docker/28.0.1-r2: cve remediation (#46982)

octo-sts[bot] · mamccorm · web-flow · commit cfbc56f3552f · 2025-03-17T09:47:18.000+01:00
docker/28.0.1-r2: fix GHSA-qxp5-gwg8-xv66 Advisory data: https://github.com/wolfi-dev/advisories/blob/main/docker.advisories.yaml Source code for this service: https://go/cve-remedy-automation-source Logs for this execution: https://go/cve-remedy-automation-logs Docs for this service: _(not provided yet)_ --------- Signed-off-by: Mark McCormick <mark.mccormick@chainguard.dev> Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> Co-authored-by: Mark McCormick <mark.mccormick@chainguard.dev>
diff --git a/docker.yaml b/docker.yaml
@@ -1,7 +1,7 @@
 package:
   name: docker
   version: "28.0.1"
-  epoch: 2
+  epoch: 3
   description: A meta package for Docker Engine and Docker CLI
   copyright:
     - license: Apache-2.0
@@ -79,6 +79,7 @@ pipeline:
       sed -i 's|github.com/opencontainers/runc v1.1.13|github.com/opencontainers/runc v1.1.14|' vendor.mod
       sed -i 's|github.com/golang-jwt/jwt/v4 v4.5.0|github.com/golang-jwt/jwt/v4 v4.5.1|' vendor.mod
       sed -i 's|golang.org/x/oauth2 v0.23.0|golang.org/x/oauth2 v0.27.0|' vendor.mod
+      sed -i 's|golang.org/x/net v0.33.0|golang.org/x/oauth2 v0.36.0|' vendor.mod
 
       ./hack/vendor.sh
 
