Commit Graph

16825 Commits

Author SHA1 Message Date
Chris Henzie
a0086cfcee Merge commit from fork 2026-06-15 21:26:29 -07:00
Chris Henzie
432a7af299 Merge commit from fork 2026-06-15 21:25:18 -07:00
Chris Henzie
3977106b53 Merge commit from fork 2026-06-15 21:25:18 -07:00
Chris Henzie
5a91c99584 Merge commit from fork 2026-06-15 21:25:17 -07:00
Chris Henzie
a834385de9 Merge commit from fork 2026-06-15 21:25:17 -07:00
Brian Goff
8196411f24 cri: make checkpoint restore robust to unexpected archive content
The CRI checkpoint restore path unpacked checkpoint archive/OCI image content
directly into the container's persistent state directory and read files such as
container.log back from it with a symlink-following copy. Checkpoint content is
externally provided, so make restore more defensive about what it unpacks and
how it reads those files back.

Behavior changes:

- Only unpack regular files and directories from the checkpoint archive.

- Unpack checkpoint content into a dedicated <state>/ctrd-restore
  subdirectory created fresh rather than into the state dir itself, so
  checkpoint content cannot collide with containerd's own files (e.g.
  the "status" blob). Restore and cleanup operate on that subdir;
  cleanup is now a single RemoveAll of it.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2026-06-15 15:11:36 -07:00
Maksym Pavlenko
bfb30d457e Merge pull request #13590 from AkihiroSuda/runc-1.4.3
update runc binary to v1.4.3
2026-06-15 20:18:30 +00:00
Akihiro Suda
a54728641e Merge pull request #13586 from vvoland/streaming-grpc-errors
core/proxy: Convert stream proxy errors to native errdefs
2026-06-15 18:47:19 +00:00
Akihiro Suda
48d0fcd94d Merge pull request #13556 from containerd/dependabot/go_modules/golang-x-b1834abdb7
build(deps): bump the golang-x group with 3 updates
2026-06-13 18:45:34 +00:00
Akihiro Suda
06c38dcad5 Merge pull request #13323 from dmcgowan/resolver-transient-errors
resolver: retry on transient network errors
2026-06-13 18:15:13 +00:00
Akihiro Suda
ebef5893cc update runc binary to v1.4.3
release notes: https://github.com/opencontainers/runc/releases/tag/v1.4.3
full diff: https://github.com/opencontainers/runc/compare/v1.4.2...v1.4.3

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2026-06-14 02:57:29 +09:00
Derek McGowan
20af2e324a resolver: retry on transient network errors
Allow the last host to retry on transient network errors to incrase the
likelihood of the operation succeeding and help reduce flaky tests.

Signed-off-by: Derek McGowan <derek@mcg.dev>
2026-06-12 16:36:08 -07:00
Paweł Gronowski
d3c143e8b4 core/proxy: Convert stream proxy errors to native errdefs
Some proxy stream setup and receive paths still returned raw RPC
status errors while neighboring proxy methods normalized them with
errgrpc.ToNative. This made errdefs checks depend on which proxy API
surfaced the same remote failure.

Normalize event subscription setup and receive errors, and streaming
stream creation errors, while preserving io.EOF for completed receive
streams.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2026-06-12 14:07:40 +02:00
Akihiro Suda
f546206f8d Merge pull request #13575 from akhilerm/go-1.26.4
update go to 1.26.4
2026-06-12 04:39:23 +00:00
Akhil Mohan
3c37ceee46 update go to 1.26.4
go1.26.4 includes security fixes to the crypto/x509, mime, and
net/textproto packages, as well as bug fixes to the compiler, the
runtime, the go fix command, and the crypto/fips140 package

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
2026-06-11 20:37:57 +05:30
Akihiro Suda
01f6f189a5 Merge pull request #13516 from estesp/setup-go-node20-fix
Update to current setup-go version
2026-06-11 13:42:26 +00:00
Akihiro Suda
f58cda1274 Merge pull request #13555 from containerd/dependabot/github_actions/github/codeql-action-4.36.2
build(deps): bump github/codeql-action from 4.36.0 to 4.36.2
2026-06-11 23:22:47 +09:00
Ben Cressey
0ec1af4cae Do not propagate reserved labels from image configs
Image config labels are copied onto the container by both the CRI
plugin (BuildLabels) and the client's WithImageConfigLabels option
used by `ctr run`. Labels in the containerd.io/* namespace are
interpreted by containerd itself and labels in the io.cri-containerd*
namespace are interpreted by the CRI plugin. An image config is not a
trusted source for labels in either namespace.

Skip labels in both reserved namespaces when copying labels from an
image config to a container, and warn about each label skipped: an
image that tries to set them may be attempting to alter containerd
behavior. Oversized image labels are already skipped this way by
the CRI plugin.

Labels set explicitly by clients, for example via `ctr run --label`
or in the CRI request, are unaffected.

Verified with the CRI plugin and with `ctr run` against an image
whose config carries labels like these: the labels are no longer
present on the created container and a warning is logged for each.

Assisted-by: Claude Code
Signed-off-by: Ben Cressey <ben@cressey.org>
Signed-off-by: Samuel Karp <samuelkarp@google.com>
2026-06-10 13:18:24 -07:00
Samuel Karp
2454191ea6 Merge pull request #13562 from chrishenzie/fix-erofs-dmverity-tests
Configure udevd children-max for root-test
2026-06-10 02:32:14 +00:00
Chris Henzie
4adafdf7e1 Configure udevd children-max for root-test
GHA runners occasionally experience I/O constraints during root-test
test execution. While concurrent tests rapidly allocate loopback
devices, background udev probing stalls. This quickly exhausts
systemd-udevd's default worker pool ceiling (20 children max), stalling
netlink uevent processing so device-mapper device nodes are never
created for subsequent dm-verity test execution.

Logging cgroups v2 pids.peak telemetry confirmed peak in-flight udev
workers accumulate to 325 during test execution. Raising the
children-max limit to 500 provides comfortable buffer room so udevd
freely spawns worker processes without entering event lockup or causing
test timeouts.

Assisted-by: Antigravity
Signed-off-by: Chris Henzie <chrishenzie@gmail.com>
2026-06-09 17:59:56 -07:00
Samuel Karp
861ffc1097 cri: filter CDI annotations on checkpoint restore
Filter out any annotations on the checkpointed container matching
`cdi.k8s.io/` or exactly `cdi.k8s.io` during restore to prevent
unauthorized device restoration. When an annotation is denied, a warning
log is generated.

Tested by:
* Unit tests for exact matching, prefix boundaries, and metadata merging
* Complete CRI integration and checkpoint restore suite

Assisted-by: Antigravity
Signed-off-by: Samuel Karp <samuelkarp@google.com>
2026-06-09 16:56:45 -07:00
Samuel Karp
ade39c7c93 Merge pull request #13399 from lauralorenz/13355-nri-hook-leak
Add defer in event of mid-function failures in RunPodSandbox to avoid mount leaks
2026-06-09 18:10:57 +00:00
Samuel Karp
a769b7aea1 Merge pull request #13503 from lauralorenz/fuzz-upload-failures
Upload crash artifacts from go test -fuzz when failed
2026-06-09 18:03:29 +00:00
dependabot[bot]
719088fbaa build(deps): bump the golang-x group with 3 updates
Bumps the golang-x group with 3 updates: [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/sys](https://github.com/golang/sys).


Updates `golang.org/x/mod` from 0.36.0 to 0.37.0
- [Commits](https://github.com/golang/mod/compare/v0.36.0...v0.37.0)

Updates `golang.org/x/sync` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/sync/compare/v0.20.0...v0.21.0)

Updates `golang.org/x/sys` from 0.45.0 to 0.46.0
- [Commits](https://github.com/golang/sys/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sync
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sys
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-08 23:23:20 +00:00
dependabot[bot]
dfb00c4770 build(deps): bump github/codeql-action from 4.36.0 to 4.36.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.36.0 to 4.36.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7211b7c807...8aad20d150)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-08 23:23:19 +00:00
Samuel Karp
af60379ff6 Merge pull request #13434 from lauralorenz/workflow-updates-bash-interpolation
Use intermediate env variables for bash script runners in github workflows
2026-06-04 18:59:36 +00:00
Maksym Pavlenko
b4ab8c0537 Merge pull request #13520 from dmcgowan/add-snapshot-max-size-label
Add max size label for snapshots
2026-06-03 22:25:59 +00:00
Samuel Karp
0c0918fa8f cri: do not re-tag restored checkpoints
Google-Bug-Id: 508657842
Signed-off-by: Samuel Karp <samuelkarp@google.com>
2026-06-03 10:49:45 -07:00
Samuel Karp
799ecd2926 Merge pull request #13525 from AkihiroSuda/fedora44
CI: update Fedora to 44
2026-06-03 17:10:55 +00:00
Akihiro Suda
e37dfad050 CI: update Fedora to 44
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2026-06-03 20:35:09 +09:00
Samuel Karp
9eed061820 Merge pull request #13438 from samuelkarp/close-on-eof-reader
remotes: close fetch reader immediately on EOF
2026-06-02 23:06:05 +00:00
Derek McGowan
f2b7791b23 Add max size label for snapshots
Signed-off-by: Derek McGowan <derek@mcg.dev>
2026-06-02 15:23:27 -07:00
Samuel Karp
45cc0c578e integration: use streaming Read in test mirror limiter
The TestCRIImagePullTimeout test case "NoDataTransferred" flaked under
constrained networks because the test proxy mirror registry used a
blocking ReadAtLeast call to forward bytes to containerd.

This blocking wait (up to 4KB) meant the mirror registry server
completely stopped forwarding data during network slowness, triggering
containerd's aggressive 5-second progress timeout and canceling the
pull before it could reach its 3MB circuit-breaker limit.

This is resolved by changing the proxy's custom copy loop from
io.ReadAtLeast(src, buf, len(buf)) to standard src.Read(buf). This
streams network chunks to containerd immediately as they arrive,
preventing false timeout cancellations while maintaining correct
circuit-breaker byte tracking.

Assisted-by: Antigravity
Signed-off-by: Samuel Karp <samuelkarp@google.com>
2026-06-02 14:53:39 -07:00
Samuel Karp
a989093a9c remotes: close fetch reader immediately on EOF
The CRI progress reporter cancels an image pull if it sees no progress
for 5 seconds. It tracks this through active HTTP requests. During
remote fetches, the HTTP response reader is closed via a deferred
call after `content.Copy` completes.

Diagnosis:
`content.Copy` handles both downloading the stream and committing
the writer to the content store. Any delays during the database
commit phase (e.g. from database locks, slow disk syncs, or concurrent
pull deduplication blocks) keep the HTTP connection open. The progress
reporter sees the request is still active (`activeReqs = 1`) but no new
bytes are coming in, leading to a premature timeout cancellation.

Reproduction:
We reproduced this flakiness deterministically on a GCE VM under a
simulated 2 Mbps ingress bandwidth limit using Linux traffic control
ingress policing (`tc filter ... action police rate 2mbit`). Under this
slowness, the download took longer than the progress timeout during the
slow commit phase, triggering context cancellation and failing the
`TestCRIImagePullTimeout/HoldingContentOpenWriterWithLocalPull` test.

Solution:
To fix this, we wrap the HTTP reader in a `closeOnEOFReader` or
`closeOnEOFReadSeeker` before handing it to `content.Copy`. If the
underlying connection reader implements `io.Seeker`, it is dynamically
wrapped in `closeOnEOFReadSeeker` to forward `Seek` operations. This
ensures that O(1) Range seeks are fully preserved during network
resumes or retries. The wrappers automatically close the underlying
network stream as soon as `Read()` returns `io.EOF` (when the download
completes, before the database commit begins). This drops `activeReqs`
to `0` early, freeing the socket and preventing progress timeouts
during commits. A `sync.Once` ensures that subsequent deferred
`Close()` calls do not double-decrement the reporter.

How it was tested:
Verified the fix on a GCE VM under a simulated 2 Mbps ingress
bandwidth limit. Verified seeker safety via standalone logic audits
and trace proofs.

Assisted-by: Antigravity
Signed-off-by: Samuel Karp <samuelkarp@google.com>
2026-06-02 14:53:33 -07:00
Maksym Pavlenko
83d9e661cb Merge pull request #13304 from dmcgowan/cri-pull-progress-idle-active-reset
cri: reset pull progress timer on idle→active transition
2026-06-02 20:15:28 +00:00
Phil Estes
80b3fe5c78 Update to current setup-go version
Update the setup-go version in our private action yml to
1) be pinned by hash (with comment to version string)
2) remove cache disable that was fixed 3 years ago

Signed-off-by: Phil Estes <estesp@amazon.com>
2026-06-02 13:20:20 -04:00
Akihiro Suda
c8802b6e7b Merge pull request #13483 from AkihiroSuda/fix-lima-5030
runc-shim: don't hold the service lock across runc create
2026-06-01 16:48:13 +00:00
Maksym Pavlenko
561fcdbd8b Merge pull request #13471 from samuelkarp/deflake-TestFailFastWhenConnectShim
integration: deflake TestFailFastWhenConnectShim
2026-05-30 20:12:41 +00:00
Samuel Karp
0ffe456f1e github: upload crash artifacts from go test -fuzz
Update the Fuzzing workflow to upload crash artifacts found during the
go_test_fuzz job. Currently, when `go test -fuzz` fails, the crash
reproducers are generated but not preserved, making it difficult to
diagnose and fix the issues discovered in CI.

This change adds an upload-artifact step that captures all files in
testdata/fuzz directories across the repository upon failure.

Assisted-by: gemini-cli
Signed-off-by: Samuel Karp <samuelkarp@google.com>
Signed-off-by: lauralorenz <lauralorenz@google.com>
2026-05-30 00:07:16 +00:00
Derek McGowan
0651e66e16 Merge pull request #13498 from cpuguy83/update_releases_2.1_support
Resurrect 2.1 branch for a short period
2026-05-29 06:59:06 +00:00
Brian Goff
660e411a3a Resurrect 2.1 branch for a short period
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2026-05-28 15:27:25 -07:00
lauralorenz
2b2b80f558 Add deferred call to ShutdownSandbox to avoid leaks
Between starting the sandbox and adding it to the
sandbox store, there are opportunities for failures
including in any NRI RunPodSandbox prehooks. This defer
is added to that period so if they fail, this function
will try to clean it up itself. If the sandbox is
already added to the persistent store, it will not attempt
to stop the sandbox as it can now be recognized by other
components from the CRI store. ShutdownSandbox is used
instead of StopSandbox as it both stops it and cleans up
all its directories.

Signed-off-by: lauralorenz <lauralorenz@google.com>
2026-05-28 21:50:33 +00:00
Maksym Pavlenko
55a21fc59c Merge pull request #13495 from containerd/dependabot/go_modules/otel-304265291e
build(deps): bump the otel group across 1 directory with 8 updates
2026-05-28 16:13:54 +00:00
Akihiro Suda
dbcaa504c6 runc-shim: don't hold the service lock across runc create
The task service guards its containers map with s.mu, and getContainer()
takes it on behalf of effectively every task RPC (State, Connect, Stats,
Wait, Pause, Kill, ...). Create() held s.mu for its whole duration,
including runc.NewContainer(), which runs the actual `runc create`.

`runc create` can be slow on a loaded host. While it runs, any concurrent
task RPC blocks on s.mu. The tasks service applies a 2s timeout to State
(io.containerd.timeout.task.state), so a concurrent State waits on s.mu,
exceeds the deadline, and the ttrpc call is abandoned -- the late shim
reply then shows up as:

    ttrpc: received message on inactive stream stream=3

Since deadline errors are now surfaced to clients, this is treated as a
fatal failure and the just-created container is torn down right after
start (observed on Lima/vz: nginx -> Exited (1)).

Move runc.NewContainer() out of the s.mu critical section, mirroring the
runtime v1 shim lock optimization. s.mu is taken only once the container
exists, to guard the map and the remaining (fast) setup, so a slow create
no longer blocks concurrent State and other lookups.
preStart/handleStarted/cleanup only use s.lifecycleMu, so early-exit
handling is unchanged.

See lima-vm/lima#5030.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2026-05-28 18:02:52 +09:00
dependabot[bot]
de9dcf6aa6 build(deps): bump the otel group across 1 directory with 8 updates
Bumps the otel group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.68.0` | `0.69.0` |
| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.68.0` | `0.69.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |



Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.68.0 to 0.69.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.68.0...zpages/v0.69.0)

Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.68.0 to 0.69.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.68.0...zpages/v0.69.0)

Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/trace` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.43.0...v1.44.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  dependency-version: 0.69.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-version: 0.69.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 07:05:14 +00:00
Maksym Pavlenko
e9404bdc30 Merge pull request #13490 from liggitt/typeurl-dep
Update typeurl/v2 to v2.3.0 to drop gogo dependency
2026-05-28 06:25:10 +00:00
Maksym Pavlenko
807668a580 Merge pull request #13428 from containerd/dependabot/go_modules/google.golang.org/grpc-1.81.1
build(deps): bump google.golang.org/grpc from 1.81.0 to 1.81.1
2026-05-28 06:24:04 +00:00
dependabot[bot]
8f3c916a76 build(deps): bump google.golang.org/grpc from 1.81.0 to 1.81.1
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.81.0 to 1.81.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.81.0...v1.81.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 00:30:26 +00:00
Maksym Pavlenko
54d5999e57 Merge pull request #13424 from Apokleos/sb-without-pause
cri: skip pause image pull for shim sandboxer
2026-05-27 23:22:49 +00:00
Jordan Liggitt
ce39143249 Update typeurl/v2 to v2.3.0 to drop gogo dependency
Signed-off-by: Jordan Liggitt <liggitt@google.com>
2026-05-27 17:32:08 -04:00