cortex icon indicating copy to clipboard operation
cortex copied to clipboard

Published 20 hours ago verified publisher icon cortexlabs

Bump github.com/containerd/containerd from 1.5.4 to 1.5.18

Open dependabot[bot] opened this issue 2 years ago • 1 comments
trafficstars

Bumps github.com/containerd/containerd from 1.5.4 to 1.5.18.

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.5.18

Welcome to the v1.5.18 release of containerd!

The eighteenth patch release for containerd 1.5 includes fixes for CVE-2023-25153 and CVE-2023-25173 along with a security update for Go.

Notable Updates

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Akihiro Suda
  • Derek McGowan
  • Ye Sijun
  • Samuel Karp
  • Phil Estes
  • Swagat Bora
  • Wei Fu

Changes

  • [release/1.5] Prepare release notes for v1.5.18 (#8117)
    • ddf9de6cb Prepare release notes for v1.5.18
  • Github Security Advisory GHSA-hmfx-3pcx-653p
    • a62c38bf2 oci: fix additional GIDs
    • 3b89da580 oci: fix loop iterator aliasing
    • b07ec6b25 oci: skip checking gid for WithAppendAdditionalGroups
    • 356672cb5 refactor: reduce duplicate code
    • 6a7b7617c add WithAdditionalGIDs test
    • 832bcf300 add WithAppendAdditionalGroups helper
  • Github Security Advisory GHSA-259w-8hf6-59c2
    • 19a347e45 importer: stream oci-layout and manifest.json
  • [release/1.5] Go 1.19.6 (#8112)
  • [release/1.5] Fix retry logic within devmapper device deactivation (#8089)
    • 0d16d045d Fix retry logic within devmapper device deactivation
  • [release/1.5] CI: skip some jobs when repo != containerd/containerd (#8084)
    • 34451bc66 CI: skip some jobs when repo != containerd/containerd

... (truncated)

Commits
  • 39bb06f Merge pull request #8117 from dmcgowan/prepare-v1.5.18
  • ddf9de6 Prepare release notes for v1.5.18
  • 28e4618 Merge pull request from GHSA-hmfx-3pcx-653p
  • 959e1cf Merge pull request from GHSA-259w-8hf6-59c2
  • b4538c2 Merge pull request #8112 from AkihiroSuda/cherrypick-8109-1.5
  • 4209dc2 Go 1.19.6
  • 7c3b243 Merge pull request #8089 from swagatbora90/backport-1.5
  • 0d16d04 Fix retry logic within devmapper device deactivation
  • 9e9f4c8 Merge pull request #8084 from AkihiroSuda/ci-skip-on-fork-1.5
  • a62c38b oci: fix additional GIDs
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Feb 16 '23 14:02 dependabot[bot]

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Feb 16 '23 14:02 CLAassistant