Bump the minor-and-patches group with 6 updates

[dependabot]

Bumps the minor-and-patches group with 6 updates:

Package	From	To
github.com/docker/docker	28.0.4+incompatible	28.5.2+incompatible
github.com/docker/go-connections	0.4.0	0.6.0
github.com/gorilla/mux	1.8.0	1.8.1
github.com/sirupsen/logrus	1.9.3	1.9.4
golang.org/x/crypto	0.45.0	0.49.0
gonum.org/v1/plot	0.11.0	0.16.0

Updates github.com/docker/docker from 28.0.4+incompatible to 28.5.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.5.2

28.5.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.5.2 milestone
• moby/moby, 28.5.2 milestone

[!CAUTION] This release contains fixes for three high-severity security vulnerabilities in runc:

• CVE-2025-31133
• CVE-2025-52565
• CVE-2025-52881

All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files.

Packaging updates

• Update runc to v1.3.3. moby/moby#51394

Bug fixes and enhancements

• dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). moby/moby#51162
• Update Go runtime to 1.24.9. moby/moby#51387, docker/cli#6613

Deprecations

• Go-SDK: cli/command/image/build: deprecate DefaultDockerfileName, DetectArchiveReader, WriteTempDockerfile, ResolveAndValidateContextPath. These utilities were only used internally and will be removed in the next release. docker/cli#6610
• Go-SDK: cli/command/image/build: deprecate IsArchive utility. docker/cli#6560
• Go-SDK: opts: deprecate ValidateMACAddress. docker/cli#6560
• Go-SDK: opts: deprecate ListOpts.Delete(). docker/cli#6560

v28.5.1

28.5.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.5.1 milestone
• moby/moby, 28.5.1 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Update BuildKit to v0.25.1. moby/moby#51137
• Update Go runtime to 1.24.8. moby/moby#51133, docker/cli#6541

Deprecations

• api/types/image: InspectResponse: deprecate Parent and DockerVersion fields. moby/moby#51105
• api/types/plugin: deprecate Config.DockerVersion field. moby/moby#51110

... (truncated)

Commits

• 89c5e8f Merge pull request #51396 from thaJeztah/28.x_backport_api_docs
• 9b93878 Merge pull request #51395 from thaJeztah/28.x_backport_rootless_reject
• 6178456 Merge pull request #51398 from vvoland/51397-28.x
• 0cae4e5 vendor: github.com/moby/buildkit v0.25.2
• 33cc06f Merge pull request #51394 from vvoland/51393-28.x
• d525277 api/docs: remove BuildCache.Parent field for API v1.42 and up
• 2fbc51b dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host
• bd98008 integration-cli: Adjust nofile limits
• 1967515 Dockerfile: update runc binary to v1.3.3
• 4489660 Merge pull request #51387 from thaJeztah/28.x_bump_go
• Additional commits viewable in compare view

Updates github.com/docker/go-connections from 0.4.0 to 0.6.0

Commits

• 42faf79 Merge pull request #138 from thaJeztah/sockets_move_unix_options
• 9ffab7e sockets: make NewUnixSocket, WithChown, WithChmod unix-only
• 6bb1d15 Merge pull request #135 from thaJeztah/rename_test_files
• b6c843d sockets: rename files to be considered test files
• 80898b6 Merge pull request #133 from thaJeztah/deprecate_socket_dialpipe
• a4399e5 socket: deprecate DialPipe
• b071e04 Merge pull request #128 from thaJeztah/remove_old_cyphers
• 578bfde Merge pull request #132 from thaJeztah/optimize_ParsePortSpec
• deccd71 tlsconfig: align client and server defaults, remove weak CBC ciphers
• 30b91c8 nat: ParsePortSpec: combine some conditions
• Additional commits viewable in compare view

Updates github.com/gorilla/mux from 1.8.0 to 1.8.1

Release notes

Sourced from github.com/gorilla/mux's releases.

Release v1.8.1

What's Changed

• build: CircleCI 2.1 + build matrix by @​elithrar in gorilla/mux#595
• Include "404" and "405" in the docs by @​Jille in gorilla/mux#602
• docs: update README w.r.t new maintainer ask by @​elithrar in gorilla/mux#660
• regexp: use iota instead of hardcoded values for regexType* by @​michaelgrigoryan25 in gorilla/mux#679
• Fix authenticationMiddleware initialization in the README.md file by @​amustaque97 in gorilla/mux#693
• Update README.md by @​coreydaley in gorilla/mux#713
• [GPT-95] Update go version, add tools for verification and testing by @​apoorvajagtap in gorilla/mux#718
• Delete release-drafter.yml by @​coreydaley in gorilla/mux#719
• Delete stale.yml by @​coreydaley in gorilla/mux#720
• Delete AUTHORS by @​coreydaley in gorilla/mux#721
• Update LICENSE by @​coreydaley in gorilla/mux#722
• Updated the logo in README.md by @​shamkarthik in gorilla/mux#724
• Update LICENSE by @​coreydaley in gorilla/mux#723
• Update issues.yml by @​coreydaley in gorilla/mux#726
• Update issues.yml by @​coreydaley in gorilla/mux#727
• run go fmt with Go 1.20 by @​shogo82148 in gorilla/mux#725
• Fix Single Page Application example in README.md file by @​amustaque97 in gorilla/mux#678
• [BUG] Inconsistent HTTP status code on query mismatch by @​soheilrt in gorilla/mux#712
• Clarify documentation examples of Route methods by @​andrew-werdna in gorilla/mux#672
• changed the routeVariables text content. by @​sumanpaikdev in gorilla/mux#708
• Add GetVarNames() by @​eh-steve in gorilla/mux#676
• fix SPA handler in README.md by @​sy9 in gorilla/mux#733
• update GitHub workflows by @​coreydaley in gorilla/mux#734

New Contributors

• @​Jille made their first contribution in gorilla/mux#602
• @​michaelgrigoryan25 made their first contribution in gorilla/mux#679
• @​amustaque97 made their first contribution in gorilla/mux#693
• @​coreydaley made their first contribution in gorilla/mux#713
• @​apoorvajagtap made their first contribution in gorilla/mux#718
• @​shamkarthik made their first contribution in gorilla/mux#724
• @​shogo82148 made their first contribution in gorilla/mux#725
• @​soheilrt made their first contribution in gorilla/mux#712
• @​andrew-werdna made their first contribution in gorilla/mux#672
• @​sumanpaikdev made their first contribution in gorilla/mux#708
• @​eh-steve made their first contribution in gorilla/mux#676
• @​sy9 made their first contribution in gorilla/mux#733

Full Changelog: gorilla/mux@v1.8.0...v1.8.1

Commits

• b4617d0 update GitHub workflows (#734)
• 3401478 fix SPA handler in README.md (#733)
• 4a671cb Add GetVarNames() (#676)
• 85123bf changed the routeVariables text content. (#708)
• 79f2f45 Clarify documentation examples of Route methods (#672)
• 395ad81 [BUG] Inconsistent HTTP status code on query mismatch (#712)
• 24c3e7f Fix Single Page Application example in README.md file (#678)
• 546dd0c run go fmt with Go 1.20 (#725)
• 651928c Update issues.yml (#727)
• cfc696d Update issues.yml (#726)
• Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

• go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460
• go.mod: bump up dependencies sirupsen/logrus#1460
• Touch-up godoc and add "doc" links.
• README: fix links, grammar, and update examples.
• Add GNU/Hurd support sirupsen/logrus#1364
• Add WASI wasip1 support sirupsen/logrus#1388
• Remove uses of deprecated ioutil package sirupsen/logrus#1472
• CI: update actions and golangci-lint sirupsen/logrus#1459
• CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Changelog

Sourced from github.com/sirupsen/logrus's changelog.

1.9.4

Fixes:

• Remove uses of deprecated ioutil package

Features:

• Add GNU/Hurd support
• Add WASI wasip1 support

Code quality:

• Update minimum supported Go version to 1.17
• Documentation updates

Commits

• b61f268 Merge pull request #1472 from goldlinker/master
• 15c29db refactor: replace the deprecated function in the ioutil package
• cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
• 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
• d916819 Merge pull request #1427 from dolmen/fix-testify-usage
• 135e482 README: small touch-ups
• 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
• 877ecec README: remove travis badge
• 55cf256 Merge pull request #1393 from jsoref/grammar
• 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.45.0 to 0.49.0

Commits

• 982eaa6 go.mod: update golang.org/x dependencies
• 159944f ssh,acme: clean up tautological/impossible nil conditions
• a408498 acme: only require prompt if server has terms of service
• cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
• 2f26647 x509roots/fallback: update bundle
• e08b067 go.mod: update golang.org/x dependencies
• 7d0074c scrypt: fix panic on parameters <= 0
• 506e022 go.mod: update golang.org/x dependencies
• 7dacc38 chacha20poly1305: error out in fips140=only mode
• 19acf81 go.mod: update golang.org/x dependencies
• Additional commits viewable in compare view

Updates gonum.org/v1/plot from 0.11.0 to 0.16.0

Release notes

Sourced from gonum.org/v1/plot's releases.

Release v0.16.0

What's Changed

• vg/vggio: remove by @​sbinet in gonum/plot#789
• all: bump Go-1.24, drop Go-1.22 by @​sbinet in gonum/plot#790
• all: migrate deps to codeberg by @​sbinet in gonum/plot#791
• all: modernize Go usage by @​sbinet in gonum/plot#792
• all: bump go-fonts/liberation@v0.5.0, go-latex/latex@v0.1.0 by @​sbinet in gonum/plot#794
• all: use Gonum@v0.16 by @​sbinet in gonum/plot#800
• palette/moreland: fix floating-point arithmetic error in Palette by @​Juneezee in gonum/plot#799
• all: migrate to math/rand/v2 by @​Juneezee in gonum/plot#801
• all: use built-in min and max functions by @​Juneezee in gonum/plot#796

New Contributors

• @​Juneezee made their first contribution in gonum/plot#799

Full Changelog: gonum/plot@v0.15.0...v0.16.0

Release v0.15.0

What's Changed

• vg/recorder: drop unneeded field from Canvas. by @​sbinet in gonum/plot#772
• all: bump Go-1.22, drop Go-1.20 by @​sbinet in gonum/plot#774
• all: remove descent padding from horizontal axis by @​kortschak in gonum/plot#780
• Update x/image to 0.18.0 by @​dirkmueller in gonum/plot#781
• all: bump Go-1.23, drop Go-1.21 by @​sbinet in gonum/plot#784
• all: bump gg@v0.6.0 by @​sbinet in gonum/plot#785

New Contributors

• @​dirkmueller made their first contribution in gonum/plot#781

Full Changelog: gonum/plot@v0.14.0...v0.15.0

Release v0.13.0

What's Changed

• ci: use Go-1.19 in codecov by @​sbinet in gonum/plot#755
• ci: explicitly use ubuntu-20.04 by @​kortschak in gonum/plot#757
• Adds plotutil example image width/height unit by @​zyluo in gonum/plot#756
• mod: update golang.org/x/image version by @​kortschak in gonum/plot#759
• all: bump to Go-1.20, drop Go-1.18 by @​sbinet in gonum/plot#760
• plotter: implement GlyphBoxer for plotter.Line by @​sbinet in gonum/plot#762
• vggio more tests by @​sbinet in gonum/plot#765
• all: update to latest Gio API by @​sbinet in gonum/plot#764
• all: update dependencies for Gonum-v0.13.0 by @​sbinet in gonum/plot#766

New Contributors

• @​zyluo made their first contribution in gonum/plot#756

Full Changelog: gonum/plot@v0.12.0...v0.13.0

Release v0.12.0

What's Changed

... (truncated)

Commits

• efc7fc8 all: use built-in min and max functions
• 6cdb326 all: migrate to math/rand/v2
• 82c684a palette/moreland: fix floating-point arithmetic error in Palette
• 8cb2ca2 all: use Gonum@v0.16
• 2815ea1 all: bump go-fonts/liberation@v0.5.0, go-latex/latex@v0.1.0
• 3577a4a all: modernize Go usage
• 9515ee8 all: migrate to codeberg
• db57062 all: bump Go-1.24, drop Go-1.22
• f8d8ad7 ci: use ubuntu-latest in lieu of ubuntu-20.04
• 686397e ci: bump staticcheck@2025.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions