cpuguy83
Bump the go_modules group across 1 directory with 4 updates
Bumps the go_modules group with 1 update in the / directory: github.com/containerd/containerd.
Updates github.com/containerd/containerd from 1.4.1 to 1.7.29
Release notes
Sourced from github.com/containerd/containerd's releases.
containerd 1.7.29
Welcome to the v1.7.29 release of containerd!
The twenty-ninth patch release for containerd 1.7 contains various fixes and updates including security patches.
Security Updates
containerd
runc
Highlights
Image Distribution
- Update differ to handle zstd media types (#12018)
Runtime
Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Akihiro Suda
- Phil Estes
- Austin Vazquez
- Sebastiaan van Stijn
- ningmingxiao
- Maksym Pavlenko
- StepSecurity Bot
- wheat2018
Changes
... (truncated)
Commits
442cb34Merge commit from forke5cb6ddMerge commit from fork9772966Merge pull request #12486 from dmcgowan/prepare-v1.7.291fc2daaPrepare release notes for v1.7.2993f710aMerge pull request #12480 from k8s-infra-cherrypick-robot/cherry-pick-12475-t...68d04beMerge pull request #12471 from austinvazquez/1_7_update_ci_go_and_images3f5f9f8runc: Update runc binary to v1.3.3667409fci: bump Go 1.24.9, 1.25.3294f8c0Update GHA runners to use latest images for basic binaries buildcf66b41Update GHA runners to use latest image for most jobs- Additional commits viewable in compare view
Updates github.com/opencontainers/image-spec from 1.0.1 to 1.1.0
Release notes
Sourced from github.com/opencontainers/image-spec's releases.
v1.1.0
Vote Passed
[+7-0]- https://groups.google.com/a/opencontainers.org/g/dev/c/Cnk6H9C4aag Release PR : opencontainers/image-spec#1161 Full Changelog: https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.0Associated Distribution Specification Release - https://github.com/opencontainers/distribution-spec/releases/tag/v1.1.0
v1.1.0-rc6
Vote passed [+6 -0] - https://groups.google.com/a/opencontainers.org/g/dev/c/HOxZlfhr9-o
For changeset and diff please see - opencontainers/image-spec#1157
v1.1.0-rc5
For changeset and diff please see - opencontainers/image-spec#1109
Vote - https://groups.google.com/a/opencontainers.org/g/dev/c/KIwyzExcjZ8
v1.1.0-rc4
Vote passed [+6 -0]: https://groups.google.com/a/opencontainers.org/g/dev/c/gPgzESGb7xs
For changeset and diff please see - opencontainers/image-spec#1080
v1.1.0-rc3
Vote passed [+6 -0]: https://groups.google.com/a/opencontainers.org/g/dev/c/ZUza21145X0
opencontainers/image-spec#1049
Note: This is a duplicate of v1.1.0-rc.3 because of semver ordering (rc.3 < rc1 < rc2).
v1.1.0-rc2
Vote PASSED [+5 -0 #2]: https://groups.google.com/a/opencontainers.org/g/dev/c/0CIPCfr4TCk
Full Changeset since v1.1.0-rc2:
v1.1.0-rc1...19a74bcbPRs included since
v1.1.0-rc1#956 docs: Update release process docs with checklist #953 Release 1.1.0 rc1 #950 Rename refers field to subject #945 Fix whitespace consistency in config.md
v1.1.0-rc1
Vote PASSED [+5 -0 #2]: https://groups.google.com/a/opencontainers.org/g/dev/c/O5L0lkhblkc
Full Changeset since v1.0.2:
67d2d56..4728b6e
... (truncated)
Commits
e7f7c0cversion: release v1.1.0365fa41Merge pull request #1160 from sudo-bmitch/pr-subject-dag-associationd0f90e6Clarify that subject references a separate DAG9703222Merge pull request #1157 from sudo-bmitch/pr-v1.1.0-rc68b1e951version: bump back to +dev6c2b5faversion: release v1.1.0-rc656fb783Merge pull request #1107 from sudo-bmitch/pr-release-noticea6d741aMerge pull request #1148 from dejanu/update_oci_implementations53d9855new section for projects no longer maintainedceeb2ebMerge pull request #1114 from sudo-bmitch/pr-go-1.21- Additional commits viewable in compare view
Updates golang.org/x/crypto from 0.0.0-20200622213623-75b288015ac9 to 0.40.0
Commits
- See full diff in compare view
Updates google.golang.org/grpc from 1.33.0 to 1.59.0
Release notes
Sourced from google.golang.org/grpc's releases.
Release 1.59.0
Behavior Changes
- balancer: grpc will switch to case-sensitive balancer names soon; log a warning if a capital letter is encountered in an LB policy name (#6647)
- server: allow applications to send arbitrary data in the
grpc-status-details-bintrailer (#6662)- client: validate
grpc-status-details-bintrailer and pass through the trailer to the application directly (#6662)New Features
- tap (experimental): Add Header metadata to tap handler (#6652)
- Special Thanks:
@pstibrany- grpc: channel idleness enabled by default with an
idle_timeoutof30m(#6585)Documentation
- examples: add an example of flow control behavior (#6648)
Bug Fixes
- xds: fix hash policy header to skip "-bin" headers and read content-type header as expected (#6609)
Release 1.58.3
Security
server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)
In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.
Release 1.58.2
Bug Fixes
balancer/weighted_round_robin: fix ticker leak on update
A new ticker is created every time there is an update of addresses or configuration, but was not properly stopped. This change stops the ticker when it is no longer needed.
Release 1.58.1
Bug Fixes
- grpc: fix a bug that was decrementing active RPC count too early for streaming RPCs; leading to channel moving to IDLE even though it had open streams
- grpc: fix a bug where transports were not being closed upon channel entering IDLE
Release 1.58.0
API Changes
See #6472 for details about these changes.
... (truncated)
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency -
@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) -
@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) -
@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) -
@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency -
@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}