containerd

mirror of https://github.com/containerd/containerd.git synced 2026-06-24 08:48:48 +00:00

Author	SHA1	Message	Date
dependabot[bot]	7f3f8fffdd	build(deps): bump go.etcd.io/bbolt from 1.4.3 to 1.5.0 Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.4.3 to 1.5.0. - [Release notes](https://github.com/etcd-io/bbolt/releases) - [Commits](https://github.com/etcd-io/bbolt/compare/v1.4.3...v1.5.0) --- updated-dependencies: - dependency-name: go.etcd.io/bbolt dependency-version: 1.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-23 10:23:28 -07:00
dependabot[bot]	f407302bab	build(deps): bump github.com/pelletier/go-toml/v2 from 2.3.1 to 2.4.1 Bumps [github.com/pelletier/go-toml/v2](https://github.com/pelletier/go-toml) from 2.3.1 to 2.4.1. - [Release notes](https://github.com/pelletier/go-toml/releases) - [Commits](https://github.com/pelletier/go-toml/compare/v2.3.1...v2.4.1) --- updated-dependencies: - dependency-name: github.com/pelletier/go-toml/v2 dependency-version: 2.4.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-22 23:23:12 +00:00
Sebastiaan van Stijn	9838a323ed	vendor: golang.org/x/crypto v0.53.0 golang.org/x/crypto v0.52.0 contains various security updates; those do NOT impact containerd, but may show up as vulnerability in scanners; === Symbol Results === No vulnerabilities found. === Package Results === No other vulnerabilities found. === Module Results === Vulnerability #1: GO-2026-5033 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent More info: https://pkg.go.dev/vuln/GO-2026-5033 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #2: GO-2026-5023 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2026-5023 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #3: GO-2026-5021 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts More info: https://pkg.go.dev/vuln/GO-2026-5021 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #4: GO-2026-5020 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2026-5020 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #5: GO-2026-5019 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2026-5019 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #6: GO-2026-5018 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2026-5018 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #7: GO-2026-5017 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2026-5017 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #8: GO-2026-5016 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2026-5016 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #9: GO-2026-5015 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2026-5015 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #10: GO-2026-5014 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2026-5014 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #11: GO-2026-5013 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2026-5013 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #12: GO-2026-5006 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent More info: https://pkg.go.dev/vuln/GO-2026-5006 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Vulnerability #13: GO-2026-5005 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent More info: https://pkg.go.dev/vuln/GO-2026-5005 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.51.0 Fixed in: golang.org/x/crypto@v0.52.0 Your code is affected by 0 vulnerabilities. This scan also found 0 vulnerabilities in packages you import and 13 vulnerabilities in modules you require, but your code doesn't appear to call these vulnerabilities. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2026-06-15 20:47:07 +02:00
dependabot[bot]	719088fbaa	build(deps): bump the golang-x group with 3 updates Bumps the golang-x group with 3 updates: [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/mod` from 0.36.0 to 0.37.0 - [Commits](https://github.com/golang/mod/compare/v0.36.0...v0.37.0) Updates `golang.org/x/sync` from 0.20.0 to 0.21.0 - [Commits](https://github.com/golang/sync/compare/v0.20.0...v0.21.0) Updates `golang.org/x/sys` from 0.45.0 to 0.46.0 - [Commits](https://github.com/golang/sys/compare/v0.45.0...v0.46.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sync dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sys dependency-version: 0.46.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-08 23:23:20 +00:00
dependabot[bot]	de9dcf6aa6	build(deps): bump the otel group across 1 directory with 8 updates Bumps the otel group with 5 updates in the / directory: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) \| `0.68.0` \| `0.69.0` \| \| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) \| `0.68.0` \| `0.69.0` \| \| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) \| `1.43.0` \| `1.44.0` \| \| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) \| `1.43.0` \| `1.44.0` \| \| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) \| `1.43.0` \| `1.44.0` \| Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.68.0 to 0.69.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.68.0...zpages/v0.69.0) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.68.0 to 0.69.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.68.0...zpages/v0.69.0) Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/sdk` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/trace` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc dependency-version: 0.69.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-version: 0.69.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/otel/trace dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-28 07:05:14 +00:00
Maksym Pavlenko	e9404bdc30	Merge pull request #13490 from liggitt/typeurl-dep Update typeurl/v2 to v2.3.0 to drop gogo dependency	2026-05-28 06:25:10 +00:00
dependabot[bot]	8f3c916a76	build(deps): bump google.golang.org/grpc from 1.81.0 to 1.81.1 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.81.0 to 1.81.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.81.0...v1.81.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.81.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-28 00:30:26 +00:00
Jordan Liggitt	ce39143249	Update typeurl/v2 to v2.3.0 to drop gogo dependency Signed-off-by: Jordan Liggitt <liggitt@google.com>	2026-05-27 17:32:08 -04:00
Maksym Pavlenko	a3a47d1370	Merge pull request #13427 from containerd/dependabot/go_modules/k8s-7565455e06 build(deps): bump the k8s group across 1 directory with 6 updates	2026-05-26 23:20:22 +00:00
dependabot[bot]	f19f84cfe0	build(deps): bump the k8s group across 1 directory with 6 updates Bumps the k8s group with 5 updates in the / directory: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) \| `0.36.0` \| `0.36.1` \| \| [k8s.io/client-go](https://github.com/kubernetes/client-go) \| `0.36.0` \| `0.36.1` \| \| [k8s.io/cri-api](https://github.com/kubernetes/cri-api) \| `0.36.0` \| `0.36.1` \| \| [k8s.io/cri-client](https://github.com/kubernetes/cri-client) \| `0.36.0` \| `0.36.1` \| \| [k8s.io/cri-streaming](https://github.com/kubernetes/cri-streaming) \| `0.36.0` \| `0.36.1` \| Updates `k8s.io/apimachinery` from 0.36.0 to 0.36.1 - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.36.0...v0.36.1) Updates `k8s.io/client-go` from 0.36.0 to 0.36.1 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.36.0...v0.36.1) Updates `k8s.io/cri-api` from 0.36.0 to 0.36.1 - [Commits](https://github.com/kubernetes/cri-api/compare/v0.36.0...v0.36.1) Updates `k8s.io/cri-client` from 0.36.0 to 0.36.1 - [Commits](https://github.com/kubernetes/cri-client/compare/v0.36.0...v0.36.1) Updates `k8s.io/cri-streaming` from 0.36.0 to 0.36.1 - [Commits](https://github.com/kubernetes/cri-streaming/compare/v0.36.0...v0.36.1) Updates `k8s.io/streaming` from 0.36.0 to 0.36.1 - [Commits](https://github.com/kubernetes/streaming/compare/v0.36.0...v0.36.1) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-version: 0.36.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/client-go dependency-version: 0.36.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/cri-api dependency-version: 0.36.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/cri-client dependency-version: 0.36.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/cri-streaming dependency-version: 0.36.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/streaming dependency-version: 0.36.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-26 04:48:19 +00:00
dependabot[bot]	be9c7a8571	build(deps): bump golang.org/x/sys in the golang-x group Bumps the golang-x group with 1 update: [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/sys` from 0.44.0 to 0.45.0 - [Commits](https://github.com/golang/sys/compare/v0.44.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-version: 0.45.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-26 04:47:47 +00:00
Sergey Kanzhelev	7f10e9eb5f	do not hide linitng errors Signed-off-by: Sergey Kanzhelev <S.Kanzhelev@live.com>	2026-05-19 17:29:18 -07:00
Samuel Karp	ae843af785	Merge pull request #13360 from mxpv/task Fix sandbox task API endpoints for non-runc runtimes	2026-05-19 00:15:24 +00:00
Maksym Pavlenko	dca7c8779a	Merge pull request #13384 from containerd/dependabot/go_modules/golang-x-46c647a010 build(deps): bump the golang-x group with 2 updates	2026-05-13 04:04:31 +00:00
Akihiro Suda	92532de0ff	Merge pull request #13345 from containerd/dependabot/go_modules/github.com/pelletier/go-toml/v2-2.3.1 build(deps): bump github.com/pelletier/go-toml/v2 from 2.3.0 to 2.3.1	2026-05-12 23:59:03 +00:00
Akihiro Suda	d09d4d533f	Merge pull request #13344 from containerd/dependabot/go_modules/github.com/klauspost/compress-1.18.6 build(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6	2026-05-12 18:55:36 +00:00
dependabot[bot]	8c2e686ffb	build(deps): bump the golang-x group with 2 updates Bumps the golang-x group with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/mod` from 0.35.0 to 0.36.0 - [Commits](https://github.com/golang/mod/compare/v0.35.0...v0.36.0) Updates `golang.org/x/sys` from 0.43.0 to 0.44.0 - [Commits](https://github.com/golang/sys/compare/v0.43.0...v0.44.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sys dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-12 05:19:31 +00:00
Maksym Pavlenko	ac01ae5c27	protos: include task API address to CreateTaskRequest Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>	2026-05-07 14:56:18 -07:00
dependabot[bot]	67121b9ab6	build(deps): bump github.com/pelletier/go-toml/v2 from 2.3.0 to 2.3.1 Bumps [github.com/pelletier/go-toml/v2](https://github.com/pelletier/go-toml) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/pelletier/go-toml/releases) - [Commits](https://github.com/pelletier/go-toml/compare/v2.3.0...v2.3.1) --- updated-dependencies: - dependency-name: github.com/pelletier/go-toml/v2 dependency-version: 2.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-05 02:30:20 +00:00
dependabot[bot]	d30223f09f	build(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6 Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.5 to 1.18.6. - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](https://github.com/klauspost/compress/compare/v1.18.5...v1.18.6) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-version: 1.18.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-05 02:30:13 +00:00
dependabot[bot]	f698202ed8	build(deps): bump google.golang.org/grpc from 1.80.0 to 1.81.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.80.0 to 1.81.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.80.0...v1.81.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.81.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-05 02:29:48 +00:00
Derek McGowan	c55ada3f31	Update api to v1.11.0 Signed-off-by: Derek McGowan <derek@mcg.dev>	2026-04-29 23:06:20 -07:00
Derek McGowan	1d7b73d54a	Merge pull request #13315 from dmcgowan/update-containerd-dependencies Update containerd core dependencies	2026-04-29 00:04:47 -07:00
Derek McGowan	c5ea950ef6	Update continuity to v0.5.0 Signed-off-by: Derek McGowan <derek@mcg.dev>	2026-04-28 17:56:34 -07:00
Derek McGowan	0bd6e54cae	Update to api v1.11.0-rc.0 No changes, just rc tag Signed-off-by: Derek McGowan <derek@mcg.dev>	2026-04-28 17:51:05 -07:00
Derek McGowan	1dd95ac390	Update plugin with optimizations that improve startup time Signed-off-by: Derek McGowan <derek@mcg.dev>	2026-04-28 17:28:45 -07:00
Maksym Pavlenko	20ee263ff7	Merge pull request #13231 from containerd/dependabot/go_modules/otel-6f3ef841a9 build(deps): bump the otel group across 1 directory with 2 updates	2026-04-28 23:47:32 +00:00
Maksym Pavlenko	edf4004f2d	Merge pull request #13303 from containerd/dependabot/go_modules/github.com/containerd/go-dmverity-0.1.0 build(deps): bump github.com/containerd/go-dmverity from 0.0.0-20260106143538-e097b6cc4a33 to 0.1.0	2026-04-28 21:15:44 +00:00
Samuel Karp	40d7588afc	Force-add NRI pkg/version/info/none file This file is ignored by github.com/containerd/nri/.gitignore, but required for building. The NRI repo does need to change, but until that we can force-include the file. Signed-off-by: Samuel Karp <samuelkarp@google.com>	2026-04-28 11:29:32 -07:00
Samuel Karp	efc8e12599	bump github.com/containerd/nri to v0.12.0 Signed-off-by: Samuel Karp <samuelkarp@google.com>	2026-04-28 10:45:05 -07:00
dependabot[bot]	1696b0458f	build(deps): bump the otel group across 1 directory with 2 updates Bumps the otel group with 2 updates in the / directory: [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) and [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib). Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.67.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.67.0...zpages/v0.68.0) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.67.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.67.0...zpages/v0.68.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc dependency-version: 0.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-version: 0.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-28 02:02:44 +00:00
dependabot[bot]	d713857a34	build(deps): bump github.com/containerd/go-dmverity Bumps [github.com/containerd/go-dmverity](https://github.com/containerd/go-dmverity) from 0.0.0-20260106143538-e097b6cc4a33 to 0.1.0. - [Release notes](https://github.com/containerd/go-dmverity/releases) - [Commits](https://github.com/containerd/go-dmverity/commits/0.1.0) --- updated-dependencies: - dependency-name: github.com/containerd/go-dmverity dependency-version: 0.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-28 02:02:34 +00:00
Chris Chang	5125a2af84	chore: update go-jose for CVE-2026-34986 Signed-off-by: Chris Chang <chrischang@microsoft.com>	2026-04-24 18:22:19 +00:00
Davanum Srinivas	c30f23452c	cri: use upstream Kubernetes modules Switch the CRI integration layer from containerd's forked Kubernetes helpers and clients to the upstream Kubernetes modules, and finalize the dependency update to Kubernetes v0.36.0. Replace the remaining internal helper copies with upstream packages: - internal/cri/clock -> k8s.io/utils/clock - internal/cri/executil -> upstream CRI exec helpers - internal/cri/resourcequantity -> k8s.io/apimachinery/pkg/api/resource - internal/cri/setutils -> k8s.io/apimachinery/pkg/util/sets - internal/cri/types/labels.go -> internal/cri/labels - integration/cri-api/pkg/apis/services.go -> k8s.io/cri-api/pkg/apis/services.go Adopt the upstream CRI clients directly: - add k8s.io/cri-client v0.36.0, k8s.io/cri-streaming v0.36.0, and k8s.io/streaming v0.36.0 as direct dependencies - promote k8s.io/utils to a direct dependency and pull in k8s.io/component-base v0.36.0 indirectly - keep integration/remote as a thin containerd adapter around cri-client, because the integration tests still need the stream-shaped GetContainerEvents RPC Finalize the Kubernetes dependency update from v0.36.0-rc.0 to v0.36.0, refresh vendor/, and drop the obsolete internal utility copies. Also fix the protobuf MessageState mutex-copy vet failures exposed by the new APIs and close the temporary integration CRI clients explicitly. Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2026-04-23 12:59:58 +02:00
dependabot[bot]	62e835ecb9	build(deps): bump github.com/erofs/go-erofs from 0.2.1 to 0.3.0 Bumps [github.com/erofs/go-erofs](https://github.com/erofs/go-erofs) from 0.2.1 to 0.3.0. - [Release notes](https://github.com/erofs/go-erofs/releases) - [Commits](https://github.com/erofs/go-erofs/compare/v0.2.1...v0.3.0) --- updated-dependencies: - dependency-name: github.com/erofs/go-erofs dependency-version: 0.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-21 00:17:32 +00:00
Derek McGowan	3679372958	Update API to use latest beta tag Signed-off-by: Derek McGowan <derek@mcg.dev>	2026-04-15 07:34:15 -07:00
Akihiro Suda	341401c1d5	Merge pull request #12785 from dmcgowan/pass-socket-address Make shim socket directory use configured directory	2026-04-15 10:24:25 +00:00
Derek McGowan	d806373feb	Make shim socket directory use configured state Send the socket directory from containerd to the shim. The shim still decides where the socket goes but can use the environment variable passed from containerd to ensure the socket is placed in the configured directory with proper permission. This is needed for some rootless cases which do not have permission to the default state directory as currently set. The directory being hardcoded by the shim means it is currently not possible to change the location the shim will listen at. Signed-off-by: Derek McGowan <derek@mcg.dev>	2026-04-15 00:21:18 -07:00
Maksym Pavlenko	78a78079ba	Merge pull request #13232 from containerd/dependabot/go_modules/github.com/erofs/go-erofs-0.2.1 build(deps): bump github.com/erofs/go-erofs from 0.2.0 to 0.2.1	2026-04-14 22:54:44 +00:00
dependabot[bot]	a9e9580709	build(deps): bump github.com/erofs/go-erofs from 0.2.0 to 0.2.1 Bumps [github.com/erofs/go-erofs](https://github.com/erofs/go-erofs) from 0.2.0 to 0.2.1. - [Release notes](https://github.com/erofs/go-erofs/releases) - [Commits](https://github.com/erofs/go-erofs/compare/v0.2.0...v0.2.1) --- updated-dependencies: - dependency-name: github.com/erofs/go-erofs dependency-version: 0.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-13 23:32:41 +00:00
dependabot[bot]	ef692c9865	build(deps): bump the golang-x group with 2 updates Bumps the golang-x group with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/mod` from 0.34.0 to 0.35.0 - [Commits](https://github.com/golang/mod/compare/v0.34.0...v0.35.0) Updates `golang.org/x/sys` from 0.42.0 to 0.43.0 - [Commits](https://github.com/golang/sys/compare/v0.42.0...v0.43.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sys dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-13 23:31:52 +00:00
Samuel Karp	d15a469274	update github.com/moby/spdystream v0.5.1 Signed-off-by: Samuel Karp <samuelkarp@google.com>	2026-04-13 10:48:34 -07:00
Derek McGowan	d11731c74f	Update vendored api to v1.11.0-beta.1 Signed-off-by: Derek McGowan <derek@mcg.dev>	2026-04-10 17:17:36 -07:00
Derek McGowan	74b465dcc6	Merge pull request #13208 from dmcgowan/update-bootstrap-log-levels Update bootstrap API log level definition	2026-04-10 17:01:20 -07:00
Derek McGowan	2c102c6cbe	Update bootstrap API log level definition Avoid using logrus concepts in the API, use slog style log levels with integer values and 0 meaning the default "info" level. Signed-off-by: Derek McGowan <derek@mcg.dev>	2026-04-10 15:23:34 -07:00
HirazawaUi	a6311a163d	Bump cri-api to v0.36.0-rc.0 Signed-off-by: HirazawaUi <695097494plus@gmail.com>	2026-04-10 23:53:51 +08:00
Maksym Pavlenko	d9772b5cf1	Merge pull request #13170 from containerd/dependabot/go_modules/github.com/Microsoft/hcsshim-0.15.0-rc.1 build(deps): bump github.com/Microsoft/hcsshim from 0.14.0-rc.1 to 0.15.0-rc.1	2026-04-09 19:40:44 +00:00
Derek McGowan	a755ca16e5	Merge pull request #12865 from dmcgowan/readonly-overlay-erofs-no-mount Support reading readonly overlays without mounting	2026-04-09 18:37:15 +00:00
Maksym Pavlenko	b52893b246	Merge pull request #13165 from dmcgowan/add-transfer-copy-types Add transfer types for container filesystem copy	2026-04-09 05:11:12 +00:00
Maksym Pavlenko	d0dd74854c	Merge pull request #13169 from containerd/dependabot/go_modules/otel-40891b96e8 build(deps): bump the otel group with 6 updates	2026-04-08 23:28:38 +00:00

1 2 3 4 5 ...

1513 Commits