{"id":1535,"name":"github.com/containerd/containerd","ecosystem":"go","repository_url":"https://github.com/containerd/containerd","issues_count":805,"created_at":"2025-06-06T15:01:45.646Z","updated_at":"2025-06-06T15:01:45.646Z","purl":"pkg:golang/github.com/containerd/containerd","metadata":{"id":3493244,"name":"github.com/containerd/containerd","ecosystem":"go","description":"","homepage":"https://github.com/containerd/containerd","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/containerd/containerd","keywords_array":[],"namespace":"github.com/containerd","versions_count":220,"first_release_published_at":"2016-03-21T20:01:28.000Z","latest_release_published_at":"2025-03-17T17:23:21.000Z","latest_release_number":"v1.7.27","last_synced_at":"2025-06-06T06:30:46.605Z","created_at":"2022-04-10T19:15:28.010Z","updated_at":"2025-06-06T06:30:46.606Z","registry_url":"https://pkg.go.dev/github.com/containerd/containerd","install_command":"go get github.com/containerd/containerd","documentation_url":"https://pkg.go.dev/github.com/containerd/containerd#section-documentation","metadata":{},"repo_metadata":{"uuid":"46089560","full_name":"containerd/containerd","owner":"containerd","description":"An open and reliable container runtime","archived":false,"fork":false,"pushed_at":"2023-03-18T05:34:38.000Z","size":95656,"stargazers_count":13436,"open_issues_count":523,"forks_count":2762,"subscribers_count":311,"default_branch":"main","last_synced_at":"2023-03-19T12:01:46.263Z","etag":null,"topics":["cncf","containerd","containers","cri","docker","hacktoberfest","kubernetes","oci"],"latest_commit_sha":null,"homepage":"https://containerd.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"logo_url":null,"metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY_AUDIT.pdf","support":null}},"created_at":"2015-11-13T00:27:43.000Z","updated_at":"2023-03-19T08:54:14.000Z","dependencies_parsed_at":"2022-08-08T19:31:02.056Z","dependency_job_id":null,"html_url":"https://github.com/containerd/containerd","commit_stats":null,"repository_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containerd%2Fcontainerd","tags_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containerd%2Fcontainerd/tags","manifests_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containerd%2Fcontainerd/manifests","owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/containerd","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":108921946,"host_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names"},"owner_record":{"login":"containerd","name":"containerd","uuid":"14037953","kind":"organization","description":"","email":null,"website":"containerd.io","location":null,"twitter":null,"company":null,"avatar_url":"https://avatars.githubusercontent.com/u/14037953?v=4","repositories_count":29,"last_synced_at":"2023-02-23T17:55:25.866Z","metadata":{"has_sponsors_listing":false},"owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/containerd"},"tags":[{"name":"v1.5.0-beta.1","sha":"cfa842c278694860a7e32917066f4a24978f80d0","kind":"tag","published_at":"2021-02-05T21:55:13.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.5.0-beta.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.5.0-beta.1"},{"name":"v1.5.0-beta.0","sha":"83f8d6126b7961ed2c89ce80bbcf0095b3d25ce2","kind":"tag","published_at":"2021-01-21T17:29:08.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.5.0-beta.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.5.0-beta.0"},{"name":"v1.3.9","sha":"ea765aba0d05254012b0b9e595e995c09186427f","kind":"tag","published_at":"2020-11-30T18:39:32.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.9","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.9"},{"name":"v1.4.3","sha":"269548fa27e0089a8b8278fc4fc781d7f65a939b","kind":"tag","published_at":"2020-11-30T18:37:41.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.4.3","html_url":"https://github.com/containerd/containerd/releases/tag/v1.4.3"},{"name":"v1.3.8","sha":"7fb6e171309113ddcb8ea9599e34321550469250","kind":"tag","published_at":"2020-11-30T16:53:41.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.8","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.8"},{"name":"v1.4.2","sha":"b321d358e6eef9c82fa3f3bb8826dca3724c58c6","kind":"tag","published_at":"2020-11-26T08:14:42.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.4.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.4.2"},{"name":"v1.2.14","sha":"f8777f13022dd16c2a339d621bb55465fe603b19","kind":"tag","published_at":"2020-10-15T17:14:51.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.14","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.14"},{"name":"v1.4.1","sha":"c623d1b36f09f8ef6536a057bd658b3aa8632828","kind":"tag","published_at":"2020-09-16T01:32:19.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.4.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.4.1"},{"name":"v1.4.0","sha":"09814d48d50816305a8e6c1a4ae3e2bcc4ba725a","kind":"tag","published_at":"2020-08-17T14:43:03.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.4.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.4.0"},{"name":"v1.4.0-rc.1","sha":"e9f94064b9616ab36a8a51d632a63f97f7783c3d","kind":"tag","published_at":"2020-08-11T23:09:30.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.4.0-rc.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.4.0-rc.1"},{"name":"v1.4.0-rc.0","sha":"85b15eff4581d7e5e3bccb40fdd4f35b6946f545","kind":"tag","published_at":"2020-08-04T18:02:42.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.4.0-rc.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.4.0-rc.0"},{"name":"v1.3.7","sha":"8fba4e9a7d01810a393d5d25a3621dc101981175","kind":"tag","published_at":"2020-08-04T04:35:49.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.7","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.7"},{"name":"v1.4.0-beta.2","sha":"5d470fa23bf969e16b25212703b7a9902dd6cda7","kind":"tag","published_at":"2020-07-13T16:28:28.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.4.0-beta.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.4.0-beta.2"},{"name":"v1.3.6","sha":"be75852b8d7849474a20192f9ed1bf34fdd454f1","kind":"tag","published_at":"2020-06-30T19:40:52.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.6","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.6"},{"name":"v1.3.5","sha":"9b6f3ec0307a825c38617b93ad55162b5bb94234","kind":"tag","published_at":"2020-06-26T20:28:05.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.5","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.5"},{"name":"v1.4.0-beta.1","sha":"8e9ba8376ec25a6158719118a97a99a3555d0fd8","kind":"tag","published_at":"2020-05-28T21:31:17.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.4.0-beta.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.4.0-beta.1"},{"name":"v1.4.0-beta.0","sha":"32985949d4f2f38a484c5021766251250764322b","kind":"tag","published_at":"2020-05-14T23:26:07.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.4.0-beta.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.4.0-beta.0"},{"name":"v1.3.4","sha":"814b7956fafc7a0980ea07e950f983d0837e5578","kind":"tag","published_at":"2020-04-16T00:42:00.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.4","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.4"},{"name":"v1.2.13","sha":"7ad184331fa3e55e52b890ea95e65ba581ae3429","kind":"tag","published_at":"2020-02-18T19:01:41.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.13","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.13"},{"name":"v1.3.3","sha":"d76c121f76a5fc8a462dc64594aea72fe18e1178","kind":"tag","published_at":"2020-02-07T00:21:57.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.3","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.3"},{"name":"v1.2.12","sha":"35bd7a5f69c13e1563af8a93431411cd9ecf5021","kind":"tag","published_at":"2020-02-04T08:04:26.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.12","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.12"},{"name":"v1.3.2","sha":"ff48f57fc83a8c44cf4ad5d672424a98ba37ded6","kind":"tag","published_at":"2019-12-03T19:09:10.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.2"},{"name":"v1.2.11","sha":"f772c10a585ced6be8f86e8c58c2b998412dd963","kind":"tag","published_at":"2019-11-26T22:18:24.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.11","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.11"},{"name":"v1.3.1","sha":"c7a4f874b3267c499484aae602d1257b12d69e40","kind":"tag","published_at":"2019-11-20T04:54:58.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.1"},{"name":"v1.3.0","sha":"36cf5b690dcc00ff0f34ff7799209050c3d0c59a","kind":"tag","published_at":"2019-09-27T01:06:42.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.0"},{"name":"v1.1.8","sha":"2a82a9d2f4853df7a4820781a639cc81110a50e6","kind":"tag","published_at":"2019-09-26T23:42:04.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.8","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.8"},{"name":"v1.2.10","sha":"b34a5c8af56e510852c35414db4c1f4fa6172339","kind":"tag","published_at":"2019-09-26T20:18:38.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.10","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.10"},{"name":"v1.3.0-rc.3","sha":"da66333271f372204aed6b83c2ecf37fa7d9ae2c","kind":"tag","published_at":"2019-09-25T17:45:16.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.0-rc.3","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.0-rc.3"},{"name":"v1.3.0-rc.2","sha":"a0dafd9309e949200e921c5debef96aa5de8dfb0","kind":"tag","published_at":"2019-09-20T02:28:20.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.0-rc.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.0-rc.2"},{"name":"v1.3.0-rc.1","sha":"9741f03932fbab48cb645dbef73526fe4f25a983","kind":"tag","published_at":"2019-09-13T00:28:18.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.0-rc.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.0-rc.1"},{"name":"v1.2.9","sha":"d50db0a42053864a270f648048f9a8b4f24eced3","kind":"tag","published_at":"2019-09-06T00:30:11.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.9","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.9"},{"name":"v1.3.0-rc.0","sha":"59a625defb21c958c25424fa5cc806167e22382e","kind":"tag","published_at":"2019-09-04T23:56:19.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.0-rc.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.0-rc.0"},{"name":"v1.2.8","sha":"a4bc1d432a2c33aa2eed37f338dceabb93641310","kind":"tag","published_at":"2019-08-22T17:14:38.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.8","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.8"},{"name":"v1.3.0-beta.2","sha":"640860a042b93c26c0a33081ee02230def486f81","kind":"tag","published_at":"2019-08-20T20:24:59.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.0-beta.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.0-beta.2"},{"name":"v1.3.0-beta.1","sha":"f06e605f1aef6150b5b4d4556e5b84eeb758fb51","kind":"tag","published_at":"2019-08-09T17:48:02.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.0-beta.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.0-beta.1"},{"name":"v1.3.0-beta.0","sha":"053853fe3ffc6af80165a3249a76a82c27a81cdb","kind":"tag","published_at":"2019-08-01T01:34:01.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.3.0-beta.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.3.0-beta.0"},{"name":"v1.2.7","sha":"85f6aa58b8a3170aec9824568f7a31832878b603","kind":"tag","published_at":"2019-06-14T02:28:23.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.7","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.7"},{"name":"v1.2.6","sha":"894b81a4b802e4eb2a91d1ce216b8817763c29fb","kind":"tag","published_at":"2019-04-05T18:41:05.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.6","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.6"},{"name":"v1.1.7","sha":"4278fbc24348343e3693658313d6964d548b7063","kind":"tag","published_at":"2019-04-05T18:33:12.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.7","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.7"},{"name":"v1.2.5","sha":"bb71b10fd8f58240ca47fbb579b9d1028eea7c84","kind":"tag","published_at":"2019-03-13T08:49:32.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.5","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.5"},{"name":"v1.2.4","sha":"e6b3f5632f50dbc4e9cb6288d911bf4f5e95b18e","kind":"tag","published_at":"2019-02-14T01:25:31.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.4","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.4"},{"name":"v1.1.6","sha":"0ad902c05b13590a0393c89b1276b5d46d507312","kind":"tag","published_at":"2019-02-14T00:38:36.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.6","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.6"},{"name":"v1.2.3","sha":"7f5f1176dd9fb3cc8d3ce5de91759ed3dc969fa2","kind":"tag","published_at":"2019-02-06T17:37:47.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.3","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.3"},{"name":"v1.2.2","sha":"9754871865f7fe2f4e74d43e2fc7ccd237edcbce","kind":"tag","published_at":"2019-01-08T00:38:23.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.2"},{"name":"v1.2.1","sha":"9b32062dc1f5a7c2564315c269b5059754f12b9d","kind":"tag","published_at":"2018-12-05T23:50:38.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.1"},{"name":"v1.1.5","sha":"5960cade475fb25a181705d7eccbacc0313bcd7b","kind":"tag","published_at":"2018-11-21T19:14:09.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.5","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.5"},{"name":"v1.2.1-rc.0","sha":"de1f167ab96338a9f5c2b17347abf84bdf1dd411","kind":"tag","published_at":"2018-11-21T18:42:34.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.1-rc.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.1-rc.0"},{"name":"v1.2.0","sha":"c4446665cb9c30056f4998ed953e6d4ff22c7c39","kind":"tag","published_at":"2018-10-24T23:49:30.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.0"},{"name":"v1.2.0-rc.2","sha":"d6de12e2f362cb9dc49ad957911996d3de59b338","kind":"tag","published_at":"2018-10-16T18:14:20.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.0-rc.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.0-rc.2"},{"name":"v1.2.0-rc.1","sha":"0c5f8f63c3368856c320ae8a1c125e703b73b51d","kind":"tag","published_at":"2018-10-03T21:44:21.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.0-rc.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.0-rc.1"},{"name":"v1.1.4","sha":"9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b","kind":"tag","published_at":"2018-09-25T14:18:43.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.4","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.4"},{"name":"v1.2.0-rc.0","sha":"99fc40fd6088baebe3c18b8f8093cd50d58815d6","kind":"tag","published_at":"2018-09-20T20:37:36.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.0-rc.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.0-rc.0"},{"name":"v1.2.0-beta.2","sha":"ce243288e27971e324363de8f322d221635a8521","kind":"tag","published_at":"2018-08-28T20:44:00.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.0-beta.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.0-beta.2"},{"name":"v1.2.0-beta.1","sha":"ac18e6008772193e9c837687156391ee2a1675cd","kind":"tag","published_at":"2018-08-23T19:51:54.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.0-beta.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.0-beta.1"},{"name":"v1.1.3","sha":"8f54c750c67e87a3b1c218208bbd5cc427c653e9","kind":"tag","published_at":"2018-08-22T21:05:26.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.3","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.3"},{"name":"v1.2.0-beta.0","sha":"6f13ff3ea48a6bc2fb9b47c0acce24cf274dafd9","kind":"tag","published_at":"2018-08-16T08:07:23.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.2.0-beta.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.2.0-beta.0"},{"name":"v1.1.2","sha":"468a545b9edcd5932818eb9de8e72413e616e86e","kind":"tag","published_at":"2018-07-13T18:43:56.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.2"},{"name":"v1.1.1","sha":"d64c661f1d51c48782c9cec8fda7604785f93587","kind":"tag","published_at":"2018-07-09T22:17:34.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.1"},{"name":"v1.1.1-rc.2","sha":"e5fb877b9f6c14b15f48643735a8c9764a7319d3","kind":"tag","published_at":"2018-06-27T20:36:03.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.1-rc.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.1-rc.2"},{"name":"v1.1.1-rc.1","sha":"cbef57047e900aeb2bafe7a634919bec13f4a2a5","kind":"tag","published_at":"2018-06-18T18:52:47.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.1-rc.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.1-rc.1"},{"name":"v1.1.1-rc.0","sha":"395068d2b7256518259816ae19e45824b15da071","kind":"tag","published_at":"2018-05-31T23:53:49.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.1-rc.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.1-rc.0"},{"name":"v1.1.0","sha":"209a7fc3e4a32ef71a8c7b50c68fc8398415badf","kind":"tag","published_at":"2018-04-24T03:44:39.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.0"},{"name":"v1.1.0-rc.2","sha":"f630d5f0a639d7d73a806f19f1a6157e768756a5","kind":"tag","published_at":"2018-04-13T23:11:12.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.0-rc.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.0-rc.2"},{"name":"v1.1.0-rc.1","sha":"2bc17ef2cbff1d9dbe8f8e8c1cfa74f12e3905a5","kind":"tag","published_at":"2018-04-05T00:22:39.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.0-rc.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.0-rc.1"},{"name":"v1.0.3","sha":"773c489c9c1b21a6d78b5c538cd395416ec50f88","kind":"tag","published_at":"2018-04-02T20:35:18.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.3","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.3"},{"name":"v1.0.3-rc.0","sha":"2b3b44fd7d1cd1c8732918b8afcb8c84998f1e55","kind":"tag","published_at":"2018-03-29T17:24:43.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.3-rc.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.3-rc.0"},{"name":"v1.1.0-rc.0","sha":"7833fb49fdb0d69a3f7d72625e67e030a269a1ec","kind":"tag","published_at":"2018-03-27T16:41:26.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.1.0-rc.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.1.0-rc.0"},{"name":"v1.0.2","sha":"cfd04396dc68220d1cecbe686a6cc3aa5ce3667c","kind":"tag","published_at":"2018-02-13T23:22:45.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.2"},{"name":"v1.0.2-rc.1","sha":"53aaa89850e83893d4e2eda4380906ac76784037","kind":"tag","published_at":"2018-02-06T19:51:05.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.2-rc.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.2-rc.1"},{"name":"v1.0.2-rc.0","sha":"8b098d036b71a04f2a2c22597664d61b5502e3f9","kind":"tag","published_at":"2018-01-30T23:15:51.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.2-rc.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.2-rc.0"},{"name":"v1.0.1","sha":"9b55aab90508bd389d7654c4baf173a981477d55","kind":"tag","published_at":"2018-01-17T19:03:29.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.1"},{"name":"v1.0.1-rc.0","sha":"1549ddad67adc43024f817b542144908627466f2","kind":"tag","published_at":"2018-01-11T19:49:34.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.1-rc.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.1-rc.0"},{"name":"v1.0.0","sha":"89623f28b87a6004d4b785663257362d1658a729","kind":"tag","published_at":"2017-12-05T05:19:53.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0"},{"name":"v1.0.0-rc.0","sha":"08f179386e1310e13e437af4724aa1a1ff7e3647","kind":"tag","published_at":"2017-12-01T00:40:47.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-rc.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-rc.0"},{"name":"v1.0.0-beta.3","sha":"2b8ed96d2a422bf205adcdfa05272dc12c81613b","kind":"tag","published_at":"2017-11-08T19:23:33.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-beta.3","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-beta.3"},{"name":"v1.0.0-beta.2","sha":"a543c937eb0a05e1636714ee2be70819d745b960","kind":"tag","published_at":"2017-10-12T01:11:17.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-beta.2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-beta.2"},{"name":"v1.0.0-beta.1","sha":"20c621178a5f45938e71afad24df281002aac329","kind":"tag","published_at":"2017-09-22T20:46:33.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-beta.1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-beta.1"},{"name":"v1.0.0-beta.0","sha":"d0457b221369fa22fc2facdf73266b67993b3959","kind":"tag","published_at":"2017-09-06T23:27:05.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-beta.0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-beta.0"},{"name":"v1.0.0-alpha6","sha":"f05281743e5ac9ad11c6e19a72be7a903eab79f5","kind":"tag","published_at":"2017-08-23T22:38:18.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-alpha6","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-alpha6"},{"name":"v1.0.0-alpha5","sha":"b2ee0ab34eafa1ac06d2f5c98c226a69af123602","kind":"tag","published_at":"2017-08-17T23:17:48.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-alpha5","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-alpha5"},{"name":"v1.0.0-alpha4","sha":"56d499e114cd0289a68338d32d997346f3bb1dcd","kind":"tag","published_at":"2017-08-10T22:18:57.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-alpha4","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-alpha4"},{"name":"v1.0.0-alpha3","sha":"0fa76584f8360345fdedccf4689ea1c8908a1f9d","kind":"tag","published_at":"2017-08-02T23:15:04.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-alpha3","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-alpha3"},{"name":"v1.0.0-alpha2","sha":"856b03843737a45ba1b8c1bf9558e44cabedb2e7","kind":"tag","published_at":"2017-07-26T22:48:10.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-alpha2","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-alpha2"},{"name":"v1.0.0-alpha1","sha":"0b3e572b8528adf24fbdb6fb0cb6f88c62f37ec0","kind":"tag","published_at":"2017-07-19T23:25:03.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-alpha1","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-alpha1"},{"name":"v1.0.0-alpha0","sha":"8eadcb8c2899bc7300b8e4822e3b8d5cfbd74ef2","kind":"tag","published_at":"2017-07-13T00:22:53.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v1.0.0-alpha0","html_url":"https://github.com/containerd/containerd/releases/tag/v1.0.0-alpha0"},{"name":"v0.2.9","sha":"cfb82a876ecc11b5ca0977d1733adbe58599088a","kind":"commit","published_at":"2017-05-30T16:13:03.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v0.2.9","html_url":"https://github.com/containerd/containerd/releases/tag/v0.2.9"},{"name":"v0.2.8","sha":"9048e5e50717ea4497b757314bad98ea3763c145","kind":"commit","published_at":"2017-03-29T21:01:03.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v0.2.8","html_url":"https://github.com/containerd/containerd/releases/tag/v0.2.8"},{"name":"v0.2.6","sha":"4ab9917febca54791c5f071a9d1f404867857fcc","kind":"commit","published_at":"2017-03-15T14:55:45.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v0.2.6","html_url":"https://github.com/containerd/containerd/releases/tag/v0.2.6"},{"name":"v0.2.7","sha":"422e31ce907fd9c3833a38d7b8fdd023e5a76e73","kind":"commit","published_at":"2017-03-15T14:55:30.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v0.2.7","html_url":"https://github.com/containerd/containerd/releases/tag/v0.2.7"},{"name":"v0.2.5","sha":"2a5e70cbf65457815ee76b7e5dd2a01292d9eca8","kind":"commit","published_at":"2016-12-05T17:51:10.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v0.2.5","html_url":"https://github.com/containerd/containerd/releases/tag/v0.2.5"},{"name":"v0.2.4","sha":"71861281661331fbc81936be81f05d8db71fc1ca","kind":"commit","published_at":"2016-09-24T19:45:22.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v0.2.4","html_url":"https://github.com/containerd/containerd/releases/tag/v0.2.4"},{"name":"v0.2.3","sha":"973f21fcadedf70c032554ba43622f857496f886","kind":"commit","published_at":"2016-08-10T15:59:47.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v0.2.3","html_url":"https://github.com/containerd/containerd/releases/tag/v0.2.3"},{"name":"v0.2.2","sha":"9dc2b3273db42c75368988a3885a3afd770069d9","kind":"commit","published_at":"2016-05-24T20:54:51.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v0.2.2","html_url":"https://github.com/containerd/containerd/releases/tag/v0.2.2"},{"name":"v0.2.1","sha":"ca47f7e76a93e9b3768ed084d62318e85bd9f4b2","kind":"commit","published_at":"2016-04-22T16:02:02.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v0.2.1","html_url":"https://github.com/containerd/containerd/releases/tag/v0.2.1"},{"name":"v0.2.0","sha":"399eca2b90c323ab325f49ebf9b5353fcd196919","kind":"commit","published_at":"2016-04-14T21:28:13.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v0.2.0","html_url":"https://github.com/containerd/containerd/releases/tag/v0.2.0"},{"name":"v0.1.0","sha":"7e3c007ea30b938561921d0318bc91b7087fbe7d","kind":"commit","published_at":"2016-03-21T20:01:28.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/v0.1.0","html_url":"https://github.com/containerd/containerd/releases/tag/v0.1.0"},{"name":"0.0.5","sha":"8c38c931b00225d9820dc06c5cfe2b2ea90895b3","kind":"commit","published_at":"2016-02-12T23:52:13.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/0.0.5","html_url":"https://github.com/containerd/containerd/releases/tag/0.0.5"},{"name":"0.0.4","sha":"ab9be566cf78e3cf3afd75563a3ba40b2f371a07","kind":"commit","published_at":"2015-12-16T01:03:11.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/0.0.4","html_url":"https://github.com/containerd/containerd/releases/tag/0.0.4"},{"name":"0.0.3","sha":"585be1254fc92195c784ffb05e1fa742add37e39","kind":"commit","published_at":"2015-12-10T00:38:45.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/0.0.3","html_url":"https://github.com/containerd/containerd/releases/tag/0.0.3"},{"name":"0.0.2","sha":"72ee22ad6071cfa35f86e50459a5f6a28dd7c3b8","kind":"commit","published_at":"2015-12-04T22:17:26.000Z","download_url":"https://codeload.github.com/containerd/containerd/tar.gz/0.0.2","html_url":"https://github.com/containerd/containerd/releases/tag/0.0.2"}]},"repo_metadata_updated_at":"2023-03-21T18:38:09.448Z","dependent_packages_count":9153,"downloads":null,"downloads_period":null,"dependent_repos_count":26380,"rankings":{"downloads":null,"dependent_repos_count":0.03786684151118784,"dependent_packages_count":0.027907343469889115,"stargazers_count":0.5202800278865946,"forks_count":0.12044767943695638,"docker_downloads_count":0.015561715689529248,"average":0.14441272159883142},"purl":"pkg:golang/github.com/containerd/containerd","advisories":[{"uuid":"GSA_kwCzR0hTQS1jOWNwLTljNzUtOXY4Y84AA8Eg","url":"https://github.com/advisories/GHSA-c9cp-9c75-9v8c","title":"containerd started with non-empty inheritable Linux process capabilities","description":"### Impact\n\nA bug was found in containerd where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`.  Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set.  Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set.  Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted.\n\nThis bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set.\n\n\n### Patches\n\nThis bug has been fixed in containerd 1.5.11 and 1.6.2.  Users should update to these versions as soon as possible.  Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset.\n\nThis fix changes containerd behavior such that containers are started with a more typical Linux environment.  Refer to `capabilities(7)` for a description of how capabilities work.  Note that permitted file capabilities continue to allow for privileges to be raised up to the container's bounding set and that processes may add capabilities to their own inheritable set up to the container's bounding set per the rules described in the manual page.  In all cases the container's bounding set provides an upper bound on the capabilities that can be assumed and provides for the container security sandbox.\n\n### Workarounds\n\nThe entrypoint of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/containerd/containerd/issues/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io) if you think you’ve found a security bug","origin":"UNSPECIFIED","severity":"LOW","published_at":"2024-05-14T22:04:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c","https://github.com/containerd/containerd/commit/e9af808591ee1468f9b0ad6a0d41fdf93ee0c1bc","https://github.com/advisories/GHSA-c9cp-9c75-9v8c"],"source_kind":"github","identifiers":["GHSA-c9cp-9c75-9v8c"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.6.2","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.2"},{"first_patched_version":"1.5.11","vulnerable_version_range":"\u003c 1.5.11"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2024-05-14T23:05:44.075Z","updated_at":"2024-07-08T12:58:30.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS0yNjVyLWhmeGctZmhtZ84ABFj6","url":"https://github.com/advisories/GHSA-265r-hfxg-fhmg","title":"containerd has an integer overflow in User ID handling","description":"### Impact\nA bug was found in containerd where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user.\n\n### Patches\nThis bug has been fixed in the following containerd versions: \n\n* 2.0.4 (Fixed in https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20)\n* 1.7.27 (Fixed in https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da)\n* 1.6.38 (Fixed in https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a)\n\nUsers should update to these versions to resolve the issue.\n\n### Workarounds\nEnsure that only trusted images are used and that only trusted users have permissions to import images.\n\n### Credits\nThe containerd project would like to thank [Benjamin Koltermann](https://github.com/p4ck3t0) and [emxll](https://github.com/emxll) for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### References\n* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-03-17T21:24:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg","https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da","https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20","https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a","https://nvd.nist.gov/vuln/detail/CVE-2024-40635","https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html","https://github.com/advisories/GHSA-265r-hfxg-fhmg"],"source_kind":"github","identifiers":["GHSA-265r-hfxg-fhmg","CVE-2024-40635"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.6.38","vulnerable_version_range":"\u003c 1.6.38"},{"first_patched_version":"1.7.27","vulnerable_version_range":"\u003e= 1.7.0-beta.0, \u003c 1.7.27"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"},{"versions":[{"first_patched_version":"2.0.4","vulnerable_version_range":"\u003c 2.0.4"}],"ecosystem":"go","package_name":"github.com/containerd/containerd/v2"}],"created_at":"2025-03-17T22:07:28.275Z","updated_at":"2025-05-26T22:18:09.000Z","epss_percentage":0.00009,"epss_percentile":0.00613},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3MnAtOXhtai1yeDN3","url":"https://github.com/advisories/GHSA-c72p-9xmj-rx3w","title":"Archive package allows chmod of file outside of unpack target directory","description":"## Impact\n\nA bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem.  Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky.  This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.\n\n## Patches\n\nThis bug has been fixed in containerd 1.5.4 and 1.4.8.  Users should update to these versions as soon as they are released.  Running containers do not need to be restarted.\n\n## Workarounds\n\nEnsure you only pull images from trusted sources.\n\nLinux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with unexpected files.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at security@containerd.io if you think you’ve found a security bug.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-07-26T21:17:45.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w","https://nvd.nist.gov/vuln/detail/CVE-2021-32760","https://github.com/containerd/containerd/releases/tag/v1.4.8","https://github.com/containerd/containerd/releases/tag/v1.5.4","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/","https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c","https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/","https://security.gentoo.org/glsa/202401-31","https://github.com/advisories/GHSA-c72p-9xmj-rx3w"],"source_kind":"github","identifiers":["GHSA-c72p-9xmj-rx3w","CVE-2021-32760"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.5.4","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.4"},{"first_patched_version":"1.4.8","vulnerable_version_range":"\u003c 1.4.8"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2022-12-21T16:12:57.565Z","updated_at":"2025-06-05T01:18:08.322Z","epss_percentage":0.00141,"epss_percentile":0.35406},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2eHctZng3OC1jNXI0","url":"https://github.com/advisories/GHSA-36xw-fx78-c5r4","title":"containerd-shim API Exposed to Host Network Containers","description":"## Impact\n\nAccess controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges.\n\n### Specific Go Packages Affected\ngithub.com/containerd/containerd/cmd\n\n## Patches\n\nThis vulnerability has been fixed in containerd 1.3.9 and 1.4.3.  Users should update to these versions as soon as they are released.  It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade.\n\n## Workarounds\n\nIf you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the \"host\" network namespace, for example with `docker run --net=host` or `hostNetwork: true` in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue.\n\nIf you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to `deny unix addr=@**,` to your policy.\n\nIt is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces.  The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container.\n\n## Credits\n\nThe containerd maintainers would like to thank Jeff Dileo of NCC Group for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/master/SECURITY.md) and for reviewing the patch.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n\n* [Open an issue](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at security@containerd.io if you think you’ve found a security bug.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-05-24T17:00:22.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4","https://nvd.nist.gov/vuln/detail/CVE-2020-15257","https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad","https://github.com/containerd/containerd/releases/tag/v1.4.3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD/","https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again/","https://www.debian.org/security/2021/dsa-4865","https://security.gentoo.org/glsa/202105-33","https://github.com/advisories/GHSA-36xw-fx78-c5r4"],"source_kind":"github","identifiers":["GHSA-36xw-fx78-c5r4","CVE-2020-15257"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.4.3","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.3"},{"first_patched_version":"1.3.9","vulnerable_version_range":"\u003c 1.3.9"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2022-12-21T16:13:01.064Z","updated_at":"2023-10-02T15:37:36.000Z","epss_percentage":0.13631,"epss_percentile":0.93633},{"uuid":"GSA_kwCzR0hTQS0ycWpwLTQyNWotNTJqOc4AAwM4","url":"https://github.com/advisories/GHSA-2qjp-425j-52j9","title":"containerd CRI stream server vulnerable to host memory exhaustion via terminal","description":"### Impact\n\nA bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO.\n\n### Patches\n\nThis bug has been fixed in containerd 1.6.12 and 1.5.16.  Users should update to these versions to resolve the issue.\n\n### Workarounds\n\nEnsure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. \n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-12-07T23:23:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9","https://github.com/containerd/containerd/commit/241563be06a3de8b6a849414c4e805b68d3bb295","https://github.com/containerd/containerd/releases/tag/v1.5.16","https://github.com/containerd/containerd/releases/tag/v1.6.12","https://nvd.nist.gov/vuln/detail/CVE-2022-23471","https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0","https://security.gentoo.org/glsa/202401-31","https://github.com/advisories/GHSA-2qjp-425j-52j9"],"source_kind":"github","identifiers":["GHSA-2qjp-425j-52j9","CVE-2022-23471"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.6.12","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.12"},{"first_patched_version":"1.5.16","vulnerable_version_range":"\u003c 1.5.16"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2022-12-21T16:11:46.359Z","updated_at":"2025-06-05T01:16:55.745Z","epss_percentage":0.00198,"epss_percentile":0.42415},{"uuid":"GSA_kwCzR0hTQS01ZmZ3LWd4cHAtbXhwZs4AArZf","url":"https://github.com/advisories/GHSA-5ffw-gxpp-mxpf","title":"containerd CRI plugin: Host memory exhaustion through ExecSync","description":"### Impact\n\nA bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API.  This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads.  Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an \"exec\" facility.\n\n### Patches\n\nThis bug has been fixed in containerd 1.6.6 and 1.5.13.  Users should update to these versions to resolve the issue.\n\n### Workarounds\n\nEnsure that only trusted images and commands are used. \n\n### References\n\n* Similar fix in cri-o's CRI implementation https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6j\n\n### Credits\n\nThe containerd project would like to thank David Korczynski and Adam Korczynski of ADA Logics for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md) during a security audit sponsored by CNCF and facilitated by OSTIF.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-06-06T22:07:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf","https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382","https://nvd.nist.gov/vuln/detail/CVE-2022-31030","https://www.debian.org/security/2022/dsa-5162","http://www.openwall.com/lists/oss-security/2022/06/07/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/","https://security.gentoo.org/glsa/202401-31","https://github.com/advisories/GHSA-5ffw-gxpp-mxpf"],"source_kind":"github","identifiers":["GHSA-5ffw-gxpp-mxpf","CVE-2022-31030"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.6.6","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.6"},{"first_patched_version":"1.5.13","vulnerable_version_range":"\u003c 1.5.13"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2022-12-21T16:12:20.894Z","updated_at":"2024-01-31T15:32:12.000Z","epss_percentage":0.00085,"epss_percentile":0.25798},{"uuid":"GSA_kwCzR0hTQS1jMmgzLTZteHctN212cc0WHg","url":"https://github.com/advisories/GHSA-c2h3-6mxw-7mvq","title":"Insufficiently restricted permissions on plugin directories","description":"### Impact\nA bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.\n\n### Patches\nThis vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability.\n\n### Workarounds\nLimit access to the host to trusted users. Update directory permission on container bundles directories. \n\n### For more information\nIf you have any questions or comments about this advisory: \n* Open an issue in [github.com/containerd/containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-10-04T20:14:47.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq","https://nvd.nist.gov/vuln/detail/CVE-2021-41103","https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/","https://www.debian.org/security/2021/dsa-5002","https://github.com/containerd/containerd/releases/tag/v1.4.11","https://github.com/containerd/containerd/releases/tag/v1.5.7","https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/","https://security.gentoo.org/glsa/202401-31","https://github.com/advisories/GHSA-c2h3-6mxw-7mvq"],"source_kind":"github","identifiers":["GHSA-c2h3-6mxw-7mvq","CVE-2021-41103"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.5.7","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.7"},{"first_patched_version":"1.4.11","vulnerable_version_range":"\u003c 1.4.11"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2022-12-21T16:12:45.661Z","updated_at":"2024-01-31T15:32:02.000Z","epss_percentage":0.00085,"epss_percentile":0.25898},{"uuid":"GSA_kwCzR0hTQS1obWZ4LTNwY3gtNjUzcM4AAxqj","url":"https://github.com/advisories/GHSA-hmfx-3pcx-653p","title":"Supplementary groups are not set up properly in github.com/containerd/containerd","description":"### Impact\n\nA bug was found in containerd where supplementary groups are not set up properly inside a container.  If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container.\n\nDownstream applications that use the containerd client library may be affected as well.\n\n### Patches\nThis bug has been fixed in containerd v1.6.18 and v.1.5.18.  Users should update to these versions and recreate containers to resolve this issue.  Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions.\n\n### Workarounds\n\nEnsure that the `\"USER $USERNAME\"` Dockerfile instruction is not used.  Instead, set the container entrypoint to a value similar to `ENTRYPOINT [\"su\", \"-\", \"user\"]` to allow `su` to properly set up supplementary groups.\n\n### References\n\n- https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\n- Docker/Moby: CVE-2022-36109, fixed in Docker 20.10.18\n- CRI-O: CVE-2022-2995, fixed in CRI-O 1.25.0\n- Podman: CVE-2022-2989, fixed in Podman 3.0.1 and 4.2.0\n- Buildah: CVE-2022-2990, fixed in Buildah 1.27.1\n\nNote that CVE IDs apply to a particular implementation, even if an issue is common.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-02-16T14:11:33.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p","https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4","https://nvd.nist.gov/vuln/detail/CVE-2023-25173","https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a","https://github.com/advisories/GHSA-4wjj-jwc9-2x96","https://github.com/advisories/GHSA-fjm8-m7m6-2fjp","https://github.com/advisories/GHSA-phjr-8j92-w5v7","https://github.com/containerd/containerd/releases/tag/v1.5.18","https://github.com/containerd/containerd/releases/tag/v1.6.18","https://pkg.go.dev/vuln/GO-2023-1574","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI","https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation","https://github.com/advisories/GHSA-hmfx-3pcx-653p"],"source_kind":"github","identifiers":["GHSA-hmfx-3pcx-653p","CVE-2023-25173"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.5.18","vulnerable_version_range":"\u003c 1.5.18"},{"first_patched_version":"1.6.18","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.18"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2023-02-16T15:03:13.193Z","updated_at":"2024-09-06T21:37:05.000Z","epss_percentage":0.00022,"epss_percentile":0.04499},{"uuid":"GSA_kwCzR0hTQS03d3c1LTR3cWMtbTkyY84AA36e","url":"https://github.com/advisories/GHSA-7ww5-4wqc-m92c","title":"containerd allows RAPL to be accessible to a container","description":"# /sys/devices/virtual/powercap accessible by default to containers\n\nIntel's RAPL (Running Average Power Limit) feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs (model specific registers) and provides unprivileged userspace access via `sysfs`. As RAPL is an interface to access a hardware feature, it is only available when running on bare metal with the module compiled into the kernel.\n\nBy 2019, it was realized that in some cases unprivileged access to RAPL readings could be exploited as a power-based side-channel against security features including AES-NI (potentially inside a SGX enclave) and KASLR (kernel address space layout randomization). Also known as the [PLATYPUS attack](https://platypusattack.com/), Intel assigned [CVE-2020-8694](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8694) and [CVE-2020-8695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8695), and AMD assigned [CVE-2020-12912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12912).\n\nSeveral mitigations were applied; Intel reduced the sampling resolution via a microcode update, and the Linux kernel [prevents access by non-root users](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=949dd0104c496fa7c14991a23c03c62e44637e71) since 5.10. However, this kernel-based mitigation does not apply to many container-based scenarios:\n* Unless using user namespaces, root inside a container has the same level of privilege as root outside the container, but with a slightly more narrow view of the system\n* `sysfs` is mounted inside containers read-only; however only read access is needed to carry out this attack on an unpatched CPU\n\nWhile this is not a direct vulnerability in container runtimes, defense in depth and safe defaults are valuable and preferred, especially as this poses a risk to multi-tenant container environments. This is provided by masking `/sys/devices/virtual/powercap` in the default mount configuration, and adding an additional set of rules to deny it in the default AppArmor profile.\n\nWhile `sysfs` is not the only way to read from the RAPL subsystem, other ways of accessing it require additional capabilities such as `CAP_SYS_RAWIO` which is not available to containers by default, or `perf` paranoia level less than 1, which is a non-default kernel tunable.\n\n## References\n\n* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8694\n* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8695\n* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12912\n* https://platypusattack.com/\n* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=949dd0104c496fa7c14991a23c03c62e44637e71\n* https://web.eece.maine.edu/~vweaver/projects/rapl/","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-12-19T21:17:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c","https://github.com/containerd/containerd/commit/67d356cb3095f3e8f8ad7d36f9a733fea1e7e28c","https://github.com/containerd/containerd/commit/746b910f05855c8bfdb4415a1c0f958b234910e5","https://github.com/advisories/GHSA-7ww5-4wqc-m92c"],"source_kind":"github","identifiers":["GHSA-7ww5-4wqc-m92c"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.7.11","vulnerable_version_range":"\u003e= 1.7.0, \u003c= 1.7.10"},{"first_patched_version":"1.6.26","vulnerable_version_range":"\u003c= 1.6.25"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2023-12-19T22:05:55.947Z","updated_at":"2025-03-28T02:01:46.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS02ZzJxLXc1ajMtZndoNM4AA4-2","url":"https://github.com/advisories/GHSA-6g2q-w5j3-fwh4","title":"containerd environment variable leak","description":"## Impact\n\nContainers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers.  If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared.\n\nIf you are not using containerd’s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue.\n\nIf you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue.\n\nIf you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue\n\n## Patches\n\nThis vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4.  Users should update to these versions as soon as they are released.\n\n## Workarounds\n\nThere are no known workarounds.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at security@containerd.io if you think you’ve found a security bug.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-01-31T23:22:45.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4","https://nvd.nist.gov/vuln/detail/CVE-2021-21334","https://github.com/containerd/cri/pull/1628","https://github.com/containerd/cri/pull/1629","https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e","https://github.com/containerd/containerd/commit/2d9c8aa4b3f4313982c5c999af57212a1c5d144b","https://github.com/containerd/containerd/commit/cbcb2f57fbe221986f96b552855eb802f63193de","https://github.com/containerd/containerd/releases/tag/v1.3.10","https://github.com/containerd/containerd/releases/tag/v1.4.4","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/","https://security.gentoo.org/glsa/202105-33","https://github.com/advisories/GHSA-6g2q-w5j3-fwh4"],"source_kind":"github","identifiers":["GHSA-6g2q-w5j3-fwh4","CVE-2021-21334"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.3.10","vulnerable_version_range":"\u003c 1.3.10"},{"first_patched_version":"1.4.4","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.4"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2024-02-01T00:05:34.178Z","updated_at":"2024-01-31T23:22:47.000Z","epss_percentage":0.00209,"epss_percentile":0.43657},{"uuid":"GSA_kwCzR0hTQS1jcnAyLXFycjUtOHBxN80vuQ","url":"https://github.com/advisories/GHSA-crp2-qrr5-8pq7","title":"containerd CRI plugin: Insecure handling of image volumes","description":"### Impact\n\nA bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host.  This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information.  Kubernetes and crictl can both be configured to use containerd’s CRI implementation.\n\n### Patches\n\nThis bug has been fixed in containerd 1.6.1, 1.5.10 and 1.4.13.  Users should update to these versions to resolve the issue.\n\n### Workarounds\n\nEnsure that only trusted images are used.\n\n### Credits\n\nThe containerd project would like to thank Felix Wilhelm of Google Project Zero for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-03-02T21:33:17.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7","https://nvd.nist.gov/vuln/detail/CVE-2022-23648","https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70","https://github.com/containerd/containerd/releases/tag/v1.4.13","https://github.com/containerd/containerd/releases/tag/v1.5.10","https://github.com/containerd/containerd/releases/tag/v1.6.1","https://www.debian.org/security/2022/dsa-5091","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/","http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/","https://security.gentoo.org/glsa/202401-31","https://github.com/advisories/GHSA-crp2-qrr5-8pq7"],"source_kind":"github","identifiers":["GHSA-crp2-qrr5-8pq7","CVE-2022-23648"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.6.1","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.1"},{"first_patched_version":"1.5.10","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.10"},{"first_patched_version":"1.4.13","vulnerable_version_range":"\u003c 1.4.13"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2022-12-21T16:12:34.440Z","updated_at":"2024-01-31T15:32:07.000Z","epss_percentage":0.0617,"epss_percentile":0.89888},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0MnctODlnYy04bTlj","url":"https://github.com/advisories/GHSA-742w-89gc-8m9c","title":"containerd v1.2.x can be coerced into leaking credentials during image pull","description":"## Impact\n\nIf a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.\n\nIf an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.\n\nThe default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it.\n\nThis vulnerability has been rated by the containerd maintainers as medium, with a CVSS score of 6.1 and a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N.\n\n## Patches\n\nThis vulnerability has been fixed in containerd 1.2.14.  containerd 1.3 and later are not affected.\n\n## Workarounds\n\nIf you are using containerd 1.3 or later, you are not affected.  If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.  Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.\n\n## Credits\n\nThe containerd maintainers would like to thank Brad Geesaman, Josh Larsen, Ian Coldwater, Duffie Cooley, and Rory McCune for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/master/SECURITY.md).","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-02-11T23:27:39.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c","https://nvd.nist.gov/vuln/detail/CVE-2020-15157","https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726","https://darkbit.io/blog/cve-2020-15157-containerdrip","https://github.com/containerd/containerd/releases/tag/v1.2.14","https://usn.ubuntu.com/4589-1/","https://usn.ubuntu.com/4589-2/","https://www.debian.org/security/2021/dsa-4865","https://github.com/advisories/GHSA-742w-89gc-8m9c"],"source_kind":"github","identifiers":["GHSA-742w-89gc-8m9c","CVE-2020-15157"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.2.14","vulnerable_version_range":"\u003c 1.2.14"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2022-12-21T16:13:00.878Z","updated_at":"2023-02-01T05:05:45.000Z","epss_percentage":0.00591,"epss_percentile":0.68155},{"uuid":"GSA_kwCzR0hTQS1tdmZmLWgzY2otd2o5Y80g4w","url":"https://github.com/advisories/GHSA-mvff-h3cj-wj9c","title":"Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux","description":"### Impact\n\nContainers launched through containerd’s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and directories on the host to be relabeled to match the container process label through the use of specially-configured bind mounts in a hostPath volume. This relabeling elevates permissions for the container, granting full read/write access over the affected files and directories. Kubernetes and crictl can both be configured to use containerd’s CRI implementation.\n\nIf you are not using containerd’s CRI implementation (through one of the mechanisms described above), you are not affected by this issue.\n\n### Patches\n\nThis bug has been fixed in containerd 1.5.9.  Because file labels persist independently of containerd, users should both update to these versions as soon as they are released and validate that all files on their host are correctly labeled.\n\n### Workarounds\n\nEnsure that no sensitive files or directories are used as a hostPath volume source location.  Policy enforcement mechanisms such a Kubernetes Pod Security Policy [AllowedHostPaths](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#volumes-and-file-systems) may be specified to limit the files and directories that can be bind-mounted to containers.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-01-06T17:36:59.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c","https://github.com/containerd/containerd/issues/6194","https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea","https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299","https://nvd.nist.gov/vuln/detail/CVE-2021-43816","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID/","https://github.com/advisories/GHSA-mvff-h3cj-wj9c"],"source_kind":"github","identifiers":["GHSA-mvff-h3cj-wj9c","CVE-2021-43816"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.5.9","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.9"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2022-12-21T16:12:39.792Z","updated_at":"2023-02-03T05:04:06.000Z","epss_percentage":0.0014,"epss_percentile":0.35225},{"uuid":"GSA_kwCzR0hTQS01ajV3LWc2NjUtNW0zNc0XXw","url":"https://github.com/advisories/GHSA-5j5w-g665-5m35","title":"Ambiguous OCI manifest parsing","description":"### Impact\n\nIn the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header.  Versions of containerd prior to 1.4.12 and 1.5.8 treat the Content-Type header as trusted and deserialize the document according to that header.  If the Content-Type header changed between pulls of the same ambiguous document (with the same digest), the document may be interpreted differently, meaning that the digest alone is insufficient to unambiguously identify the content of the image.\n\n### Patches\n\nThis issue has been fixed in containerd 1.4.12 and 1.5.8.  Image pulls for manifests that contain a “manifests” field or indices which contain a “layers” field are rejected.\n\n### Workarounds\n\nEnsure you only pull images from trusted sources.\n\n### References\n\nhttps://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m\nhttps://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","origin":"UNSPECIFIED","severity":"LOW","published_at":"2021-11-18T16:08:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35","https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m","https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh","https://github.com/containerd/containerd/releases/tag/v1.4.12","https://github.com/containerd/containerd/releases/tag/v1.5.8","https://github.com/containerd/containerd/commit/26c76a3014e71af5ad2f396ec76e0e0ecc8e25a3","https://github.com/containerd/containerd/commit/db00065a969a983ceb0a409833f93f705f284ea4","https://github.com/advisories/GHSA-5j5w-g665-5m35"],"source_kind":"github","identifiers":["GHSA-5j5w-g665-5m35"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.5.8","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.8"},{"first_patched_version":"1.4.12","vulnerable_version_range":"\u003c 1.4.12"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2022-12-21T16:12:42.238Z","updated_at":"2023-03-30T14:50:05.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS0yNTl3LThoZjYtNTljMs4AAxql","url":"https://github.com/advisories/GHSA-259w-8hf6-59c2","title":"OCI image importer memory exhaustion in github.com/containerd/containerd","description":"### Impact\nWhen importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service.\n\n### Patches\n\nThis bug has been fixed in containerd 1.6.18 and 1.5.18.  Users should update to these versions to resolve the issue.\n\n### Workarounds\n\nEnsure that only trusted images are used and that only trusted users have permissions to import images. \n\n### Credits\n\nThe containerd project would like to thank [David Korczynski](https://github.com/DavidKorczynski) and [Adam Korczynski](https://github.com/AdamKorcz) of ADA Logics for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md) during a security fuzzing audit sponsored by CNCF.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-02-16T14:12:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2","https://nvd.nist.gov/vuln/detail/CVE-2023-25153","https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4","https://github.com/containerd/containerd/releases/tag/v1.5.18","https://github.com/containerd/containerd/releases/tag/v1.6.18","https://pkg.go.dev/vuln/GO-2023-1573","https://github.com/advisories/GHSA-259w-8hf6-59c2"],"source_kind":"github","identifiers":["GHSA-259w-8hf6-59c2","CVE-2023-25153"],"repository_url":"https://github.com/containerd/containerd","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.5.18","vulnerable_version_range":"\u003c 1.5.18"},{"first_patched_version":"1.6.18","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.18"}],"ecosystem":"go","package_name":"github.com/containerd/containerd"}],"created_at":"2023-02-16T15:03:13.150Z","updated_at":"2024-09-06T21:37:25.000Z","epss_percentage":0.00115,"epss_percentile":0.31386}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/containerd/containerd","docker_dependents_count":6827,"docker_downloads_count":23268554027,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/containerd/containerd","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/containerd/containerd/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcontainerd%2Fcontainerd/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcontainerd%2Fcontainerd/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcontainerd%2Fcontainerd/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcontainerd%2Fcontainerd/related_packages","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":1882879,"maintainers_count":0,"namespaces_count":723926,"keywords_count":97872,"github":"golang","metadata":{"funded_packages_count":39346},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2025-06-06T05:22:27.920Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},"unique_repositories_count":499,"unique_repositories_count_past_30_days":20,"recent_issues":[{"uuid":"4584096423","node_id":"PR_kwDOEOmcd87icEme","number":986,"state":"closed","title":"build(deps): bump the gomod group across 1 directory with 29 updates","user":"dependabot[bot]","labels":["release-note-none"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T05:04:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T22:22:02.000Z","updated_at":"2026-06-09T05:04:30.000Z","time_to_close":456146,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":29,"packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.31","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/containerd/api","old_version":"1.10.0","new_version":"1.11.1","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containers/conmon-rs","old_version":"0.7.3","new_version":"0.8.0","repository_url":"https://github.com/containers/conmon-rs"},{"name":"github.com/containers/kubensmnt","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/containers/kubensmnt"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/intel/goresctrl","old_version":"0.12.0","new_version":"0.13.0","repository_url":"https://github.com/intel/goresctrl"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.28.3","new_version":"2.29.0","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.4.1","new_version":"1.4.2","repository_url":"https://github.com/opencontainers/runc"},{"name":"github.com/opencontainers/selinux","old_version":"1.13.1","new_version":"1.15.1","repository_url":"https://github.com/opencontainers/selinux"},{"name":"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc","old_version":"0.68.0","new_version":"0.69.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go-contrib"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc","old_version":"1.43.0","new_version":"1.44.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"k8s.io/api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/api"},{"name":"k8s.io/client-go","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/client-go"},{"name":"k8s.io/component-base","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/component-base"},{"name":"k8s.io/cri-api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-api"},{"name":"k8s.io/cri-client","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-client"},{"name":"k8s.io/cri-streaming","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-streaming"},{"name":"k8s.io/kubelet","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/kubelet"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.31` | `1.7.32` |\n| [github.com/containerd/containerd/api](https://github.com/containerd/containerd) | `1.10.0` | `1.11.1` |\n| [github.com/containers/conmon-rs](https://github.com/containers/conmon-rs) | `0.7.3` | `0.8.0` |\n| [github.com/containers/kubensmnt](https://github.com/containers/kubensmnt) | `1.2.0` | `1.3.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/intel/goresctrl](https://github.com/intel/goresctrl) | `0.12.0` | `0.13.0` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.4.1` | `1.4.2` |\n| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.13.1` | `1.15.1` |\n| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.68.0` | `0.69.0` |\n| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |\n| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.0` | `0.36.1` |\n| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.0` | `0.36.1` |\n| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-api](https://github.com/kubernetes/cri-api) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-client](https://github.com/kubernetes/cri-client) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-streaming](https://github.com/kubernetes/cri-streaming) | `0.36.0` | `0.36.1` |\n| [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.36.0` | `0.36.1` |\n\n\nUpdates `github.com/containerd/containerd` from 1.7.31 to 1.7.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.31...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd/api` from 1.10.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd API 1.11.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.1 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe first patch release for the containerd 1.11 API includes a fix\nin the task endpoints for non-runc shims.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for api/v1.11.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13444\"\u003e#13444\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef299\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9ec\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/containerd/containerd/releases/tag/api/v1.11.0\"\u003eapi/v1.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003econtainerd API 1.11.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.0 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe 12th release for the containerd 1.x API aligns with the containerd 2.3 release.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd transfer types for container filesystem copy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13165\"\u003e#13165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate sandbox API to include spec field (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12840\"\u003e#12840\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd os.features support for EROFS native container images (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13091\"\u003e#13091\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f822a911ab2b7c73e30bc0f36ea319642c9711b1\"\u003e\u003ccode\u003ef822a91\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13444\"\u003e#13444\u003c/a\u003e from dmcgowan/prepare-api-v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef2\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a50a704094cf72710ccfa4944a642ef4e7ec9d2c\"\u003e\u003ccode\u003ea50a704\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13422\"\u003e#13422\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13360-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/5282d4e09d3bc8b0957780caa7a4644fac7c86a7\"\u003e\u003ccode\u003e5282d4e\u003c/code\u003e\u003c/a\u003e Wire task address and version fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/85f22f7afa3af5aa5083cc7ae50c3b58a35b8849\"\u003e\u003ccode\u003e85f22f7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13409\"\u003e#13409\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4d80a31bf637bc15e83e50a15941bf5bb0cb3988\"\u003e\u003ccode\u003e4d80a31\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2ed0d97b6e58def34684a1bffc2ab6931182f221\"\u003e\u003ccode\u003e2ed0d97\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2315484b7e7a5b53e73ad3b143c780ec7612420b\"\u003e\u003ccode\u003e2315484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13390\"\u003e#13390\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13363-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1ad3402b855b77eb3800f74c87ff78736edf72d2\"\u003e\u003ccode\u003e1ad3402\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13394\"\u003e#13394\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13389-t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/api/v1.10.0...api/v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/conmon-rs` from 0.7.3 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/conmon-rs/releases\"\u003egithub.com/containers/conmon-rs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOpenTelemetry dependencies are now optional. Enable with --features telemetry at build time. (\u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3044\"\u003e#3044\u003c/a\u003e, \u003ca href=\"https://github.com/saschagrunert\"\u003e\u003ccode\u003e@​saschagrunert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecyphar.com/go-pathrs: v0.2.4\u003c/li\u003e\n\u003cli\u003egithub.com/NYTimes/gziphandler: \u003ca href=\"https://github.com/NYTimes/gziphandler/tree/v1.1.1\"\u003ev1.1.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cespare/xxhash/v2: \u003ca href=\"https://github.com/cespare/xxhash/tree/v2.3.0\"\u003ev2.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/expect: v0.1.0-deprecated\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated\u003c/li\u003e\n\u003cli\u003ek8s.io/gengo/v2: 85fd79d\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egithub.com/coreos/go-systemd/v22: \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ev22.6.0 → v22.7.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cpuguy83/go-md2man/v2: \u003ca href=\"https://github.com/cpuguy83/go-md2man/compare/v2.0.5...v2.0.7\"\u003ev2.0.5 → v2.0.7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cyphar/filepath-securejoin: \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ev0.5.1 → v0.6.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/google/pprof: \u003ca href=\"https://github.com/google/pprof/compare/f64d9cf...294ebfa\"\u003ef64d9cf → 294ebfa\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/ginkgo/v2: \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.2...v2.28.1\"\u003ev2.27.2 → v2.28.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/gomega: \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.39.1\"\u003ev1.38.2 → v1.39.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/cgroups: \u003ca href=\"https://github.com/opencontainers/cgroups/compare/v0.0.5...v0.0.6\"\u003ev0.0.5 → v0.0.6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runc: \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.3...v1.4.1\"\u003ev1.3.3 → v1.4.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-spec: \u003ca href=\"https://github.com/opencontainers/runtime-spec/compare/v1.2.1...v1.3.0\"\u003ev1.2.1 → v1.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-tools: \u003ca href=\"https://github.com/opencontainers/runtime-tools/compare/0ea5ed0...5e63903\"\u003e0ea5ed0 → 5e63903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/selinux: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ev1.12.0 → v1.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/rogpeppe/go-internal: \u003ca href=\"https://github.com/rogpeppe/go-internal/compare/v1.13.1...v1.14.1\"\u003ev1.13.1 → v1.14.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/sirupsen/logrus: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ev1.9.3 → v1.9.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/urfave/cli: \u003ca href=\"https://github.com/urfave/cli/compare/v1.22.16...v1.22.17\"\u003ev1.22.16 → v1.22.17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/metric: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/trace: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/common: v0.66.0 → v0.67.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/image/v5: v5.38.0 → v5.39.1\u003c/li\u003e\n\u003cli\u003ego.podman.io/storage: v1.61.0 → v1.62.0\u003c/li\u003e\n\u003cli\u003ego.yaml.in/yaml/v2: v2.4.2 → v2.4.3\u003c/li\u003e\n\u003cli\u003egolang.org/x/crypto: v0.43.0 → v0.47.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/mod: v0.28.0 → v0.32.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/net: v0.45.0 → v0.49.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/oauth2: v0.27.0 → v0.30.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sync: v0.17.0 → v0.19.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sys: v0.37.0 → v0.40.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/telemetry: aef8a43 → bd525da\u003c/li\u003e\n\u003cli\u003egolang.org/x/term: v0.36.0 → v0.39.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/text: v0.30.0 → v0.33.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools: v0.37.0 → v0.41.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/c07e5214eeef082e83661ff7b610bac38f08401c\"\u003e\u003ccode\u003ec07e521\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3142\"\u003e#3142\u003c/a\u003e from saschagrunert/bump-v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/df8a5f4c70a2a72568ba68f61e0fa0f9cdb5a7a3\"\u003e\u003ccode\u003edf8a5f4\u003c/code\u003e\u003c/a\u003e Bump version to v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4bb0a0f5f65d1a79c53951d02dfb27a298990a83\"\u003e\u003ccode\u003e4bb0a0f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3141\"\u003e#3141\u003c/a\u003e from containers/dependabot/cargo/zerocopy-0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4b81484a4c533f11da91bf415572bb3fdb609f62\"\u003e\u003ccode\u003e4b81484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3140\"\u003e#3140\u003c/a\u003e from containers/dependabot/cargo/itoa-1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/06c19681c35ec24c9567537bc8ed66c41766f876\"\u003e\u003ccode\u003e06c1968\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3137\"\u003e#3137\u003c/a\u003e from containers/dependabot/github_actions/actions/ca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/d8c08482543a40dda9d7140ab0faddfb90965450\"\u003e\u003ccode\u003ed8c0848\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3139\"\u003e#3139\u003c/a\u003e from containers/dependabot/cargo/opentelemetry-84f9a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/a9d10cc555ed4b1662fa7786bcc6538d9eaa0f78\"\u003e\u003ccode\u003ea9d10cc\u003c/code\u003e\u003c/a\u003e build(deps): bump zerocopy from 0.8.42 to 0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/295c1e2eed7ded46acc386d42356bf6095b447bb\"\u003e\u003ccode\u003e295c1e2\u003c/code\u003e\u003c/a\u003e build(deps): bump itoa from 1.0.17 to 1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/46856f7efc3d89b89f4799236acfa82c0f40055f\"\u003e\u003ccode\u003e46856f7\u003c/code\u003e\u003c/a\u003e build(deps): bump opentelemetry-otlp in the opentelemetry group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/e7caf158f2fc1576fa827e6c98862135d7696703\"\u003e\u003ccode\u003ee7caf15\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3135\"\u003e#3135\u003c/a\u003e from containers/dependabot/go_modules/k8s.io/client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/conmon-rs/compare/v0.7.3...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/kubensmnt` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/kubensmnt/releases\"\u003egithub.com/containers/kubensmnt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd stand-alone installation makefiles by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/9\"\u003econtainers/kubensmnt#9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd go embed test by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/10\"\u003econtainers/kubensmnt#10\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure shellcheck to enforce double-bracket style checks by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/12\"\u003econtainers/kubensmnt#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeck to make sure kubensmnt is mounted by \u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePre-create /run/netns bindmount so it propagates to the kubensmnt namespace by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/13\"\u003econtainers/kubensmnt#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove netns pre-mount code by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/14\"\u003econtainers/kubensmnt#14\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/d37589433623e38d0e73fa00ae7eedb70eec90d8\"\u003e\u003ccode\u003ed375894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/14\"\u003e#14\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/179235fb9bf4dea2275c637429c32b9204a6483d\"\u003e\u003ccode\u003e179235f\u003c/code\u003e\u003c/a\u003e Improve netns pre-mount code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9af9d360c629cfcf9b45e7ef1e5be0945016f6a1\"\u003e\u003ccode\u003e9af9d36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/13\"\u003e#13\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/6bbafddc37bbf8e8c05fc283997fb8e6cd735636\"\u003e\u003ccode\u003e6bbafdd\u003c/code\u003e\u003c/a\u003e Pre-create /run/netns bindmount so it propagates to the kubensmnt namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/3424a142b287da0adc4b759e37840f1204769f39\"\u003e\u003ccode\u003e3424a14\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/11\"\u003e#11\u003c/a\u003e from pixelsoccupied/check-mount\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/7a7d59131dce11a013f6eee6d588309c1cb7f403\"\u003e\u003ccode\u003e7a7d591\u003c/code\u003e\u003c/a\u003e check to make sure kubensmnt is mounted\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/4b80f7c792c8864970ca94a72f3d410691221749\"\u003e\u003ccode\u003e4b80f7c\u003c/code\u003e\u003c/a\u003e Configure shellcheck to enforce double-bracket style checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2e5472fd300ef840cbb340e9031897f3c006a99e\"\u003e\u003ccode\u003e2e5472f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/10\"\u003e#10\u003c/a\u003e from lack/go_embed_test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9264c5c70b513e5d48b987a6b55b11a3108a083c\"\u003e\u003ccode\u003e9264c5c\u003c/code\u003e\u003c/a\u003e Add go embed test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2728572f6444955f5f737bd46905214b654e74d3\"\u003e\u003ccode\u003e2728572\u003c/code\u003e\u003c/a\u003e Add stand-alone installation makefiles\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/intel/goresctrl` from 0.12.0 to 0.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/intel/goresctrl/releases\"\u003egithub.com/intel/goresctrl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the Linux kernel TPMI interface for managing Intel SST (Speed Select Technology) which enables support for the latest (and future) generations of processors. With this, goresctrl specifies a new more flexible and extensible API for SST (pkg/sst) – the old API is deprecated but still supported for backwards compatibility. The release also brings support for SST-TF (Turbo Frequency).\u003c/p\u003e\n\u003ch3\u003eList of PRs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/174\"\u003eintel/goresctrl#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub: pin versions of github actions on sha by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/175\"\u003eintel/goresctrl#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 6.3.0 to 6.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/176\"\u003eintel/goresctrl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/178\"\u003eintel/goresctrl#178\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/179\"\u003eintel/goresctrl#179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/177\"\u003eintel/goresctrl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: fix logging level by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/180\"\u003eintel/goresctrl#180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecmd/sst-ctl: refactor by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/182\"\u003eintel/goresctrl#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/183\"\u003eintel/goresctrl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecstates: fix doubly prefixed possible cpus sysfs path by \u003ca href=\"https://github.com/askervin\"\u003e\u003ccode\u003e@​askervin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/184\"\u003eintel/goresctrl#184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd gitignore by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/185\"\u003eintel/goresctrl#185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eutils/idset: present idset in packed format by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/186\"\u003eintel/goresctrl#186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/187\"\u003eintel/goresctrl#187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: add support for TPMI interface and SST-TF by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/181\"\u003eintel/goresctrl#181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: add detailed info API by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/188\"\u003eintel/goresctrl#188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: fix legacy API by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/189\"\u003eintel/goresctrl#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\"\u003ehttps://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/fe1066ae9cce40fa23930eb4ae392b562eea78c5\"\u003e\u003ccode\u003efe1066a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/189\"\u003e#189\u003c/a\u003e from marquiz/devel/legacy-api\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/293d23110352fa84b869c298538918f271e737dd\"\u003e\u003ccode\u003e293d231\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/188\"\u003e#188\u003c/a\u003e from marquiz/devel/sst-info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/511e7b54ff0fc3846ed119db94ed146d6cc09a8e\"\u003e\u003ccode\u003e511e7b5\u003c/code\u003e\u003c/a\u003e sst: fix legacy API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/88c6fdacdfdc51cdf437ca50ad55a010fa32a42e\"\u003e\u003ccode\u003e88c6fda\u003c/code\u003e\u003c/a\u003e cmd/sst: implement info subcommand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/3f62eff60456c68449f458ca46ef4ba35880736f\"\u003e\u003ccode\u003e3f62eff\u003c/code\u003e\u003c/a\u003e sst: add detailed info API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/f3eb140c6783918f0f1b9ee2ce5f6e76be2a7c8a\"\u003e\u003ccode\u003ef3eb140\u003c/code\u003e\u003c/a\u003e sst: move helper packages to internal/\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/ea84f472d307402b51524dcb90e738e032c9e768\"\u003e\u003ccode\u003eea84f47\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/181\"\u003e#181\u003c/a\u003e from marquiz/devel/sst-tpmi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/6ce26466cd74eb6208ab1ee8fe7680ece69a60b4\"\u003e\u003ccode\u003e6ce2646\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/187\"\u003e#187\u003c/a\u003e from intel/dependabot/github_actions/main/golangci/go...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/0232a79c9806dffbf976f5363c7f7f6111e46c8a\"\u003e\u003ccode\u003e0232a79\u003c/code\u003e\u003c/a\u003e cmd/sst: add tf (SST-TF) subcommand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/cdeb50b46834fd14ee57a72a2f1075735329264c\"\u003e\u003ccode\u003ecdeb50b\u003c/code\u003e\u003c/a\u003e sst: add support for SST-TF\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.29.0\u003c/h2\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/04b5bcbe4eee911a1baf506eda1e7e811c978937\"\u003e\u003ccode\u003e04b5bcb\u003c/code\u003e\u003c/a\u003e v2.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/124232a4531c77a7f31a036e0150e06fa78b2af8\"\u003e\u003ccode\u003e124232a\u003c/code\u003e\u003c/a\u003e docs: GinkgoHelperGo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/ad9cee80bdfda573e94f1b05f2bd4afa1a2fe815\"\u003e\u003ccode\u003ead9cee8\u003c/code\u003e\u003c/a\u003e feat: GinkgoHelperGo, with integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/9e56a0a2a090eb83af696381161bdb996c69bcac\"\u003e\u003ccode\u003e9e56a0a\u003c/code\u003e\u003c/a\u003e chore: refactor devcontainer for better maintenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/3d235a96ac05d9e855048c66528d2fdbfb9101f7\"\u003e\u003ccode\u003e3d235a9\u003c/code\u003e\u003c/a\u003e chore: ignore internal/tmp_*/ integration suite temporary dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/782666ae83c2bc804f28b1333bf91a21b093d946\"\u003e\u003ccode\u003e782666a\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/009dd04de2d18f00c3c812d2caab713a165a1f7c\"\u003e\u003ccode\u003e009dd04\u003c/code\u003e\u003c/a\u003e Support DescribeTableSubtree in ginkgo outline\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.28.3...v2.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.41.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eBeASlice\u003c/code\u003e and \u003ccode\u003eBeAnArray\u003c/code\u003e matchers\u003c/p\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eObject formatting now detects pointer cycles to avoid runaway formatting output.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/af2bccb5831cbcc56cfc16ca3056077cdec4798b\"\u003e\u003ccode\u003eaf2bccb\u003c/code\u003e\u003c/a\u003e v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/73e81f6f054c825d1743bf4090ac0a9e1d5605af\"\u003e\u003ccode\u003e73e81f6\u003c/code\u003e\u003c/a\u003e v1.41.0 (full)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e35a84f24113255aaeea62fe7c47e09adf39109b\"\u003e\u003ccode\u003ee35a84f\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/f12e5e1bc7167fae21ef37b0d9d358d51063ff5e\"\u003e\u003ccode\u003ef12e5e1\u003c/code\u003e\u003c/a\u003e fix(format): detect pointer cycles to avoid runaway formatting output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e14831fefa86313f2b01fb803b2ac937e49d08b6\"\u003e\u003ccode\u003ee14831f\u003c/code\u003e\u003c/a\u003e Add optionalDescription docs to AsyncAssertion and Assertion interfaces\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/344b94dae7e0df0e2d087574b4c2b1b1597a6943\"\u003e\u003ccode\u003e344b94d\u003c/code\u003e\u003c/a\u003e Add BeASlice and BeAnArray matchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.40.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.4.1 to 1.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.2 -- \u0026quot;Я — Земля! Я своих провожаю питомцев\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the second patch release of the 1.4.z release series of runc.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStatic Linking Notices\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003erunc\u003c/code\u003e binary distributed with this release are \u003cem\u003estatically linked\u003c/em\u003e with\nthe following \u003ca href=\"https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\"\u003eGNU LGPL-2.1\u003c/a\u003e licensed libraries, with \u003ccode\u003erunc\u003c/code\u003e acting\nas a \u0026quot;work that uses the Library\u0026quot;:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seccomp/libseccomp\"\u003elibseccomp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe versions of these libraries were not modified from their upstream versions,\nbut in order to comply with the LGPL-2.1 (§6(a)), we have attached the\ncomplete source code for those libraries which (when combined with the attached\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\u003c/p\u003e\n\u003cp\u003eHowever we strongly suggest that you make use of your distribution's packages\nor download them from the authoritative upstream sources, especially since\nthese libraries are related to the security of your containers.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAyato Tokubi \u003ca href=\"mailto:atokubi@redhat.com\"\u003eatokubi@redhat.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAkihiro Suda \u003ca href=\"mailto:akihiro.suda.cz@hco.ntt.co.jp\"\u003eakihiro.suda.cz@hco.ntt.co.jp\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLi Fubang \u003ca href=\"mailto:lifubang@acmcoder.com\"\u003elifubang@acmcoder.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRodrigo Campos Catelin \u003ca href=\"mailto:rodrigo@amutable.com\"\u003erodrigo@amutable.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Kir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/v1.4.2/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.2] - 2026-04-02\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eЯ — Земля! Я своих провожаю питомцев.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c241c0bb5e60a8e8c1b2e53d4eca8d0068d8d57e\"\u003e\u003ccode\u003ec241c0b\u003c/code\u003e\u003c/a\u003e VERSION: release v1.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/95f27e805324fce0899c9a2afbb819944f91315b\"\u003e\u003ccode\u003e95f27e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e from lifubang/backport-5210-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/39791aeab622c319146456c603643062d256e715\"\u003e\u003ccode\u003e39791ae\u003c/code\u003e\u003c/a\u003e Fix SIGCHLD race in signal handler setup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/226ff030b46f482c7715726a5de70957a9aec24d\"\u003e\u003ccode\u003e226ff03\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e from lifubang/backport-5177-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/9de77a986c188bd436d5a60f47066388f6b199b5\"\u003e\u003ccode\u003e9de77a9\u003c/code\u003e\u003c/a\u003e test: check mount source fds are cleaned up with idmapped mounts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e4a82fc2d8604fa48f0bfbf7cb09b7c074a9dcc9\"\u003e\u003ccode\u003ee4a82fc\u003c/code\u003e\u003c/a\u003e libct: close mount source fd as soon as possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/87db63422d1d11b2a726674ca9ff276e5fffc7dd\"\u003e\u003ccode\u003e87db634\u003c/code\u003e\u003c/a\u003e libct: add a nil check for mountError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/d4305dc5dddc9daf4a5adb9d6465d230e83f5e94\"\u003e\u003ccode\u003ed4305dc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5187\"\u003e#5187\u003c/a\u003e from kolyshkin/1.4-5159\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/63605fc49f9dc6a26b55d7f26e0473c1e626230b\"\u003e\u003ccode\u003e63605fc\u003c/code\u003e\u003c/a\u003e ci: add conmon tests run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/0daa0038d2f5151c0b503480c311f93694388ef0\"\u003e\u003ccode\u003e0daa003\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5178\"\u003e#5178\u003c/a\u003e from kolyshkin/1.4-5175\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.4.1...v1.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.13.1 to 1.15.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReserveLabelV2: ignore labels without MCS by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/272\"\u003eopencontainers/selinux#272\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.15.0...v1.15.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.15.0...v1.15.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release adds a new function, SetProcessKind, which is to be used instead of KVMProcessLabel[s] and InitProcessLabel[s] in case the user only wants to change the type of the existing label, not generate a new one. It also fixes an CI issue and optimizes label.InitLabels for a few common cases.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: set timeout for vm jobs by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/270\"\u003eopencontainers/selinux#270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elabel.InitLabels: optimize by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/269\"\u003eopencontainers/selinux#269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SetProcessKind by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/271\"\u003eopencontainers/selinux#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.1\u003c/h2\u003e\n\u003cp\u003eThis release mostly fixes label.InitLabels regression introduced in v1.14.0.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: rm travis, add gha badge by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/268\"\u003eopencontainers/selinux#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix label.InitLabels regression in v1.14.0; amend ReserveLabelV2 doc by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/267\"\u003eopencontainers/selinux#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release fixes a regression in ExecLabel, bumps the minimal Go version to 1.22, and deprecates several functions in favor of improved API.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eExecLabel\u003c/code\u003e was using an incorrect path (regression in v1.13.0). (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/253\"\u003eopencontainers/selinux#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eCategoryRange\u003c/code\u003e is deprecated; use \u003ccode\u003eSetCategoryRange\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eKVMContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eKVMContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eInitContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eInitContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eReserveLabel\u003c/code\u003e is deprecated; use \u003ccode\u003eReserveLabelV2\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eROFileLabel\u003c/code\u003e is deprecated; if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContainerLabels\u003c/code\u003e is deprecated, if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSEUserByName\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/251\"\u003eopencontainers/selinux#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCheckLabel\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/250\"\u003eopencontainers/selinux#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSetCategoryRange\u003c/code\u003e, \u003ccode\u003eKVMContainerLabel\u003c/code\u003e, \u003ccode\u003eInitContainerLabel\u003c/code\u003e, \u003ccode\u003eReserveLabelV2\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to Go 1.22 as the minimally supported version (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/256\"\u003eopencontainers/selinux#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eGetDefaultContextWithLevel\u003c/code\u003e to fall back to failsafe context (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse math/rand/v2 rather than crypto/rand for MCS label generation (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/257\"\u003eopencontainers/selinux#257\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9801d537a2fa2bdfeb6ef51de1115089d965f505\"\u003e\u003ccode\u003e9801d53\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/272\"\u003e#272\u003c/a\u003e from kolyshkin/add-mcs-nit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/cf4e440ad6674c88def52f4c3c600f1b5b1773e0\"\u003e\u003ccode\u003ecf4e440\u003c/code\u003e\u003c/a\u003e ReserveLabelV2: ignore labels without MCS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/84683a6ecf369d67892b764300da9a614e403073\"\u003e\u003ccode\u003e84683a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/271\"\u003e#271\u003c/a\u003e from kolyshkin/change-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8889f6ec5dfbc92be63ff81f67cce3f1e7f8567a\"\u003e\u003ccode\u003e8889f6e\u003c/code\u003e\u003c/a\u003e Add SetProcessKind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fb9b5b20d3dce247bd0b0a96e26ad983c4909b9a\"\u003e\u003ccode\u003efb9b5b2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/269\"\u003e#269\u003c/a\u003e from kolyshkin/init-labels-opt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/74873e291f7a5d573fec3e7f2e0e16a8595434ca\"\u003e\u003ccode\u003e74873e2\u003c/code\u003e\u003c/a\u003e label.InitLabels: optimize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8bf19e9d124ef078dd0c0dfc2a14f3b9843c987\"\u003e\u003ccode\u003ec8bf19e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/270\"\u003e#270\u003c/a\u003e from kolyshkin/timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/a55d914f19b9dad21a21f5d882452971e7db2d03\"\u003e\u003ccode\u003ea55d914\u003c/code\u003e\u003c/a\u003e ci: set timeout for vm jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/89b039b4fb2ec4056a15eefce2e6e1a85b33fa70\"\u003e\u003ccode\u003e89b039b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/267\"\u003e#267\u003c/a\u003e from kolyshkin/damage-control\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8c517ef35fd53d6a151e950bcc56f80d3fb2dec0\"\u003e\u003ccode\u003e8c517ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/268\"\u003e#268\u003c/a\u003e from kolyshkin/readme\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.1...v1.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.68.0 to 0.69.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go-contrib/releases\"\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.44.0/v2.5.1/v0.69.0/v0.37.1/v0.24.0/v0.19.0/v0.16.1/v0.16.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eerror.type\u003c/code\u003e attribute to \u003ccode\u003ehttp.client.request.duration\u003c/code\u003e for transport failures in \u003ccode\u003eotelhttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8801\"\u003e#8801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd examples for prometheus compatibility document. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8716\"\u003e#8716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecardinality_limits\u003c/code\u003e in \u003ccode\u003ePeriodicMetricReader\u003c/code\u003e in \u003ccode\u003eotelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8885\"\u003e#8885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eResource\u003c/code\u003e method to \u003ccode\u003eSDK\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf/x\u003c/code\u003e to expose the resolved SDK resource from declarative configuration. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8913\"\u003e#8913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/contrib/detectors/hetzner\u003c/code\u003e, a new resource detector for Hetzner Cloud servers, ported from \u003ccode\u003egithub.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor/internal/hetzner\u003c/code\u003e. Detects \u003ccode\u003ecloud.provider\u003c/code\u003e, \u003ccode\u003ecloud.platform\u003c/code\u003e, \u003ccode\u003ecloud.region\u003c/code\u003e, \u003ccode\u003ecloud.availability_zone\u003c/code\u003e, \u003ccode\u003ehost.id\u003c/code\u003e, and \u003ccode\u003ehost.name\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8979\"\u003e#8979\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSet error field as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of a plain attribute in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otellogrus\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8776\"\u003e#8776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet the \u0026quot;error\u0026quot; field (e.g. created via \u003ccode\u003ezap.Error\u003c/code\u003e) as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of a plain attribute in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otelzap\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8719\"\u003e#8719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet fields implementing \u003ccode\u003eerror\u003c/code\u003e interface from \u003ccode\u003eslog\u003c/code\u003e records as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of plain attributes in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otelslog\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8774\"\u003e#8774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet emitted errors in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otellogr\u003c/code\u003e as record errors (\u003ccode\u003eRecord.SetErr\u003c/code\u003e) instead of \u003ccode\u003eexception.message\u003c/code\u003e attributes. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8775\"\u003e#8775\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix header attributes lost when using sub-spans in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eencoding\u003c/code\u003e configuration for OTLP HTTP exporters in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8772\"\u003e#8772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the custom body wrapper from the request's body after the request is processed to allow body type comparisons with the original type in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\u003c/code\u003e and \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/6914\"\u003e#6914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUnknown or empty HTTP methods now report \u0026quot;_OTHER\u0026quot; instead of \u0026quot;GET\u0026quot; across all HTTP instrumentations to align with OpenTelemetry semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default span name formatter in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\u003c/code\u003e now conforms to the OpenTelemetry HTTP semantic conventions for server span names. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8871\"\u003e#8871\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThe default span name is now \u003ccode\u003e{method} {route}\u003c/code\u003e (e.g. \u003ccode\u003eGET /foo/{id}\u003c/code\u003e) when a route pattern is available, or \u003ccode\u003e{method}\u003c/code\u003e (e.g. \u003ccode\u003eGET\u003c/code\u003e) otherwise.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the deprecated \u003ccode\u003eWithSpanOptions\u003c/code\u003e option in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8991\"\u003e#8991\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eotelconf: validate encoding configuration for OTLP HTTP exporters by \u003ca href=\"https://github.com/sonalgaud12\"\u003e\u003ccode\u003e@​sonalgaud12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8772\"\u003eopen-telemetry/opentelemetry-go-contrib#8772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.99.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8780\"\u003eopen-telemetry/opentelemetry-go-contrib#8780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update prom/prometheus docker tag to v3.11.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8779\"\u003eopen-telemetry/opentelemetry-go-contrib#8779\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eotellogrus: Set error field as \u003ccode\u003erecord.SetErr\u003c/code\u003e by \u003ca href=\"https://github.com/sonalgaud12\"\u003e\u003ccode\u003e@​sonalgaud12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8778\"\u003eopen-telemetry/opentelemetry-go-contrib#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update module golang.org/x/sys to v0.43.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@...\n\n_Description has been truncated_","html_url":"https://github.com/saschagrunert/cri-o/pull/986","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/saschagrunert%2Fcri-o/issues/986","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/986/packages"},{"uuid":"4522934439","node_id":"PR_kwDOJHmk987fV-ho","number":430,"state":"closed","title":"Bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["type::security","dependabot","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-26T10:13:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T09:07:52.000Z","updated_at":"2026-05-26T10:13:36.000Z","time_to_close":3933,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/replicatedhq/replicated-sdk/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/replicatedhq/replicated-sdk/pull/430","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Freplicated-sdk/issues/430","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/430/packages"},{"uuid":"4522478840","node_id":"PR_kwDONfyD3M7fUevc","number":198,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.31 to 1.7.32 in /tests/e2e","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T07:56:53.000Z","updated_at":"2026-05-28T12:31:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.31","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/tests/e2e","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.31 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.31...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/giantswarm/gateway-api-config-app/pull/198","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/giantswarm%2Fgateway-api-config-app/issues/198","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/198/packages"},{"uuid":"4519409992","node_id":"PR_kwDOBAr5ps7fKh1S","number":9975,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T20:37:12.000Z","updated_at":"2026-05-26T21:53:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":20,"packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.31","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/containerd/api","old_version":"1.10.0","new_version":"1.11.1","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containers/conmon-rs","old_version":"0.7.3","new_version":"0.8.0","repository_url":"https://github.com/containers/conmon-rs"},{"name":"github.com/containers/kubensmnt","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/containers/kubensmnt"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.28.3","new_version":"2.29.0","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.4.1","new_version":"1.4.2","repository_url":"https://github.com/opencontainers/runc"},{"name":"github.com/opencontainers/selinux","old_version":"1.13.1","new_version":"1.15.0","repository_url":"https://github.com/opencontainers/selinux"},{"name":"golang.org/x/net","old_version":"0.53.0","new_version":"0.55.0","repository_url":"https://github.com/golang/net"},{"name":"google.golang.org/grpc","old_version":"1.80.0","new_version":"1.81.1","repository_url":"https://github.com/grpc/grpc-go"},{"name":"k8s.io/api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/api"},{"name":"k8s.io/client-go","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/client-go"},{"name":"k8s.io/component-base","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/component-base"},{"name":"k8s.io/cri-streaming","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-streaming"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.31` | `1.7.32` |\n| [github.com/containerd/containerd/api](https://github.com/containerd/containerd) | `1.10.0` | `1.11.1` |\n| [github.com/containers/conmon-rs](https://github.com/containers/conmon-rs) | `0.7.3` | `0.8.0` |\n| [github.com/containers/kubensmnt](https://github.com/containers/kubensmnt) | `1.2.0` | `1.3.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.4.1` | `1.4.2` |\n| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.13.1` | `1.15.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.53.0` | `0.55.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.80.0` | `1.81.1` |\n| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.0` | `0.36.1` |\n| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.0` | `0.36.1` |\n| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-streaming](https://github.com/kubernetes/cri-streaming) | `0.36.0` | `0.36.1` |\n\n\nUpdates `github.com/containerd/containerd` from 1.7.31 to 1.7.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.31...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd/api` from 1.10.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd API 1.11.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.1 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe first patch release for the containerd 1.11 API includes a fix\nin the task endpoints for non-runc shims.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for api/v1.11.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13444\"\u003e#13444\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef299\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9ec\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/containerd/containerd/releases/tag/api/v1.11.0\"\u003eapi/v1.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003econtainerd API 1.11.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.0 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe 12th release for the containerd 1.x API aligns with the containerd 2.3 release.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd transfer types for container filesystem copy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13165\"\u003e#13165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate sandbox API to include spec field (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12840\"\u003e#12840\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd os.features support for EROFS native container images (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13091\"\u003e#13091\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f822a911ab2b7c73e30bc0f36ea319642c9711b1\"\u003e\u003ccode\u003ef822a91\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13444\"\u003e#13444\u003c/a\u003e from dmcgowan/prepare-api-v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef2\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a50a704094cf72710ccfa4944a642ef4e7ec9d2c\"\u003e\u003ccode\u003ea50a704\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13422\"\u003e#13422\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13360-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/5282d4e09d3bc8b0957780caa7a4644fac7c86a7\"\u003e\u003ccode\u003e5282d4e\u003c/code\u003e\u003c/a\u003e Wire task address and version fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/85f22f7afa3af5aa5083cc7ae50c3b58a35b8849\"\u003e\u003ccode\u003e85f22f7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13409\"\u003e#13409\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4d80a31bf637bc15e83e50a15941bf5bb0cb3988\"\u003e\u003ccode\u003e4d80a31\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2ed0d97b6e58def34684a1bffc2ab6931182f221\"\u003e\u003ccode\u003e2ed0d97\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2315484b7e7a5b53e73ad3b143c780ec7612420b\"\u003e\u003ccode\u003e2315484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13390\"\u003e#13390\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13363-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1ad3402b855b77eb3800f74c87ff78736edf72d2\"\u003e\u003ccode\u003e1ad3402\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13394\"\u003e#13394\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13389-t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/api/v1.10.0...api/v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/conmon-rs` from 0.7.3 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/conmon-rs/releases\"\u003egithub.com/containers/conmon-rs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOpenTelemetry dependencies are now optional. Enable with --features telemetry at build time. (\u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3044\"\u003e#3044\u003c/a\u003e, \u003ca href=\"https://github.com/saschagrunert\"\u003e\u003ccode\u003e@​saschagrunert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecyphar.com/go-pathrs: v0.2.4\u003c/li\u003e\n\u003cli\u003egithub.com/NYTimes/gziphandler: \u003ca href=\"https://github.com/NYTimes/gziphandler/tree/v1.1.1\"\u003ev1.1.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cespare/xxhash/v2: \u003ca href=\"https://github.com/cespare/xxhash/tree/v2.3.0\"\u003ev2.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/expect: v0.1.0-deprecated\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated\u003c/li\u003e\n\u003cli\u003ek8s.io/gengo/v2: 85fd79d\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egithub.com/coreos/go-systemd/v22: \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ev22.6.0 → v22.7.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cpuguy83/go-md2man/v2: \u003ca href=\"https://github.com/cpuguy83/go-md2man/compare/v2.0.5...v2.0.7\"\u003ev2.0.5 → v2.0.7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cyphar/filepath-securejoin: \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ev0.5.1 → v0.6.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/google/pprof: \u003ca href=\"https://github.com/google/pprof/compare/f64d9cf...294ebfa\"\u003ef64d9cf → 294ebfa\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/ginkgo/v2: \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.2...v2.28.1\"\u003ev2.27.2 → v2.28.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/gomega: \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.39.1\"\u003ev1.38.2 → v1.39.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/cgroups: \u003ca href=\"https://github.com/opencontainers/cgroups/compare/v0.0.5...v0.0.6\"\u003ev0.0.5 → v0.0.6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runc: \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.3...v1.4.1\"\u003ev1.3.3 → v1.4.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-spec: \u003ca href=\"https://github.com/opencontainers/runtime-spec/compare/v1.2.1...v1.3.0\"\u003ev1.2.1 → v1.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-tools: \u003ca href=\"https://github.com/opencontainers/runtime-tools/compare/0ea5ed0...5e63903\"\u003e0ea5ed0 → 5e63903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/selinux: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ev1.12.0 → v1.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/rogpeppe/go-internal: \u003ca href=\"https://github.com/rogpeppe/go-internal/compare/v1.13.1...v1.14.1\"\u003ev1.13.1 → v1.14.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/sirupsen/logrus: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ev1.9.3 → v1.9.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/urfave/cli: \u003ca href=\"https://github.com/urfave/cli/compare/v1.22.16...v1.22.17\"\u003ev1.22.16 → v1.22.17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/metric: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/trace: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/common: v0.66.0 → v0.67.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/image/v5: v5.38.0 → v5.39.1\u003c/li\u003e\n\u003cli\u003ego.podman.io/storage: v1.61.0 → v1.62.0\u003c/li\u003e\n\u003cli\u003ego.yaml.in/yaml/v2: v2.4.2 → v2.4.3\u003c/li\u003e\n\u003cli\u003egolang.org/x/crypto: v0.43.0 → v0.47.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/mod: v0.28.0 → v0.32.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/net: v0.45.0 → v0.49.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/oauth2: v0.27.0 → v0.30.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sync: v0.17.0 → v0.19.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sys: v0.37.0 → v0.40.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/telemetry: aef8a43 → bd525da\u003c/li\u003e\n\u003cli\u003egolang.org/x/term: v0.36.0 → v0.39.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/text: v0.30.0 → v0.33.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools: v0.37.0 → v0.41.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/c07e5214eeef082e83661ff7b610bac38f08401c\"\u003e\u003ccode\u003ec07e521\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3142\"\u003e#3142\u003c/a\u003e from saschagrunert/bump-v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/df8a5f4c70a2a72568ba68f61e0fa0f9cdb5a7a3\"\u003e\u003ccode\u003edf8a5f4\u003c/code\u003e\u003c/a\u003e Bump version to v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4bb0a0f5f65d1a79c53951d02dfb27a298990a83\"\u003e\u003ccode\u003e4bb0a0f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3141\"\u003e#3141\u003c/a\u003e from containers/dependabot/cargo/zerocopy-0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4b81484a4c533f11da91bf415572bb3fdb609f62\"\u003e\u003ccode\u003e4b81484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3140\"\u003e#3140\u003c/a\u003e from containers/dependabot/cargo/itoa-1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/06c19681c35ec24c9567537bc8ed66c41766f876\"\u003e\u003ccode\u003e06c1968\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3137\"\u003e#3137\u003c/a\u003e from containers/dependabot/github_actions/actions/ca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/d8c08482543a40dda9d7140ab0faddfb90965450\"\u003e\u003ccode\u003ed8c0848\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3139\"\u003e#3139\u003c/a\u003e from containers/dependabot/cargo/opentelemetry-84f9a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/a9d10cc555ed4b1662fa7786bcc6538d9eaa0f78\"\u003e\u003ccode\u003ea9d10cc\u003c/code\u003e\u003c/a\u003e build(deps): bump zerocopy from 0.8.42 to 0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/295c1e2eed7ded46acc386d42356bf6095b447bb\"\u003e\u003ccode\u003e295c1e2\u003c/code\u003e\u003c/a\u003e build(deps): bump itoa from 1.0.17 to 1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/46856f7efc3d89b89f4799236acfa82c0f40055f\"\u003e\u003ccode\u003e46856f7\u003c/code\u003e\u003c/a\u003e build(deps): bump opentelemetry-otlp in the opentelemetry group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/e7caf158f2fc1576fa827e6c98862135d7696703\"\u003e\u003ccode\u003ee7caf15\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3135\"\u003e#3135\u003c/a\u003e from containers/dependabot/go_modules/k8s.io/client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/conmon-rs/compare/v0.7.3...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/kubensmnt` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/kubensmnt/releases\"\u003egithub.com/containers/kubensmnt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd stand-alone installation makefiles by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/9\"\u003econtainers/kubensmnt#9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd go embed test by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/10\"\u003econtainers/kubensmnt#10\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure shellcheck to enforce double-bracket style checks by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/12\"\u003econtainers/kubensmnt#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeck to make sure kubensmnt is mounted by \u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePre-create /run/netns bindmount so it propagates to the kubensmnt namespace by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/13\"\u003econtainers/kubensmnt#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove netns pre-mount code by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/14\"\u003econtainers/kubensmnt#14\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/d37589433623e38d0e73fa00ae7eedb70eec90d8\"\u003e\u003ccode\u003ed375894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/14\"\u003e#14\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/179235fb9bf4dea2275c637429c32b9204a6483d\"\u003e\u003ccode\u003e179235f\u003c/code\u003e\u003c/a\u003e Improve netns pre-mount code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9af9d360c629cfcf9b45e7ef1e5be0945016f6a1\"\u003e\u003ccode\u003e9af9d36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/13\"\u003e#13\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/6bbafddc37bbf8e8c05fc283997fb8e6cd735636\"\u003e\u003ccode\u003e6bbafdd\u003c/code\u003e\u003c/a\u003e Pre-create /run/netns bindmount so it propagates to the kubensmnt namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/3424a142b287da0adc4b759e37840f1204769f39\"\u003e\u003ccode\u003e3424a14\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/11\"\u003e#11\u003c/a\u003e from pixelsoccupied/check-mount\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/7a7d59131dce11a013f6eee6d588309c1cb7f403\"\u003e\u003ccode\u003e7a7d591\u003c/code\u003e\u003c/a\u003e check to make sure kubensmnt is mounted\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/4b80f7c792c8864970ca94a72f3d410691221749\"\u003e\u003ccode\u003e4b80f7c\u003c/code\u003e\u003c/a\u003e Configure shellcheck to enforce double-bracket style checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2e5472fd300ef840cbb340e9031897f3c006a99e\"\u003e\u003ccode\u003e2e5472f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/10\"\u003e#10\u003c/a\u003e from lack/go_embed_test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9264c5c70b513e5d48b987a6b55b11a3108a083c\"\u003e\u003ccode\u003e9264c5c\u003c/code\u003e\u003c/a\u003e Add go embed test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2728572f6444955f5f737bd46905214b654e74d3\"\u003e\u003ccode\u003e2728572\u003c/code\u003e\u003c/a\u003e Add stand-alone installation makefiles\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.29.0\u003c/h2\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/04b5bcbe4eee911a1baf506eda1e7e811c978937\"\u003e\u003ccode\u003e04b5bcb\u003c/code\u003e\u003c/a\u003e v2.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/124232a4531c77a7f31a036e0150e06fa78b2af8\"\u003e\u003ccode\u003e124232a\u003c/code\u003e\u003c/a\u003e docs: GinkgoHelperGo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/ad9cee80bdfda573e94f1b05f2bd4afa1a2fe815\"\u003e\u003ccode\u003ead9cee8\u003c/code\u003e\u003c/a\u003e feat: GinkgoHelperGo, with integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/9e56a0a2a090eb83af696381161bdb996c69bcac\"\u003e\u003ccode\u003e9e56a0a\u003c/code\u003e\u003c/a\u003e chore: refactor devcontainer for better maintenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/3d235a96ac05d9e855048c66528d2fdbfb9101f7\"\u003e\u003ccode\u003e3d235a9\u003c/code\u003e\u003c/a\u003e chore: ignore internal/tmp_*/ integration suite temporary dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/782666ae83c2bc804f28b1333bf91a21b093d946\"\u003e\u003ccode\u003e782666a\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/009dd04de2d18f00c3c812d2caab713a165a1f7c\"\u003e\u003ccode\u003e009dd04\u003c/code\u003e\u003c/a\u003e Support DescribeTableSubtree in ginkgo outline\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.28.3...v2.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.41.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eBeASlice\u003c/code\u003e and \u003ccode\u003eBeAnArray\u003c/code\u003e matchers\u003c/p\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eObject formatting now detects pointer cycles to avoid runaway formatting output.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/af2bccb5831cbcc56cfc16ca3056077cdec4798b\"\u003e\u003ccode\u003eaf2bccb\u003c/code\u003e\u003c/a\u003e v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/73e81f6f054c825d1743bf4090ac0a9e1d5605af\"\u003e\u003ccode\u003e73e81f6\u003c/code\u003e\u003c/a\u003e v1.41.0 (full)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e35a84f24113255aaeea62fe7c47e09adf39109b\"\u003e\u003ccode\u003ee35a84f\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/f12e5e1bc7167fae21ef37b0d9d358d51063ff5e\"\u003e\u003ccode\u003ef12e5e1\u003c/code\u003e\u003c/a\u003e fix(format): detect pointer cycles to avoid runaway formatting output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e14831fefa86313f2b01fb803b2ac937e49d08b6\"\u003e\u003ccode\u003ee14831f\u003c/code\u003e\u003c/a\u003e Add optionalDescription docs to AsyncAssertion and Assertion interfaces\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/344b94dae7e0df0e2d087574b4c2b1b1597a6943\"\u003e\u003ccode\u003e344b94d\u003c/code\u003e\u003c/a\u003e Add BeASlice and BeAnArray matchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.40.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.4.1 to 1.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.2 -- \u0026quot;Я — Земля! Я своих провожаю питомцев\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the second patch release of the 1.4.z release series of runc.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStatic Linking Notices\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003erunc\u003c/code\u003e binary distributed with this release are \u003cem\u003estatically linked\u003c/em\u003e with\nthe following \u003ca href=\"https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\"\u003eGNU LGPL-2.1\u003c/a\u003e licensed libraries, with \u003ccode\u003erunc\u003c/code\u003e acting\nas a \u0026quot;work that uses the Library\u0026quot;:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seccomp/libseccomp\"\u003elibseccomp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe versions of these libraries were not modified from their upstream versions,\nbut in order to comply with the LGPL-2.1 (§6(a)), we have attached the\ncomplete source code for those libraries which (when combined with the attached\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\u003c/p\u003e\n\u003cp\u003eHowever we strongly suggest that you make use of your distribution's packages\nor download them from the authoritative upstream sources, especially since\nthese libraries are related to the security of your containers.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAyato Tokubi \u003ca href=\"mailto:atokubi@redhat.com\"\u003eatokubi@redhat.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAkihiro Suda \u003ca href=\"mailto:akihiro.suda.cz@hco.ntt.co.jp\"\u003eakihiro.suda.cz@hco.ntt.co.jp\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLi Fubang \u003ca href=\"mailto:lifubang@acmcoder.com\"\u003elifubang@acmcoder.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRodrigo Campos Catelin \u003ca href=\"mailto:rodrigo@amutable.com\"\u003erodrigo@amutable.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Kir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/v1.4.2/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.2] - 2026-04-02\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eЯ — Земля! Я своих провожаю питомцев.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c241c0bb5e60a8e8c1b2e53d4eca8d0068d8d57e\"\u003e\u003ccode\u003ec241c0b\u003c/code\u003e\u003c/a\u003e VERSION: release v1.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/95f27e805324fce0899c9a2afbb819944f91315b\"\u003e\u003ccode\u003e95f27e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e from lifubang/backport-5210-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/39791aeab622c319146456c603643062d256e715\"\u003e\u003ccode\u003e39791ae\u003c/code\u003e\u003c/a\u003e Fix SIGCHLD race in signal handler setup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/226ff030b46f482c7715726a5de70957a9aec24d\"\u003e\u003ccode\u003e226ff03\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e from lifubang/backport-5177-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/9de77a986c188bd436d5a60f47066388f6b199b5\"\u003e\u003ccode\u003e9de77a9\u003c/code\u003e\u003c/a\u003e test: check mount source fds are cleaned up with idmapped mounts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e4a82fc2d8604fa48f0bfbf7cb09b7c074a9dcc9\"\u003e\u003ccode\u003ee4a82fc\u003c/code\u003e\u003c/a\u003e libct: close mount source fd as soon as possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/87db63422d1d11b2a726674ca9ff276e5fffc7dd\"\u003e\u003ccode\u003e87db634\u003c/code\u003e\u003c/a\u003e libct: add a nil check for mountError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/d4305dc5dddc9daf4a5adb9d6465d230e83f5e94\"\u003e\u003ccode\u003ed4305dc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5187\"\u003e#5187\u003c/a\u003e from kolyshkin/1.4-5159\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/63605fc49f9dc6a26b55d7f26e0473c1e626230b\"\u003e\u003ccode\u003e63605fc\u003c/code\u003e\u003c/a\u003e ci: add conmon tests run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/0daa0038d2f5151c0b503480c311f93694388ef0\"\u003e\u003ccode\u003e0daa003\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5178\"\u003e#5178\u003c/a\u003e from kolyshkin/1.4-5175\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.4.1...v1.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.13.1 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release adds a new function, SetProcessKind, which is to be used instead of KVMProcessLabel[s] and InitProcessLabel[s] in case the user only wants to change the type of the existing label, not generate a new one. It also fixes an CI issue and optimizes label.InitLabels for a few common cases.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: set timeout for vm jobs by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/270\"\u003eopencontainers/selinux#270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elabel.InitLabels: optimize by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/269\"\u003eopencontainers/selinux#269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SetProcessKind by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/271\"\u003eopencontainers/selinux#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.1\u003c/h2\u003e\n\u003cp\u003eThis release mostly fixes label.InitLabels regression introduced in v1.14.0.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: rm travis, add gha badge by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/268\"\u003eopencontainers/selinux#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix label.InitLabels regression in v1.14.0; amend ReserveLabelV2 doc by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/267\"\u003eopencontainers/selinux#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release fixes a regression in ExecLabel, bumps the minimal Go version to 1.22, and deprecates several functions in favor of improved API.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eExecLabel\u003c/code\u003e was using an incorrect path (regression in v1.13.0). (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/253\"\u003eopencontainers/selinux#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eCategoryRange\u003c/code\u003e is deprecated; use \u003ccode\u003eSetCategoryRange\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eKVMContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eKVMContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eInitContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eInitContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eReserveLabel\u003c/code\u003e is deprecated; use \u003ccode\u003eReserveLabelV2\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eROFileLabel\u003c/code\u003e is deprecated; if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContainerLabels\u003c/code\u003e is deprecated, if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSEUserByName\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/251\"\u003eopencontainers/selinux#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCheckLabel\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/250\"\u003eopencontainers/selinux#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSetCategoryRange\u003c/code\u003e, \u003ccode\u003eKVMContainerLabel\u003c/code\u003e, \u003ccode\u003eInitContainerLabel\u003c/code\u003e, \u003ccode\u003eReserveLabelV2\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to Go 1.22 as the minimally supported version (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/256\"\u003eopencontainers/selinux#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eGetDefaultContextWithLevel\u003c/code\u003e to fall back to failsafe context (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse math/rand/v2 rather than crypto/rand for MCS label generation (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/257\"\u003eopencontainers/selinux#257\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMAINTAINERS: add Aleksa as a maintainer. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/243\"\u003eopencontainers/selinux#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAssorted CI bumps and related fixes. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/255\"\u003eopencontainers/selinux#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove intToMcs. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/259\"\u003eopencontainers/selinux#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse Cut more. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/254\"\u003eopencontainers/selinux#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify getSelinuxMountPoint. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/258\"\u003eopencontainers/selinux#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify/remove some code. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/261\"\u003eopencontainers/selinux#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/84683a6ecf369d67892b764300da9a614e403073\"\u003e\u003ccode\u003e84683a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/271\"\u003e#271\u003c/a\u003e from kolyshkin/change-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8889f6ec5dfbc92be63ff81f67cce3f1e7f8567a\"\u003e\u003ccode\u003e8889f6e\u003c/code\u003e\u003c/a\u003e Add SetProcessKind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fb9b5b20d3dce247bd0b0a96e26ad983c4909b9a\"\u003e\u003ccode\u003efb9b5b2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/269\"\u003e#269\u003c/a\u003e from kolyshkin/init-labels-opt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/74873e291f7a5d573fec3e7f2e0e16a8595434ca\"\u003e\u003ccode\u003e74873e2\u003c/code\u003e\u003c/a\u003e label.InitLabels: optimize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8bf19e9d124ef078dd0c0dfc2a14f3b9843c987\"\u003e\u003ccode\u003ec8bf19e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/270\"\u003e#270\u003c/a\u003e from kolyshkin/timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/a55d914f19b9dad21a21f5d882452971e7db2d03\"\u003e\u003ccode\u003ea55d914\u003c/code\u003e\u003c/a\u003e ci: set timeout for vm jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/89b039b4fb2ec4056a15eefce2e6e1a85b33fa70\"\u003e\u003ccode\u003e89b039b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/267\"\u003e#267\u003c/a\u003e from kolyshkin/damage-control\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8c517ef35fd53d6a151e950bcc56f80d3fb2dec0\"\u003e\u003ccode\u003e8c517ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/268\"\u003e#268\u003c/a\u003e from kolyshkin/readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/e184f4698c2e22c0969fb1302da049ba805213eb\"\u003e\u003ccode\u003ee184f46\u003c/code\u003e\u003c/a\u003e selinux.ReserveLabelV2: note on ignoring ErrMCSAlreadyExists\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fa158854b7c1d6064a41282522d109d8f71e9cfa\"\u003e\u003ccode\u003efa15885\u003c/code\u003e\u003c/a\u003e label.InitLabels: dont't return ErrMCSAlreadyExists\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.1...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/common` from 0.66.2-0.20260126213724-1e46b0756b39 to 0.67.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/container-libs/releases\"\u003ego.podman.io/common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ecommon/v0.67.0\u003c/h2\u003e\n\u003cp\u003ego.podman.io/common release for podman v5.8\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/container-libs/commits/common/v0.67.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/image/v5` from 5.38.0 to 5.39.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/80fb329c24eb41f760488720a493946435196f31\"\u003e\u003ccode\u003e80fb329\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump to image 5.39.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/c41710e4e2fe11eb1716151f552f29d0f61df565\"\u003e\u003ccode\u003ec41710e\u003c/code\u003e\u003c/a\u003e [podman-5.8] Add missing image go.sum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/a1da33bdfddae9f31cf436f30dd4d8712d76d922\"\u003e\u003ccode\u003ea1da33b\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump image to v5.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/d5d959a8faa860f260c8b05e84a33ac4e8d9ed31\"\u003e\u003ccode\u003ed5d959a\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump storage to 1.62.0 in image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/b4ff26efa1f98823d53136a3944b3964e7426693\"\u003e\u003ccode\u003eb4ff26e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/626\"\u003e#626\u003c/a\u003e from TomSweeneyRedHat/dev/tsweeney/dance-5.8-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/bb290dc125b3e3ea2f18e7cf2f2ec4b8810265b6\"\u003e\u003ccode\u003ebb290dc\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump storage to v1.62.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/a79d33cb983b2308a4bb485c327b5ef026177d3b\"\u003e\u003ccode\u003ea79d33c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/616\"\u003e#616\u003c/a\u003e from l0rd/pr-612-to-5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/90383df2587fae116f31f785115b25957e5c84cb\"\u003e\u003ccode\u003e90383df\u003c/code\u003e\u003c/a\u003e common: safer use of \u003ccode\u003efilepath.EvalSymlinks()\u003c/code\u003e in \u003ccode\u003efindBindir()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/89d4270d09cdbe577335374c30ef446d1a728d1e\"\u003e\u003ccode\u003e89d4270\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/601\"\u003e#601\u003c/a\u003e from Luap99/podman-5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/d1241f8bc422070205ce55cbebcbc68945b6b245\"\u003e\u003ccode\u003ed1241f8\u003c/code\u003e\u003c/a\u003e fix debug log for \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/container-libs/compare/image/v5.38.0...image/v5.39.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/storage` from 1.61.1-0.20251212224252-b0f86df5a665 to 1.62.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/container-libs/commits/storage/v1.62.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.53.0 to 0.55.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7770ec48d03fec35e378665337b4faca93c38423\"\u003e\u003ccode\u003e7770ec4\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/4ece7b612ad44ad6c4d5e0d5d4df9c18cc211905\"\u003e\u003ccode\u003e4ece7b6\u003c/code\u003e\u003c/a\u003e html: escape greater-than symbol in doctype identifiers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/08be507abce89191d78cd49da60f4501fc910472\"\u003e\u003ccode\u003e08be507\u003c/code\u003e\u003c/a\u003e html: improve Noah's Ark clause performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/a8fb2fe4f7378f816302b9f2f7b8290ce512e5dd\"\u003e\u003ccode\u003ea8fb2fe\u003c/code\u003e\u003c/a\u003e html: properly render fostered elements in foreign content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/0dc5b7a5f81d7155ade6d5e9db35992998679932\"\u003e\u003ccode\u003e0dc5b7a\u003c/code\u003e\u003c/a\u003e html: properly check namespace in \u0026quot;in body\u0026quot; any other end tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/a452f3cc17168a60bc3f439a3ae0fcffc32eca0e\"\u003e\u003ccode\u003ea452f3c\u003c/code\u003e\u003c/a\u003e html: ignore duplicate attributes during tokenization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/f8651996b24ba47d89dd9eb97fd47758e6d1886f\"\u003e\u003ccode\u003ef865199\u003c/code\u003e\u003c/a\u003e quic: fix appendMaxDataFrame erroneously accumulating sentLimit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/210ed3cb901cb549818aefa04b71dadaf149d05d\"\u003e\u003ccode\u003e210ed3c\u003c/code\u003e\u003c/a\u003e quic: establish a \u0026quot;happened-before\u0026quot; relationship between stream write and read\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ad8140e0aa2ec41b37ea478b4525a423bcc21af9\"\u003e\u003ccode\u003ead8140e\u003c/code\u003e\u003c/a\u003e quic: fix buffer slicing when handling overlapping stream data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/23ee2efe81a3ff183b4eca46c42f749af7efca45\"\u003e\u003ccode\u003e23ee2ef\u003c/code\u003e\u003c/a\u003e http2: avoid API changes when built with go1.27\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.53.0...v0.55.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.43.0 to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/397d5f80920585bc27433d878aba498d062f81e1\"\u003e\u003ccode\u003e397d5f8\u003c/code\u003e\u003c/a\u003e unix: update to Linux kernel 7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/0a387f7a07d7a0e9811f00603c10b4e5a94ab79c\"\u003e\u003ccode\u003e0a387f7\u003c/code\u003e\u003c/a\u003e cpu: detect zbc extension on riscv64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/758f71cb839d131daf0ba4befa6a2c6ceb21a649\"\u003e\u003ccode\u003e758f71c\u003c/code\u003e\u003c/a\u003e cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/99666ae32e07f6403182a79cb5df0c417cbbf25f\"\u003e\u003ccode\u003e99666ae\u003c/code\u003e\u003c/a\u003e unix: merge Linux readv/writev implementation with Darwin/OpenBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e4444cbaaaf61cecff8e635874066fcd5c841575\"\u003e\u003ccode\u003ee4444cb\u003c/code\u003e\u003c/a\u003e windows: add NtSetEaFile, NtQueryEaFile and NtQueryInformationFile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/04396e85d470b7f990a9a1df5c1a44dc8e30c292\"\u003e\u003ccode\u003e04396e8\u003c/code\u003e\u003c/a\u003e unix: add Readv, Writev, Preadv, Pwritev for OpenBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/fb1facd76f95fa87c151018200ea5e4892ff115d\"\u003e\u003ccode\u003efb1facd\u003c/code\u003e\u003c/a\u003e windows: avoid uint16 overflow in NewNTUnicodeString\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/94ad893e1e59c1d079221324d38945d2aad8703f\"\u003e\u003ccode\u003e94ad893\u003c/code\u003e\u003c/a\u003e windows: add GetIfTable2Ex, GetIpInterface{Entry,Table}, GetUnicastIpAddressT...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/54fe89f8411576c06b345b341ca79a77d878a4ad\"\u003e\u003ccode\u003e54fe89f\u003c/code\u003e\u003c/a\u003e cpu: use IsProcessorFeaturePresent to calculate ARM64 on windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/df7d5d7b60641d17d87e2b50911124cb65f954fd\"\u003e\u003ccode\u003edf7d5d7\u003c/code\u003e\u003c/a\u003e unix: automatically remove container created by mkall.sh\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/sys/compare/v0.43.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.80.0 to 1.81.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.81.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per \u003ca href=\"https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md\"\u003egRFC A41\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/al4an444\"\u003e\u003ccode\u003e@​al4an444\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eotel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.81.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8808\"\u003e#8808\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDependencies\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eMinimum supported Go version is now 1.25. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8969\"\u003e#8969\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8956\"\u003e#8956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Send a \u003ccode\u003eRST_STREAM\u003c/code\u003e when receiving an \u003ccode\u003eEND_STREAM\u003c/code\u003e when the stream is not already half-closed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8832\"\u003e#8832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Fix ADS resource name validation to prevent a panic. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8970\"\u003e#8970\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc/stats: Add support for custom labels in per-call metrics (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A108-otel-custom-per-call-label.md\"\u003egRFC A108\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9008\"\u003e#9008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for Server Name Indication (SNI) and SAN validation (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md\"\u003egRFC A101\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_SNI=true\u003c/code\u003e environment variable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9016\"\u003e#9016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A85-lrs-custom-metrics-changes.md\"\u003egRFC A85\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9005\"\u003e#9005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add metrics to track xDS client connectivity and cached resource state (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md\"\u003egRFC A78\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8807\"\u003e#8807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Enhance \u003ccode\u003egrpc.subchannel.disconnections\u003c/code\u003e metric by adding disconnection reason to the \u003ccode\u003egrpc.disconnect_error\u003c/code\u003e label (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A94-subchannel-otel-metrics.md\"\u003egRFC A94\u003c/a\u003e). This provides granular insights into why subchannels are closing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8973\"\u003e#8973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Add \u003ccode\u003emem.Buffer.Slice()\u003c/code\u003e API to slice the buffer like a slice. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8977\"\u003e#8977\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/ash2k\"\u003e\u003ccode\u003e@​ash2k\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ealts: Pool read buffers to lower memory utilization when sockets are unreadable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8964\"\u003e#8964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set \u003ccode\u003eGRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false\u003c/code\u003e and report any issues. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9032\"\u003e#9032\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/caf0772c2bcb8bc15d43eb53448e921f34f0b7e8\"\u003e\u003ccode\u003ecaf0772\u003c/code\u003e\u003c/a\u003e Change version from 1.81.1-dev to 1.81.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9122\"\u003e#9122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6ccbeebf058ede71e43a5ac28fada2a736573215\"\u003e\u003ccode\u003e6ccbeeb\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9121\"\u003e#9121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/b33c29e41b438e371c8504de9bdf64a80098cc29\"\u003e\u003ccode\u003eb33c29e\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9102\"\u003e#9102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/c45fae6d06a5c192b7b96418a2bc26a96b856834\"\u003e\u003ccode\u003ec45fae6\u003c/code\u003e\u003c/a\u003e Change version to 1.81.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9063\"\u003e#9063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cb18228317ff523e63d931b4058b0329585b7dcd\"\u003e\u003ccode\u003ecb18228\u003c/code\u003e\u003c/a\u003e Cha...\n\n_Description has been truncated_","html_url":"https://github.com/cri-o/cri-o/pull/9975","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9975","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9975/packages"},{"uuid":"4503481329","node_id":"PR_kwDOH28oUM7eYzae","number":482,"state":"open","title":"Bump github.com/containerd/containerd from 1.6.3-0.20220401172941-5ff8fce1fcc6 to 1.7.32","user":"dependabot[bot]","labels":["stale"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T14:43:37.000Z","updated_at":"2026-06-06T02:17:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.6.3-0.20220401172941-5ff8fce1fcc6","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.6.3-0.20220401172941-5ff8fce1fcc6 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containerd/containerd/commits/v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.6.3-0.20220401172941-5ff8fce1fcc6\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/jpadams/dagger-git/pull/482","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadams%2Fdagger-git/issues/482","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/482/packages"},{"uuid":"4498244984","node_id":"PR_kwDORBVPFc7eH40Q","number":10,"state":"closed","title":"chore(deps): bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-04T11:48:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T22:11:19.000Z","updated_at":"2026-06-04T11:49:02.000Z","time_to_close":1172253,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mahmut-Abi/cloud-native-mcp-server/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/mahmut-Abi/cloud-native-mcp-server/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mahmut-Abi%2Fcloud-native-mcp-server/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"},{"uuid":"4498244945","node_id":"PR_kwDOAeGNGc7eH4zr","number":66986,"state":"closed","title":"Bump github.com/containerd/containerd from 1.7.30 to 1.7.32 in /integrations/terraform","user":"dependabot[bot]","labels":["go","dependencies","no-changelog"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-22T11:07:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T22:11:19.000Z","updated_at":"2026-05-22T11:07:59.000Z","time_to_close":46589,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/integrations/terraform","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gravitational/teleport/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/gravitational/teleport/pull/66986","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gravitational%2Fteleport/issues/66986","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/66986/packages"},{"uuid":"4498238198","node_id":"PR_kwDOFuFHHc7eH3Vv","number":3662,"state":"closed","title":"build(deps): bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-22T00:16:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T22:09:53.000Z","updated_at":"2026-05-22T00:43:58.000Z","time_to_close":7572,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/redhat-best-practices-for-k8s/certsuite/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/redhat-best-practices-for-k8s/certsuite/pull/3662","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-best-practices-for-k8s%2Fcertsuite/issues/3662","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3662/packages"},{"uuid":"4498224962","node_id":"PR_kwDOPCnuX87eH0iS","number":41,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.29 to 1.7.32","user":"dependabot[bot]","labels":["dependencies","go","Stale"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T22:07:11.000Z","updated_at":"2026-06-01T02:21:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.29 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.29\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/harekrishnarai/scorecard/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/harekrishnarai/scorecard/pull/41","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/harekrishnarai%2Fscorecard/issues/41","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/41/packages"},{"uuid":"4498208129","node_id":"PR_kwDOHksjGM7eHw8n","number":4141,"state":"open","title":"chore(deps): bump github.com/containerd/containerd from 1.7.29 to 1.7.32 in /services/apps/git_integration/src/crowdgit/services/vulnerability_scanner","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T22:03:51.000Z","updated_at":"2026-05-21T22:04:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/services/apps/git_integration/src/crowdgit/services/vulnerability_scanner","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.29 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.29\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/linuxfoundation/crowd.dev/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- CURSOR_SUMMARY --\u003e\n---\n\n\u003e [!NOTE]\n\u003e **Low Risk**\n\u003e Low risk dependency-only change; primary impact is updating transitive container/runtime libraries (including a containerd security patch) which could affect build/runtime behavior only if those code paths are exercised.\n\u003e \n\u003e **Overview**\n\u003e Updates Go module dependencies for the `vulnerability_scanner` service, bumping `github.com/containerd/containerd` from `1.7.29` to `1.7.32` (plus related checksum changes).\n\u003e \n\u003e Also refreshes transitive deps, including `github.com/opencontainers/selinux` to `1.13.1`, and promotes `github.com/ossf/osv-schema/bindings/go` to a direct requirement.\n\u003e \n\u003e \u003csup\u003eReviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 67fefc624479fbae3b675c22814e794c6331f7a5. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).\u003c/sup\u003e\n\u003c!-- /CURSOR_SUMMARY --\u003e","html_url":"https://github.com/linuxfoundation/crowd.dev/pull/4141","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/linuxfoundation%2Fcrowd.dev/issues/4141","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4141/packages"},{"uuid":"4498201714","node_id":"PR_kwDONF6Krs7eHvnp","number":422,"state":"closed","title":"build(deps): bump github.com/containerd/containerd from 1.7.30 to 1.7.32 in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go","patch"],"assignees":["clouddrove-ci"],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-27T16:34:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T22:02:34.000Z","updated_at":"2026-05-27T16:34:41.000Z","time_to_close":498717,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the / directory: [github.com/containerd/containerd](https://github.com/containerd/containerd).\n\nUpdates `github.com/containerd/containerd` from 1.7.30 to 1.7.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/clouddrove/smurf/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/clouddrove/smurf/pull/422","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/clouddrove%2Fsmurf/issues/422","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/422/packages"},{"uuid":"4498187748","node_id":"PR_kwDOAwYmsM7eHsuZ","number":15903,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["size/S","ok-to-test","release-note-none","dco-signoff: yes","dependencies","do-not-merge/docs-needed","do-not-merge/test-issue-needed"],"assignees":[],"locked":false,"comments_count":8,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:59:45.000Z","updated_at":"2026-05-21T22:00:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kubermatic/kubermatic/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kubermatic/kubermatic/pull/15903","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubermatic%2Fkubermatic/issues/15903","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15903/packages"},{"uuid":"4498186054","node_id":"PR_kwDOBW5a9M7eHsX-","number":213,"state":"closed","title":"Bump github.com/containerd/containerd from 1.7.27 to 1.7.32 in /tools","user":"dependabot[bot]","labels":["cncf-cla: yes","size/M","lgtm","approved","dependencies","go"],"assignees":["MrHohn"],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-10T22:28:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T21:59:21.000Z","updated_at":"2026-06-10T22:28:58.000Z","time_to_close":1729769,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.27","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/tools","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.27 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.27...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/kubernetes-sigs/ip-masq-agent/pull/213","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fip-masq-agent/issues/213","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/213/packages"},{"uuid":"4498181378","node_id":"PR_kwDOGiwcos7eHrXR","number":1061,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.30 to 1.7.32 in /hack/chart-update","user":"dependabot[bot]","labels":["cncf-cla: yes","needs-ok-to-test","size/XS","dependencies","go"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:58:19.000Z","updated_at":"2026-05-21T22:00:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/hack/chart-update","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kubernetes-sigs/cluster-api-operator/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kubernetes-sigs/cluster-api-operator/pull/1061","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fcluster-api-operator/issues/1061","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1061/packages"},{"uuid":"4498175337","node_id":"PR_kwDOQGqhmc7eHqGF","number":18,"state":"open","title":"chore(deps): bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:56:57.000Z","updated_at":"2026-05-21T21:58:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/LocalAI/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/LocalAI/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2FLocalAI/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"},{"uuid":"4498174606","node_id":"PR_kwDOG3GzvM7eHp8Q","number":1289,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.29 to 1.7.32","user":"dependabot[bot]","labels":["ok-to-test"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:56:49.000Z","updated_at":"2026-05-21T21:56:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.29 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.29\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/eks-anywhere-packages/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/aws/eks-anywhere-packages/pull/1289","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Feks-anywhere-packages/issues/1289","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1289/packages"},{"uuid":"4498171245","node_id":"PR_kwDOGd6UEM7eHpQH","number":20767,"state":"open","title":"chore(deps): bump github.com/containerd/containerd from 1.7.30 to 1.7.32 in /operator/tools/operator-sdk","user":"dependabot[bot]","labels":["dependencies","area/operator","auto-merge","auto-retest"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:56:06.000Z","updated_at":"2026-05-21T23:45:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/operator/tools/operator-sdk","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/stackrox/stackrox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/stackrox/stackrox/pull/20767","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackrox%2Fstackrox/issues/20767","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20767/packages"},{"uuid":"4498163582","node_id":"PR_kwDODF8yq87eHns3","number":497,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["needs-ok-to-test","dco-signoff: yes","dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:54:27.000Z","updated_at":"2026-05-21T21:54:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/stolostron/multicloud-operators-channel/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/stolostron/multicloud-operators-channel/pull/497","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stolostron%2Fmulticloud-operators-channel/issues/497","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/497/packages"},{"uuid":"4444135094","node_id":"PR_kwDOPWrQgs7bbQsC","number":10,"state":"open","title":"chore(deps): bump the go_modules group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T07:39:32.000Z","updated_at":"2026-05-14T07:39:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go_modules","update_count":7,"packages":[{"name":"golang.org/x/crypto","old_version":"0.38.0","new_version":"0.45.0","repository_url":"https://github.com/golang/crypto"},{"name":"helm.sh/helm/v3","old_version":"3.18.1","new_version":"3.20.2","repository_url":"https://github.com/helm/helm"},{"name":"github.com/containerd/containerd","old_version":"1.7.27","new_version":"1.7.30"},{"name":"google.golang.org/grpc","old_version":"1.72.2","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp","old_version":"1.36.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel","old_version":"1.36.0","new_version":"1.43.0"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.36.0","new_version":"1.43.0"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 4 updates in the /staging/src/kubesphere.io/utils directory: [golang.org/x/crypto](https://github.com/golang/crypto), [helm.sh/helm/v3](https://github.com/helm/helm), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\n\nUpdates `golang.org/x/crypto` from 0.38.0 to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/122a78f140d9d3303ed3261bc374bbbca149140f\"\u003e\u003ccode\u003e122a78f\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/c0531f9c34514ad5c5551e2d6ce569ca673a8afd\"\u003e\u003ccode\u003ec0531f9\u003c/code\u003e\u003c/a\u003e all: eliminate vet diagnostics\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/0997000b45e3a40598272081bcad03ffd21b8adb\"\u003e\u003ccode\u003e0997000\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.38.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `helm.sh/helm/v3` from 3.18.1 to 3.20.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/helm/helm/releases\"\u003ehelm.sh/helm/v3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHelm v3.20.2\u003c/h2\u003e\n\u003ch2\u003ev3.20.2\u003c/h2\u003e\n\u003cp\u003eHelm v3.20.2 is a security patch release. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eThe community keeps growing, and we'd love to see you there!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJoin the discussion in \u003ca href=\"https://kubernetes.slack.com\"\u003eKubernetes Slack\u003c/a\u003e:\n\u003cul\u003e\n\u003cli\u003efor questions and just to hang out\u003c/li\u003e\n\u003cli\u003efor discussing PRs, code, and bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eHang out at the Public Developer Call: Thursday, 9:30 Pacific via \u003ca href=\"https://zoom.us/j/696660622\"\u003eZoom\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest, debug, and contribute charts: \u003ca href=\"https://artifacthub.io/packages/search?kind=0\"\u003eArtifactHub/packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/security/advisories/GHSA-hr2v-4r36-88hr\"\u003eGHSA-hr2v-4r36-88hr\u003c/a\u003e Helm Chart extraction output directory collapse via \u003ccode\u003eChart.yaml\u003c/code\u003e name dot-segment\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstallation and Upgrading\u003c/h2\u003e\n\u003cp\u003eDownload Helm v3.20.2. The common platform binaries are here:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-amd64.tar.gz\"\u003eMacOS amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-amd64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 7de04301f28b902a74f6286ed941cadc86ee5e6a9086a18f2ccf1f548e99d618)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-arm64.tar.gz\"\u003eMacOS arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-arm64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 139c794c22f16b579d08ddd3008c8038b9bb2814f35b5bcca91f50a1f458978d)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz\"\u003eLinux amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 258e830a9e613c8a7a302d6059b4bb3b9758f2f3e1bb8ea0d707ce10a9a72fea)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm.tar.gz\"\u003eLinux arm\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / a8a614c740399ff1ef32bcea6be6e4523f17e3376f9cf55c192cc48c8f2d1f19)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz\"\u003eLinux arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 5ea2d6bc2cda3f8edf985e028809f5a9278f404fb8ab24044de9b7cb9b79a691)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-386.tar.gz\"\u003eLinux i386\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-386.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 88e4c1834307cdbc9f3b80920e1a383e4ba50bb488fb0be1b1fbd4918bb6ae73)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-ppc64le.tar.gz\"\u003eLinux ppc64le\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-ppc64le.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 98bb26a2f3c0b0c1a50db3181dff192554e0c204a07427d98d6b01e259f23cbe)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-s390x.tar.gz\"\u003eLinux s390x\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-s390x.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 584dd77ef8096d6ef939a1822f72840e749fc8311b2b13ae94df5f786862a56b)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-riscv64.tar.gz\"\u003eLinux riscv64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-riscv64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 957391d0710d72678acd09959b5dc77888cd007a78a4b99944d3b2fc7e1895ca)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-amd64.zip\"\u003eWindows amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-amd64.zip.sha256sum\"\u003echecksum\u003c/a\u003e / 24e8e5b71bab4ee17e6f989931ecf4fb144f9916cbe9990c0b6b2ec7b925c454)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-arm64.zip\"\u003eWindows arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-arm64.zip.sha256sum\"\u003echecksum\u003c/a\u003e / 7c940a73a6882f50b69aec3282549da4a49917669db18fc503db930fb74b9789)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe \u003ca href=\"https://helm.sh/docs/intro/quickstart/\"\u003eQuickstart Guide\u003c/a\u003e will get you going from there. For \u003cstrong\u003eupgrade instructions\u003c/strong\u003e or detailed installation notes, check the \u003ca href=\"https://helm.sh/docs/intro/install/\"\u003einstall guide\u003c/a\u003e. You can also use a \u003ca href=\"https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3\"\u003escript to install\u003c/a\u003e on any system with \u003ccode\u003ebash\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Next\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4.1.5 and 3.20.3 are the next patch (bug fix) releases and will be on April 8, 2026\u003c/li\u003e\n\u003cli\u003e4.2.0 and 3.21.0 are the next minor (feature) releases and will be on May 13, 2026\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Chart dot-name path bug 8fb76d6ab555577e98e23b7500009537a471feee (George Jenkins)\u003c/li\u003e\n\u003cli\u003efix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow 3a8927e275c50cecde273872dad2a5576bd46375 (Terry Howe)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eHelm v3.20.1 is a patch release. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eThe community keeps growing, and we'd love to see you there!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJoin the discussion in \u003ca href=\"https://kubernetes.slack.com\"\u003eKubernetes Slack\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/8fb76d6ab555577e98e23b7500009537a471feee\"\u003e\u003ccode\u003e8fb76d6\u003c/code\u003e\u003c/a\u003e fix: Chart dot-name path bug\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/3a8927e275c50cecde273872dad2a5576bd46375\"\u003e\u003ccode\u003e3a8927e\u003c/code\u003e\u003c/a\u003e fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/a2369ca71c0ef633bf6e4fccd66d634eb379b371\"\u003e\u003ccode\u003ea2369ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the k8s-io group with 7 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/90e10564f7ae746a153f3a03006e7061a54ad490\"\u003e\u003ccode\u003e90e1056\u003c/code\u003e\u003c/a\u003e add image index test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/911f2e908ae40b01ca95b857e94b8894043f64fd\"\u003e\u003ccode\u003e911f2e9\u003c/code\u003e\u003c/a\u003e fix pulling charts from OCI indices\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/76dad33fb1a2b6451920429b4f5f2dd575ea71bb\"\u003e\u003ccode\u003e76dad33\u003c/code\u003e\u003c/a\u003e Remove refactorring changes from coalesce_test.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/45c12f71407b6054a37d3e425d5293ee79a1ab37\"\u003e\u003ccode\u003e45c12f7\u003c/code\u003e\u003c/a\u003e Fix import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/26c6f19f967941dbe53bfb5e52d419b3b3e46075\"\u003e\u003ccode\u003e26c6f19\u003c/code\u003e\u003c/a\u003e Update pkg/chart/common/util/coalesce_test.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/09f5129d49a14c9336cea6f33adf5f52889915ef\"\u003e\u003ccode\u003e09f5129\u003c/code\u003e\u003c/a\u003e Fix lint warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/417deb2b6b7504357b0f580b76f5eed1bb8a5270\"\u003e\u003ccode\u003e417deb2\u003c/code\u003e\u003c/a\u003e Preserve nil values in chart already\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/helm/helm/compare/v3.18.1...v3.20.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.27 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.27...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.72.2 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.72.2...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.36.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.36.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.36.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/kubesphere/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n🔧 This PR updates Go module dependencies in the KubeSphere utils package, upgrading Go from 1.24.3 to 1.25.0 and bumping 7 key dependencies including Helm, Kubernetes APIs, gRPC, and OpenTelemetry libraries to their latest versions. The updates include important security fixes and performance improvements across the dependency stack.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Go Runtime**: Upgraded from Go 1.24.3 to 1.25.0 with updated godebug settings\n- **Helm**: Updated from v3.18.1 to v3.20.2, including security fixes for chart extraction vulnerabilities\n- **Kubernetes APIs**: Bumped k8s.io packages from v0.33.1 to v0.35.1 for better compatibility\n- **gRPC**: Major update from v1.72.2 to v1.79.3 with security patches and performance improvements\n- **OpenTelemetry**: Updated from v1.36.0 to v1.43.0 across multiple packages for enhanced observability\n- **Dependency Cleanup**: Removed several unused indirect dependencies and updated others\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Go 1.24.3] --\u003e B[Go 1.25.0]\n    C[Helm 3.18.1] --\u003e D[Helm 3.20.2]\n    E[K8s APIs 0.33.1] --\u003e F[K8s APIs 0.35.1]\n    G[gRPC 1.72.2] --\u003e H[gRPC 1.79.3]\n    I[OTEL 1.36.0] --\u003e J[OTEL 1.43.0]\n    K[Security Fixes] --\u003e L[Enhanced Security]\n    M[Performance Opts] --\u003e N[Better Performance]\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple security vulnerabilities, particularly in Helm chart extraction and gRPC path validation\n- **Performance Improvements**: Updated dependencies include optimizations for memory usage, buffer pooling, and slice handling\n- **Compatibility**: Maintains backward compatibility while providing access to latest Kubernetes API features and improved observability tools\n- **Maintenance**: Reduces technical debt by removing unused dependencies and updating to actively maintained versions\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/kubesphere/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fkubesphere/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"},{"uuid":"4440876256","node_id":"PR_kwDOLzaLX87bRO1c","number":1,"state":"closed","title":"Bump the go_modules group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-30T11:57:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T20:14:24.000Z","updated_at":"2026-05-30T11:57:47.000Z","time_to_close":1439001,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":8,"packages":[{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.24.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"google.golang.org/grpc","old_version":"1.62.1","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"github.com/containerd/containerd","old_version":"1.7.12","new_version":"1.7.29","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/dvsekhvalnov/jose2go","old_version":"1.5.0","new_version":"1.7.0","repository_url":"https://github.com/dvsekhvalnov/jose2go"},{"name":"github.com/jackc/pgx/v5","old_version":"5.5.4","new_version":"5.9.2","repository_url":"https://github.com/jackc/pgx"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 5 updates in the /go directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.24.0` | `1.43.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.62.1` | `1.79.3` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.12` | `1.7.29` |\n| [github.com/dvsekhvalnov/jose2go](https://github.com/dvsekhvalnov/jose2go) | `1.5.0` | `1.7.0` |\n| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.4` | `5.9.2` |\n\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.24.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.62.1 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.62.1...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.12 to 1.7.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.29\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.29 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe twenty-ninth patch release for containerd 1.7 contains various fixes\nand updates including security patches.\u003c/p\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w\"\u003e\u003cstrong\u003eGHSA-pwhc-rpq9-4c8w\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2\"\u003e\u003cstrong\u003eGHSA-m6hq-p25p-ffr2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003erunc\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\"\u003e\u003cstrong\u003eGHSA-qw9x-cqr3-wc7r\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003e\u003cstrong\u003eGHSA-cgrx-mc8f-2prm\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\"\u003e\u003cstrong\u003eGHSA-9493-h29p-rfm2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate differ to handle zstd media types\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12018\"\u003e#12018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.3\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFix lost container logs from quickly closing io\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12375\"\u003e#12375\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003cli\u003eningmingxiao\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eStepSecurity Bot\u003c/li\u003e\n\u003cli\u003ewheat2018\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34bd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0450f046e6942e513d0ebf1ef5c2aff13daa187f\"\u003e\u003ccode\u003e0450f046e\u003c/code\u003e\u003c/a\u003e Fix directory permissions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6ddb7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6dd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9772966401ad3c33a6cd824632f0c61e5049f3a5\"\u003e\u003ccode\u003e9772966\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12486\"\u003e#12486\u003c/a\u003e from dmcgowan/prepare-v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1fc2daaf3ed53f4c9e76fbc5786a6f1ae3bb885f\"\u003e\u003ccode\u003e1fc2daa\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/93f710a528958474f95a95e54516624ef832d80f\"\u003e\u003ccode\u003e93f710a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12480\"\u003e#12480\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-12475-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/68d04befab3284f1dfe2a9f5691ea5da76daace7\"\u003e\u003ccode\u003e68d04be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12471\"\u003e#12471\u003c/a\u003e from austinvazquez/1_7_update_ci_go_and_images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3f5f9f872707a743563d316e85e530193a2e30ac\"\u003e\u003ccode\u003e3f5f9f8\u003c/code\u003e\u003c/a\u003e runc: Update runc binary to v1.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/667409fb63098cb80280940ab06038114e7712da\"\u003e\u003ccode\u003e667409f\u003c/code\u003e\u003c/a\u003e ci: bump Go 1.24.9, 1.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/294f8c027b607c4450b3e52f44280581a737a73f\"\u003e\u003ccode\u003e294f8c0\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest images for basic binaries build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf66b4141defb757dee0fc5653bfd0a7ba1e8fed\"\u003e\u003ccode\u003ecf66b41\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest image for most jobs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.12...v1.7.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/dvsekhvalnov/jose2go` from 1.5.0 to 1.7.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/0a0673dd7f2820a446de5b04b9094b2291d77d5d\"\u003e\u003ccode\u003e0a0673d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dvsekhvalnov/jose2go/issues/34\"\u003e#34\u003c/a\u003e from dvsekhvalnov/issue-33-deflate-limit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/c3fff7c58065c848ba063d5cee07bd2c5908a14f\"\u003e\u003ccode\u003ec3fff7c\u003c/code\u003e\u003c/a\u003e docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/e51b47f33c704a31f1f7ad75120759e01de5fb4c\"\u003e\u003ccode\u003ee51b47f\u003c/code\u003e\u003c/a\u003e docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/c7dde528a01b38c96652b99a5d2ed93d8932b39e\"\u003e\u003ccode\u003ec7dde52\u003c/code\u003e\u003c/a\u003e fixing workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/a194baa4bb649000dd2266218155727c27297341\"\u003e\u003ccode\u003ea194baa\u003c/code\u003e\u003c/a\u003e added go versions and OSs to matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/f31cfc6b273af924c90bd5305b92ff5f9af10763\"\u003e\u003ccode\u003ef31cfc6\u003c/code\u003e\u003c/a\u003e fixing yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/1a4ba55b88b757ed4533884a014531d3f421462b\"\u003e\u003ccode\u003e1a4ba55\u003c/code\u003e\u003c/a\u003e added matrix to workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/d2baff2f0b24baab11bd34b8268c9aabfeb31914\"\u003e\u003ccode\u003ed2baff2\u003c/code\u003e\u003c/a\u003e go workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/b14c81a7a3261666e4ec76f04438f79d70211272\"\u003e\u003ccode\u003eb14c81a\u003c/code\u003e\u003c/a\u003e added limitation for deflate decompression stream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/48ba0b76bc881767cff2723388f4dd1a47c5104a\"\u003e\u003ccode\u003e48ba0b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dvsekhvalnov/jose2go/issues/32\"\u003e#32\u003c/a\u003e from dvsekhvalnov/issue-31-security-tuning\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dvsekhvalnov/jose2go/compare/v1.5...v1.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v5` from 5.5.4 to 5.9.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/master/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v5's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.9.2 (April 18, 2026)\u003c/h1\u003e\n\u003cp\u003eFix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA dollar quoted string literal is used in the SQL query.\u003c/li\u003e\n\u003cli\u003eThat query contains text that would be would be interpreted outside as a placeholder outside of a string literal.\u003c/li\u003e\n\u003cli\u003eThe value of that placeholder is controllable by the attacker.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003ee.g.\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eattackValue := `$tag$; drop table canary; --`\n_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis is unlikely to occur outside of a contrived scenario.\u003c/p\u003e\n\u003ch1\u003e5.9.1 (March 22, 2026)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.9.0 (March 21, 2026)\u003c/h1\u003e\n\u003cp\u003eThis release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and\nPostgreSQL protocol 3.2 support.\u003c/p\u003e\n\u003cp\u003eIt significantly reduces the amount of network traffic when using prepared statements (which are used automatically by\ndefault) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.\u003c/p\u003e\n\u003cp\u003eIt also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends\ndeliberately malformed messages.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Go 1.25+\u003c/li\u003e\n\u003cli\u003eAdd SCRAM-SHA-256-PLUS support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eAdd OAuth authentication support for PostgreSQL 18 (David Schneider)\u003c/li\u003e\n\u003cli\u003eAdd PostgreSQL protocol 3.2 support (Dirkjan Bussink)\u003c/li\u003e\n\u003cli\u003eAdd tsvector type support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eSkip Describe Portal for cached prepared statements reducing network round trips\u003c/li\u003e\n\u003cli\u003eMake LoadTypes query easier to support on \u0026quot;postgres-like\u0026quot; servers (Jelte Fennema-Nio)\u003c/li\u003e\n\u003cli\u003eDefault empty user to current OS user matching libpq behavior (ShivangSrivastava)\u003c/li\u003e\n\u003cli\u003eOptimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize date scanning by replacing regex with manual parsing (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize pgio append/set functions with direct byte shifts (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eMake RowsAffected faster (Abhishek Chanda)\u003c/li\u003e\n\u003cli\u003eFix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)\u003c/li\u003e\n\u003cli\u003eFix: ContextWatcher goroutine leak (Hank Donnay)\u003c/li\u003e\n\u003cli\u003eFix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0aeabbcf11d859229c1f0b20e710d3596c76bf27\"\u003e\u003ccode\u003e0aeabbc\u003c/code\u003e\u003c/a\u003e Release v5.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/60644f84918a8af66d14a4b0d865d4edafd955da\"\u003e\u003ccode\u003e60644f8\u003c/code\u003e\u003c/a\u003e Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/a5680bc945aa7c6ebac2778d859ee7b4ba86db60\"\u003e\u003ccode\u003ea5680bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jackc/pgx/issues/2531\"\u003e#2531\u003c/a\u003e from dolmen-go/godoc-add-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/e34e4524007062710c6a4fb9c8655b75a486b5cd\"\u003e\u003ccode\u003ee34e452\u003c/code\u003e\u003c/a\u003e doc: Add godoc links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/08c9bb1f0d8fa6cc10ed8c713e68b1baa64dfe2c\"\u003e\u003ccode\u003e08c9bb1\u003c/code\u003e\u003c/a\u003e Fix Stringer types encoded as text instead of numeric value in composite fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/96b4dbdfd0458cb425bf8454d292a23978872cc8\"\u003e\u003ccode\u003e96b4dbd\u003c/code\u003e\u003c/a\u003e Remove unstable test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/acf88e0065682e8948696d26fa6438669c4cabee\"\u003e\u003ccode\u003eacf88e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jackc/pgx/issues/2526\"\u003e#2526\u003c/a\u003e from abrightwell/abrightwell-min-proto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/2f81f1fc03bef99593e92c64ad9cac954c00e8e6\"\u003e\u003ccode\u003e2f81f1f\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003emax_protocol_version\u003c/code\u003e and \u003ccode\u003emin_protocol_version\u003c/code\u003e defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/4e4eaedb47b7b3cfba0a1b0a9e6a3f015764f046\"\u003e\u003ccode\u003e4e4eaed\u003c/code\u003e\u003c/a\u003e Release v5.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/62731882651a90348febb43b2119b5f8bd9272de\"\u003e\u003ccode\u003e6273188\u003c/code\u003e\u003c/a\u003e Fix batch result format corruption when using cached prepared statements\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v5.5.4...v5.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.21.0 to 0.46.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/19acf81bd7bc7b558d18a550e8e023df2c33e742\"\u003e\u003ccode\u003e19acf81\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3a1c6b4b61966d06b6469ad7bc15839ba76eeb89\"\u003e\u003ccode\u003e3a1c6b4\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f4602e40409257658159002a9af6aedb875949fb\"\u003e\u003ccode\u003ef4602e4\u003c/code\u003e\u003c/a\u003e ssh/agent: fix flaky test by ensuring a writeable home directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.21.0...v0.46.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.22.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/35e1306bddd863f360fb94480c5fed84229953f0\"\u003e\u003ccode\u003e35e1306\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7c360367ab7e57c0cfb7aef368fc6acefaaac3b1\"\u003e\u003ccode\u003e7c36036\u003c/code\u003e\u003c/a\u003e http2, webdav, websocket: fix %q verb uses with wrong type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ec11eccf5a0f725281df0cdf40bb7ebef51d57ea\"\u003e\u003ccode\u003eec11ecc\u003c/code\u003e\u003c/a\u003e trace: fix data race in RenderEvents\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/bff14c52567061031b9761881907c39e24792736\"\u003e\u003ccode\u003ebff14c5\u003c/code\u003e\u003c/a\u003e http2: don't PING a responsive server when resetting a stream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/88a642172c174ab11f4c56f0ede777de3c8a21d4\"\u003e\u003ccode\u003e88a6421\u003c/code\u003e\u003c/a\u003e dns/dnsmessage: avoid use of \u0026quot;strings\u0026quot; and \u0026quot;math\u0026quot; in dns/dnsmessage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/123d099e1bd872b38247bbcf9856540b8420d18d\"\u003e\u003ccode\u003e123d099\u003c/code\u003e\u003c/a\u003e http2: support net/http.Transport.NewClientConn\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/346cc6157ee53301dea14e57a45c22368ab46e55\"\u003e\u003ccode\u003e346cc61\u003c/code\u003e\u003c/a\u003e webdav: relax test to check for any redirect status, not just 301\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/9a296438e54dff851a45667aa645a97003b44db5\"\u003e\u003ccode\u003e9a29643\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/07cefd8a6bb170785052142a96034f2b2f7115bc\"\u003e\u003ccode\u003e07cefd8\u003c/code\u003e\u003c/a\u003e context: deprecate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/5ac9daca088ab4f378d7df849f6c7d28bea86071\"\u003e\u003ccode\u003e5ac9dac\u003c/code\u003e\u003c/a\u003e publicsuffix: don't treat ip addresses as domain names\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.22.0...v0.48.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.16.0 to 0.34.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/acc38155b7f6f36aefcb58faff6f36d314dd915c\"\u003e\u003ccode\u003eacc3815\u003c/code\u003e\u003c/a\u003e endpoints: fix %q verb use with wrong type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/f28b0b5467dda26d56f1240381158f7c334654d1\"\u003e\u003ccode\u003ef28b0b5\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/fd15e0fe894866ebff17ca3503d3706a967b061a\"\u003e\u003ccode\u003efd15e0f\u003c/code\u003e\u003c/a\u003e x/oauth2: populate RetrieveError from DeviceAuth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/792c8776358f0c8689d84eef0d0c966937d560fb\"\u003e\u003ccode\u003e792c877\u003c/code\u003e\u003c/a\u003e oauth2: use strings.Builder instead of bytes.Buffer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/014cf778b444f29c82ececa4f3ec1f6fe3db3eaf\"\u003e\u003ccode\u003e014cf77\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.24.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/3c76ce5d23d0d48721316e7631625ce32afaa14b\"\u003e\u003ccode\u003e3c76ce5\u003c/code\u003e\u003c/a\u003e endpoints: correct Naver OAuth2 endpoint URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/cf1431934151b3a93e0b3286eb6798ca08ea3770\"\u003e\u003ccode\u003ecf14319\u003c/code\u003e\u003c/a\u003e oauth2: fix expiration time window check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/32d34ef364e670a650fe59267b92301ff7ed08f1\"\u003e\u003ccode\u003e32d34ef\u003c/code\u003e\u003c/a\u003e internal: include clientID in auth style cache key\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/2d34e3091be3f4b4700842fb663dad98a10ddfb6\"\u003e\u003ccode\u003e2d34e30\u003c/code\u003e\u003c/a\u003e oauth2: replace a magic number with AuthStyleUnknown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/696f7b31289a98558822be146698b7834e477e63\"\u003e\u003ccode\u003e696f7b3\u003c/code\u003e\u003c/a\u003e all: modernize with doc links and any\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/oauth2/compare/v0.16.0...v0.34.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/HarleyCoops/chroma/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/HarleyCoops/chroma/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2Fchroma/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}],"issue_packages":[{"old_version":"1.7.31","new_version":"1.7.32","update_type":"patch","path":null,"pr_created_at":"2026-06-03T22:22:02.000Z","version_change":"1.7.31 → 1.7.32","issue":{"uuid":"4584096423","node_id":"PR_kwDOEOmcd87icEme","number":986,"state":"closed","title":"build(deps): bump the gomod group across 1 directory with 29 updates","user":"dependabot[bot]","labels":["release-note-none"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T05:04:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T22:22:02.000Z","updated_at":"2026-06-09T05:04:30.000Z","time_to_close":456146,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":29,"packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.31","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/containerd/api","old_version":"1.10.0","new_version":"1.11.1","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containers/conmon-rs","old_version":"0.7.3","new_version":"0.8.0","repository_url":"https://github.com/containers/conmon-rs"},{"name":"github.com/containers/kubensmnt","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/containers/kubensmnt"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/intel/goresctrl","old_version":"0.12.0","new_version":"0.13.0","repository_url":"https://github.com/intel/goresctrl"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.28.3","new_version":"2.29.0","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.4.1","new_version":"1.4.2","repository_url":"https://github.com/opencontainers/runc"},{"name":"github.com/opencontainers/selinux","old_version":"1.13.1","new_version":"1.15.1","repository_url":"https://github.com/opencontainers/selinux"},{"name":"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc","old_version":"0.68.0","new_version":"0.69.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go-contrib"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc","old_version":"1.43.0","new_version":"1.44.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"k8s.io/api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/api"},{"name":"k8s.io/client-go","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/client-go"},{"name":"k8s.io/component-base","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/component-base"},{"name":"k8s.io/cri-api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-api"},{"name":"k8s.io/cri-client","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-client"},{"name":"k8s.io/cri-streaming","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-streaming"},{"name":"k8s.io/kubelet","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/kubelet"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.31` | `1.7.32` |\n| [github.com/containerd/containerd/api](https://github.com/containerd/containerd) | `1.10.0` | `1.11.1` |\n| [github.com/containers/conmon-rs](https://github.com/containers/conmon-rs) | `0.7.3` | `0.8.0` |\n| [github.com/containers/kubensmnt](https://github.com/containers/kubensmnt) | `1.2.0` | `1.3.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/intel/goresctrl](https://github.com/intel/goresctrl) | `0.12.0` | `0.13.0` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.4.1` | `1.4.2` |\n| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.13.1` | `1.15.1` |\n| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.68.0` | `0.69.0` |\n| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |\n| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.0` | `0.36.1` |\n| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.0` | `0.36.1` |\n| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-api](https://github.com/kubernetes/cri-api) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-client](https://github.com/kubernetes/cri-client) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-streaming](https://github.com/kubernetes/cri-streaming) | `0.36.0` | `0.36.1` |\n| [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.36.0` | `0.36.1` |\n\n\nUpdates `github.com/containerd/containerd` from 1.7.31 to 1.7.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.31...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd/api` from 1.10.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd API 1.11.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.1 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe first patch release for the containerd 1.11 API includes a fix\nin the task endpoints for non-runc shims.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for api/v1.11.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13444\"\u003e#13444\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef299\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9ec\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/containerd/containerd/releases/tag/api/v1.11.0\"\u003eapi/v1.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003econtainerd API 1.11.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.0 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe 12th release for the containerd 1.x API aligns with the containerd 2.3 release.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd transfer types for container filesystem copy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13165\"\u003e#13165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate sandbox API to include spec field (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12840\"\u003e#12840\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd os.features support for EROFS native container images (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13091\"\u003e#13091\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f822a911ab2b7c73e30bc0f36ea319642c9711b1\"\u003e\u003ccode\u003ef822a91\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13444\"\u003e#13444\u003c/a\u003e from dmcgowan/prepare-api-v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef2\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a50a704094cf72710ccfa4944a642ef4e7ec9d2c\"\u003e\u003ccode\u003ea50a704\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13422\"\u003e#13422\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13360-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/5282d4e09d3bc8b0957780caa7a4644fac7c86a7\"\u003e\u003ccode\u003e5282d4e\u003c/code\u003e\u003c/a\u003e Wire task address and version fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/85f22f7afa3af5aa5083cc7ae50c3b58a35b8849\"\u003e\u003ccode\u003e85f22f7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13409\"\u003e#13409\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4d80a31bf637bc15e83e50a15941bf5bb0cb3988\"\u003e\u003ccode\u003e4d80a31\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2ed0d97b6e58def34684a1bffc2ab6931182f221\"\u003e\u003ccode\u003e2ed0d97\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2315484b7e7a5b53e73ad3b143c780ec7612420b\"\u003e\u003ccode\u003e2315484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13390\"\u003e#13390\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13363-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1ad3402b855b77eb3800f74c87ff78736edf72d2\"\u003e\u003ccode\u003e1ad3402\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13394\"\u003e#13394\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13389-t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/api/v1.10.0...api/v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/conmon-rs` from 0.7.3 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/conmon-rs/releases\"\u003egithub.com/containers/conmon-rs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOpenTelemetry dependencies are now optional. Enable with --features telemetry at build time. (\u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3044\"\u003e#3044\u003c/a\u003e, \u003ca href=\"https://github.com/saschagrunert\"\u003e\u003ccode\u003e@​saschagrunert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecyphar.com/go-pathrs: v0.2.4\u003c/li\u003e\n\u003cli\u003egithub.com/NYTimes/gziphandler: \u003ca href=\"https://github.com/NYTimes/gziphandler/tree/v1.1.1\"\u003ev1.1.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cespare/xxhash/v2: \u003ca href=\"https://github.com/cespare/xxhash/tree/v2.3.0\"\u003ev2.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/expect: v0.1.0-deprecated\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated\u003c/li\u003e\n\u003cli\u003ek8s.io/gengo/v2: 85fd79d\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egithub.com/coreos/go-systemd/v22: \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ev22.6.0 → v22.7.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cpuguy83/go-md2man/v2: \u003ca href=\"https://github.com/cpuguy83/go-md2man/compare/v2.0.5...v2.0.7\"\u003ev2.0.5 → v2.0.7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cyphar/filepath-securejoin: \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ev0.5.1 → v0.6.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/google/pprof: \u003ca href=\"https://github.com/google/pprof/compare/f64d9cf...294ebfa\"\u003ef64d9cf → 294ebfa\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/ginkgo/v2: \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.2...v2.28.1\"\u003ev2.27.2 → v2.28.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/gomega: \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.39.1\"\u003ev1.38.2 → v1.39.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/cgroups: \u003ca href=\"https://github.com/opencontainers/cgroups/compare/v0.0.5...v0.0.6\"\u003ev0.0.5 → v0.0.6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runc: \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.3...v1.4.1\"\u003ev1.3.3 → v1.4.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-spec: \u003ca href=\"https://github.com/opencontainers/runtime-spec/compare/v1.2.1...v1.3.0\"\u003ev1.2.1 → v1.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-tools: \u003ca href=\"https://github.com/opencontainers/runtime-tools/compare/0ea5ed0...5e63903\"\u003e0ea5ed0 → 5e63903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/selinux: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ev1.12.0 → v1.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/rogpeppe/go-internal: \u003ca href=\"https://github.com/rogpeppe/go-internal/compare/v1.13.1...v1.14.1\"\u003ev1.13.1 → v1.14.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/sirupsen/logrus: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ev1.9.3 → v1.9.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/urfave/cli: \u003ca href=\"https://github.com/urfave/cli/compare/v1.22.16...v1.22.17\"\u003ev1.22.16 → v1.22.17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/metric: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/trace: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/common: v0.66.0 → v0.67.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/image/v5: v5.38.0 → v5.39.1\u003c/li\u003e\n\u003cli\u003ego.podman.io/storage: v1.61.0 → v1.62.0\u003c/li\u003e\n\u003cli\u003ego.yaml.in/yaml/v2: v2.4.2 → v2.4.3\u003c/li\u003e\n\u003cli\u003egolang.org/x/crypto: v0.43.0 → v0.47.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/mod: v0.28.0 → v0.32.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/net: v0.45.0 → v0.49.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/oauth2: v0.27.0 → v0.30.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sync: v0.17.0 → v0.19.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sys: v0.37.0 → v0.40.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/telemetry: aef8a43 → bd525da\u003c/li\u003e\n\u003cli\u003egolang.org/x/term: v0.36.0 → v0.39.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/text: v0.30.0 → v0.33.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools: v0.37.0 → v0.41.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/c07e5214eeef082e83661ff7b610bac38f08401c\"\u003e\u003ccode\u003ec07e521\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3142\"\u003e#3142\u003c/a\u003e from saschagrunert/bump-v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/df8a5f4c70a2a72568ba68f61e0fa0f9cdb5a7a3\"\u003e\u003ccode\u003edf8a5f4\u003c/code\u003e\u003c/a\u003e Bump version to v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4bb0a0f5f65d1a79c53951d02dfb27a298990a83\"\u003e\u003ccode\u003e4bb0a0f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3141\"\u003e#3141\u003c/a\u003e from containers/dependabot/cargo/zerocopy-0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4b81484a4c533f11da91bf415572bb3fdb609f62\"\u003e\u003ccode\u003e4b81484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3140\"\u003e#3140\u003c/a\u003e from containers/dependabot/cargo/itoa-1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/06c19681c35ec24c9567537bc8ed66c41766f876\"\u003e\u003ccode\u003e06c1968\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3137\"\u003e#3137\u003c/a\u003e from containers/dependabot/github_actions/actions/ca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/d8c08482543a40dda9d7140ab0faddfb90965450\"\u003e\u003ccode\u003ed8c0848\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3139\"\u003e#3139\u003c/a\u003e from containers/dependabot/cargo/opentelemetry-84f9a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/a9d10cc555ed4b1662fa7786bcc6538d9eaa0f78\"\u003e\u003ccode\u003ea9d10cc\u003c/code\u003e\u003c/a\u003e build(deps): bump zerocopy from 0.8.42 to 0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/295c1e2eed7ded46acc386d42356bf6095b447bb\"\u003e\u003ccode\u003e295c1e2\u003c/code\u003e\u003c/a\u003e build(deps): bump itoa from 1.0.17 to 1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/46856f7efc3d89b89f4799236acfa82c0f40055f\"\u003e\u003ccode\u003e46856f7\u003c/code\u003e\u003c/a\u003e build(deps): bump opentelemetry-otlp in the opentelemetry group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/e7caf158f2fc1576fa827e6c98862135d7696703\"\u003e\u003ccode\u003ee7caf15\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3135\"\u003e#3135\u003c/a\u003e from containers/dependabot/go_modules/k8s.io/client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/conmon-rs/compare/v0.7.3...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/kubensmnt` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/kubensmnt/releases\"\u003egithub.com/containers/kubensmnt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd stand-alone installation makefiles by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/9\"\u003econtainers/kubensmnt#9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd go embed test by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/10\"\u003econtainers/kubensmnt#10\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure shellcheck to enforce double-bracket style checks by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/12\"\u003econtainers/kubensmnt#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeck to make sure kubensmnt is mounted by \u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePre-create /run/netns bindmount so it propagates to the kubensmnt namespace by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/13\"\u003econtainers/kubensmnt#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove netns pre-mount code by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/14\"\u003econtainers/kubensmnt#14\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/d37589433623e38d0e73fa00ae7eedb70eec90d8\"\u003e\u003ccode\u003ed375894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/14\"\u003e#14\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/179235fb9bf4dea2275c637429c32b9204a6483d\"\u003e\u003ccode\u003e179235f\u003c/code\u003e\u003c/a\u003e Improve netns pre-mount code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9af9d360c629cfcf9b45e7ef1e5be0945016f6a1\"\u003e\u003ccode\u003e9af9d36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/13\"\u003e#13\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/6bbafddc37bbf8e8c05fc283997fb8e6cd735636\"\u003e\u003ccode\u003e6bbafdd\u003c/code\u003e\u003c/a\u003e Pre-create /run/netns bindmount so it propagates to the kubensmnt namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/3424a142b287da0adc4b759e37840f1204769f39\"\u003e\u003ccode\u003e3424a14\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/11\"\u003e#11\u003c/a\u003e from pixelsoccupied/check-mount\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/7a7d59131dce11a013f6eee6d588309c1cb7f403\"\u003e\u003ccode\u003e7a7d591\u003c/code\u003e\u003c/a\u003e check to make sure kubensmnt is mounted\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/4b80f7c792c8864970ca94a72f3d410691221749\"\u003e\u003ccode\u003e4b80f7c\u003c/code\u003e\u003c/a\u003e Configure shellcheck to enforce double-bracket style checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2e5472fd300ef840cbb340e9031897f3c006a99e\"\u003e\u003ccode\u003e2e5472f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/10\"\u003e#10\u003c/a\u003e from lack/go_embed_test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9264c5c70b513e5d48b987a6b55b11a3108a083c\"\u003e\u003ccode\u003e9264c5c\u003c/code\u003e\u003c/a\u003e Add go embed test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2728572f6444955f5f737bd46905214b654e74d3\"\u003e\u003ccode\u003e2728572\u003c/code\u003e\u003c/a\u003e Add stand-alone installation makefiles\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/intel/goresctrl` from 0.12.0 to 0.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/intel/goresctrl/releases\"\u003egithub.com/intel/goresctrl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the Linux kernel TPMI interface for managing Intel SST (Speed Select Technology) which enables support for the latest (and future) generations of processors. With this, goresctrl specifies a new more flexible and extensible API for SST (pkg/sst) – the old API is deprecated but still supported for backwards compatibility. The release also brings support for SST-TF (Turbo Frequency).\u003c/p\u003e\n\u003ch3\u003eList of PRs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/174\"\u003eintel/goresctrl#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub: pin versions of github actions on sha by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/175\"\u003eintel/goresctrl#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 6.3.0 to 6.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/176\"\u003eintel/goresctrl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/178\"\u003eintel/goresctrl#178\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/179\"\u003eintel/goresctrl#179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/177\"\u003eintel/goresctrl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: fix logging level by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/180\"\u003eintel/goresctrl#180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecmd/sst-ctl: refactor by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/182\"\u003eintel/goresctrl#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/183\"\u003eintel/goresctrl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecstates: fix doubly prefixed possible cpus sysfs path by \u003ca href=\"https://github.com/askervin\"\u003e\u003ccode\u003e@​askervin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/184\"\u003eintel/goresctrl#184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd gitignore by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/185\"\u003eintel/goresctrl#185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eutils/idset: present idset in packed format by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/186\"\u003eintel/goresctrl#186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/187\"\u003eintel/goresctrl#187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: add support for TPMI interface and SST-TF by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/181\"\u003eintel/goresctrl#181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: add detailed info API by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/188\"\u003eintel/goresctrl#188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: fix legacy API by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/189\"\u003eintel/goresctrl#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\"\u003ehttps://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/fe1066ae9cce40fa23930eb4ae392b562eea78c5\"\u003e\u003ccode\u003efe1066a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/189\"\u003e#189\u003c/a\u003e from marquiz/devel/legacy-api\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/293d23110352fa84b869c298538918f271e737dd\"\u003e\u003ccode\u003e293d231\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/188\"\u003e#188\u003c/a\u003e from marquiz/devel/sst-info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/511e7b54ff0fc3846ed119db94ed146d6cc09a8e\"\u003e\u003ccode\u003e511e7b5\u003c/code\u003e\u003c/a\u003e sst: fix legacy API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/88c6fdacdfdc51cdf437ca50ad55a010fa32a42e\"\u003e\u003ccode\u003e88c6fda\u003c/code\u003e\u003c/a\u003e cmd/sst: implement info subcommand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/3f62eff60456c68449f458ca46ef4ba35880736f\"\u003e\u003ccode\u003e3f62eff\u003c/code\u003e\u003c/a\u003e sst: add detailed info API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/f3eb140c6783918f0f1b9ee2ce5f6e76be2a7c8a\"\u003e\u003ccode\u003ef3eb140\u003c/code\u003e\u003c/a\u003e sst: move helper packages to internal/\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/ea84f472d307402b51524dcb90e738e032c9e768\"\u003e\u003ccode\u003eea84f47\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/181\"\u003e#181\u003c/a\u003e from marquiz/devel/sst-tpmi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/6ce26466cd74eb6208ab1ee8fe7680ece69a60b4\"\u003e\u003ccode\u003e6ce2646\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/187\"\u003e#187\u003c/a\u003e from intel/dependabot/github_actions/main/golangci/go...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/0232a79c9806dffbf976f5363c7f7f6111e46c8a\"\u003e\u003ccode\u003e0232a79\u003c/code\u003e\u003c/a\u003e cmd/sst: add tf (SST-TF) subcommand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/cdeb50b46834fd14ee57a72a2f1075735329264c\"\u003e\u003ccode\u003ecdeb50b\u003c/code\u003e\u003c/a\u003e sst: add support for SST-TF\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.29.0\u003c/h2\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/04b5bcbe4eee911a1baf506eda1e7e811c978937\"\u003e\u003ccode\u003e04b5bcb\u003c/code\u003e\u003c/a\u003e v2.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/124232a4531c77a7f31a036e0150e06fa78b2af8\"\u003e\u003ccode\u003e124232a\u003c/code\u003e\u003c/a\u003e docs: GinkgoHelperGo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/ad9cee80bdfda573e94f1b05f2bd4afa1a2fe815\"\u003e\u003ccode\u003ead9cee8\u003c/code\u003e\u003c/a\u003e feat: GinkgoHelperGo, with integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/9e56a0a2a090eb83af696381161bdb996c69bcac\"\u003e\u003ccode\u003e9e56a0a\u003c/code\u003e\u003c/a\u003e chore: refactor devcontainer for better maintenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/3d235a96ac05d9e855048c66528d2fdbfb9101f7\"\u003e\u003ccode\u003e3d235a9\u003c/code\u003e\u003c/a\u003e chore: ignore internal/tmp_*/ integration suite temporary dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/782666ae83c2bc804f28b1333bf91a21b093d946\"\u003e\u003ccode\u003e782666a\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/009dd04de2d18f00c3c812d2caab713a165a1f7c\"\u003e\u003ccode\u003e009dd04\u003c/code\u003e\u003c/a\u003e Support DescribeTableSubtree in ginkgo outline\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.28.3...v2.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.41.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eBeASlice\u003c/code\u003e and \u003ccode\u003eBeAnArray\u003c/code\u003e matchers\u003c/p\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eObject formatting now detects pointer cycles to avoid runaway formatting output.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/af2bccb5831cbcc56cfc16ca3056077cdec4798b\"\u003e\u003ccode\u003eaf2bccb\u003c/code\u003e\u003c/a\u003e v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/73e81f6f054c825d1743bf4090ac0a9e1d5605af\"\u003e\u003ccode\u003e73e81f6\u003c/code\u003e\u003c/a\u003e v1.41.0 (full)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e35a84f24113255aaeea62fe7c47e09adf39109b\"\u003e\u003ccode\u003ee35a84f\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/f12e5e1bc7167fae21ef37b0d9d358d51063ff5e\"\u003e\u003ccode\u003ef12e5e1\u003c/code\u003e\u003c/a\u003e fix(format): detect pointer cycles to avoid runaway formatting output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e14831fefa86313f2b01fb803b2ac937e49d08b6\"\u003e\u003ccode\u003ee14831f\u003c/code\u003e\u003c/a\u003e Add optionalDescription docs to AsyncAssertion and Assertion interfaces\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/344b94dae7e0df0e2d087574b4c2b1b1597a6943\"\u003e\u003ccode\u003e344b94d\u003c/code\u003e\u003c/a\u003e Add BeASlice and BeAnArray matchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.40.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.4.1 to 1.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.2 -- \u0026quot;Я — Земля! Я своих провожаю питомцев\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the second patch release of the 1.4.z release series of runc.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStatic Linking Notices\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003erunc\u003c/code\u003e binary distributed with this release are \u003cem\u003estatically linked\u003c/em\u003e with\nthe following \u003ca href=\"https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\"\u003eGNU LGPL-2.1\u003c/a\u003e licensed libraries, with \u003ccode\u003erunc\u003c/code\u003e acting\nas a \u0026quot;work that uses the Library\u0026quot;:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seccomp/libseccomp\"\u003elibseccomp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe versions of these libraries were not modified from their upstream versions,\nbut in order to comply with the LGPL-2.1 (§6(a)), we have attached the\ncomplete source code for those libraries which (when combined with the attached\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\u003c/p\u003e\n\u003cp\u003eHowever we strongly suggest that you make use of your distribution's packages\nor download them from the authoritative upstream sources, especially since\nthese libraries are related to the security of your containers.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAyato Tokubi \u003ca href=\"mailto:atokubi@redhat.com\"\u003eatokubi@redhat.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAkihiro Suda \u003ca href=\"mailto:akihiro.suda.cz@hco.ntt.co.jp\"\u003eakihiro.suda.cz@hco.ntt.co.jp\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLi Fubang \u003ca href=\"mailto:lifubang@acmcoder.com\"\u003elifubang@acmcoder.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRodrigo Campos Catelin \u003ca href=\"mailto:rodrigo@amutable.com\"\u003erodrigo@amutable.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Kir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/v1.4.2/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.2] - 2026-04-02\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eЯ — Земля! Я своих провожаю питомцев.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c241c0bb5e60a8e8c1b2e53d4eca8d0068d8d57e\"\u003e\u003ccode\u003ec241c0b\u003c/code\u003e\u003c/a\u003e VERSION: release v1.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/95f27e805324fce0899c9a2afbb819944f91315b\"\u003e\u003ccode\u003e95f27e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e from lifubang/backport-5210-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/39791aeab622c319146456c603643062d256e715\"\u003e\u003ccode\u003e39791ae\u003c/code\u003e\u003c/a\u003e Fix SIGCHLD race in signal handler setup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/226ff030b46f482c7715726a5de70957a9aec24d\"\u003e\u003ccode\u003e226ff03\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e from lifubang/backport-5177-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/9de77a986c188bd436d5a60f47066388f6b199b5\"\u003e\u003ccode\u003e9de77a9\u003c/code\u003e\u003c/a\u003e test: check mount source fds are cleaned up with idmapped mounts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e4a82fc2d8604fa48f0bfbf7cb09b7c074a9dcc9\"\u003e\u003ccode\u003ee4a82fc\u003c/code\u003e\u003c/a\u003e libct: close mount source fd as soon as possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/87db63422d1d11b2a726674ca9ff276e5fffc7dd\"\u003e\u003ccode\u003e87db634\u003c/code\u003e\u003c/a\u003e libct: add a nil check for mountError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/d4305dc5dddc9daf4a5adb9d6465d230e83f5e94\"\u003e\u003ccode\u003ed4305dc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5187\"\u003e#5187\u003c/a\u003e from kolyshkin/1.4-5159\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/63605fc49f9dc6a26b55d7f26e0473c1e626230b\"\u003e\u003ccode\u003e63605fc\u003c/code\u003e\u003c/a\u003e ci: add conmon tests run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/0daa0038d2f5151c0b503480c311f93694388ef0\"\u003e\u003ccode\u003e0daa003\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5178\"\u003e#5178\u003c/a\u003e from kolyshkin/1.4-5175\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.4.1...v1.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.13.1 to 1.15.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReserveLabelV2: ignore labels without MCS by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/272\"\u003eopencontainers/selinux#272\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.15.0...v1.15.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.15.0...v1.15.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release adds a new function, SetProcessKind, which is to be used instead of KVMProcessLabel[s] and InitProcessLabel[s] in case the user only wants to change the type of the existing label, not generate a new one. It also fixes an CI issue and optimizes label.InitLabels for a few common cases.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: set timeout for vm jobs by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/270\"\u003eopencontainers/selinux#270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elabel.InitLabels: optimize by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/269\"\u003eopencontainers/selinux#269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SetProcessKind by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/271\"\u003eopencontainers/selinux#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.1\u003c/h2\u003e\n\u003cp\u003eThis release mostly fixes label.InitLabels regression introduced in v1.14.0.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: rm travis, add gha badge by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/268\"\u003eopencontainers/selinux#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix label.InitLabels regression in v1.14.0; amend ReserveLabelV2 doc by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/267\"\u003eopencontainers/selinux#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release fixes a regression in ExecLabel, bumps the minimal Go version to 1.22, and deprecates several functions in favor of improved API.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eExecLabel\u003c/code\u003e was using an incorrect path (regression in v1.13.0). (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/253\"\u003eopencontainers/selinux#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eCategoryRange\u003c/code\u003e is deprecated; use \u003ccode\u003eSetCategoryRange\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eKVMContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eKVMContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eInitContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eInitContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eReserveLabel\u003c/code\u003e is deprecated; use \u003ccode\u003eReserveLabelV2\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eROFileLabel\u003c/code\u003e is deprecated; if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContainerLabels\u003c/code\u003e is deprecated, if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSEUserByName\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/251\"\u003eopencontainers/selinux#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCheckLabel\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/250\"\u003eopencontainers/selinux#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSetCategoryRange\u003c/code\u003e, \u003ccode\u003eKVMContainerLabel\u003c/code\u003e, \u003ccode\u003eInitContainerLabel\u003c/code\u003e, \u003ccode\u003eReserveLabelV2\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to Go 1.22 as the minimally supported version (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/256\"\u003eopencontainers/selinux#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eGetDefaultContextWithLevel\u003c/code\u003e to fall back to failsafe context (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse math/rand/v2 rather than crypto/rand for MCS label generation (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/257\"\u003eopencontainers/selinux#257\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9801d537a2fa2bdfeb6ef51de1115089d965f505\"\u003e\u003ccode\u003e9801d53\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/272\"\u003e#272\u003c/a\u003e from kolyshkin/add-mcs-nit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/cf4e440ad6674c88def52f4c3c600f1b5b1773e0\"\u003e\u003ccode\u003ecf4e440\u003c/code\u003e\u003c/a\u003e ReserveLabelV2: ignore labels without MCS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/84683a6ecf369d67892b764300da9a614e403073\"\u003e\u003ccode\u003e84683a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/271\"\u003e#271\u003c/a\u003e from kolyshkin/change-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8889f6ec5dfbc92be63ff81f67cce3f1e7f8567a\"\u003e\u003ccode\u003e8889f6e\u003c/code\u003e\u003c/a\u003e Add SetProcessKind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fb9b5b20d3dce247bd0b0a96e26ad983c4909b9a\"\u003e\u003ccode\u003efb9b5b2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/269\"\u003e#269\u003c/a\u003e from kolyshkin/init-labels-opt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/74873e291f7a5d573fec3e7f2e0e16a8595434ca\"\u003e\u003ccode\u003e74873e2\u003c/code\u003e\u003c/a\u003e label.InitLabels: optimize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8bf19e9d124ef078dd0c0dfc2a14f3b9843c987\"\u003e\u003ccode\u003ec8bf19e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/270\"\u003e#270\u003c/a\u003e from kolyshkin/timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/a55d914f19b9dad21a21f5d882452971e7db2d03\"\u003e\u003ccode\u003ea55d914\u003c/code\u003e\u003c/a\u003e ci: set timeout for vm jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/89b039b4fb2ec4056a15eefce2e6e1a85b33fa70\"\u003e\u003ccode\u003e89b039b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/267\"\u003e#267\u003c/a\u003e from kolyshkin/damage-control\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8c517ef35fd53d6a151e950bcc56f80d3fb2dec0\"\u003e\u003ccode\u003e8c517ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/268\"\u003e#268\u003c/a\u003e from kolyshkin/readme\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.1...v1.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.68.0 to 0.69.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go-contrib/releases\"\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.44.0/v2.5.1/v0.69.0/v0.37.1/v0.24.0/v0.19.0/v0.16.1/v0.16.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eerror.type\u003c/code\u003e attribute to \u003ccode\u003ehttp.client.request.duration\u003c/code\u003e for transport failures in \u003ccode\u003eotelhttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8801\"\u003e#8801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd examples for prometheus compatibility document. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8716\"\u003e#8716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecardinality_limits\u003c/code\u003e in \u003ccode\u003ePeriodicMetricReader\u003c/code\u003e in \u003ccode\u003eotelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8885\"\u003e#8885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eResource\u003c/code\u003e method to \u003ccode\u003eSDK\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf/x\u003c/code\u003e to expose the resolved SDK resource from declarative configuration. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8913\"\u003e#8913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/contrib/detectors/hetzner\u003c/code\u003e, a new resource detector for Hetzner Cloud servers, ported from \u003ccode\u003egithub.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor/internal/hetzner\u003c/code\u003e. Detects \u003ccode\u003ecloud.provider\u003c/code\u003e, \u003ccode\u003ecloud.platform\u003c/code\u003e, \u003ccode\u003ecloud.region\u003c/code\u003e, \u003ccode\u003ecloud.availability_zone\u003c/code\u003e, \u003ccode\u003ehost.id\u003c/code\u003e, and \u003ccode\u003ehost.name\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8979\"\u003e#8979\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSet error field as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of a plain attribute in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otellogrus\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8776\"\u003e#8776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet the \u0026quot;error\u0026quot; field (e.g. created via \u003ccode\u003ezap.Error\u003c/code\u003e) as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of a plain attribute in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otelzap\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8719\"\u003e#8719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet fields implementing \u003ccode\u003eerror\u003c/code\u003e interface from \u003ccode\u003eslog\u003c/code\u003e records as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of plain attributes in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otelslog\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8774\"\u003e#8774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet emitted errors in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otellogr\u003c/code\u003e as record errors (\u003ccode\u003eRecord.SetErr\u003c/code\u003e) instead of \u003ccode\u003eexception.message\u003c/code\u003e attributes. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8775\"\u003e#8775\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix header attributes lost when using sub-spans in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eencoding\u003c/code\u003e configuration for OTLP HTTP exporters in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8772\"\u003e#8772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the custom body wrapper from the request's body after the request is processed to allow body type comparisons with the original type in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\u003c/code\u003e and \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/6914\"\u003e#6914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUnknown or empty HTTP methods now report \u0026quot;_OTHER\u0026quot; instead of \u0026quot;GET\u0026quot; across all HTTP instrumentations to align with OpenTelemetry semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default span name formatter in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\u003c/code\u003e now conforms to the OpenTelemetry HTTP semantic conventions for server span names. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8871\"\u003e#8871\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThe default span name is now \u003ccode\u003e{method} {route}\u003c/code\u003e (e.g. \u003ccode\u003eGET /foo/{id}\u003c/code\u003e) when a route pattern is available, or \u003ccode\u003e{method}\u003c/code\u003e (e.g. \u003ccode\u003eGET\u003c/code\u003e) otherwise.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the deprecated \u003ccode\u003eWithSpanOptions\u003c/code\u003e option in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8991\"\u003e#8991\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eotelconf: validate encoding configuration for OTLP HTTP exporters by \u003ca href=\"https://github.com/sonalgaud12\"\u003e\u003ccode\u003e@​sonalgaud12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8772\"\u003eopen-telemetry/opentelemetry-go-contrib#8772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.99.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8780\"\u003eopen-telemetry/opentelemetry-go-contrib#8780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update prom/prometheus docker tag to v3.11.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8779\"\u003eopen-telemetry/opentelemetry-go-contrib#8779\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eotellogrus: Set error field as \u003ccode\u003erecord.SetErr\u003c/code\u003e by \u003ca href=\"https://github.com/sonalgaud12\"\u003e\u003ccode\u003e@​sonalgaud12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8778\"\u003eopen-telemetry/opentelemetry-go-contrib#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update module golang.org/x/sys to v0.43.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@...\n\n_Description has been truncated_","html_url":"https://github.com/saschagrunert/cri-o/pull/986","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/saschagrunert%2Fcri-o/issues/986","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/986/packages"}},{"old_version":"1.7.30","new_version":"1.7.32","update_type":"patch","path":null,"pr_created_at":"2026-05-26T09:07:52.000Z","version_change":"1.7.30 → 1.7.32","issue":{"uuid":"4522934439","node_id":"PR_kwDOJHmk987fV-ho","number":430,"state":"closed","title":"Bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["type::security","dependabot","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-26T10:13:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T09:07:52.000Z","updated_at":"2026-05-26T10:13:36.000Z","time_to_close":3933,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/replicatedhq/replicated-sdk/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/replicatedhq/replicated-sdk/pull/430","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Freplicated-sdk/issues/430","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/430/packages"}},{"old_version":"1.7.31","new_version":"1.7.32","update_type":"patch","path":"/tests/e2e","pr_created_at":"2026-05-26T07:56:53.000Z","version_change":"1.7.31 → 1.7.32","issue":{"uuid":"4522478840","node_id":"PR_kwDONfyD3M7fUevc","number":198,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.31 to 1.7.32 in /tests/e2e","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T07:56:53.000Z","updated_at":"2026-05-28T12:31:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.31","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/tests/e2e","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.31 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.31...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/giantswarm/gateway-api-config-app/pull/198","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/giantswarm%2Fgateway-api-config-app/issues/198","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/198/packages"}},{"old_version":"1.7.31","new_version":"1.7.32","update_type":"patch","path":null,"pr_created_at":"2026-05-25T20:37:12.000Z","version_change":"1.7.31 → 1.7.32","issue":{"uuid":"4519409992","node_id":"PR_kwDOBAr5ps7fKh1S","number":9975,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T20:37:12.000Z","updated_at":"2026-05-26T21:53:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":20,"packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.31","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/containerd/api","old_version":"1.10.0","new_version":"1.11.1","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containers/conmon-rs","old_version":"0.7.3","new_version":"0.8.0","repository_url":"https://github.com/containers/conmon-rs"},{"name":"github.com/containers/kubensmnt","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/containers/kubensmnt"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.28.3","new_version":"2.29.0","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.4.1","new_version":"1.4.2","repository_url":"https://github.com/opencontainers/runc"},{"name":"github.com/opencontainers/selinux","old_version":"1.13.1","new_version":"1.15.0","repository_url":"https://github.com/opencontainers/selinux"},{"name":"golang.org/x/net","old_version":"0.53.0","new_version":"0.55.0","repository_url":"https://github.com/golang/net"},{"name":"google.golang.org/grpc","old_version":"1.80.0","new_version":"1.81.1","repository_url":"https://github.com/grpc/grpc-go"},{"name":"k8s.io/api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/api"},{"name":"k8s.io/client-go","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/client-go"},{"name":"k8s.io/component-base","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/component-base"},{"name":"k8s.io/cri-streaming","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-streaming"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.31` | `1.7.32` |\n| [github.com/containerd/containerd/api](https://github.com/containerd/containerd) | `1.10.0` | `1.11.1` |\n| [github.com/containers/conmon-rs](https://github.com/containers/conmon-rs) | `0.7.3` | `0.8.0` |\n| [github.com/containers/kubensmnt](https://github.com/containers/kubensmnt) | `1.2.0` | `1.3.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.4.1` | `1.4.2` |\n| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.13.1` | `1.15.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.53.0` | `0.55.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.80.0` | `1.81.1` |\n| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.0` | `0.36.1` |\n| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.0` | `0.36.1` |\n| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-streaming](https://github.com/kubernetes/cri-streaming) | `0.36.0` | `0.36.1` |\n\n\nUpdates `github.com/containerd/containerd` from 1.7.31 to 1.7.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.31...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd/api` from 1.10.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd API 1.11.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.1 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe first patch release for the containerd 1.11 API includes a fix\nin the task endpoints for non-runc shims.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for api/v1.11.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13444\"\u003e#13444\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef299\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9ec\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/containerd/containerd/releases/tag/api/v1.11.0\"\u003eapi/v1.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003econtainerd API 1.11.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.0 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe 12th release for the containerd 1.x API aligns with the containerd 2.3 release.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd transfer types for container filesystem copy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13165\"\u003e#13165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate sandbox API to include spec field (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12840\"\u003e#12840\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd os.features support for EROFS native container images (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13091\"\u003e#13091\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f822a911ab2b7c73e30bc0f36ea319642c9711b1\"\u003e\u003ccode\u003ef822a91\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13444\"\u003e#13444\u003c/a\u003e from dmcgowan/prepare-api-v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef2\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a50a704094cf72710ccfa4944a642ef4e7ec9d2c\"\u003e\u003ccode\u003ea50a704\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13422\"\u003e#13422\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13360-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/5282d4e09d3bc8b0957780caa7a4644fac7c86a7\"\u003e\u003ccode\u003e5282d4e\u003c/code\u003e\u003c/a\u003e Wire task address and version fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/85f22f7afa3af5aa5083cc7ae50c3b58a35b8849\"\u003e\u003ccode\u003e85f22f7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13409\"\u003e#13409\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4d80a31bf637bc15e83e50a15941bf5bb0cb3988\"\u003e\u003ccode\u003e4d80a31\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2ed0d97b6e58def34684a1bffc2ab6931182f221\"\u003e\u003ccode\u003e2ed0d97\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2315484b7e7a5b53e73ad3b143c780ec7612420b\"\u003e\u003ccode\u003e2315484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13390\"\u003e#13390\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13363-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1ad3402b855b77eb3800f74c87ff78736edf72d2\"\u003e\u003ccode\u003e1ad3402\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13394\"\u003e#13394\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13389-t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/api/v1.10.0...api/v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/conmon-rs` from 0.7.3 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/conmon-rs/releases\"\u003egithub.com/containers/conmon-rs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOpenTelemetry dependencies are now optional. Enable with --features telemetry at build time. (\u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3044\"\u003e#3044\u003c/a\u003e, \u003ca href=\"https://github.com/saschagrunert\"\u003e\u003ccode\u003e@​saschagrunert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecyphar.com/go-pathrs: v0.2.4\u003c/li\u003e\n\u003cli\u003egithub.com/NYTimes/gziphandler: \u003ca href=\"https://github.com/NYTimes/gziphandler/tree/v1.1.1\"\u003ev1.1.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cespare/xxhash/v2: \u003ca href=\"https://github.com/cespare/xxhash/tree/v2.3.0\"\u003ev2.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/expect: v0.1.0-deprecated\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated\u003c/li\u003e\n\u003cli\u003ek8s.io/gengo/v2: 85fd79d\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egithub.com/coreos/go-systemd/v22: \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ev22.6.0 → v22.7.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cpuguy83/go-md2man/v2: \u003ca href=\"https://github.com/cpuguy83/go-md2man/compare/v2.0.5...v2.0.7\"\u003ev2.0.5 → v2.0.7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cyphar/filepath-securejoin: \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ev0.5.1 → v0.6.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/google/pprof: \u003ca href=\"https://github.com/google/pprof/compare/f64d9cf...294ebfa\"\u003ef64d9cf → 294ebfa\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/ginkgo/v2: \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.2...v2.28.1\"\u003ev2.27.2 → v2.28.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/gomega: \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.39.1\"\u003ev1.38.2 → v1.39.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/cgroups: \u003ca href=\"https://github.com/opencontainers/cgroups/compare/v0.0.5...v0.0.6\"\u003ev0.0.5 → v0.0.6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runc: \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.3...v1.4.1\"\u003ev1.3.3 → v1.4.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-spec: \u003ca href=\"https://github.com/opencontainers/runtime-spec/compare/v1.2.1...v1.3.0\"\u003ev1.2.1 → v1.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-tools: \u003ca href=\"https://github.com/opencontainers/runtime-tools/compare/0ea5ed0...5e63903\"\u003e0ea5ed0 → 5e63903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/selinux: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ev1.12.0 → v1.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/rogpeppe/go-internal: \u003ca href=\"https://github.com/rogpeppe/go-internal/compare/v1.13.1...v1.14.1\"\u003ev1.13.1 → v1.14.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/sirupsen/logrus: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ev1.9.3 → v1.9.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/urfave/cli: \u003ca href=\"https://github.com/urfave/cli/compare/v1.22.16...v1.22.17\"\u003ev1.22.16 → v1.22.17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/metric: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/trace: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/common: v0.66.0 → v0.67.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/image/v5: v5.38.0 → v5.39.1\u003c/li\u003e\n\u003cli\u003ego.podman.io/storage: v1.61.0 → v1.62.0\u003c/li\u003e\n\u003cli\u003ego.yaml.in/yaml/v2: v2.4.2 → v2.4.3\u003c/li\u003e\n\u003cli\u003egolang.org/x/crypto: v0.43.0 → v0.47.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/mod: v0.28.0 → v0.32.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/net: v0.45.0 → v0.49.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/oauth2: v0.27.0 → v0.30.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sync: v0.17.0 → v0.19.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sys: v0.37.0 → v0.40.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/telemetry: aef8a43 → bd525da\u003c/li\u003e\n\u003cli\u003egolang.org/x/term: v0.36.0 → v0.39.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/text: v0.30.0 → v0.33.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools: v0.37.0 → v0.41.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/c07e5214eeef082e83661ff7b610bac38f08401c\"\u003e\u003ccode\u003ec07e521\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3142\"\u003e#3142\u003c/a\u003e from saschagrunert/bump-v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/df8a5f4c70a2a72568ba68f61e0fa0f9cdb5a7a3\"\u003e\u003ccode\u003edf8a5f4\u003c/code\u003e\u003c/a\u003e Bump version to v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4bb0a0f5f65d1a79c53951d02dfb27a298990a83\"\u003e\u003ccode\u003e4bb0a0f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3141\"\u003e#3141\u003c/a\u003e from containers/dependabot/cargo/zerocopy-0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4b81484a4c533f11da91bf415572bb3fdb609f62\"\u003e\u003ccode\u003e4b81484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3140\"\u003e#3140\u003c/a\u003e from containers/dependabot/cargo/itoa-1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/06c19681c35ec24c9567537bc8ed66c41766f876\"\u003e\u003ccode\u003e06c1968\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3137\"\u003e#3137\u003c/a\u003e from containers/dependabot/github_actions/actions/ca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/d8c08482543a40dda9d7140ab0faddfb90965450\"\u003e\u003ccode\u003ed8c0848\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3139\"\u003e#3139\u003c/a\u003e from containers/dependabot/cargo/opentelemetry-84f9a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/a9d10cc555ed4b1662fa7786bcc6538d9eaa0f78\"\u003e\u003ccode\u003ea9d10cc\u003c/code\u003e\u003c/a\u003e build(deps): bump zerocopy from 0.8.42 to 0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/295c1e2eed7ded46acc386d42356bf6095b447bb\"\u003e\u003ccode\u003e295c1e2\u003c/code\u003e\u003c/a\u003e build(deps): bump itoa from 1.0.17 to 1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/46856f7efc3d89b89f4799236acfa82c0f40055f\"\u003e\u003ccode\u003e46856f7\u003c/code\u003e\u003c/a\u003e build(deps): bump opentelemetry-otlp in the opentelemetry group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/e7caf158f2fc1576fa827e6c98862135d7696703\"\u003e\u003ccode\u003ee7caf15\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3135\"\u003e#3135\u003c/a\u003e from containers/dependabot/go_modules/k8s.io/client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/conmon-rs/compare/v0.7.3...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/kubensmnt` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/kubensmnt/releases\"\u003egithub.com/containers/kubensmnt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd stand-alone installation makefiles by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/9\"\u003econtainers/kubensmnt#9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd go embed test by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/10\"\u003econtainers/kubensmnt#10\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure shellcheck to enforce double-bracket style checks by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/12\"\u003econtainers/kubensmnt#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeck to make sure kubensmnt is mounted by \u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePre-create /run/netns bindmount so it propagates to the kubensmnt namespace by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/13\"\u003econtainers/kubensmnt#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove netns pre-mount code by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/14\"\u003econtainers/kubensmnt#14\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/d37589433623e38d0e73fa00ae7eedb70eec90d8\"\u003e\u003ccode\u003ed375894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/14\"\u003e#14\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/179235fb9bf4dea2275c637429c32b9204a6483d\"\u003e\u003ccode\u003e179235f\u003c/code\u003e\u003c/a\u003e Improve netns pre-mount code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9af9d360c629cfcf9b45e7ef1e5be0945016f6a1\"\u003e\u003ccode\u003e9af9d36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/13\"\u003e#13\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/6bbafddc37bbf8e8c05fc283997fb8e6cd735636\"\u003e\u003ccode\u003e6bbafdd\u003c/code\u003e\u003c/a\u003e Pre-create /run/netns bindmount so it propagates to the kubensmnt namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/3424a142b287da0adc4b759e37840f1204769f39\"\u003e\u003ccode\u003e3424a14\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/11\"\u003e#11\u003c/a\u003e from pixelsoccupied/check-mount\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/7a7d59131dce11a013f6eee6d588309c1cb7f403\"\u003e\u003ccode\u003e7a7d591\u003c/code\u003e\u003c/a\u003e check to make sure kubensmnt is mounted\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/4b80f7c792c8864970ca94a72f3d410691221749\"\u003e\u003ccode\u003e4b80f7c\u003c/code\u003e\u003c/a\u003e Configure shellcheck to enforce double-bracket style checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2e5472fd300ef840cbb340e9031897f3c006a99e\"\u003e\u003ccode\u003e2e5472f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/10\"\u003e#10\u003c/a\u003e from lack/go_embed_test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9264c5c70b513e5d48b987a6b55b11a3108a083c\"\u003e\u003ccode\u003e9264c5c\u003c/code\u003e\u003c/a\u003e Add go embed test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2728572f6444955f5f737bd46905214b654e74d3\"\u003e\u003ccode\u003e2728572\u003c/code\u003e\u003c/a\u003e Add stand-alone installation makefiles\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.29.0\u003c/h2\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/04b5bcbe4eee911a1baf506eda1e7e811c978937\"\u003e\u003ccode\u003e04b5bcb\u003c/code\u003e\u003c/a\u003e v2.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/124232a4531c77a7f31a036e0150e06fa78b2af8\"\u003e\u003ccode\u003e124232a\u003c/code\u003e\u003c/a\u003e docs: GinkgoHelperGo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/ad9cee80bdfda573e94f1b05f2bd4afa1a2fe815\"\u003e\u003ccode\u003ead9cee8\u003c/code\u003e\u003c/a\u003e feat: GinkgoHelperGo, with integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/9e56a0a2a090eb83af696381161bdb996c69bcac\"\u003e\u003ccode\u003e9e56a0a\u003c/code\u003e\u003c/a\u003e chore: refactor devcontainer for better maintenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/3d235a96ac05d9e855048c66528d2fdbfb9101f7\"\u003e\u003ccode\u003e3d235a9\u003c/code\u003e\u003c/a\u003e chore: ignore internal/tmp_*/ integration suite temporary dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/782666ae83c2bc804f28b1333bf91a21b093d946\"\u003e\u003ccode\u003e782666a\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/009dd04de2d18f00c3c812d2caab713a165a1f7c\"\u003e\u003ccode\u003e009dd04\u003c/code\u003e\u003c/a\u003e Support DescribeTableSubtree in ginkgo outline\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.28.3...v2.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.41.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eBeASlice\u003c/code\u003e and \u003ccode\u003eBeAnArray\u003c/code\u003e matchers\u003c/p\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eObject formatting now detects pointer cycles to avoid runaway formatting output.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/af2bccb5831cbcc56cfc16ca3056077cdec4798b\"\u003e\u003ccode\u003eaf2bccb\u003c/code\u003e\u003c/a\u003e v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/73e81f6f054c825d1743bf4090ac0a9e1d5605af\"\u003e\u003ccode\u003e73e81f6\u003c/code\u003e\u003c/a\u003e v1.41.0 (full)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e35a84f24113255aaeea62fe7c47e09adf39109b\"\u003e\u003ccode\u003ee35a84f\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/f12e5e1bc7167fae21ef37b0d9d358d51063ff5e\"\u003e\u003ccode\u003ef12e5e1\u003c/code\u003e\u003c/a\u003e fix(format): detect pointer cycles to avoid runaway formatting output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e14831fefa86313f2b01fb803b2ac937e49d08b6\"\u003e\u003ccode\u003ee14831f\u003c/code\u003e\u003c/a\u003e Add optionalDescription docs to AsyncAssertion and Assertion interfaces\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/344b94dae7e0df0e2d087574b4c2b1b1597a6943\"\u003e\u003ccode\u003e344b94d\u003c/code\u003e\u003c/a\u003e Add BeASlice and BeAnArray matchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.40.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.4.1 to 1.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.2 -- \u0026quot;Я — Земля! Я своих провожаю питомцев\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the second patch release of the 1.4.z release series of runc.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStatic Linking Notices\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003erunc\u003c/code\u003e binary distributed with this release are \u003cem\u003estatically linked\u003c/em\u003e with\nthe following \u003ca href=\"https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\"\u003eGNU LGPL-2.1\u003c/a\u003e licensed libraries, with \u003ccode\u003erunc\u003c/code\u003e acting\nas a \u0026quot;work that uses the Library\u0026quot;:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seccomp/libseccomp\"\u003elibseccomp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe versions of these libraries were not modified from their upstream versions,\nbut in order to comply with the LGPL-2.1 (§6(a)), we have attached the\ncomplete source code for those libraries which (when combined with the attached\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\u003c/p\u003e\n\u003cp\u003eHowever we strongly suggest that you make use of your distribution's packages\nor download them from the authoritative upstream sources, especially since\nthese libraries are related to the security of your containers.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAyato Tokubi \u003ca href=\"mailto:atokubi@redhat.com\"\u003eatokubi@redhat.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAkihiro Suda \u003ca href=\"mailto:akihiro.suda.cz@hco.ntt.co.jp\"\u003eakihiro.suda.cz@hco.ntt.co.jp\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLi Fubang \u003ca href=\"mailto:lifubang@acmcoder.com\"\u003elifubang@acmcoder.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRodrigo Campos Catelin \u003ca href=\"mailto:rodrigo@amutable.com\"\u003erodrigo@amutable.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Kir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/v1.4.2/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.2] - 2026-04-02\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eЯ — Земля! Я своих провожаю питомцев.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c241c0bb5e60a8e8c1b2e53d4eca8d0068d8d57e\"\u003e\u003ccode\u003ec241c0b\u003c/code\u003e\u003c/a\u003e VERSION: release v1.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/95f27e805324fce0899c9a2afbb819944f91315b\"\u003e\u003ccode\u003e95f27e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e from lifubang/backport-5210-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/39791aeab622c319146456c603643062d256e715\"\u003e\u003ccode\u003e39791ae\u003c/code\u003e\u003c/a\u003e Fix SIGCHLD race in signal handler setup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/226ff030b46f482c7715726a5de70957a9aec24d\"\u003e\u003ccode\u003e226ff03\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e from lifubang/backport-5177-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/9de77a986c188bd436d5a60f47066388f6b199b5\"\u003e\u003ccode\u003e9de77a9\u003c/code\u003e\u003c/a\u003e test: check mount source fds are cleaned up with idmapped mounts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e4a82fc2d8604fa48f0bfbf7cb09b7c074a9dcc9\"\u003e\u003ccode\u003ee4a82fc\u003c/code\u003e\u003c/a\u003e libct: close mount source fd as soon as possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/87db63422d1d11b2a726674ca9ff276e5fffc7dd\"\u003e\u003ccode\u003e87db634\u003c/code\u003e\u003c/a\u003e libct: add a nil check for mountError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/d4305dc5dddc9daf4a5adb9d6465d230e83f5e94\"\u003e\u003ccode\u003ed4305dc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5187\"\u003e#5187\u003c/a\u003e from kolyshkin/1.4-5159\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/63605fc49f9dc6a26b55d7f26e0473c1e626230b\"\u003e\u003ccode\u003e63605fc\u003c/code\u003e\u003c/a\u003e ci: add conmon tests run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/0daa0038d2f5151c0b503480c311f93694388ef0\"\u003e\u003ccode\u003e0daa003\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5178\"\u003e#5178\u003c/a\u003e from kolyshkin/1.4-5175\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.4.1...v1.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.13.1 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release adds a new function, SetProcessKind, which is to be used instead of KVMProcessLabel[s] and InitProcessLabel[s] in case the user only wants to change the type of the existing label, not generate a new one. It also fixes an CI issue and optimizes label.InitLabels for a few common cases.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: set timeout for vm jobs by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/270\"\u003eopencontainers/selinux#270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elabel.InitLabels: optimize by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/269\"\u003eopencontainers/selinux#269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SetProcessKind by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/271\"\u003eopencontainers/selinux#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.1\u003c/h2\u003e\n\u003cp\u003eThis release mostly fixes label.InitLabels regression introduced in v1.14.0.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: rm travis, add gha badge by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/268\"\u003eopencontainers/selinux#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix label.InitLabels regression in v1.14.0; amend ReserveLabelV2 doc by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/267\"\u003eopencontainers/selinux#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release fixes a regression in ExecLabel, bumps the minimal Go version to 1.22, and deprecates several functions in favor of improved API.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eExecLabel\u003c/code\u003e was using an incorrect path (regression in v1.13.0). (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/253\"\u003eopencontainers/selinux#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eCategoryRange\u003c/code\u003e is deprecated; use \u003ccode\u003eSetCategoryRange\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eKVMContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eKVMContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eInitContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eInitContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eReserveLabel\u003c/code\u003e is deprecated; use \u003ccode\u003eReserveLabelV2\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eROFileLabel\u003c/code\u003e is deprecated; if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContainerLabels\u003c/code\u003e is deprecated, if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSEUserByName\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/251\"\u003eopencontainers/selinux#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCheckLabel\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/250\"\u003eopencontainers/selinux#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSetCategoryRange\u003c/code\u003e, \u003ccode\u003eKVMContainerLabel\u003c/code\u003e, \u003ccode\u003eInitContainerLabel\u003c/code\u003e, \u003ccode\u003eReserveLabelV2\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to Go 1.22 as the minimally supported version (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/256\"\u003eopencontainers/selinux#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eGetDefaultContextWithLevel\u003c/code\u003e to fall back to failsafe context (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse math/rand/v2 rather than crypto/rand for MCS label generation (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/257\"\u003eopencontainers/selinux#257\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMAINTAINERS: add Aleksa as a maintainer. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/243\"\u003eopencontainers/selinux#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAssorted CI bumps and related fixes. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/255\"\u003eopencontainers/selinux#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove intToMcs. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/259\"\u003eopencontainers/selinux#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse Cut more. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/254\"\u003eopencontainers/selinux#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify getSelinuxMountPoint. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/258\"\u003eopencontainers/selinux#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify/remove some code. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/261\"\u003eopencontainers/selinux#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/84683a6ecf369d67892b764300da9a614e403073\"\u003e\u003ccode\u003e84683a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/271\"\u003e#271\u003c/a\u003e from kolyshkin/change-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8889f6ec5dfbc92be63ff81f67cce3f1e7f8567a\"\u003e\u003ccode\u003e8889f6e\u003c/code\u003e\u003c/a\u003e Add SetProcessKind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fb9b5b20d3dce247bd0b0a96e26ad983c4909b9a\"\u003e\u003ccode\u003efb9b5b2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/269\"\u003e#269\u003c/a\u003e from kolyshkin/init-labels-opt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/74873e291f7a5d573fec3e7f2e0e16a8595434ca\"\u003e\u003ccode\u003e74873e2\u003c/code\u003e\u003c/a\u003e label.InitLabels: optimize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8bf19e9d124ef078dd0c0dfc2a14f3b9843c987\"\u003e\u003ccode\u003ec8bf19e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/270\"\u003e#270\u003c/a\u003e from kolyshkin/timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/a55d914f19b9dad21a21f5d882452971e7db2d03\"\u003e\u003ccode\u003ea55d914\u003c/code\u003e\u003c/a\u003e ci: set timeout for vm jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/89b039b4fb2ec4056a15eefce2e6e1a85b33fa70\"\u003e\u003ccode\u003e89b039b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/267\"\u003e#267\u003c/a\u003e from kolyshkin/damage-control\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8c517ef35fd53d6a151e950bcc56f80d3fb2dec0\"\u003e\u003ccode\u003e8c517ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/268\"\u003e#268\u003c/a\u003e from kolyshkin/readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/e184f4698c2e22c0969fb1302da049ba805213eb\"\u003e\u003ccode\u003ee184f46\u003c/code\u003e\u003c/a\u003e selinux.ReserveLabelV2: note on ignoring ErrMCSAlreadyExists\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fa158854b7c1d6064a41282522d109d8f71e9cfa\"\u003e\u003ccode\u003efa15885\u003c/code\u003e\u003c/a\u003e label.InitLabels: dont't return ErrMCSAlreadyExists\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.1...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/common` from 0.66.2-0.20260126213724-1e46b0756b39 to 0.67.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/container-libs/releases\"\u003ego.podman.io/common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ecommon/v0.67.0\u003c/h2\u003e\n\u003cp\u003ego.podman.io/common release for podman v5.8\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/container-libs/commits/common/v0.67.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/image/v5` from 5.38.0 to 5.39.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/80fb329c24eb41f760488720a493946435196f31\"\u003e\u003ccode\u003e80fb329\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump to image 5.39.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/c41710e4e2fe11eb1716151f552f29d0f61df565\"\u003e\u003ccode\u003ec41710e\u003c/code\u003e\u003c/a\u003e [podman-5.8] Add missing image go.sum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/a1da33bdfddae9f31cf436f30dd4d8712d76d922\"\u003e\u003ccode\u003ea1da33b\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump image to v5.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/d5d959a8faa860f260c8b05e84a33ac4e8d9ed31\"\u003e\u003ccode\u003ed5d959a\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump storage to 1.62.0 in image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/b4ff26efa1f98823d53136a3944b3964e7426693\"\u003e\u003ccode\u003eb4ff26e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/626\"\u003e#626\u003c/a\u003e from TomSweeneyRedHat/dev/tsweeney/dance-5.8-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/bb290dc125b3e3ea2f18e7cf2f2ec4b8810265b6\"\u003e\u003ccode\u003ebb290dc\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump storage to v1.62.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/a79d33cb983b2308a4bb485c327b5ef026177d3b\"\u003e\u003ccode\u003ea79d33c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/616\"\u003e#616\u003c/a\u003e from l0rd/pr-612-to-5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/90383df2587fae116f31f785115b25957e5c84cb\"\u003e\u003ccode\u003e90383df\u003c/code\u003e\u003c/a\u003e common: safer use of \u003ccode\u003efilepath.EvalSymlinks()\u003c/code\u003e in \u003ccode\u003efindBindir()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/89d4270d09cdbe577335374c30ef446d1a728d1e\"\u003e\u003ccode\u003e89d4270\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/601\"\u003e#601\u003c/a\u003e from Luap99/podman-5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/d1241f8bc422070205ce55cbebcbc68945b6b245\"\u003e\u003ccode\u003ed1241f8\u003c/code\u003e\u003c/a\u003e fix debug log for \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/container-libs/compare/image/v5.38.0...image/v5.39.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/storage` from 1.61.1-0.20251212224252-b0f86df5a665 to 1.62.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/container-libs/commits/storage/v1.62.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.53.0 to 0.55.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7770ec48d03fec35e378665337b4faca93c38423\"\u003e\u003ccode\u003e7770ec4\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/4ece7b612ad44ad6c4d5e0d5d4df9c18cc211905\"\u003e\u003ccode\u003e4ece7b6\u003c/code\u003e\u003c/a\u003e html: escape greater-than symbol in doctype identifiers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/08be507abce89191d78cd49da60f4501fc910472\"\u003e\u003ccode\u003e08be507\u003c/code\u003e\u003c/a\u003e html: improve Noah's Ark clause performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/a8fb2fe4f7378f816302b9f2f7b8290ce512e5dd\"\u003e\u003ccode\u003ea8fb2fe\u003c/code\u003e\u003c/a\u003e html: properly render fostered elements in foreign content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/0dc5b7a5f81d7155ade6d5e9db35992998679932\"\u003e\u003ccode\u003e0dc5b7a\u003c/code\u003e\u003c/a\u003e html: properly check namespace in \u0026quot;in body\u0026quot; any other end tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/a452f3cc17168a60bc3f439a3ae0fcffc32eca0e\"\u003e\u003ccode\u003ea452f3c\u003c/code\u003e\u003c/a\u003e html: ignore duplicate attributes during tokenization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/f8651996b24ba47d89dd9eb97fd47758e6d1886f\"\u003e\u003ccode\u003ef865199\u003c/code\u003e\u003c/a\u003e quic: fix appendMaxDataFrame erroneously accumulating sentLimit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/210ed3cb901cb549818aefa04b71dadaf149d05d\"\u003e\u003ccode\u003e210ed3c\u003c/code\u003e\u003c/a\u003e quic: establish a \u0026quot;happened-before\u0026quot; relationship between stream write and read\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ad8140e0aa2ec41b37ea478b4525a423bcc21af9\"\u003e\u003ccode\u003ead8140e\u003c/code\u003e\u003c/a\u003e quic: fix buffer slicing when handling overlapping stream data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/23ee2efe81a3ff183b4eca46c42f749af7efca45\"\u003e\u003ccode\u003e23ee2ef\u003c/code\u003e\u003c/a\u003e http2: avoid API changes when built with go1.27\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.53.0...v0.55.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.43.0 to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/397d5f80920585bc27433d878aba498d062f81e1\"\u003e\u003ccode\u003e397d5f8\u003c/code\u003e\u003c/a\u003e unix: update to Linux kernel 7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/0a387f7a07d7a0e9811f00603c10b4e5a94ab79c\"\u003e\u003ccode\u003e0a387f7\u003c/code\u003e\u003c/a\u003e cpu: detect zbc extension on riscv64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/758f71cb839d131daf0ba4befa6a2c6ceb21a649\"\u003e\u003ccode\u003e758f71c\u003c/code\u003e\u003c/a\u003e cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/99666ae32e07f6403182a79cb5df0c417cbbf25f\"\u003e\u003ccode\u003e99666ae\u003c/code\u003e\u003c/a\u003e unix: merge Linux readv/writev implementation with Darwin/OpenBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e4444cbaaaf61cecff8e635874066fcd5c841575\"\u003e\u003ccode\u003ee4444cb\u003c/code\u003e\u003c/a\u003e windows: add NtSetEaFile, NtQueryEaFile and NtQueryInformationFile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/04396e85d470b7f990a9a1df5c1a44dc8e30c292\"\u003e\u003ccode\u003e04396e8\u003c/code\u003e\u003c/a\u003e unix: add Readv, Writev, Preadv, Pwritev for OpenBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/fb1facd76f95fa87c151018200ea5e4892ff115d\"\u003e\u003ccode\u003efb1facd\u003c/code\u003e\u003c/a\u003e windows: avoid uint16 overflow in NewNTUnicodeString\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/94ad893e1e59c1d079221324d38945d2aad8703f\"\u003e\u003ccode\u003e94ad893\u003c/code\u003e\u003c/a\u003e windows: add GetIfTable2Ex, GetIpInterface{Entry,Table}, GetUnicastIpAddressT...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/54fe89f8411576c06b345b341ca79a77d878a4ad\"\u003e\u003ccode\u003e54fe89f\u003c/code\u003e\u003c/a\u003e cpu: use IsProcessorFeaturePresent to calculate ARM64 on windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/df7d5d7b60641d17d87e2b50911124cb65f954fd\"\u003e\u003ccode\u003edf7d5d7\u003c/code\u003e\u003c/a\u003e unix: automatically remove container created by mkall.sh\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/sys/compare/v0.43.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.80.0 to 1.81.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.81.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per \u003ca href=\"https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md\"\u003egRFC A41\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/al4an444\"\u003e\u003ccode\u003e@​al4an444\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eotel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.81.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8808\"\u003e#8808\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDependencies\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eMinimum supported Go version is now 1.25. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8969\"\u003e#8969\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8956\"\u003e#8956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Send a \u003ccode\u003eRST_STREAM\u003c/code\u003e when receiving an \u003ccode\u003eEND_STREAM\u003c/code\u003e when the stream is not already half-closed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8832\"\u003e#8832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Fix ADS resource name validation to prevent a panic. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8970\"\u003e#8970\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc/stats: Add support for custom labels in per-call metrics (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A108-otel-custom-per-call-label.md\"\u003egRFC A108\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9008\"\u003e#9008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for Server Name Indication (SNI) and SAN validation (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md\"\u003egRFC A101\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_SNI=true\u003c/code\u003e environment variable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9016\"\u003e#9016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A85-lrs-custom-metrics-changes.md\"\u003egRFC A85\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9005\"\u003e#9005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add metrics to track xDS client connectivity and cached resource state (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md\"\u003egRFC A78\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8807\"\u003e#8807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Enhance \u003ccode\u003egrpc.subchannel.disconnections\u003c/code\u003e metric by adding disconnection reason to the \u003ccode\u003egrpc.disconnect_error\u003c/code\u003e label (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A94-subchannel-otel-metrics.md\"\u003egRFC A94\u003c/a\u003e). This provides granular insights into why subchannels are closing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8973\"\u003e#8973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Add \u003ccode\u003emem.Buffer.Slice()\u003c/code\u003e API to slice the buffer like a slice. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8977\"\u003e#8977\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/ash2k\"\u003e\u003ccode\u003e@​ash2k\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ealts: Pool read buffers to lower memory utilization when sockets are unreadable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8964\"\u003e#8964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set \u003ccode\u003eGRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false\u003c/code\u003e and report any issues. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9032\"\u003e#9032\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/caf0772c2bcb8bc15d43eb53448e921f34f0b7e8\"\u003e\u003ccode\u003ecaf0772\u003c/code\u003e\u003c/a\u003e Change version from 1.81.1-dev to 1.81.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9122\"\u003e#9122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6ccbeebf058ede71e43a5ac28fada2a736573215\"\u003e\u003ccode\u003e6ccbeeb\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9121\"\u003e#9121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/b33c29e41b438e371c8504de9bdf64a80098cc29\"\u003e\u003ccode\u003eb33c29e\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9102\"\u003e#9102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/c45fae6d06a5c192b7b96418a2bc26a96b856834\"\u003e\u003ccode\u003ec45fae6\u003c/code\u003e\u003c/a\u003e Change version to 1.81.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9063\"\u003e#9063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cb18228317ff523e63d931b4058b0329585b7dcd\"\u003e\u003ccode\u003ecb18228\u003c/code\u003e\u003c/a\u003e Cha...\n\n_Description has been truncated_","html_url":"https://github.com/cri-o/cri-o/pull/9975","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9975","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9975/packages"}},{"old_version":"1.6.3-0.20220401172941-5ff8fce1fcc6","new_version":"1.7.32","update_type":"minor","path":null,"pr_created_at":"2026-05-22T14:43:37.000Z","version_change":"1.6.3-0.20220401172941-5ff8fce1fcc6 → 1.7.32","issue":{"uuid":"4503481329","node_id":"PR_kwDOH28oUM7eYzae","number":482,"state":"open","title":"Bump github.com/containerd/containerd from 1.6.3-0.20220401172941-5ff8fce1fcc6 to 1.7.32","user":"dependabot[bot]","labels":["stale"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T14:43:37.000Z","updated_at":"2026-06-06T02:17:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.6.3-0.20220401172941-5ff8fce1fcc6","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.6.3-0.20220401172941-5ff8fce1fcc6 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containerd/containerd/commits/v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.6.3-0.20220401172941-5ff8fce1fcc6\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/jpadams/dagger-git/pull/482","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadams%2Fdagger-git/issues/482","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/482/packages"}},{"old_version":"1.7.30","new_version":"1.7.32","update_type":"patch","path":null,"pr_created_at":"2026-05-21T22:11:19.000Z","version_change":"1.7.30 → 1.7.32","issue":{"uuid":"4498244984","node_id":"PR_kwDORBVPFc7eH40Q","number":10,"state":"closed","title":"chore(deps): bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-04T11:48:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T22:11:19.000Z","updated_at":"2026-06-04T11:49:02.000Z","time_to_close":1172253,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mahmut-Abi/cloud-native-mcp-server/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/mahmut-Abi/cloud-native-mcp-server/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mahmut-Abi%2Fcloud-native-mcp-server/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"}},{"old_version":"1.7.30","new_version":"1.7.32","update_type":"patch","path":"/integrations/terraform","pr_created_at":"2026-05-21T22:11:19.000Z","version_change":"1.7.30 → 1.7.32","issue":{"uuid":"4498244945","node_id":"PR_kwDOAeGNGc7eH4zr","number":66986,"state":"closed","title":"Bump github.com/containerd/containerd from 1.7.30 to 1.7.32 in /integrations/terraform","user":"dependabot[bot]","labels":["go","dependencies","no-changelog"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-22T11:07:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T22:11:19.000Z","updated_at":"2026-05-22T11:07:59.000Z","time_to_close":46589,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/integrations/terraform","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gravitational/teleport/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/gravitational/teleport/pull/66986","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gravitational%2Fteleport/issues/66986","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/66986/packages"}},{"old_version":"1.7.30","new_version":"1.7.32","update_type":"patch","path":null,"pr_created_at":"2026-05-21T22:09:53.000Z","version_change":"1.7.30 → 1.7.32","issue":{"uuid":"4498238198","node_id":"PR_kwDOFuFHHc7eH3Vv","number":3662,"state":"closed","title":"build(deps): bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-22T00:16:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T22:09:53.000Z","updated_at":"2026-05-22T00:43:58.000Z","time_to_close":7572,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/redhat-best-practices-for-k8s/certsuite/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/redhat-best-practices-for-k8s/certsuite/pull/3662","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-best-practices-for-k8s%2Fcertsuite/issues/3662","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3662/packages"}},{"old_version":"1.7.29","new_version":"1.7.32","update_type":"patch","path":null,"pr_created_at":"2026-05-21T22:07:11.000Z","version_change":"1.7.29 → 1.7.32","issue":{"uuid":"4498224962","node_id":"PR_kwDOPCnuX87eH0iS","number":41,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.29 to 1.7.32","user":"dependabot[bot]","labels":["dependencies","go","Stale"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T22:07:11.000Z","updated_at":"2026-06-01T02:21:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.29 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.29\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/harekrishnarai/scorecard/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/harekrishnarai/scorecard/pull/41","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/harekrishnarai%2Fscorecard/issues/41","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/41/packages"}},{"old_version":"1.7.29","new_version":"1.7.32","update_type":"patch","path":"/services/apps/git_integration/src/crowdgit/services/vulnerability_scanner","pr_created_at":"2026-05-21T22:03:51.000Z","version_change":"1.7.29 → 1.7.32","issue":{"uuid":"4498208129","node_id":"PR_kwDOHksjGM7eHw8n","number":4141,"state":"open","title":"chore(deps): bump github.com/containerd/containerd from 1.7.29 to 1.7.32 in /services/apps/git_integration/src/crowdgit/services/vulnerability_scanner","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T22:03:51.000Z","updated_at":"2026-05-21T22:04:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/services/apps/git_integration/src/crowdgit/services/vulnerability_scanner","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.29 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.29\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/linuxfoundation/crowd.dev/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- CURSOR_SUMMARY --\u003e\n---\n\n\u003e [!NOTE]\n\u003e **Low Risk**\n\u003e Low risk dependency-only change; primary impact is updating transitive container/runtime libraries (including a containerd security patch) which could affect build/runtime behavior only if those code paths are exercised.\n\u003e \n\u003e **Overview**\n\u003e Updates Go module dependencies for the `vulnerability_scanner` service, bumping `github.com/containerd/containerd` from `1.7.29` to `1.7.32` (plus related checksum changes).\n\u003e \n\u003e Also refreshes transitive deps, including `github.com/opencontainers/selinux` to `1.13.1`, and promotes `github.com/ossf/osv-schema/bindings/go` to a direct requirement.\n\u003e \n\u003e \u003csup\u003eReviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 67fefc624479fbae3b675c22814e794c6331f7a5. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).\u003c/sup\u003e\n\u003c!-- /CURSOR_SUMMARY --\u003e","html_url":"https://github.com/linuxfoundation/crowd.dev/pull/4141","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/linuxfoundation%2Fcrowd.dev/issues/4141","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4141/packages"}},{"old_version":"1.7.30","new_version":"1.7.32","update_type":"patch","path":"the go_modules group across 1 directory","pr_created_at":"2026-05-21T22:02:34.000Z","version_change":"1.7.30 → 1.7.32","issue":{"uuid":"4498201714","node_id":"PR_kwDONF6Krs7eHvnp","number":422,"state":"closed","title":"build(deps): bump github.com/containerd/containerd from 1.7.30 to 1.7.32 in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go","patch"],"assignees":["clouddrove-ci"],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-27T16:34:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T22:02:34.000Z","updated_at":"2026-05-27T16:34:41.000Z","time_to_close":498717,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the / directory: [github.com/containerd/containerd](https://github.com/containerd/containerd).\n\nUpdates `github.com/containerd/containerd` from 1.7.30 to 1.7.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/clouddrove/smurf/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/clouddrove/smurf/pull/422","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/clouddrove%2Fsmurf/issues/422","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/422/packages"}},{"old_version":"1.7.30","new_version":"1.7.32","update_type":"patch","path":null,"pr_created_at":"2026-05-21T21:59:45.000Z","version_change":"1.7.30 → 1.7.32","issue":{"uuid":"4498187748","node_id":"PR_kwDOAwYmsM7eHsuZ","number":15903,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["size/S","ok-to-test","release-note-none","dco-signoff: yes","dependencies","do-not-merge/docs-needed","do-not-merge/test-issue-needed"],"assignees":[],"locked":false,"comments_count":8,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:59:45.000Z","updated_at":"2026-05-21T22:00:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kubermatic/kubermatic/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kubermatic/kubermatic/pull/15903","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubermatic%2Fkubermatic/issues/15903","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15903/packages"}},{"old_version":"1.7.27","new_version":"1.7.32","update_type":"patch","path":"/tools","pr_created_at":"2026-05-21T21:59:21.000Z","version_change":"1.7.27 → 1.7.32","issue":{"uuid":"4498186054","node_id":"PR_kwDOBW5a9M7eHsX-","number":213,"state":"closed","title":"Bump github.com/containerd/containerd from 1.7.27 to 1.7.32 in /tools","user":"dependabot[bot]","labels":["cncf-cla: yes","size/M","lgtm","approved","dependencies","go"],"assignees":["MrHohn"],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-10T22:28:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T21:59:21.000Z","updated_at":"2026-06-10T22:28:58.000Z","time_to_close":1729769,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.27","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/tools","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.27 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.27...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/kubernetes-sigs/ip-masq-agent/pull/213","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fip-masq-agent/issues/213","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/213/packages"}},{"old_version":"1.7.30","new_version":"1.7.32","update_type":"patch","path":"/hack/chart-update","pr_created_at":"2026-05-21T21:58:19.000Z","version_change":"1.7.30 → 1.7.32","issue":{"uuid":"4498181378","node_id":"PR_kwDOGiwcos7eHrXR","number":1061,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.30 to 1.7.32 in /hack/chart-update","user":"dependabot[bot]","labels":["cncf-cla: yes","needs-ok-to-test","size/XS","dependencies","go"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:58:19.000Z","updated_at":"2026-05-21T22:00:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/hack/chart-update","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kubernetes-sigs/cluster-api-operator/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kubernetes-sigs/cluster-api-operator/pull/1061","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fcluster-api-operator/issues/1061","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1061/packages"}},{"old_version":"1.7.30","new_version":"1.7.32","update_type":"patch","path":null,"pr_created_at":"2026-05-21T21:56:57.000Z","version_change":"1.7.30 → 1.7.32","issue":{"uuid":"4498175337","node_id":"PR_kwDOQGqhmc7eHqGF","number":18,"state":"open","title":"chore(deps): bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:56:57.000Z","updated_at":"2026-05-21T21:58:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/LocalAI/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/LocalAI/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2FLocalAI/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"}},{"old_version":"1.7.29","new_version":"1.7.32","update_type":"patch","path":null,"pr_created_at":"2026-05-21T21:56:49.000Z","version_change":"1.7.29 → 1.7.32","issue":{"uuid":"4498174606","node_id":"PR_kwDOG3GzvM7eHp8Q","number":1289,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.29 to 1.7.32","user":"dependabot[bot]","labels":["ok-to-test"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:56:49.000Z","updated_at":"2026-05-21T21:56:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.29 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.29\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/eks-anywhere-packages/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/aws/eks-anywhere-packages/pull/1289","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Feks-anywhere-packages/issues/1289","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1289/packages"}},{"old_version":"1.7.30","new_version":"1.7.32","update_type":"patch","path":"/operator/tools/operator-sdk","pr_created_at":"2026-05-21T21:56:06.000Z","version_change":"1.7.30 → 1.7.32","issue":{"uuid":"4498171245","node_id":"PR_kwDOGd6UEM7eHpQH","number":20767,"state":"open","title":"chore(deps): bump github.com/containerd/containerd from 1.7.30 to 1.7.32 in /operator/tools/operator-sdk","user":"dependabot[bot]","labels":["dependencies","area/operator","auto-merge","auto-retest"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:56:06.000Z","updated_at":"2026-05-21T23:45:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":"/operator/tools/operator-sdk","ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/stackrox/stackrox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/stackrox/stackrox/pull/20767","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackrox%2Fstackrox/issues/20767","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20767/packages"}},{"old_version":"1.7.30","new_version":"1.7.32","update_type":"patch","path":null,"pr_created_at":"2026-05-21T21:54:27.000Z","version_change":"1.7.30 → 1.7.32","issue":{"uuid":"4498163582","node_id":"PR_kwDODF8yq87eHns3","number":497,"state":"open","title":"Bump github.com/containerd/containerd from 1.7.30 to 1.7.32","user":"dependabot[bot]","labels":["needs-ok-to-test","dco-signoff: yes","dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T21:54:27.000Z","updated_at":"2026-05-21T21:54:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.30","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.30 to 1.7.32.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.30...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd\u0026package-manager=go_modules\u0026previous-version=1.7.30\u0026new-version=1.7.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/stolostron/multicloud-operators-channel/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/stolostron/multicloud-operators-channel/pull/497","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stolostron%2Fmulticloud-operators-channel/issues/497","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/497/packages"}},{"old_version":"1.7.27","new_version":"1.7.30","update_type":"patch","path":null,"pr_created_at":"2026-05-14T07:39:32.000Z","version_change":"1.7.27 → 1.7.30","issue":{"uuid":"4444135094","node_id":"PR_kwDOPWrQgs7bbQsC","number":10,"state":"open","title":"chore(deps): bump the go_modules group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T07:39:32.000Z","updated_at":"2026-05-14T07:39:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go_modules","update_count":7,"packages":[{"name":"golang.org/x/crypto","old_version":"0.38.0","new_version":"0.45.0","repository_url":"https://github.com/golang/crypto"},{"name":"helm.sh/helm/v3","old_version":"3.18.1","new_version":"3.20.2","repository_url":"https://github.com/helm/helm"},{"name":"github.com/containerd/containerd","old_version":"1.7.27","new_version":"1.7.30"},{"name":"google.golang.org/grpc","old_version":"1.72.2","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp","old_version":"1.36.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel","old_version":"1.36.0","new_version":"1.43.0"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.36.0","new_version":"1.43.0"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 4 updates in the /staging/src/kubesphere.io/utils directory: [golang.org/x/crypto](https://github.com/golang/crypto), [helm.sh/helm/v3](https://github.com/helm/helm), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\n\nUpdates `golang.org/x/crypto` from 0.38.0 to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/122a78f140d9d3303ed3261bc374bbbca149140f\"\u003e\u003ccode\u003e122a78f\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/c0531f9c34514ad5c5551e2d6ce569ca673a8afd\"\u003e\u003ccode\u003ec0531f9\u003c/code\u003e\u003c/a\u003e all: eliminate vet diagnostics\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/0997000b45e3a40598272081bcad03ffd21b8adb\"\u003e\u003ccode\u003e0997000\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.38.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `helm.sh/helm/v3` from 3.18.1 to 3.20.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/helm/helm/releases\"\u003ehelm.sh/helm/v3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHelm v3.20.2\u003c/h2\u003e\n\u003ch2\u003ev3.20.2\u003c/h2\u003e\n\u003cp\u003eHelm v3.20.2 is a security patch release. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eThe community keeps growing, and we'd love to see you there!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJoin the discussion in \u003ca href=\"https://kubernetes.slack.com\"\u003eKubernetes Slack\u003c/a\u003e:\n\u003cul\u003e\n\u003cli\u003efor questions and just to hang out\u003c/li\u003e\n\u003cli\u003efor discussing PRs, code, and bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eHang out at the Public Developer Call: Thursday, 9:30 Pacific via \u003ca href=\"https://zoom.us/j/696660622\"\u003eZoom\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest, debug, and contribute charts: \u003ca href=\"https://artifacthub.io/packages/search?kind=0\"\u003eArtifactHub/packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/security/advisories/GHSA-hr2v-4r36-88hr\"\u003eGHSA-hr2v-4r36-88hr\u003c/a\u003e Helm Chart extraction output directory collapse via \u003ccode\u003eChart.yaml\u003c/code\u003e name dot-segment\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstallation and Upgrading\u003c/h2\u003e\n\u003cp\u003eDownload Helm v3.20.2. The common platform binaries are here:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-amd64.tar.gz\"\u003eMacOS amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-amd64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 7de04301f28b902a74f6286ed941cadc86ee5e6a9086a18f2ccf1f548e99d618)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-arm64.tar.gz\"\u003eMacOS arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-arm64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 139c794c22f16b579d08ddd3008c8038b9bb2814f35b5bcca91f50a1f458978d)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz\"\u003eLinux amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 258e830a9e613c8a7a302d6059b4bb3b9758f2f3e1bb8ea0d707ce10a9a72fea)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm.tar.gz\"\u003eLinux arm\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / a8a614c740399ff1ef32bcea6be6e4523f17e3376f9cf55c192cc48c8f2d1f19)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz\"\u003eLinux arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 5ea2d6bc2cda3f8edf985e028809f5a9278f404fb8ab24044de9b7cb9b79a691)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-386.tar.gz\"\u003eLinux i386\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-386.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 88e4c1834307cdbc9f3b80920e1a383e4ba50bb488fb0be1b1fbd4918bb6ae73)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-ppc64le.tar.gz\"\u003eLinux ppc64le\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-ppc64le.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 98bb26a2f3c0b0c1a50db3181dff192554e0c204a07427d98d6b01e259f23cbe)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-s390x.tar.gz\"\u003eLinux s390x\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-s390x.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 584dd77ef8096d6ef939a1822f72840e749fc8311b2b13ae94df5f786862a56b)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-riscv64.tar.gz\"\u003eLinux riscv64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-riscv64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 957391d0710d72678acd09959b5dc77888cd007a78a4b99944d3b2fc7e1895ca)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-amd64.zip\"\u003eWindows amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-amd64.zip.sha256sum\"\u003echecksum\u003c/a\u003e / 24e8e5b71bab4ee17e6f989931ecf4fb144f9916cbe9990c0b6b2ec7b925c454)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-arm64.zip\"\u003eWindows arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-arm64.zip.sha256sum\"\u003echecksum\u003c/a\u003e / 7c940a73a6882f50b69aec3282549da4a49917669db18fc503db930fb74b9789)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe \u003ca href=\"https://helm.sh/docs/intro/quickstart/\"\u003eQuickstart Guide\u003c/a\u003e will get you going from there. For \u003cstrong\u003eupgrade instructions\u003c/strong\u003e or detailed installation notes, check the \u003ca href=\"https://helm.sh/docs/intro/install/\"\u003einstall guide\u003c/a\u003e. You can also use a \u003ca href=\"https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3\"\u003escript to install\u003c/a\u003e on any system with \u003ccode\u003ebash\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Next\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4.1.5 and 3.20.3 are the next patch (bug fix) releases and will be on April 8, 2026\u003c/li\u003e\n\u003cli\u003e4.2.0 and 3.21.0 are the next minor (feature) releases and will be on May 13, 2026\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Chart dot-name path bug 8fb76d6ab555577e98e23b7500009537a471feee (George Jenkins)\u003c/li\u003e\n\u003cli\u003efix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow 3a8927e275c50cecde273872dad2a5576bd46375 (Terry Howe)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eHelm v3.20.1 is a patch release. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eThe community keeps growing, and we'd love to see you there!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJoin the discussion in \u003ca href=\"https://kubernetes.slack.com\"\u003eKubernetes Slack\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/8fb76d6ab555577e98e23b7500009537a471feee\"\u003e\u003ccode\u003e8fb76d6\u003c/code\u003e\u003c/a\u003e fix: Chart dot-name path bug\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/3a8927e275c50cecde273872dad2a5576bd46375\"\u003e\u003ccode\u003e3a8927e\u003c/code\u003e\u003c/a\u003e fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/a2369ca71c0ef633bf6e4fccd66d634eb379b371\"\u003e\u003ccode\u003ea2369ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the k8s-io group with 7 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/90e10564f7ae746a153f3a03006e7061a54ad490\"\u003e\u003ccode\u003e90e1056\u003c/code\u003e\u003c/a\u003e add image index test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/911f2e908ae40b01ca95b857e94b8894043f64fd\"\u003e\u003ccode\u003e911f2e9\u003c/code\u003e\u003c/a\u003e fix pulling charts from OCI indices\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/76dad33fb1a2b6451920429b4f5f2dd575ea71bb\"\u003e\u003ccode\u003e76dad33\u003c/code\u003e\u003c/a\u003e Remove refactorring changes from coalesce_test.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/45c12f71407b6054a37d3e425d5293ee79a1ab37\"\u003e\u003ccode\u003e45c12f7\u003c/code\u003e\u003c/a\u003e Fix import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/26c6f19f967941dbe53bfb5e52d419b3b3e46075\"\u003e\u003ccode\u003e26c6f19\u003c/code\u003e\u003c/a\u003e Update pkg/chart/common/util/coalesce_test.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/09f5129d49a14c9336cea6f33adf5f52889915ef\"\u003e\u003ccode\u003e09f5129\u003c/code\u003e\u003c/a\u003e Fix lint warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/417deb2b6b7504357b0f580b76f5eed1bb8a5270\"\u003e\u003ccode\u003e417deb2\u003c/code\u003e\u003c/a\u003e Preserve nil values in chart already\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/helm/helm/compare/v3.18.1...v3.20.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.27 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.27...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.72.2 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.72.2...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.36.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.36.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.36.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/kubesphere/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n🔧 This PR updates Go module dependencies in the KubeSphere utils package, upgrading Go from 1.24.3 to 1.25.0 and bumping 7 key dependencies including Helm, Kubernetes APIs, gRPC, and OpenTelemetry libraries to their latest versions. The updates include important security fixes and performance improvements across the dependency stack.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Go Runtime**: Upgraded from Go 1.24.3 to 1.25.0 with updated godebug settings\n- **Helm**: Updated from v3.18.1 to v3.20.2, including security fixes for chart extraction vulnerabilities\n- **Kubernetes APIs**: Bumped k8s.io packages from v0.33.1 to v0.35.1 for better compatibility\n- **gRPC**: Major update from v1.72.2 to v1.79.3 with security patches and performance improvements\n- **OpenTelemetry**: Updated from v1.36.0 to v1.43.0 across multiple packages for enhanced observability\n- **Dependency Cleanup**: Removed several unused indirect dependencies and updated others\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Go 1.24.3] --\u003e B[Go 1.25.0]\n    C[Helm 3.18.1] --\u003e D[Helm 3.20.2]\n    E[K8s APIs 0.33.1] --\u003e F[K8s APIs 0.35.1]\n    G[gRPC 1.72.2] --\u003e H[gRPC 1.79.3]\n    I[OTEL 1.36.0] --\u003e J[OTEL 1.43.0]\n    K[Security Fixes] --\u003e L[Enhanced Security]\n    M[Performance Opts] --\u003e N[Better Performance]\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple security vulnerabilities, particularly in Helm chart extraction and gRPC path validation\n- **Performance Improvements**: Updated dependencies include optimizations for memory usage, buffer pooling, and slice handling\n- **Compatibility**: Maintains backward compatibility while providing access to latest Kubernetes API features and improved observability tools\n- **Maintenance**: Reduces technical debt by removing unused dependencies and updating to actively maintained versions\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/kubesphere/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fkubesphere/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"}},{"old_version":"1.7.12","new_version":"1.7.29","update_type":"patch","path":null,"pr_created_at":"2026-05-13T20:14:24.000Z","version_change":"1.7.12 → 1.7.29","issue":{"uuid":"4440876256","node_id":"PR_kwDOLzaLX87bRO1c","number":1,"state":"closed","title":"Bump the go_modules group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-30T11:57:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T20:14:24.000Z","updated_at":"2026-05-30T11:57:47.000Z","time_to_close":1439001,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":8,"packages":[{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.24.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"google.golang.org/grpc","old_version":"1.62.1","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"github.com/containerd/containerd","old_version":"1.7.12","new_version":"1.7.29","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/dvsekhvalnov/jose2go","old_version":"1.5.0","new_version":"1.7.0","repository_url":"https://github.com/dvsekhvalnov/jose2go"},{"name":"github.com/jackc/pgx/v5","old_version":"5.5.4","new_version":"5.9.2","repository_url":"https://github.com/jackc/pgx"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 5 updates in the /go directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.24.0` | `1.43.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.62.1` | `1.79.3` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.12` | `1.7.29` |\n| [github.com/dvsekhvalnov/jose2go](https://github.com/dvsekhvalnov/jose2go) | `1.5.0` | `1.7.0` |\n| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.4` | `5.9.2` |\n\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.24.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.62.1 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.62.1...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.12 to 1.7.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.29\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.29 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe twenty-ninth patch release for containerd 1.7 contains various fixes\nand updates including security patches.\u003c/p\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w\"\u003e\u003cstrong\u003eGHSA-pwhc-rpq9-4c8w\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2\"\u003e\u003cstrong\u003eGHSA-m6hq-p25p-ffr2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003erunc\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\"\u003e\u003cstrong\u003eGHSA-qw9x-cqr3-wc7r\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003e\u003cstrong\u003eGHSA-cgrx-mc8f-2prm\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\"\u003e\u003cstrong\u003eGHSA-9493-h29p-rfm2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate differ to handle zstd media types\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12018\"\u003e#12018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.3\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFix lost container logs from quickly closing io\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12375\"\u003e#12375\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003cli\u003eningmingxiao\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eStepSecurity Bot\u003c/li\u003e\n\u003cli\u003ewheat2018\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34bd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0450f046e6942e513d0ebf1ef5c2aff13daa187f\"\u003e\u003ccode\u003e0450f046e\u003c/code\u003e\u003c/a\u003e Fix directory permissions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6ddb7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6dd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9772966401ad3c33a6cd824632f0c61e5049f3a5\"\u003e\u003ccode\u003e9772966\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12486\"\u003e#12486\u003c/a\u003e from dmcgowan/prepare-v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1fc2daaf3ed53f4c9e76fbc5786a6f1ae3bb885f\"\u003e\u003ccode\u003e1fc2daa\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/93f710a528958474f95a95e54516624ef832d80f\"\u003e\u003ccode\u003e93f710a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12480\"\u003e#12480\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-12475-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/68d04befab3284f1dfe2a9f5691ea5da76daace7\"\u003e\u003ccode\u003e68d04be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12471\"\u003e#12471\u003c/a\u003e from austinvazquez/1_7_update_ci_go_and_images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3f5f9f872707a743563d316e85e530193a2e30ac\"\u003e\u003ccode\u003e3f5f9f8\u003c/code\u003e\u003c/a\u003e runc: Update runc binary to v1.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/667409fb63098cb80280940ab06038114e7712da\"\u003e\u003ccode\u003e667409f\u003c/code\u003e\u003c/a\u003e ci: bump Go 1.24.9, 1.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/294f8c027b607c4450b3e52f44280581a737a73f\"\u003e\u003ccode\u003e294f8c0\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest images for basic binaries build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf66b4141defb757dee0fc5653bfd0a7ba1e8fed\"\u003e\u003ccode\u003ecf66b41\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest image for most jobs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.12...v1.7.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/dvsekhvalnov/jose2go` from 1.5.0 to 1.7.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/0a0673dd7f2820a446de5b04b9094b2291d77d5d\"\u003e\u003ccode\u003e0a0673d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dvsekhvalnov/jose2go/issues/34\"\u003e#34\u003c/a\u003e from dvsekhvalnov/issue-33-deflate-limit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/c3fff7c58065c848ba063d5cee07bd2c5908a14f\"\u003e\u003ccode\u003ec3fff7c\u003c/code\u003e\u003c/a\u003e docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/e51b47f33c704a31f1f7ad75120759e01de5fb4c\"\u003e\u003ccode\u003ee51b47f\u003c/code\u003e\u003c/a\u003e docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/c7dde528a01b38c96652b99a5d2ed93d8932b39e\"\u003e\u003ccode\u003ec7dde52\u003c/code\u003e\u003c/a\u003e fixing workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/a194baa4bb649000dd2266218155727c27297341\"\u003e\u003ccode\u003ea194baa\u003c/code\u003e\u003c/a\u003e added go versions and OSs to matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/f31cfc6b273af924c90bd5305b92ff5f9af10763\"\u003e\u003ccode\u003ef31cfc6\u003c/code\u003e\u003c/a\u003e fixing yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/1a4ba55b88b757ed4533884a014531d3f421462b\"\u003e\u003ccode\u003e1a4ba55\u003c/code\u003e\u003c/a\u003e added matrix to workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/d2baff2f0b24baab11bd34b8268c9aabfeb31914\"\u003e\u003ccode\u003ed2baff2\u003c/code\u003e\u003c/a\u003e go workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/b14c81a7a3261666e4ec76f04438f79d70211272\"\u003e\u003ccode\u003eb14c81a\u003c/code\u003e\u003c/a\u003e added limitation for deflate decompression stream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvsekhvalnov/jose2go/commit/48ba0b76bc881767cff2723388f4dd1a47c5104a\"\u003e\u003ccode\u003e48ba0b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dvsekhvalnov/jose2go/issues/32\"\u003e#32\u003c/a\u003e from dvsekhvalnov/issue-31-security-tuning\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dvsekhvalnov/jose2go/compare/v1.5...v1.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v5` from 5.5.4 to 5.9.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/master/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v5's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.9.2 (April 18, 2026)\u003c/h1\u003e\n\u003cp\u003eFix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA dollar quoted string literal is used in the SQL query.\u003c/li\u003e\n\u003cli\u003eThat query contains text that would be would be interpreted outside as a placeholder outside of a string literal.\u003c/li\u003e\n\u003cli\u003eThe value of that placeholder is controllable by the attacker.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003ee.g.\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eattackValue := `$tag$; drop table canary; --`\n_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis is unlikely to occur outside of a contrived scenario.\u003c/p\u003e\n\u003ch1\u003e5.9.1 (March 22, 2026)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.9.0 (March 21, 2026)\u003c/h1\u003e\n\u003cp\u003eThis release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and\nPostgreSQL protocol 3.2 support.\u003c/p\u003e\n\u003cp\u003eIt significantly reduces the amount of network traffic when using prepared statements (which are used automatically by\ndefault) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.\u003c/p\u003e\n\u003cp\u003eIt also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends\ndeliberately malformed messages.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Go 1.25+\u003c/li\u003e\n\u003cli\u003eAdd SCRAM-SHA-256-PLUS support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eAdd OAuth authentication support for PostgreSQL 18 (David Schneider)\u003c/li\u003e\n\u003cli\u003eAdd PostgreSQL protocol 3.2 support (Dirkjan Bussink)\u003c/li\u003e\n\u003cli\u003eAdd tsvector type support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eSkip Describe Portal for cached prepared statements reducing network round trips\u003c/li\u003e\n\u003cli\u003eMake LoadTypes query easier to support on \u0026quot;postgres-like\u0026quot; servers (Jelte Fennema-Nio)\u003c/li\u003e\n\u003cli\u003eDefault empty user to current OS user matching libpq behavior (ShivangSrivastava)\u003c/li\u003e\n\u003cli\u003eOptimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize date scanning by replacing regex with manual parsing (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize pgio append/set functions with direct byte shifts (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eMake RowsAffected faster (Abhishek Chanda)\u003c/li\u003e\n\u003cli\u003eFix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)\u003c/li\u003e\n\u003cli\u003eFix: ContextWatcher goroutine leak (Hank Donnay)\u003c/li\u003e\n\u003cli\u003eFix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0aeabbcf11d859229c1f0b20e710d3596c76bf27\"\u003e\u003ccode\u003e0aeabbc\u003c/code\u003e\u003c/a\u003e Release v5.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/60644f84918a8af66d14a4b0d865d4edafd955da\"\u003e\u003ccode\u003e60644f8\u003c/code\u003e\u003c/a\u003e Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/a5680bc945aa7c6ebac2778d859ee7b4ba86db60\"\u003e\u003ccode\u003ea5680bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jackc/pgx/issues/2531\"\u003e#2531\u003c/a\u003e from dolmen-go/godoc-add-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/e34e4524007062710c6a4fb9c8655b75a486b5cd\"\u003e\u003ccode\u003ee34e452\u003c/code\u003e\u003c/a\u003e doc: Add godoc links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/08c9bb1f0d8fa6cc10ed8c713e68b1baa64dfe2c\"\u003e\u003ccode\u003e08c9bb1\u003c/code\u003e\u003c/a\u003e Fix Stringer types encoded as text instead of numeric value in composite fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/96b4dbdfd0458cb425bf8454d292a23978872cc8\"\u003e\u003ccode\u003e96b4dbd\u003c/code\u003e\u003c/a\u003e Remove unstable test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/acf88e0065682e8948696d26fa6438669c4cabee\"\u003e\u003ccode\u003eacf88e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jackc/pgx/issues/2526\"\u003e#2526\u003c/a\u003e from abrightwell/abrightwell-min-proto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/2f81f1fc03bef99593e92c64ad9cac954c00e8e6\"\u003e\u003ccode\u003e2f81f1f\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003emax_protocol_version\u003c/code\u003e and \u003ccode\u003emin_protocol_version\u003c/code\u003e defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/4e4eaedb47b7b3cfba0a1b0a9e6a3f015764f046\"\u003e\u003ccode\u003e4e4eaed\u003c/code\u003e\u003c/a\u003e Release v5.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/62731882651a90348febb43b2119b5f8bd9272de\"\u003e\u003ccode\u003e6273188\u003c/code\u003e\u003c/a\u003e Fix batch result format corruption when using cached prepared statements\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v5.5.4...v5.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.21.0 to 0.46.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/19acf81bd7bc7b558d18a550e8e023df2c33e742\"\u003e\u003ccode\u003e19acf81\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3a1c6b4b61966d06b6469ad7bc15839ba76eeb89\"\u003e\u003ccode\u003e3a1c6b4\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f4602e40409257658159002a9af6aedb875949fb\"\u003e\u003ccode\u003ef4602e4\u003c/code\u003e\u003c/a\u003e ssh/agent: fix flaky test by ensuring a writeable home directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.21.0...v0.46.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.22.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/35e1306bddd863f360fb94480c5fed84229953f0\"\u003e\u003ccode\u003e35e1306\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7c360367ab7e57c0cfb7aef368fc6acefaaac3b1\"\u003e\u003ccode\u003e7c36036\u003c/code\u003e\u003c/a\u003e http2, webdav, websocket: fix %q verb uses with wrong type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ec11eccf5a0f725281df0cdf40bb7ebef51d57ea\"\u003e\u003ccode\u003eec11ecc\u003c/code\u003e\u003c/a\u003e trace: fix data race in RenderEvents\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/bff14c52567061031b9761881907c39e24792736\"\u003e\u003ccode\u003ebff14c5\u003c/code\u003e\u003c/a\u003e http2: don't PING a responsive server when resetting a stream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/88a642172c174ab11f4c56f0ede777de3c8a21d4\"\u003e\u003ccode\u003e88a6421\u003c/code\u003e\u003c/a\u003e dns/dnsmessage: avoid use of \u0026quot;strings\u0026quot; and \u0026quot;math\u0026quot; in dns/dnsmessage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/123d099e1bd872b38247bbcf9856540b8420d18d\"\u003e\u003ccode\u003e123d099\u003c/code\u003e\u003c/a\u003e http2: support net/http.Transport.NewClientConn\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/346cc6157ee53301dea14e57a45c22368ab46e55\"\u003e\u003ccode\u003e346cc61\u003c/code\u003e\u003c/a\u003e webdav: relax test to check for any redirect status, not just 301\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/9a296438e54dff851a45667aa645a97003b44db5\"\u003e\u003ccode\u003e9a29643\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/07cefd8a6bb170785052142a96034f2b2f7115bc\"\u003e\u003ccode\u003e07cefd8\u003c/code\u003e\u003c/a\u003e context: deprecate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/5ac9daca088ab4f378d7df849f6c7d28bea86071\"\u003e\u003ccode\u003e5ac9dac\u003c/code\u003e\u003c/a\u003e publicsuffix: don't treat ip addresses as domain names\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.22.0...v0.48.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.16.0 to 0.34.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/acc38155b7f6f36aefcb58faff6f36d314dd915c\"\u003e\u003ccode\u003eacc3815\u003c/code\u003e\u003c/a\u003e endpoints: fix %q verb use with wrong type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/f28b0b5467dda26d56f1240381158f7c334654d1\"\u003e\u003ccode\u003ef28b0b5\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/fd15e0fe894866ebff17ca3503d3706a967b061a\"\u003e\u003ccode\u003efd15e0f\u003c/code\u003e\u003c/a\u003e x/oauth2: populate RetrieveError from DeviceAuth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/792c8776358f0c8689d84eef0d0c966937d560fb\"\u003e\u003ccode\u003e792c877\u003c/code\u003e\u003c/a\u003e oauth2: use strings.Builder instead of bytes.Buffer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/014cf778b444f29c82ececa4f3ec1f6fe3db3eaf\"\u003e\u003ccode\u003e014cf77\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.24.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/3c76ce5d23d0d48721316e7631625ce32afaa14b\"\u003e\u003ccode\u003e3c76ce5\u003c/code\u003e\u003c/a\u003e endpoints: correct Naver OAuth2 endpoint URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/cf1431934151b3a93e0b3286eb6798ca08ea3770\"\u003e\u003ccode\u003ecf14319\u003c/code\u003e\u003c/a\u003e oauth2: fix expiration time window check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/32d34ef364e670a650fe59267b92301ff7ed08f1\"\u003e\u003ccode\u003e32d34ef\u003c/code\u003e\u003c/a\u003e internal: include clientID in auth style cache key\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/2d34e3091be3f4b4700842fb663dad98a10ddfb6\"\u003e\u003ccode\u003e2d34e30\u003c/code\u003e\u003c/a\u003e oauth2: replace a magic number with AuthStyleUnknown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/696f7b31289a98558822be146698b7834e477e63\"\u003e\u003ccode\u003e696f7b3\u003c/code\u003e\u003c/a\u003e all: modernize with doc links and any\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/oauth2/compare/v0.16.0...v0.34.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/HarleyCoops/chroma/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/HarleyCoops/chroma/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2Fchroma/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}}]}