Bump the all group across 1 directory with 7 updates

[dependabot]

Bumps the all group with 7 updates in the / directory:

Package	From	To
github.com/docker/cli	28.3.2+incompatible	28.3.3+incompatible
github.com/moby/moby	28.3.2+incompatible	28.3.3+incompatible
github.com/docker/go-connections	0.5.0	0.6.0
go.opentelemetry.io/proto/otlp	1.7.0	1.7.1
golang.org/x/sys	0.34.0	0.35.0
golang.org/x/tools	0.35.0	0.36.0
google.golang.org/protobuf	1.36.6	1.36.7

Updates github.com/docker/cli from 28.3.2+incompatible to 28.3.3+incompatible

Commits

• 980b856 Merge pull request #6183 from thaJeztah/diff_simplify
• 9c25614 Merge pull request #6181 from thaJeztah/fork_readCloserWrapper
• bc01f84 Merge pull request #6182 from thaJeztah/fork_longpath
• ea2a0c3 Merge pull request #6177 from thaJeztah/rm_aliases
• 3d98579 cli/command: remove some redundant import-aliases
• f5f3b02 Merge pull request #6178 from thaJeztah/bump_dev_tools
• 143f361 Merge pull request #6179 from thaJeztah/bump_gotestsum
• d7181e4 Merge pull request #6185 from thaJeztah/alpine_doc
• 8b6436e Dockerfile: document ALPINE_VERSION build-arg
• 7d574b8 Merge pull request #6180 from thaJeztah/truncate_id
• Additional commits viewable in compare view

Updates github.com/moby/moby from 28.3.2+incompatible to 28.3.3+incompatible

Release notes

Sourced from github.com/moby/moby's releases.

v28.3.3

28.3.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.3.3 milestone
• moby/moby, 28.3.3 milestone

Security

This release fixes an issue where, after a firewalld reload, published container ports could be accessed directly from the local network, even when they were intended to be accessible only via a loopback address. CVE-2025-54388 / GHSA-x4rx-4gw3-53p4 / moby/moby#50506.

Packaging updates

• Update Buildx to v0.26.1. docker/docker-ce-packaging#1230
• Update Compose to v2.39.1. docker/docker-ce-packaging#1234
• Update Docker Model CLI plugin to v0.1.36. docker/docker-ce-packaging#1233

Go SDK

• cli/command/formatter: add TrunateID() utility as alternative for github.com/docker/docker/pkg/stringid.TrunateID(). docker/cli#6180

Commits

• bea959c Merge pull request #50506 from robmry/backport-28.x/fix_firewalld_reload
• 3e9ff78 bridge: Reapply endpoint iptables rules on firewalld reload
• 29ed80a bridge: Trigger firewalld reload during bridge integration tests
• da489a1 Merge pull request #50478 from thaJeztah/28.x_backport_gha_bump_bk
• f173e45 Merge pull request #50480 from austinvazquez/cherry-pick-ea29dffaa541289591aa...
• e4b1f89 daemon/server: remove compatibility with API v1.4 auth-config on push
• 0c9e14d hack/buildkit-ref: temporarily bump BuildKit to head of v0.23 branch
• bf6d688 Merge pull request #50471 from austinvazquez/cherry-pick-b1ce0c89f0214cc6711c...
• 4205776 client: always send (empty) body on push
• See full diff in compare view

Updates github.com/docker/go-connections from 0.5.0 to 0.6.0

Commits

• 42faf79 Merge pull request #138 from thaJeztah/sockets_move_unix_options
• 9ffab7e sockets: make NewUnixSocket, WithChown, WithChmod unix-only
• 6bb1d15 Merge pull request #135 from thaJeztah/rename_test_files
• b6c843d sockets: rename files to be considered test files
• 80898b6 Merge pull request #133 from thaJeztah/deprecate_socket_dialpipe
• a4399e5 socket: deprecate DialPipe
• b071e04 Merge pull request #128 from thaJeztah/remove_old_cyphers
• 578bfde Merge pull request #132 from thaJeztah/optimize_ParsePortSpec
• deccd71 tlsconfig: align client and server defaults, remove weak CBC ciphers
• 30b91c8 nat: ParsePortSpec: combine some conditions
• Additional commits viewable in compare view

Updates go.opentelemetry.io/proto/otlp from 1.7.0 to 1.7.1

Commits

• 683f172 Release v1.7.1 and v0.0.1 (#376)
• 8bb7afe fix(deps): update module go.opentelemetry.io/build-tools/multimod to v0.26.0 ...
• b758fbb chore(deps): update github/codeql-action action to v3.29.5 (#373)
• f4c2f30 chore(deps): update module go.opentelemetry.io/build-tools to v0.26.0 (#374)
• 181d97c chore(deps): update module github.com/sagikazarmark/locafero to v0.10.0 (#372)
• a1af363 chore(deps): update googleapis to f173205 (#371)
• 0344be9 fix(deps): update module go.opentelemetry.io/build-tools/multimod to v0.25.0 ...
• f74bedd chore(deps): update module go.opentelemetry.io/build-tools to v0.25.0 (#369)
• b8d8eef chore(deps): update github/codeql-action action to v3.29.4 (#368)
• 3b733ce fix(deps): update module google.golang.org/grpc to v1.74.2 (#367)
• Additional commits viewable in compare view

Updates golang.org/x/sys from 0.34.0 to 0.35.0

Commits

• 5b936e1 unix/linux: update to Linux kernel 6.16, Go to 1.24.5
• 3a82703 unix: remove redundant xnu version check for {p}readv/{p}writev
• 9920300 unix: add missing nft conntrack constants
• ad4e0fc unix: remove redundant word in comment
• 084ad87 unix: fix //sys decl after CL 548795
• See full diff in compare view

Updates golang.org/x/tools from 0.35.0 to 0.36.0

Commits

• 44d18e1 go.mod: update golang.org/x dependencies
• 52b9c68 go/ast/inspector: remove obsolete unsafe import
• b155480 gopls/doc/features: add "MCP" to index.
• 992bf9c gopls/internal/golang/hover: show alias real type decl for types only
• 861996a go/ssa: pass GOEXPERIMENT=aliastypeparams only on Go 1.23
• 528efda gopls/internal/analysis/modernize/forvar: provide fix for second loop var
• bdddfd5 gopls/internal/server: add counters for add and remove struct tags
• 23dd839 gopls/internal/filewatcher: fix race condition on watcher shutdown
• 3a8978c cmd/digraph: fix bug in allpaths
• bae51bd gopls/internal/server: add windsurf and cursor as language client
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.6 to 1.36.7

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions