge: Reapply endpoint iptables rules on firewalld reload
• 29ed80a bridge: Trigger firewalld reload during bridge integration tests
• da489a1 Merge pull request #50478 from thaJeztah/28.x_backport_gha_bump_bk
• f173e45 Merge pull request #50480 from austinvazquez/cherry-pick-ea29dffaa541289591aa...
• e4b1f89 daemon/server: remove compatibility with API v1.4 auth-config on push
• 0c9e14d hack/buildkit-ref: temporarily bump BuildKit to head of v0.23 branch
• bf6d688 Merge pull request #50471 from austinvazquez/cherry-pick-b1ce0c89f0214cc6711c...
• 4205776 client: always send (empty) body on push
• e77ff99 Merge pull request #50354 from vvoland/50353-28.x
• Additional commits viewable in compare view

Updates github.com/spf13/pflag from 1.0.6 to 1.0.7

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.7

What's Changed

• Fix defaultIsZeroValue check for generic Value types by @​MidnightRocket in spf13/pflag#422
• feat: Use structs for errors returned by pflag. by @​eth-p in spf13/pflag#425
• Fix typos by @​co63oc in spf13/pflag#428
• fix #423 : Add helper function and some documentation to parse shorthand go test flags. by @​valdar in spf13/pflag#424
• add support equivalent to golang flag.TextVar(), also fixes the test failure as described in #368 by @​hujun-open in spf13/pflag#418
• add support for Func() and BoolFunc() #426 by @​LeGEC in spf13/pflag#429
• fix: correct argument length check in FlagSet.Parse by @​ShawnJeffersonWang in spf13/pflag#409
• fix usage message for func flags, fix arguments order by @​LeGEC in spf13/pflag#431
• Add support for time.Time flags by @​max-frank in spf13/pflag#348

New Contributors

• @​MidnightRocket made their first contribution in spf13/pflag#422
• @​eth-p made their first contribution in spf13/pflag#425
• @​co63oc made their first contribution in spf13/pflag#428
• @​valdar made their first contribution in spf13/pflag#424
• @​hujun-open made their first contribution in spf13/pflag#418
• @​LeGEC made their first contribution in spf13/pflag#429
• @​ShawnJeffersonWang made their first contribution in spf13/pflag#409
• @​max-frank made their first contribution in spf13/pflag#348

Full Changelog: spf13/pflag@v1.0.6...v1.0.7

Commits

• f9cbdd9 Merge pull request #348 from max-frank/add-time-flag-support
• e3be2eb Reduce duplication by forwarding to sibling functions
• 7cc25e3 Don't export TimeValue (yet)
• d15848d Remove unnecessary time test stderr dev null redirect
• c5ce22e Use time.Time for expectations in time flag tests
• 1992c5a Add support for time.Time flags
• 1c62fb2 Merge pull request #431 from LeGEC/430-fix-usage-message-for-func-flags
• 1a4b5b2 fix discrepancy in order of arguments for Func() and BoolFunc() #433
• 4730aa0 fix help message for Func and BoolFunc flags #430
• f4c97c2 minor: fix typos in comments
• Additional commits viewable in compare view

Updates golang.org/x/term from 0.32.0 to 0.33.0

Commits

• 30da5dd go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.2.2 to 5.3.0

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.0

This release is almost identical to to v5.2.3 but now correctly indicates Go 1.21 as minimum requirement.

What's Changed

• Create CODEOWNERS by @​oxisto in golang-jwt/jwt#449
• Bump Go version to indicate correct minimum requirement by @​oxisto in golang-jwt/jwt#452

Full Changelog: golang-jwt/jwt@v5.2.3...v5.3.0

v5.2.3

What's Changed

• Bump GitHub workflows and Go versions by @​mfridman in golang-jwt/jwt#438
• Implementing validation of multiple audiences by @​oxisto in golang-jwt/jwt#433
• Bump golangci/golangci-lint-action from 7 to 8 by @​dependabot[bot] in golang-jwt/jwt#440
• replaced interface{} to any by @​aachex in golang-jwt/jwt#445
• Fix bug in validation of multiple audiences by @​sfinnman-cotn in golang-jwt/jwt#441

New Contributors

• @​aachex made their first contribution in golang-jwt/jwt#445
• @​sfinnman-cotn made their first contribution in golang-jwt/jwt#441

Full Changelog: golang-jwt/jwt@v5.2.2...v5.2.3

Commits

• e9547a1 Bump Go version to indicate correct minimum requirement (#452)
• 3839817 Create CODEOWNERS (#449)
• d83e545 Fix bug in validation of multiple audiences (#441)
• 75740f1 replaced interface{} to any (#445)
• 048854f Bump golangci/golangci-lint-action from 7 to 8 (#440)
• 497a38e Implementing validation of multiple audiences (#433)
• 12384ea Bump GitHub workflows and Go versions (#438)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.78%. Comparing base (bd4bc99) to head (4952535).
⚠️ Report is 19 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #5889      +/-   ##
==========================================
+ Coverage   74.65%   74.78%   +0.13%     
==========================================
  Files          73       73              
  Lines       11139    11190      +51     
==========================================
+ Hits         8316     8369      +53     
+ Misses       2186     2185       -1     
+ Partials      637      636       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ EDITORCONFIG	editorconfig-checker	2		0	0.01s
✅ REPOSITORY	gitleaks	yes		no	2.73s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	grype	yes		no	11.98s
✅ REPOSITORY	secretlint	yes		no	1.25s
✅ REPOSITORY	trivy-sbom	yes		no	0.39s
✅ REPOSITORY	trufflehog	yes		no	3.75s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

[mergify]

This pull request has been removed from the queue for the following reason: checks failed.

The merge conditions cannot be satisfied due to failing checks.

You may have to fix your CI before adding the pull request to the queue again.
If you update this pull request, to fix the CI, it will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue instead, you can requeue the pull request, without updating it, by posting a @mergifyio requeue comment.

[ChristopherHX]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[ChristopherHX]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.