{"id":7395,"name":"github.com/cyphar/filepath-securejoin","ecosystem":"go","repository_url":"https://github.com/cyphar/filepath-securejoin","issues_count":247,"created_at":"2025-06-06T22:11:28.385Z","updated_at":"2025-06-06T22:11:28.385Z","purl":"pkg:golang/github.com/cyphar/filepath-securejoin","metadata":{"id":3493513,"name":"github.com/cyphar/filepath-securejoin","ecosystem":"go","description":"Package securejoin implements a set of helpers to make it easier to write Go\ncode that is safe against symlink-related escape attacks. The primary idea\nis to let you resolve a path within a rootfs directory as if the rootfs was\na chroot.\n\nsecurejoin has two APIs, a \"legacy\" API and a \"modern\" API.\n\nThe legacy API is SecureJoin and SecureJoinVFS. These methods are\n**not** safe against race conditions where an attacker changes the\nfilesystem after (or during) the SecureJoin operation.\n\nThe new API is made up of OpenInRoot and MkdirAll (and derived\nfunctions). These are safe against racing attackers and have several other\nprotections that are not provided by the legacy API. There are many more\noperations that most programs expect to be able to do safely, but we do not\nprovide explicit support for them because we want to encourage users to\nswitch to [libpathrs](https://github.com/openSUSE/libpathrs) which is a\ncross-language next-generation library that is entirely designed around\noperating on paths safely.\n\nsecurejoin has been used by several container runtimes (Docker, runc,\nKubernetes, etc) for quite a few years as a de-facto standard for operating\non container filesystem paths \"safely\". However, most users still use the\nlegacy API which is unsafe against various attacks (there is a fairly long\nhistory of CVEs in dependent as a result). Users should switch to the modern\nAPI as soon as possible (or even better, switch to libpathrs).\n\nThis project was initially intended to be included in the Go standard\nlibrary, but [it was rejected](https://go.dev/issue/20126). There is now a\n[new Go proposal](https://go.dev/issue/67002) for a safe path resolution API\nthat shares some of the goals of filepath-securejoin. However, that design\nis intended to work like `openat2(RESOLVE_BENEATH)` which does not fit the\nusecase of container runtimes and most system tools.","homepage":"https://github.com/cyphar/filepath-securejoin","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/cyphar/filepath-securejoin","keywords_array":[],"namespace":"github.com/cyphar","versions_count":16,"first_release_published_at":"2017-07-19T01:07:40.000Z","latest_release_published_at":"2025-01-28T07:38:45.000Z","latest_release_number":"v0.4.1","last_synced_at":"2025-06-05T00:12:02.560Z","created_at":"2022-04-10T19:17:30.669Z","updated_at":"2025-06-05T00:12:02.561Z","registry_url":"https://pkg.go.dev/github.com/cyphar/filepath-securejoin","install_command":"go get github.com/cyphar/filepath-securejoin","documentation_url":"https://pkg.go.dev/github.com/cyphar/filepath-securejoin#section-documentation","metadata":{},"repo_metadata":{"id":49543508,"uuid":"90438444","full_name":"cyphar/filepath-securejoin","owner":"cyphar","description":"Proposed filepath.SecureJoin implementation","archived":false,"fork":false,"pushed_at":"2024-10-09T04:08:24.000Z","size":199,"stargazers_count":85,"open_issues_count":3,"forks_count":17,"subscribers_count":9,"default_branch":"main","last_synced_at":"2024-10-09T19:46:26.406Z","etag":null,"topics":["filesystem","golang","proposal","symlink"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyphar.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-05-06T04:59:53.000Z","updated_at":"2024-10-09T04:08:18.000Z","dependencies_parsed_at":"2024-01-15T22:42:46.091Z","dependency_job_id":"f0440dd1-37c7-4c0d-bf57-3d8f590f6c87","html_url":"https://github.com/cyphar/filepath-securejoin","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyphar","download_url":"https://codeload.github.com/cyphar/filepath-securejoin/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219868379,"owners_count":16555873,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"cyphar","name":"Aleksa Sarai","uuid":"2888411","kind":"user","description":"日本語を勉強してる。Рођен у Панчево. \"Designated communications provider\" under §317C(6) of the Telecommunications Act 1997. Senior Software Engineer at @SUSE. he/him.","email":"","website":"https://www.cyphar.com","location":"Oceania (circa 1984)","twitter":"lordcyphar","company":"@SUSE Linux GmbH","icon_url":"https://avatars.githubusercontent.com/u/2888411?u=96f0216b5c50fdb0eb6e06bdf1e86c7bc226555d\u0026v=4","repositories_count":34,"last_synced_at":"2023-04-04T13:00:37.868Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/cyphar","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-04T14:13:34.275Z","updated_at":"2023-04-04T13:00:37.908Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyphar","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyphar/repositories"},"tags":[{"name":"v0.3.2","sha":"e408943dca737add49565f9784924f67bd7ed5ae","kind":"tag","published_at":"2024-09-13T10:45:51.000Z","download_url":"https://codeload.github.com/cyphar/filepath-securejoin/tar.gz/v0.3.2","html_url":"https://github.com/cyphar/filepath-securejoin/releases/tag/v0.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.3.2/manifests"},{"name":"v0.3.1","sha":"ce7b28ac71976548d5a37ec5ab75a1e1dcd67b75","kind":"tag","published_at":"2024-07-23T11:05:20.000Z","download_url":"https://codeload.github.com/cyphar/filepath-securejoin/tar.gz/v0.3.1","html_url":"https://github.com/cyphar/filepath-securejoin/releases/tag/v0.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.3.1/manifests"},{"name":"v0.3.0","sha":"b984b9cbbfa775c0ba6828372fd53da2262cb552","kind":"tag","published_at":"2024-07-11T14:06:27.000Z","download_url":"https://codeload.github.com/cyphar/filepath-securejoin/tar.gz/v0.3.0","html_url":"https://github.com/cyphar/filepath-securejoin/releases/tag/v0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.3.0/manifests"},{"name":"v0.2.5","sha":"d861a119c32d40be32858ad1cc6cc12092739915","kind":"tag","published_at":"2024-05-03T07:21:56.000Z","download_url":"https://codeload.github.com/cyphar/filepath-securejoin/tar.gz/v0.2.5","html_url":"https://github.com/cyphar/filepath-securejoin/releases/tag/v0.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.5/manifests"},{"name":"v0.2.4","sha":"2710d06c5b4ba3168beffa0689798d2db12e8ac4","kind":"tag","published_at":"2023-09-06T05:17:03.000Z","download_url":"https://codeload.github.com/cyphar/filepath-securejoin/tar.gz/v0.2.4","html_url":"https://github.com/cyphar/filepath-securejoin/releases/tag/v0.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.4/manifests"},{"name":"v0.2.3","sha":"8f267f5ea675a20a2cb5e91011d063721f53bf79","kind":"tag","published_at":"2021-07-04T11:19:12.000Z","download_url":"https://codeload.github.com/cyphar/filepath-securejoin/tar.gz/v0.2.3","html_url":"https://github.com/cyphar/filepath-securejoin/releases/tag/v0.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.3/manifests"},{"name":"v0.2.2","sha":"a261ee33d7a517f054effbf451841abaafe3e0fd","kind":"tag","published_at":"2018-09-05T11:09:09.000Z","download_url":"https://codeload.github.com/cyphar/filepath-securejoin/tar.gz/v0.2.2","html_url":"https://github.com/cyphar/filepath-securejoin/releases/tag/v0.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.2/manifests"},{"name":"v0.2.1","sha":"06bda8370f45268db985f7af15732444d94ed51c","kind":"tag","published_at":"2017-07-20T06:29:11.000Z","download_url":"https://codeload.github.com/cyphar/filepath-securejoin/tar.gz/v0.2.1","html_url":"https://github.com/cyphar/filepath-securejoin/releases/tag/v0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.1/manifests"},{"name":"v0.2.0","sha":"6985b95191bb855395cefc4db46950d493da7f39","kind":"tag","published_at":"2017-07-19T07:43:04.000Z","download_url":"https://codeload.github.com/cyphar/filepath-securejoin/tar.gz/v0.2.0","html_url":"https://github.com/cyphar/filepath-securejoin/releases/tag/v0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.2.0/manifests"},{"name":"v0.1.0","sha":"57b83d17fb8c2a73b7b2fd2836838775d76c2332","kind":"tag","published_at":"2017-07-19T01:08:30.000Z","download_url":"https://codeload.github.com/cyphar/filepath-securejoin/tar.gz/v0.1.0","html_url":"https://github.com/cyphar/filepath-securejoin/releases/tag/v0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Ffilepath-securejoin/tags/v0.1.0/manifests"}]},"repo_metadata_updated_at":"2024-10-12T16:59:28.275Z","dependent_packages_count":5997,"downloads":null,"downloads_period":null,"dependent_repos_count":21974,"rankings":{"downloads":null,"dependent_repos_count":0.04159750414975101,"dependent_packages_count":0.05469671819690818,"stargazers_count":5.271283722976621,"forks_count":6.298395609563308,"docker_downloads_count":0.022298662080275183,"average":2.337654443393373},"purl":"pkg:golang/github.com/cyphar/filepath-securejoin","advisories":[{"uuid":"GSA_kwCzR0hTQS02eHY1LTg2cTktN3hyOM4AA1v8","url":"https://github.com/advisories/GHSA-6xv5-86q9-7xr8","title":"SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced","description":"### Impact\nFor Windows users of `github.com/cyphar/filepath-securejoin`, until v0.2.4 it was possible for certain rootfs and path combinations (in particular, where a malicious Unix-style `/`-separated unsafe path was used with a Windows-style rootfs path) to result in generated paths that were outside of the provided rootfs.\n\nIt is unclear to what extent this has a practical impact on real users, but given the possible severity of the issue we have released an emergency patch release that resolves this issue.\n\nThanks to  @pjbgf for discovering, debugging, and fixing this issue (as well as writing some tests for it).\n\n### Patches\nc121231e1276e11049547bee5ce68d5a2cfe2d9b is the patch fixing this issue. v0.2.4 contains the fix.\n\n### Workarounds\nUsers could use `filepath.FromSlash()` on all unsafe paths before passing them to `filepath-securejoin`.\n\n### References\nSee #9.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-09-07T12:58:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/cyphar/filepath-securejoin/security/advisories/GHSA-6xv5-86q9-7xr8","https://github.com/cyphar/filepath-securejoin/pull/9","https://github.com/cyphar/filepath-securejoin/commit/c121231e1276e11049547bee5ce68d5a2cfe2d9b","https://github.com/cyphar/filepath-securejoin/releases/tag/v0.2.4","https://github.com/advisories/GHSA-6xv5-86q9-7xr8"],"source_kind":"github","identifiers":["GHSA-6xv5-86q9-7xr8"],"repository_url":"https://github.com/cyphar/filepath-securejoin","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"0.2.4","vulnerable_version_range":"\u003c 0.2.4"}],"ecosystem":"go","package_name":"github.com/cyphar/filepath-securejoin"}],"created_at":"2023-09-07T13:05:40.175Z","updated_at":"2023-09-07T12:58:58.000Z"}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/cyphar/filepath-securejoin","docker_dependents_count":5065,"docker_downloads_count":19714523969,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/cyphar/filepath-securejoin","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/cyphar/filepath-securejoin/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcyphar%2Ffilepath-securejoin/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcyphar%2Ffilepath-securejoin/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcyphar%2Ffilepath-securejoin/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fcyphar%2Ffilepath-securejoin/related_packages","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":1882895,"maintainers_count":0,"namespaces_count":723926,"keywords_count":97872,"github":"golang","metadata":{"funded_packages_count":39346},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2025-06-06T05:22:27.920Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},"unique_repositories_count":93,"unique_repositories_count_past_30_days":2,"recent_issues":[{"uuid":"4492101499","node_id":"PR_kwDOGZIwWs7dzxQF","number":529,"state":"closed","title":"chore(deps): Bump the production-dependencies group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","lgtm","size/XXL"],"assignees":["jcanocan"],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-05-22T05:54:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T05:53:32.000Z","updated_at":"2026-05-22T05:54:19.000Z","time_to_close":86445,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":5,"packages":[{"name":"github.com/google/go-containerregistry","old_version":"0.21.5","new_version":"0.21.6","repository_url":"https://github.com/google/go-containerregistry"},{"name":"go.podman.io/image/v5","old_version":"5.39.2","new_version":"5.40.0","repository_url":"https://github.com/containers/container-libs"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1"},{"name":"github.com/docker/cli","old_version":"29.5.0+incompatible","new_version":"29.5.1+incompatible"},{"name":"go.podman.io/storage","old_version":"1.62.0","new_version":"1.63.0"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 2 updates in the / directory: [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) and [go.podman.io/image/v5](https://github.com/containers/container-libs).\n\nUpdates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/go-containerregistry/releases\"\u003egithub.com/google/go-containerregistry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.21.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: update dependencies to use new azure sdk components by \u003ca href=\"https://github.com/gaganhr94\"\u003e\u003ccode\u003e@​gaganhr94\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2262\"\u003egoogle/go-containerregistry#2262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etransport: restore resp.Body in retryError so CheckError can parse it by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2264\"\u003egoogle/go-containerregistry#2264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epkg/registry: return 202 Accepted for PATCH chunk uploads by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2265\"\u003egoogle/go-containerregistry#2265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFollow OCI distribution spec for artifactType and annotations by \u003ca href=\"https://github.com/malt3\"\u003e\u003ccode\u003e@​malt3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2269\"\u003egoogle/go-containerregistry#2269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eactions: attach Codecov token to coverage tests on main by \u003ca href=\"https://github.com/Subserial\"\u003e\u003ccode\u003e@​Subserial\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2270\"\u003egoogle/go-containerregistry#2270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremote: use DeleteScope (with \u0026quot;delete\u0026quot; action) for manifest deletion by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2266\"\u003egoogle/go-containerregistry#2266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremote: limit concurrent layer pulls by \u003ca href=\"https://github.com/gnix0\"\u003e\u003ccode\u003e@​gnix0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2271\"\u003egoogle/go-containerregistry#2271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epkg/registry: reject corrupt disk blobs by \u003ca href=\"https://github.com/gnix0\"\u003e\u003ccode\u003e@​gnix0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2272\"\u003egoogle/go-containerregistry#2272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emutate: close layer readers during export by \u003ca href=\"https://github.com/gnix0\"\u003e\u003ccode\u003e@​gnix0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2277\"\u003egoogle/go-containerregistry#2277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecrane/flatten: preserve image media type when flattening by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2267\"\u003egoogle/go-containerregistry#2267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 in the actions group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2273\"\u003egoogle/go-containerregistry#2273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2278\"\u003egoogle/go-containerregistry#2278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the go-deps group across 3 directories with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2280\"\u003egoogle/go-containerregistry#2280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace go-homedir with os.UserHomeDir by \u003ca href=\"https://github.com/jammie-jelly\"\u003e\u003ccode\u003e@​jammie-jelly\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2282\"\u003egoogle/go-containerregistry#2282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epkg/name: only treat .localhost as non-HTTPS, not .local by \u003ca href=\"https://github.com/blackwell-systems\"\u003e\u003ccode\u003e@​blackwell-systems\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2281\"\u003egoogle/go-containerregistry#2281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etransport: block unspecified IPs (0.0.0.0, ::) in validateRealmURL by \u003ca href=\"https://github.com/marwan9696\"\u003e\u003ccode\u003e@​marwan9696\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2285\"\u003egoogle/go-containerregistry#2285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(mutate): add Extract round-trip test for filesystem object preservation by \u003ca href=\"https://github.com/blackwell-systems\"\u003e\u003ccode\u003e@​blackwell-systems\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2283\"\u003egoogle/go-containerregistry#2283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexperiments: remove deprecated support for estargz by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2288\"\u003egoogle/go-containerregistry#2288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 in the actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2289\"\u003egoogle/go-containerregistry#2289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: limit HTTP response body reads to prevent OOM by \u003ca href=\"https://github.com/evilgensec\"\u003e\u003ccode\u003e@​evilgensec\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2296\"\u003egoogle/go-containerregistry#2296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the go-deps group across 3 directories with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2297\"\u003egoogle/go-containerregistry#2297\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etransport: block redirects from token server to private/link-local addresses (SSRF fix) by \u003ca href=\"https://github.com/evilgensec\"\u003e\u003ccode\u003e@​evilgensec\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2292\"\u003egoogle/go-containerregistry#2292\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract by \u003ca href=\"https://github.com/anishesg\"\u003e\u003ccode\u003e@​anishesg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2279\"\u003egoogle/go-containerregistry#2279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003evalidate: skip non-layer layers by \u003ca href=\"https://github.com/imjasonh\"\u003e\u003ccode\u003e@​imjasonh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2298\"\u003egoogle/go-containerregistry#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremote: validate foreign layer URLs to prevent SSRF (fixes \u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2259\"\u003e#2259\u003c/a\u003e) by \u003ca href=\"https://github.com/evilgensec\"\u003e\u003ccode\u003e@​evilgensec\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2293\"\u003egoogle/go-containerregistry#2293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremote: block SSRF via private-IP Location headers in blob uploads by \u003ca href=\"https://github.com/adilburaksen\"\u003e\u003ccode\u003e@​adilburaksen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2295\"\u003egoogle/go-containerregistry#2295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mutate): preserve config blob and layers for non-Docker OCI artifacts by \u003ca href=\"https://github.com/blackwell-systems\"\u003e\u003ccode\u003e@​blackwell-systems\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2286\"\u003egoogle/go-containerregistry#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: preserve per-occurrence layer identity in mutate.Image.Layers() by \u003ca href=\"https://github.com/iahsanGill\"\u003e\u003ccode\u003e@​iahsanGill\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2299\"\u003egoogle/go-containerregistry#2299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etransport: retry HTTP 429 (Too Many Requests) by \u003ca href=\"https://github.com/iahsanGill\"\u003e\u003ccode\u003e@​iahsanGill\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2301\"\u003egoogle/go-containerregistry#2301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etransport: allow bearer realm at same host:port as registry by \u003ca href=\"https://github.com/iahsanGill\"\u003e\u003ccode\u003e@​iahsanGill\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2302\"\u003egoogle/go-containerregistry#2302\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate go version to 1.26.3 by \u003ca href=\"https://github.com/Subserial\"\u003e\u003ccode\u003e@​Subserial\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2300\"\u003egoogle/go-containerregistry#2300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gaganhr94\"\u003e\u003ccode\u003e@​gaganhr94\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2262\"\u003egoogle/go-containerregistry#2262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2264\"\u003egoogle/go-containerregistry#2264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/malt3\"\u003e\u003ccode\u003e@​malt3\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2269\"\u003egoogle/go-containerregistry#2269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gnix0\"\u003e\u003ccode\u003e@​gnix0\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2271\"\u003egoogle/go-containerregistry#2271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/blackwell-systems\"\u003e\u003ccode\u003e@​blackwell-systems\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2281\"\u003egoogle/go-containerregistry#2281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marwan9696\"\u003e\u003ccode\u003e@​marwan9696\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2285\"\u003egoogle/go-containerregistry#2285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishesg\"\u003e\u003ccode\u003e@​anishesg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2279\"\u003egoogle/go-containerregistry#2279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adilburaksen\"\u003e\u003ccode\u003e@​adilburaksen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2295\"\u003egoogle/go-containerregistry#2295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/iahsanGill\"\u003e\u003ccode\u003e@​iahsanGill\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2299\"\u003egoogle/go-containerregistry#2299\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/google/go-containerregistry/compare/v0.21.5...v0.21.6\"\u003ehttps://github.com/google/go-containerregistry/compare/v0.21.5...v0.21.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/53f7e39e15bfd6aeea6a5f733ee1a8fcf54c15cf\"\u003e\u003ccode\u003e53f7e39\u003c/code\u003e\u003c/a\u003e Update go version to 1.26.3 (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2300\"\u003e#2300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/bf87c3bfe4cc3218ac0baa364545d72729d2906d\"\u003e\u003ccode\u003ebf87c3b\u003c/code\u003e\u003c/a\u003e transport: allow bearer realm at same host:port as registry (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2302\"\u003e#2302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/c55facddfbd7fc3d648c6fdda9860b350b013a76\"\u003e\u003ccode\u003ec55facd\u003c/code\u003e\u003c/a\u003e transport: retry HTTP 429 (Too Many Requests) (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2301\"\u003e#2301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/68a569e4a0eb927d36ccb0fcdf4578425c03b5a2\"\u003e\u003ccode\u003e68a569e\u003c/code\u003e\u003c/a\u003e fix: preserve per-occurrence layer identity in Layers() (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2299\"\u003e#2299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/35b354b436879457221028f05a580fe1c0deccbc\"\u003e\u003ccode\u003e35b354b\u003c/code\u003e\u003c/a\u003e fix(mutate): preserve config blob and layers for non-Docker OCI artifacts (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2\"\u003e#2\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/e5983f2a67ec46b76984ce6de85de08a44eee955\"\u003e\u003ccode\u003ee5983f2\u003c/code\u003e\u003c/a\u003e remote: block SSRF via private-IP Location headers in blob uploads (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2295\"\u003e#2295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/6dad820da7de0d619f1127c46914f2eaf58e3b46\"\u003e\u003ccode\u003e6dad820\u003c/code\u003e\u003c/a\u003e remote: validate foreign layer URLs to prevent SSRF (fixes \u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2259\"\u003e#2259\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2293\"\u003e#2293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/78bdf1b7e2105cdfcd8f23509992c78357ce16ed\"\u003e\u003ccode\u003e78bdf1b\u003c/code\u003e\u003c/a\u003e validate: skip non-layer layers (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/c29d91cdc394cb288270f4dd04a31f81054946f4\"\u003e\u003ccode\u003ec29d91c\u003c/code\u003e\u003c/a\u003e pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/a70d75a6915ed3137792206dac4bca21d1924959\"\u003e\u003ccode\u003ea70d75a\u003c/code\u003e\u003c/a\u003e transport: block redirects from token server to private/link-local addresses ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/google/go-containerregistry/compare/v0.21.5...v0.21.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/image/v5` from 5.39.2 to 5.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/3c2fa91fe10032693063faac91470a84523dd26a\"\u003e\u003ccode\u003e3c2fa91\u003c/code\u003e\u003c/a\u003e Bump to c/image v5.40\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/f871d195072be221537d1d7d5fd969c9a3ac9f17\"\u003e\u003ccode\u003ef871d19\u003c/code\u003e\u003c/a\u003e Bump to c/storage v1.63.0 in c/image, c/image to v5.40\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/550f62f274dbfc1523ade003f1e9384fff829f17\"\u003e\u003ccode\u003e550f62f\u003c/code\u003e\u003c/a\u003e Bump c/storage to v1.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/4fa186482657d75f3a09beec74090040527bc8d6\"\u003e\u003ccode\u003e4fa1864\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/816\"\u003e#816\u003c/a\u003e from alexlarsson/fix-composefs-verity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/32704ef886484dac01d986ed459da3f632a03ce8\"\u003e\u003ccode\u003e32704ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/855\"\u003e#855\u003c/a\u003e from containers/renovate/github.com-docker-cli-29.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/98ff31ac75a0d58ceb4a37ff80a7be1d6d2e5ced\"\u003e\u003ccode\u003e98ff31a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/853\"\u003e#853\u003c/a\u003e from mheon/containers_conf_documentation_removals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/3e1614595cda86809c27a8be66bbbe9e65c383ba\"\u003e\u003ccode\u003e3e16145\u003c/code\u003e\u003c/a\u003e Update module github.com/docker/cli to v29.5.1+incompatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/206fff340ff068bd07193556a8a254c1b59b826f\"\u003e\u003ccode\u003e206fff3\u003c/code\u003e\u003c/a\u003e Manpage: remove slirp4netns/boltdb references\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/3592bda57d2498defdf73f2d53f899267cda74d7\"\u003e\u003ccode\u003e3592bda\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/852\"\u003e#852\u003c/a\u003e from containers/renovate/github.com-onsi-gomega-1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/f04d9c8daa467c4cae240b3ec62059df87c0c726\"\u003e\u003ccode\u003ef04d9c8\u003c/code\u003e\u003c/a\u003e Update module github.com/onsi/gomega to v1.41.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/container-libs/compare/image/v5.39.2...image/v5.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/cli` from 29.5.0+incompatible to 29.5.1+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/2518b52d948a0cbee071d394c03c86a3005636ba\"\u003e\u003ccode\u003e2518b52\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6991\"\u003e#6991\u003c/a\u003e from mickael-docker/docs-clarify-authz\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/9f18a0a70c9228f5892594c6b56425b8bed1899f\"\u003e\u003ccode\u003e9f18a0a\u003c/code\u003e\u003c/a\u003e docs: clarify authz content type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/2944fd1daa5d54315ab8fcd874ea9cb6199c6117\"\u003e\u003ccode\u003e2944fd1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6989\"\u003e#6989\u003c/a\u003e from thaJeztah/bump_version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/c41489ac3901885bb3891aef9cfe65ca69dc4580\"\u003e\u003ccode\u003ec41489a\u003c/code\u003e\u003c/a\u003e bump VERSION to v29.5.1-dev\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/docker/cli/compare/v29.5.0...v29.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/storage` from 1.62.0 to 1.63.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/550f62f274dbfc1523ade003f1e9384fff829f17\"\u003e\u003ccode\u003e550f62f\u003c/code\u003e\u003c/a\u003e Bump c/storage to v1.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/4fa186482657d75f3a09beec74090040527bc8d6\"\u003e\u003ccode\u003e4fa1864\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/816\"\u003e#816\u003c/a\u003e from alexlarsson/fix-composefs-verity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/32704ef886484dac01d986ed459da3f632a03ce8\"\u003e\u003ccode\u003e32704ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/855\"\u003e#855\u003c/a\u003e from containers/renovate/github.com-docker-cli-29.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/98ff31ac75a0d58ceb4a37ff80a7be1d6d2e5ced\"\u003e\u003ccode\u003e98ff31a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/853\"\u003e#853\u003c/a\u003e from mheon/containers_conf_documentation_removals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/3e1614595cda86809c27a8be66bbbe9e65c383ba\"\u003e\u003ccode\u003e3e16145\u003c/code\u003e\u003c/a\u003e Update module github.com/docker/cli to v29.5.1+incompatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/206fff340ff068bd07193556a8a254c1b59b826f\"\u003e\u003ccode\u003e206fff3\u003c/code\u003e\u003c/a\u003e Manpage: remove slirp4netns/boltdb references\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/3592bda57d2498defdf73f2d53f899267cda74d7\"\u003e\u003ccode\u003e3592bda\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/852\"\u003e#852\u003c/a\u003e from containers/renovate/github.com-onsi-gomega-1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/f04d9c8daa467c4cae240b3ec62059df87c0c726\"\u003e\u003ccode\u003ef04d9c8\u003c/code\u003e\u003c/a\u003e Update module github.com/onsi/gomega to v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/21fcc1a3fc8b9fcd1d438f4647ed0aa4930f6919\"\u003e\u003ccode\u003e21fcc1a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/755\"\u003e#755\u003c/a\u003e from Honny1/pesto-support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/131c1709ef52b977694a1b355281275feea8ae92\"\u003e\u003ccode\u003e131c170\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/851\"\u003e#851\u003c/a\u003e from containers/renovate/github.com-onsi-ginkgo-v2-2.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/container-libs/compare/storage/v1.62.0...storage/v1.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eMost Recent Ignore Conditions Applied to This Pull Request\u003c/summary\u003e\n\n| Dependency Name | Ignore Conditions |\n| --- | --- |\n| github.com/cyphar/filepath-securejoin | [\u003e 0.5.1] |\n\u003c/details\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/529","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/529","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/529/packages"},{"uuid":"4362780299","node_id":"PR_kwDOSQZXqs7XVomI","number":6,"state":"closed","title":"build(deps): bump the go-dependencies group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-01T04:40:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-01T04:22:42.000Z","updated_at":"2026-05-01T04:40:52.000Z","time_to_close":1089,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go-dependencies","update_count":10,"packages":[{"name":"dario.cat/mergo","old_version":"1.0.0","new_version":"1.0.2","repository_url":"https://github.com/imdario/mergo"},{"name":"github.com/ProtonMail/go-crypto","old_version":"1.1.6","new_version":"1.4.1","repository_url":"https://github.com/ProtonMail/go-crypto"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.4.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/kevinburke/ssh_config","old_version":"1.2.0","new_version":"1.6.0","repository_url":"https://github.com/kevinburke/ssh_config"},{"name":"github.com/pjbgf/sha1cd","old_version":"0.3.2","new_version":"0.5.0","repository_url":"https://github.com/pjbgf/sha1cd"},{"name":"github.com/sergi/go-diff","old_version":"1.3.2-0.20230802210424-5b0b94c5c0d3","new_version":"1.4.0","repository_url":"https://github.com/sergi/go-diff"},{"name":"github.com/skeema/knownhosts","old_version":"1.3.1","new_version":"1.3.2","repository_url":"https://github.com/skeema/knownhosts"},{"name":"golang.org/x/crypto","old_version":"0.45.0","new_version":"0.50.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-dependencies group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dario.cat/mergo](https://github.com/imdario/mergo) | `1.0.0` | `1.0.2` |\n| [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) | `1.1.6` | `1.4.1` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.4.1` | `0.6.1` |\n| [github.com/kevinburke/ssh_config](https://github.com/kevinburke/ssh_config) | `1.2.0` | `1.6.0` |\n| [github.com/pjbgf/sha1cd](https://github.com/pjbgf/sha1cd) | `0.3.2` | `0.5.0` |\n| [github.com/sergi/go-diff](https://github.com/sergi/go-diff) | `1.3.2-0.20230802210424-5b0b94c5c0d3` | `1.4.0` |\n| [github.com/skeema/knownhosts](https://github.com/skeema/knownhosts) | `1.3.1` | `1.3.2` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.45.0` | `0.50.0` |\n\n\nUpdates `dario.cat/mergo` from 1.0.0 to 1.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/imdario/mergo/releases\"\u003edario.cat/mergo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrops \u003ccode\u003egopkg.in/yaml.v3\u003c/code\u003e, only used for loading fixtures. Thanks \u003ca href=\"https://github.com/trim21\"\u003e\u003ccode\u003e@​trim21\u003c/code\u003e\u003c/a\u003e for bringing to my attention (\u003ca href=\"https://redirect.github.com/imdario/mergo/issues/262\"\u003e#262\u003c/a\u003e) that this library is no longer maintained.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/darccio/mergo/compare/v1.0.1...v1.0.2\"\u003ehttps://github.com/darccio/mergo/compare/v1.0.1...v1.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes issue \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/187\"\u003e#187\u003c/a\u003e by \u003ca href=\"https://github.com/vsemichev\"\u003e\u003ccode\u003e@​vsemichev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/darccio/mergo/pull/253\"\u003edarccio/mergo#253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ccode\u003eWithoutDereference\u003c/code\u003e should respect non-nil struct pointers by \u003ca href=\"https://github.com/joshkaplinsky\"\u003e\u003ccode\u003e@​joshkaplinsky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/darccio/mergo/pull/251\"\u003edarccio/mergo#251\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsemichev\"\u003e\u003ccode\u003e@​vsemichev\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/darccio/mergo/pull/253\"\u003edarccio/mergo#253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joshkaplinsky\"\u003e\u003ccode\u003e@​joshkaplinsky\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/darccio/mergo/pull/251\"\u003edarccio/mergo#251\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1\"\u003ehttps://github.com/darccio/mergo/compare/v1.0.0...v1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/7b33b2b01026fbbbbfcfbb1ee2c9c0a5e0c9a9f7\"\u003e\u003ccode\u003e7b33b2b\u003c/code\u003e\u003c/a\u003e refactor: migrate from YAML to JSON for test data and update related functions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/229a2148678d4519fffd30dff24685551e57544a\"\u003e\u003ccode\u003e229a214\u003c/code\u003e\u003c/a\u003e chore(.well-known): add funding manifest URLs file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/6be20c6d7d20645054fcc648b9226ae11d48ad27\"\u003e\u003ccode\u003e6be20c6\u003c/code\u003e\u003c/a\u003e chore(SECURITY.md): update supported versions to reflect current versioning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/9007623e5248b4a61fff3b3969168d1dc313df9e\"\u003e\u003ccode\u003e9007623\u003c/code\u003e\u003c/a\u003e chore(README) : remove kubernetes from the list of users\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/2b1eb9c67d7332f286430af241180c5005a6a5a4\"\u003e\u003ccode\u003e2b1eb9c\u003c/code\u003e\u003c/a\u003e Update FUNDING.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/2ceb99467bfe70a74b30b1194774ac63f1888632\"\u003e\u003ccode\u003e2ceb994\u003c/code\u003e\u003c/a\u003e Create FUNDING.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/59ea6a9cd9f9c60cb6b1c58476f76cd3172ccebf\"\u003e\u003ccode\u003e59ea6a9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/251\"\u003e#251\u003c/a\u003e from joshkaplinsky/joshkaplinsky/without-dereference-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/96f24afa924ff3b6f024de9f5aa72020078b06f9\"\u003e\u003ccode\u003e96f24af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/253\"\u003e#253\u003c/a\u003e from vsemichev/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/2f1a6156ce0c8b8a6291926b75bc27b9b8fc2bfe\"\u003e\u003ccode\u003e2f1a615\u003c/code\u003e\u003c/a\u003e fixes issue \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/187\"\u003e#187\u003c/a\u003e. adds test to verify the fix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/4da170b81eef59e84cfa68070a73aea40f98ddbd\"\u003e\u003ccode\u003e4da170b\u003c/code\u003e\u003c/a\u003e fixes issue \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/187\"\u003e#187\u003c/a\u003e. attempt \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/3\"\u003e#3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/imdario/mergo/compare/v1.0.0...v1.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/ProtonMail/go-crypto` from 1.1.6 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ProtonMail/go-crypto/releases\"\u003egithub.com/ProtonMail/go-crypto's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProperly handle ECC keys with invalid points in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/304\"\u003eProtonMail/go-crypto#304\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ProtonMail/go-crypto/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/ProtonMail/go-crypto/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease v1.4.1-proton\u003c/h2\u003e\n\u003cp\u003eThis release is v1.4.1 with support for the following non-standardized features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePresistent symmetric keys experimental + latest draft \u003ca href=\"https://www.ietf.org/archive/id/draft-ietf-openpgp-persistent-symmetric-keys-00.html\"\u003edraft-ietf-openpgp-persistent-symmetric-keys-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAutomatic forwarding \u003ca href=\"https://www.ietf.org/archive/id/draft-wussler-openpgp-forwarding-00.html\"\u003edraft-wussler-openpgp-forwarding-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePost-quantum algorithms \u003ca href=\"https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/\"\u003edraft-ietf-openpgp-pqc\u003c/a\u003e (Updated to draft-ietf-openpgp-pqc-09)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore leading and trailing whitespaces in the armor body in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/288\"\u003eProtonMail/go-crypto#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate key_generation.go, rename variables to avoid shadowing in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/290\"\u003eProtonMail/go-crypto#290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd InsecureGenerateNonCriticalKeyFlags option to generate non-critical key flags signature subpackets in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/291\"\u003eProtonMail/go-crypto#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd InsecureGenerateNonCriticalSignatureCreationTime option to generate non-critical signature creation time subpackets in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/292\"\u003eProtonMail/go-crypto#292\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump dependencies and min go version to 1.23 in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/294\"\u003eProtonMail/go-crypto#294\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eECDHv4: Error on low-order x25519 public key curve points in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/299\"\u003eProtonMail/go-crypto#299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleartext: Only allow valid hashes in header in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/298\"\u003eProtonMail/go-crypto#298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ProtonMail/go-crypto/compare/v1.3.0...v1.4.0\"\u003ehttps://github.com/ProtonMail/go-crypto/compare/v1.3.0...v1.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease v1.4.0-proton\u003c/h2\u003e\n\u003cp\u003eThis release is v1.4.0 with support for the following non-standardized features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePresistent symmetric keys experimental + latest draft \u003ca href=\"https://www.ietf.org/archive/id/draft-ietf-openpgp-persistent-symmetric-keys-00.html\"\u003edraft-ietf-openpgp-persistent-symmetric-keys-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAutomatic forwarding \u003ca href=\"https://www.ietf.org/archive/id/draft-wussler-openpgp-forwarding-00.html\"\u003edraft-wussler-openpgp-forwarding-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePost-quantum algorithms \u003ca href=\"https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/\"\u003edraft-ietf-openpgp-pqc\u003c/a\u003e (Updated to draft-ietf-openpgp-pqc-09)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAPI v2: Tolerate invalid key signatures if one verifies in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/284\"\u003eProtonMail/go-crypto#284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce acceptable hash functions in clearsign in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/281\"\u003eProtonMail/go-crypto#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow to set a decompressed message size limit in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/285\"\u003eProtonMail/go-crypto#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAPI v1: Only allow acceptable hashes when writing signatures in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/286\"\u003eProtonMail/go-crypto#286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ProtonMail/go-crypto/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/ProtonMail/go-crypto/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease v1.3.0-proton\u003c/h2\u003e\n\u003cp\u003eThis release is v1.3.0 with support for the following non-standardized features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePresistent symmetric keys experimental + latest draft \u003ca href=\"https://www.ietf.org/archive/id/draft-ietf-openpgp-persistent-symmetric-keys-00.html\"\u003edraft-ietf-openpgp-persistent-symmetric-keys-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAutomatic forwarding \u003ca href=\"https://www.ietf.org/archive/id/draft-wussler-openpgp-forwarding-00.html\"\u003edraft-wussler-openpgp-forwarding-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePost-quantum algorithms \u003ca href=\"https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/\"\u003edraft-ietf-openpgp-pqc\u003c/a\u003e (Updated to draft-ietf-openpgp-pqc-09)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/2e73b118bb72881b92b292f85cb2d057c3d7bef0\"\u003e\u003ccode\u003e2e73b11\u003c/code\u003e\u003c/a\u003e Properly handle ECC keys with invalid points (\u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/issues/304\"\u003e#304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/a8cc4f09f6cb247ab2180b45029ddaa736674f87\"\u003e\u003ccode\u003ea8cc4f0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/issues/298\"\u003e#298\u003c/a\u003e from ProtonMail/feat/cleartext-hash-header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/57f891b6b4d198fb18adb4877d4192fb96f9f5a0\"\u003e\u003ccode\u003e57f891b\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/cleartext-hash-header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/da5c190d0ba1061cb21d8d311f6032c8bc43e80d\"\u003e\u003ccode\u003eda5c190\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/issues/299\"\u003e#299\u003c/a\u003e from ProtonMail/fix/ecdh-low-order-curve-points\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/3cc59b0193219e5850b874a52873671c65a0c907\"\u003e\u003ccode\u003e3cc59b0\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/cleartext-hash-header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/b11bd2375b66c0f6b33c355563b59029edd7f117\"\u003e\u003ccode\u003eb11bd23\u003c/code\u003e\u003c/a\u003e fix(ecdh): Do not allow low order public key points\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/b6bdd12c063898caa069ec5379fe5080d1bafcd1\"\u003e\u003ccode\u003eb6bdd12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/issues/294\"\u003e#294\u003c/a\u003e from ProtonMail/chore/bump-go-and-circl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/b1ff3d56014e94dfd37402b2c1c25d239bb38405\"\u003e\u003ccode\u003eb1ff3d5\u003c/code\u003e\u003c/a\u003e Bump crypto dependencies and min go version to 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/cfb2af9d2cff2ca2e2d403f9118a1a9265e86e02\"\u003e\u003ccode\u003ecfb2af9\u003c/code\u003e\u003c/a\u003e fix(cleartext): Check hashes in headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/de877883d43979a32c829304ad8119dddd8b0dd9\"\u003e\u003ccode\u003ede87788\u003c/code\u003e\u003c/a\u003e Add InsecureGenerateNonCriticalSignatureCreationTime option to generate non-c...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ProtonMail/go-crypto/compare/v1.1.6...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.4.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.1] - 2025-10-31\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eSpooky scary skeletons send shivers down your spine!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.4.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/kevinburke/ssh_config` from 1.2.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kevinburke/ssh_config/blob/master/CHANGELOG.md\"\u003egithub.com/kevinburke/ssh_config's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003ch2\u003eVersion 1.7 (unreleased)\u003c/h2\u003e\n\u003cp\u003eUpdate default values to match current openssh-portable (previously based on\nOpenSSH 7.4p1 from 2016).\u003c/p\u003e\n\u003cp\u003eBreaking changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003eCipher\u003c/code\u003e default (SSH protocol 1 only, deprecated in openssh-portable)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eChallengeResponseAuthentication\u003c/code\u003e default (alias for \u003ccode\u003eKbdInteractiveAuthentication\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eCompressionLevel\u003c/code\u003e default (unsupported in openssh-portable)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eProtocol\u003c/code\u003e default (silently ignored in openssh-portable)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eRhostsRSAAuthentication\u003c/code\u003e default (SSH protocol 1 only, unsupported)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eRSAAuthentication\u003c/code\u003e default (SSH protocol 1 only, unsupported)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eUsePrivilegedPort\u003c/code\u003e default (deprecated in openssh-portable)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eIdentityFile\u003c/code\u003e default of \u003ccode\u003e~/.ssh/identity\u003c/code\u003e (SSH protocol 1 only)\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eCheckHostIP\u003c/code\u003e default from \u003ccode\u003e\u0026quot;yes\u0026quot;\u003c/code\u003e to \u003ccode\u003e\u0026quot;no\u0026quot;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eUpdateHostKeys\u003c/code\u003e default from \u003ccode\u003e\u0026quot;no\u0026quot;\u003c/code\u003e to \u003ccode\u003e\u0026quot;yes\u0026quot;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eCiphers\u003c/code\u003e default to remove CBC ciphers\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eKexAlgorithms\u003c/code\u003e default to add post-quantum algorithms and remove SHA1 variants\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eHostKeyAlgorithms\u003c/code\u003e default to add sk-\u003cem\u003e, webauthn-\u003c/em\u003e, rsa-sha2-* and remove ssh-rsa\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eHostbasedKeyTypes\u003c/code\u003e default (same as \u003ccode\u003eHostKeyAlgorithms\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003ePubkeyAcceptedKeyTypes\u003c/code\u003e default (same as \u003ccode\u003eHostKeyAlgorithms\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eForwardX11Timeout\u003c/code\u003e default from \u003ccode\u003e\u0026quot;20m\u0026quot;\u003c/code\u003e to \u003ccode\u003e\u0026quot;1200\u0026quot;\u003c/code\u003e (same duration, now in seconds)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003edefaultProtocol2Identities\u003c/code\u003e to \u003ccode\u003edefaultIdentityFiles\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003e~/.ssh/id_dsa\u003c/code\u003e from default identity files\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eForwardAgent\u003c/code\u003e from strict yes/no validation (now also accepts a socket path)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eCompressionLevel\u003c/code\u003e from uint validation\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOther changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eControlPersist\u003c/code\u003e default (\u003ccode\u003e\u0026quot;no\u0026quot;\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRequestTTY\u003c/code\u003e default (\u003ccode\u003e\u0026quot;auto\u0026quot;\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eSessionType\u003c/code\u003e default (\u003ccode\u003e\u0026quot;default\u0026quot;\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eCASignatureAlgorithms\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eHostbasedAcceptedAlgorithms\u003c/code\u003e default (new name for \u003ccode\u003eHostbasedKeyTypes\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ePubkeyAcceptedAlgorithms\u003c/code\u003e default (new name for \u003ccode\u003ePubkeyAcceptedKeyTypes\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e~/.ssh/id_ecdsa_sk\u003c/code\u003e and \u003ccode\u003e~/.ssh/id_ed25519_sk\u003c/code\u003e to default identity files\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6 (released February 16, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSupport \u003ccode\u003e~\u003c/code\u003e as the user's home directory in \u003ccode\u003eInclude\u003c/code\u003e directives, matching\nthe behavior described in ssh_config(5). Thanks to Neil Williams for the report\n(\u003ca href=\"https://redirect.github.com/kevinburke/ssh_config/issues/31\"\u003e#31\u003c/a\u003e).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStrip surrounding double quotes from parsed values. OpenSSH allows values\nlike \u003ccode\u003eIdentityFile \u0026quot;/path/to/file\u0026quot;\u003c/code\u003e, but Get/GetAll previously returned the\nquotes as literal characters. Quotes are now stripped from the returned value\nwhile preserving the original text for faithful roundtripping via String() and\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/ac007ea1b91b739786f2a9dc42f5ed9e6e915319\"\u003e\u003ccode\u003eac007ea\u003c/code\u003e\u003c/a\u003e CHANGELOG.md: add v1.6.0 changes, backfill v1.5.0 section\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/6f3abd72f38c8dca4fd146634216f4b5d3301646\"\u003e\u003ccode\u003e6f3abd7\u003c/code\u003e\u003c/a\u003e config: support ~ as user's home directory in Include\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/cc9f70053599eab616aa522f34eae1b32d6d3e23\"\u003e\u003ccode\u003ecc9f700\u003c/code\u003e\u003c/a\u003e config: simplify composite literal in newConfig\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/538d5a78536d897be3ed48a94d41d863b92961ed\"\u003e\u003ccode\u003e538d5a7\u003c/code\u003e\u003c/a\u003e config: default to a space before '#' in EOL comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/04e0fd693c75ffbe3377458a77e19c414b11193c\"\u003e\u003ccode\u003e04e0fd6\u003c/code\u003e\u003c/a\u003e config: strip surrounding double quotes from parsed values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/568811ae7cc1ae0265dcc717bcf5a3f6e416a2b6\"\u003e\u003ccode\u003e568811a\u003c/code\u003e\u003c/a\u003e ci: disable setup-go cache, update checkout to v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/e0b4ce953a70794a085eb763967633a835c1e7f4\"\u003e\u003ccode\u003ee0b4ce9\u003c/code\u003e\u003c/a\u003e 1.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/f2e12b8b8c1769efe9f803f351fd5d19fd303ce5\"\u003e\u003ccode\u003ef2e12b8\u003c/code\u003e\u003c/a\u003e CHANGELOG.md: improve fidelity and dates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/f1fac02d87e79645383834fa89e9bb7ca049320e\"\u003e\u003ccode\u003ef1fac02\u003c/code\u003e\u003c/a\u003e all: implement Match support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/482de704302ff32e1f95f3e7d4e09a99fb10e36e\"\u003e\u003ccode\u003e482de70\u003c/code\u003e\u003c/a\u003e SECURITY.md: add\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kevinburke/ssh_config/compare/v1.2...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/pjbgf/sha1cd` from 0.3.2 to 0.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pjbgf/sha1cd/releases\"\u003egithub.com/pjbgf/sha1cd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor arm64 implementation and drop use of AVO by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/192\"\u003epjbgf/sha1cd#192\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Decrease dependabot interval by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/193\"\u003epjbgf/sha1cd#193\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e20a022e\u003c/code\u003e to \u003ccode\u003e14fd8a5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/194\"\u003epjbgf/sha1cd#194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce allocations per operation to zero by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/195\"\u003epjbgf/sha1cd#195\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Add bench execution by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/197\"\u003epjbgf/sha1cd#197\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce SIMD for arm64 by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/198\"\u003epjbgf/sha1cd#198\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eamd64: Add SHANI implementation by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/199\"\u003epjbgf/sha1cd#199\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pjbgf/sha1cd/compare/v0.4.0...v0.5.0\"\u003ehttps://github.com/pjbgf/sha1cd/compare/v0.4.0...v0.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eARM64 native support for improved performance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eArm64 implementation for UBC by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/184\"\u003epjbgf/sha1cd#184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003earm64\u003c/code\u003e native version by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/188\"\u003epjbgf/sha1cd#188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Add GitHub arm64 runners to workflows by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/189\"\u003epjbgf/sha1cd#189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003earm64: Drop unused vregs by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/191\"\u003epjbgf/sha1cd#191\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003ecrypto.RegisterHash\u003c/code\u003e call by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/170\"\u003epjbgf/sha1cd#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Remove \u003ccode\u003ecrypto.RegisterHash\u003c/code\u003e call\u0026quot; by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/190\"\u003epjbgf/sha1cd#190\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency bumps\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e51a6466\u003c/code\u003e to \u003ccode\u003e8c10f21\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/153\"\u003epjbgf/sha1cd#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 5.2.0 to 5.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/151\"\u003epjbgf/sha1cd#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.1 to 3.28.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/152\"\u003epjbgf/sha1cd#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.5 to 3.28.8 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/154\"\u003epjbgf/sha1cd#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.8 to 3.28.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/155\"\u003epjbgf/sha1cd#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e8c10f21\u003c/code\u003e to \u003ccode\u003e9271129\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/156\"\u003epjbgf/sha1cd#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from 1.23 to 1.24 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/157\"\u003epjbgf/sha1cd#157\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.9 to 3.28.10 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/158\"\u003epjbgf/sha1cd#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.10 to 3.28.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/160\"\u003epjbgf/sha1cd#160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e2b1cbf2\u003c/code\u003e to \u003ccode\u003e3f74443\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/159\"\u003epjbgf/sha1cd#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.11 to 3.28.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/161\"\u003epjbgf/sha1cd#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e3f74443\u003c/code\u003e to \u003ccode\u003e52ff1b3\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/163\"\u003epjbgf/sha1cd#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 5.3.0 to 5.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/162\"\u003epjbgf/sha1cd#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.12 to 3.28.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/164\"\u003epjbgf/sha1cd#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.13 to 3.28.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/166\"\u003epjbgf/sha1cd#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e52ff1b3\u003c/code\u003e to \u003ccode\u003e991aa6a\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/165\"\u003epjbgf/sha1cd#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e991aa6a\u003c/code\u003e to \u003ccode\u003e1ecc479\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/168\"\u003epjbgf/sha1cd#168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from 1.24@sha256:1ecc479bc712a6bdb56df3e346e33edcc141f469f82840bab9f4bc2bc41bf91d to sha256:d9db32125db0c3a680cfb7a1afcaefb89c898a075ec148fdc2f0f646cc2ed509 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/169\"\u003epjbgf/sha1cd#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.14 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/167\"\u003epjbgf/sha1cd#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.15 to 3.28.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/171\"\u003epjbgf/sha1cd#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.16 to 3.28.17 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/173\"\u003epjbgf/sha1cd#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003ed9db321\u003c/code\u003e to \u003ccode\u003e30baaea\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/172\"\u003epjbgf/sha1cd#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 5.4.0 to 5.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/174\"\u003epjbgf/sha1cd#174\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/85c7a3d70262468410b9929213afcd36867cb67b\"\u003e\u003ccode\u003e85c7a3d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/issues/199\"\u003e#199\u003c/a\u003e from pjbgf/amd64-simd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/75a44616b6b130fed23801f067e96e7d18386ca9\"\u003e\u003ccode\u003e75a4461\u003c/code\u003e\u003c/a\u003e ubc: Remove native implementations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/e239975695a7a0276bc8a130a276fc04b937a34c\"\u003e\u003ccode\u003ee239975\u003c/code\u003e\u003c/a\u003e amd64: Introduce SHANI implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/f052d33297d687d11a6267634503a7ede49b3f80\"\u003e\u003ccode\u003ef052d33\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/issues/198\"\u003e#198\u003c/a\u003e from pjbgf/arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/8792028ed6b081186695df4cc2e95a3ef015ffa0\"\u003e\u003ccode\u003e8792028\u003c/code\u003e\u003c/a\u003e arm64: Introduce SIMD implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/1d04cf2182431eb162cbabeec8e324149edfb14f\"\u003e\u003ccode\u003e1d04cf2\u003c/code\u003e\u003c/a\u003e Remove redundant go:generate instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/6fb6277ed91a9966d2add8237c5ed9a00a65ef87\"\u003e\u003ccode\u003e6fb6277\u003c/code\u003e\u003c/a\u003e Run golden tests on generic and native implementations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/88099dc9d5922903b22642b2bcf78ea8658899bc\"\u003e\u003ccode\u003e88099dc\u003c/code\u003e\u003c/a\u003e ubc: Add noescape and nosplit directives\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/2692cee336a0f7baa1cfcacc95a1e45783f74195\"\u003e\u003ccode\u003e2692cee\u003c/code\u003e\u003c/a\u003e cgo: Align digest creation with purego implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/d390839223c3c24b27e49c17c2702c69ede16200\"\u003e\u003ccode\u003ed390839\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/issues/197\"\u003e#197\u003c/a\u003e from pjbgf/bench\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pjbgf/sha1cd/compare/v0.3.2...v0.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sergi/go-diff` from 1.3.2-0.20230802210424-5b0b94c5c0d3 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sergi/go-diff/commits/v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/skeema/knownhosts` from 1.3.1 to 1.3.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/b9f50b4a05dbf3a2392d9ffba3399dd74315ab4c\"\u003e\u003ccode\u003eb9f50b4\u003c/code\u003e\u003c/a\u003e ci: use Go 1.24 as per minimum in go.mod\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/3e58378eb0efa27430c1e06fc25d59cb9e6887d7\"\u003e\u003ccode\u003e3e58378\u003c/code\u003e\u003c/a\u003e update golang.org/x/crypto to v0.42.0; revise IPv6 logic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/5b6f59f4b742234a6353d4bab3c6a9e2e0a901a2\"\u003e\u003ccode\u003e5b6f59f\u003c/code\u003e\u003c/a\u003e tests: fix test logic for x/crypto 0.37.0 change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/eef745591bbaffdbaef2e742c543f1a7258e6fda\"\u003e\u003ccode\u003eeef7455\u003c/code\u003e\u003c/a\u003e update dependency golang.org/x/crypto to v0.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/e3098efa96b0f3a1b3afc30a03f5fa73e3c9454f\"\u003e\u003ccode\u003ee3098ef\u003c/code\u003e\u003c/a\u003e update dependency golang.org/x/crypto to v0.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/c884d65c077861e6c7190de0ef6b9d316f76847f\"\u003e\u003ccode\u003ec884d65\u003c/code\u003e\u003c/a\u003e ci: add govulncheck; pin goveralls version; use Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/a8761da3f2ccc3cdb4809d5026c24283842a4ba7\"\u003e\u003ccode\u003ea8761da\u003c/code\u003e\u003c/a\u003e comments: update to reflect golang.org/x/crypto/ssh/knownhosts change\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/skeema/knownhosts/compare/v1.3.1...v1.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.45.0 to 0.50.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/03ca0dcccbd37ba6be80adf74dde8d78a4d72817\"\u003e\u003ccode\u003e03ca0dc\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/8400f4a938077a7a7817ab7d163d148e371b320b\"\u003e\u003ccode\u003e8400f4a\u003c/code\u003e\u003c/a\u003e ssh: respect signer's algorithm preference in pickSignatureAlgorithm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/81c6cb34a8fc386ed53293cd79e3c0c232ee7366\"\u003e\u003ccode\u003e81c6cb3\u003c/code\u003e\u003c/a\u003e ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/982eaa62dfb7273603b97fc1835561450096f3bd\"\u003e\u003ccode\u003e982eaa6\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/159944f128e9b3fdeb5a5b9b102a961904601a87\"\u003e\u003ccode\u003e159944f\u003c/code\u003e\u003c/a\u003e ssh,acme: clean up tautological/impossible nil conditions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a408498e55412f2ae2a058336f78889fb1ba6115\"\u003e\u003ccode\u003ea408498\u003c/code\u003e\u003c/a\u003e acme: only require prompt if server has terms of service\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/cab0f718548e8a858701b7b48161f44748532f58\"\u003e\u003ccode\u003ecab0f71\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.25.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2f26647a795e74e712b3aebc2655bca60b2686f9\"\u003e\u003ccode\u003e2f26647\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e08b06753d6a72f1fe375b6e0fefefb39917c165\"\u003e\u003ccode\u003ee08b067\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7d0074ccc6f17acbf2ebb10db06d492e08f887dc\"\u003e\u003ccode\u003e7d0074c\u003c/code\u003e\u003c/a\u003e scrypt: fix panic on parameters \u0026lt;= 0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.45.0...v0.50.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.47.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/316e20ce34d380337f7983808c26948232e16455\"\u003e\u003ccode\u003e316e20c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/9767a42264fa70b674c643d0c87ee95c309a4553\"\u003e\u003ccode\u003e9767a42\u003c/code\u003e\u003c/a\u003e internal/http3: add support for plugging into net/http\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/4a812844d820f49985ee15998af285c43b0a6b96\"\u003e\u003ccode\u003e4a81284\u003c/code\u003e\u003c/a\u003e http2: update docs to disrecommend this package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/dec6603c16144712aab7f44821471346b35a2230\"\u003e\u003ccode\u003edec6603\u003c/code\u003e\u003c/a\u003e dns/dnsmessage: reject too large of names early during unpack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/8afa12f927391ba32da2b75b864a3ad04cac6376\"\u003e\u003ccode\u003e8afa12f\u003c/code\u003e\u003c/a\u003e http2: deprecate write schedulers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/38019a2dbc2645a4c06a1e983681eefb041171c8\"\u003e\u003ccode\u003e38019a2\u003c/code\u003e\u003c/a\u003e http2: add missing copyright header to export_test.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/039b87fac41ca283465e12a3bcc170ccd6c92f84\"\u003e\u003ccode\u003e039b87f\u003c/code\u003e\u003c/a\u003e internal/http3: return error when Write is used after status 304 is set\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/6267c6c4c825a78e4c9cbdc19c705bc81716597c\"\u003e\u003ccode\u003e6267c6c\u003c/code\u003e\u003c/a\u003e internal/http3: add HTTP 103 Early Hints support to ClientConn\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/591bdf35bce56ad50f53555c3cbb31e4bdda2d58\"\u003e\u003ccode\u003e591bdf3\u003c/code\u003e\u003c/a\u003e internal/http3: add HTTP 103 Early Hints support to Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1faa6d8722697d9a1d8d4e973b3c46c7a5563f6c\"\u003e\u003ccode\u003e1faa6d8\u003c/code\u003e\u003c/a\u003e internal/http3: avoid potential race when aborting RoundTrip\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.47.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.38.0 to 0.43.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/f33a730cd0c449cfd6f7106780c73052e96cc33d\"\u003e\u003ccode\u003ef33a730\u003c/code\u003e\u003c/a\u003e windows: support nil security descriptor on GetNamedSecurityInfo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/493d1725989a7a3f3582adfa68faf7207aec666b\"\u003e\u003ccode\u003e493d172\u003c/code\u003e\u003c/a\u003e cpu: add runtime import in cpu_darwin_arm64_other.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2c2be756b97dee6d15aba69839acfbd4e0f3ccc5\"\u003e\u003ccode\u003e2c2be75\u003c/code\u003e\u003c/a\u003e windows: use syscall.SyscallN in Proc.Call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/a76ec62d6c5389e4fe51c659ba926bf71e471a67\"\u003e\u003ccode\u003ea76ec62\u003c/code\u003e\u003c/a\u003e cpu: roll back \u0026quot;use IsProcessorFeaturePresent to calculate ARM64 on windows\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/eaaaaee1dc1aacededf4a89bc4544558f425d5f1\"\u003e\u003ccode\u003eeaaaaee\u003c/code\u003e\u003c/a\u003e windows/registry: correct KeyInfo.ModTime calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/942780bbc19517df4948a6dbc8c33d2228e5f905\"\u003e\u003ccode\u003e942780b\u003c/code\u003e\u003c/a\u003e cpu: darwin/arm64 feature detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/acef38879efe90cf77ebc2b3dd49d4283ad7c6d6\"\u003e\u003ccode\u003eacef388\u003c/code\u003e\u003c/a\u003e unix/linux: Prefixmsg and PrefixCacheinfo structs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/3687fbd71652878ab091f7272b84537b63fe0b55\"\u003e\u003ccode\u003e3687fbd\u003c/code\u003e\u003c/a\u003e cpu: better defaults on darwin ARM64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/48062e9b9abf3dc7106bd8e3990ba8f47862022a\"\u003e\u003ccode\u003e48062e9\u003c/code\u003e\u003c/a\u003e plan9: change Note to alias syscall.Note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/4f23f804edb0e01ed41cebeafbc82374889eddee\"\u003e\u003ccode\u003e4f23f80\u003c/code\u003e\u003c/a\u003e windows: change Signal to alias syscall.Signal\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/sys/compare/v0.38.0...v0.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/ESousa97/gochangelog-gen/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ESousa97%2Fgochangelog-gen/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4241008389","node_id":"PR_kwDOQq4YHM7RiSUt","number":40,"state":"closed","title":"Bump the go_modules group across 3 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","issue/stale","go"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-31T00:14:46.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-10T18:23:58.000Z","updated_at":"2026-05-31T00:14:56.000Z","time_to_close":4341048,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":16,"packages":[{"name":"github.com/sirupsen/logrus","old_version":"1.8.1","new_version":"1.8.3","repository_url":"https://github.com/sirupsen/logrus"},{"name":"golang.org/x/crypto","old_version":"0.0.0-20220722155217-630584e8d5aa","new_version":"0.45.0","repository_url":"https://github.com/golang/crypto"},{"name":"github.com/containerd/containerd","old_version":"1.6.1","new_version":"1.7.29","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.2.3","new_version":"0.2.4","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/jackc/pgx/v4","old_version":"4.17.2","new_version":"4.18.2","repository_url":"https://github.com/jackc/pgx"},{"name":"helm.sh/helm/v3","old_version":"3.8.2","new_version":"3.20.2","repository_url":"https://github.com/helm/helm"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the /install/docker-extension directory: [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus).\nBumps the go_modules group with 6 updates in the /scripts/component_generation directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) | `1.8.1` | `1.8.3` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.0.0-20220722155217-630584e8d5aa` | `0.45.0` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.6.1` | `1.7.29` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.2.3` | `0.2.4` |\n| [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) | `4.17.2` | `4.18.2` |\n| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.8.2` | `3.20.2` |\n\nBumps the go_modules group with 3 updates in the /scripts/component_updation directory: [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus), [golang.org/x/crypto](https://github.com/golang/crypto) and [github.com/jackc/pgx/v4](https://github.com/jackc/pgx).\n\nUpdates `github.com/sirupsen/logrus` from 1.8.1 to 1.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd instructions to use different log levels for local and syslog by \u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by \u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse text when shows the logrus output by \u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCI: use GitHub Actions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1239\"\u003esirupsen/logrus#1239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: github.com/stretchr/testify v1.7.0 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1246\"\u003esirupsen/logrus#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange godoc badge to pkg.go.dev badge by \u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the logger private buffer pool. by \u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump golang.org/x/sys depency version by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1280\"\u003esirupsen/logrus#1280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eindicates issues as stale automatically by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1281\"\u003esirupsen/logrus#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add go 1.17 to test matrix by \u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ereduce the list of cross build target by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1282\"\u003esirupsen/logrus#1282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove Log methods documentation by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1283\"\u003esirupsen/logrus#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix race condition for SetFormatter and SetReportCaller by \u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version of golang.org/x/sys dependency by \u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate gopkg.in/yaml.v3 to v3.0.1 by \u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate dependencies by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1343\"\u003esirupsen/logrus#1343\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix data race in hooks.test package by \u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md\"\u003egithub.com/sirupsen/logrus's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.8.3\u003c/h1\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential denial of service in logrus.Writer() when logging \u0026gt;64KB single-line payloads without newlines (\u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.8.2\u003c/h1\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for the logger private buffer pool (\u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1253\"\u003e#1253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix race condition for SetFormatter and SetReportCaller\u003c/li\u003e\n\u003cli\u003eFix data race in hooks test package\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b30aa27cf4df89e9b96c68c063486c3162f71aef\"\u003e\u003ccode\u003eb30aa27\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1339\"\u003e#1339\u003c/a\u003e from xieyuschen/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7\"\u003e\u003ccode\u003e6acd903\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e from ozfive/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/105e63f86c7de9d7aab379fdd6721a3476009eaf\"\u003e\u003ccode\u003e105e63f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1\"\u003e#1\u003c/a\u003e from ashmckenzie/ashmckenzie/fix-writer-scanner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/c052ba6a076b368de89029949f68b3b8ccd8e058\"\u003e\u003ccode\u003ec052ba6\u003c/code\u003e\u003c/a\u003e Scan text in 64KB chunks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/e59b167d75f32c4d0db65a2dc6d5f0c4dd548653\"\u003e\u003ccode\u003ee59b167\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1372\"\u003e#1372\u003c/a\u003e from tommyblue/syslog_different_loglevels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/766cfece3701d0b1737681ffb5e6e40b628b664d\"\u003e\u003ccode\u003e766cfec\u003c/code\u003e\u003c/a\u003e This commit fixes a potential denial of service vulnerability in logrus.Write...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/70234da9c319016474284324265b694b2471c903\"\u003e\u003ccode\u003e70234da\u003c/code\u003e\u003c/a\u003e Add instructions to use different log levels for local and syslog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/a448f8228b920021d792e0767626068db5f0e38d\"\u003e\u003ccode\u003ea448f82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1362\"\u003e#1362\u003c/a\u003e from FrancoisWagner/fix-data-race-in-hooks-test-pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/ff07b25fdf830fffcf67b64674799b11941542ac\"\u003e\u003ccode\u003eff07b25\u003c/code\u003e\u003c/a\u003e Fix data race in hooks.test package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/f8bf7650dccb756cea26edaf9217aab85500fe07\"\u003e\u003ccode\u003ef8bf765\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1343\"\u003e#1343\u003c/a\u003e from sirupsen/dbd-upd-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.0.0-20211103235746-7861aae1554b to 0.10.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/commits/v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sirupsen/logrus` from 1.8.1 to 1.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd instructions to use different log levels for local and syslog by \u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by \u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse text when shows the logrus output by \u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCI: use GitHub Actions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1239\"\u003esirupsen/logrus#1239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: github.com/stretchr/testify v1.7.0 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1246\"\u003esirupsen/logrus#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange godoc badge to pkg.go.dev badge by \u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the logger private buffer pool. by \u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump golang.org/x/sys depency version by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1280\"\u003esirupsen/logrus#1280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eindicates issues as stale automatically by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1281\"\u003esirupsen/logrus#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add go 1.17 to test matrix by \u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ereduce the list of cross build target by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1282\"\u003esirupsen/logrus#1282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove Log methods documentation by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1283\"\u003esirupsen/logrus#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix race condition for SetFormatter and SetReportCaller by \u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version of golang.org/x/sys dependency by \u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate gopkg.in/yaml.v3 to v3.0.1 by \u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate dependencies by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1343\"\u003esirupsen/logrus#1343\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix data race in hooks.test package by \u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md\"\u003egithub.com/sirupsen/logrus's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.8.3\u003c/h1\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential denial of service in logrus.Writer() when logging \u0026gt;64KB single-line payloads without newlines (\u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.8.2\u003c/h1\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for the logger private buffer pool (\u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1253\"\u003e#1253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix race condition for SetFormatter and SetReportCaller\u003c/li\u003e\n\u003cli\u003eFix data race in hooks test package\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b30aa27cf4df89e9b96c68c063486c3162f71aef\"\u003e\u003ccode\u003eb30aa27\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1339\"\u003e#1339\u003c/a\u003e from xieyuschen/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7\"\u003e\u003ccode\u003e6acd903\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e from ozfive/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/105e63f86c7de9d7aab379fdd6721a3476009eaf\"\u003e\u003ccode\u003e105e63f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1\"\u003e#1\u003c/a\u003e from ashmckenzie/ashmckenzie/fix-writer-scanner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/c052ba6a076b368de89029949f68b3b8ccd8e058\"\u003e\u003ccode\u003ec052ba6\u003c/code\u003e\u003c/a\u003e Scan text in 64KB chunks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/e59b167d75f32c4d0db65a2dc6d5f0c4dd548653\"\u003e\u003ccode\u003ee59b167\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1372\"\u003e#1372\u003c/a\u003e from tommyblue/syslog_different_loglevels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/766cfece3701d0b1737681ffb5e6e40b628b664d\"\u003e\u003ccode\u003e766cfec\u003c/code\u003e\u003c/a\u003e This commit fixes a potential denial of service vulnerability in logrus.Write...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/70234da9c319016474284324265b694b2471c903\"\u003e\u003ccode\u003e70234da\u003c/code\u003e\u003c/a\u003e Add instructions to use different log levels for local and syslog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/a448f8228b920021d792e0767626068db5f0e38d\"\u003e\u003ccode\u003ea448f82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1362\"\u003e#1362\u003c/a\u003e from FrancoisWagner/fix-data-race-in-hooks-test-pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/ff07b25fdf830fffcf67b64674799b11941542ac\"\u003e\u003ccode\u003eff07b25\u003c/code\u003e\u003c/a\u003e Fix data race in hooks.test package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/f8bf7650dccb756cea26edaf9217aab85500fe07\"\u003e\u003ccode\u003ef8bf765\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1343\"\u003e#1343\u003c/a\u003e from sirupsen/dbd-upd-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20220722155217-630584e8d5aa to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20220412020605-290c469a71a5 to 0.47.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.31.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e7ff6b3572e1a83c072ef150c985f86603986e1b\"\u003e\u003ccode\u003ee7ff6b3\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fbf012b8c1140cde0210e241356553d0000332e8\"\u003e\u003ccode\u003efbf012b\u003c/code\u003e\u003c/a\u003e all: use reflect.TypeFor instead of reflect.TypeOf\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/c6abd0305e90ada9293824462268d0ec20d02e5e\"\u003e\u003ccode\u003ec6abd03\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/42f038dad6d204bacd83c23ca0f312d8866039ce\"\u003e\u003ccode\u003e42f038d\u003c/code\u003e\u003c/a\u003e x/text: fix nil dereference in gotext extract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/a42f0e2da638996f313ef6dbbe3a4435533fbd97\"\u003e\u003ccode\u003ea42f0e2\u003c/code\u003e\u003c/a\u003e all: use built-in max/min to simplify the code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e69f31bf9cf2f46bd3325bc9bad37fe9001731c2\"\u003e\u003ccode\u003ee69f31b\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/60c9786d9e6cc83e1900ce976fdba2e1c327d220\"\u003e\u003ccode\u003e60c9786\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.24.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/425d715b4a85c7698cedf621412bb53794cbda53\"\u003e\u003ccode\u003e425d715\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/b6d26456dd3ff554a56f10b1e388db0f8ca862d1\"\u003e\u003ccode\u003eb6d2645\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/80721808805f9d846d907c85d73ca6b5b6ecb870\"\u003e\u003ccode\u003e8072180\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.31.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.6.1 to 1.7.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.29\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.29 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe twenty-ninth patch release for containerd 1.7 contains various fixes\nand updates including security patches.\u003c/p\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w\"\u003e\u003cstrong\u003eGHSA-pwhc-rpq9-4c8w\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2\"\u003e\u003cstrong\u003eGHSA-m6hq-p25p-ffr2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003erunc\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\"\u003e\u003cstrong\u003eGHSA-qw9x-cqr3-wc7r\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003e\u003cstrong\u003eGHSA-cgrx-mc8f-2prm\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\"\u003e\u003cstrong\u003eGHSA-9493-h29p-rfm2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate differ to handle zstd media types\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12018\"\u003e#12018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.3\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFix lost container logs from quickly closing io\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12375\"\u003e#12375\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003cli\u003eningmingxiao\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eStepSecurity Bot\u003c/li\u003e\n\u003cli\u003ewheat2018\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34bd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0450f046e6942e513d0ebf1ef5c2aff13daa187f\"\u003e\u003ccode\u003e0450f046e\u003c/code\u003e\u003c/a\u003e Fix directory permissions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6ddb7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6dd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9772966401ad3c33a6cd824632f0c61e5049f3a5\"\u003e\u003ccode\u003e9772966\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12486\"\u003e#12486\u003c/a\u003e from dmcgowan/prepare-v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1fc2daaf3ed53f4c9e76fbc5786a6f1ae3bb885f\"\u003e\u003ccode\u003e1fc2daa\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/93f710a528958474f95a95e54516624ef832d80f\"\u003e\u003ccode\u003e93f710a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12480\"\u003e#12480\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-12475-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/68d04befab3284f1dfe2a9f5691ea5da76daace7\"\u003e\u003ccode\u003e68d04be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12471\"\u003e#12471\u003c/a\u003e from austinvazquez/1_7_update_ci_go_and_images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3f5f9f872707a743563d316e85e530193a2e30ac\"\u003e\u003ccode\u003e3f5f9f8\u003c/code\u003e\u003c/a\u003e runc: Update runc binary to v1.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/667409fb63098cb80280940ab06038114e7712da\"\u003e\u003ccode\u003e667409f\u003c/code\u003e\u003c/a\u003e ci: bump Go 1.24.9, 1.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/294f8c027b607c4450b3e52f44280581a737a73f\"\u003e\u003ccode\u003e294f8c0\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest images for basic binaries build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf66b4141defb757dee0fc5653bfd0a7ba1e8fed\"\u003e\u003ccode\u003ecf66b41\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest image for most jobs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.6.1...v1.7.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.2.3 to 0.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.4\u003c/h2\u003e\n\u003cp\u003eThis release fixes a potential security issue in filepath-securejoin\nwhen used on Windows (GHSA-6xv5-86q9-7xr8, which could be used to\ngenerate paths outside of the provided rootfs in certain cases), as well\nas improving the overall behaviour of filepath-securejoin when dealing\nwith Windows paths that contain volume names. Thanks to Paulo Gomes for\ndiscovering and fixing these issues.\u003c/p\u003e\n\u003cp\u003eIn addition, we've switched (at long last) to GitHub Actions and have\ncontinuous integration testing on Linux, MacOS, and Windows.\u003c/p\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePaulo Gomes \u003ca href=\"mailto:pjbgf@linux.com\"\u003epjbgf@linux.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Aleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.2.4] - 2023-09-06\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThis release fixes a potential security issue in filepath-securejoin when\nused on Windows (\u003ca href=\"https://github.com/advisories/GHSA-6xv5-86q9-7xr8\"\u003eGHSA-6xv5-86q9-7xr8\u003c/a\u003e, which could be used to generate\npaths outside of the provided rootfs in certain cases), as well as improving\nthe overall behaviour of filepath-securejoin when dealing with Windows paths\nthat contain volume names. Thanks to Paulo Gomes for discovering and fixing\nthese issues.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to GitHub Actions for CI so we can test on Windows as well as Linux\nand MacOS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/2710d06c5b4ba3168beffa0689798d2db12e8ac4\"\u003e\u003ccode\u003e2710d06\u003c/code\u003e\u003c/a\u003e VERSION: release v0.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/68943415e950190ee33bddfa205e42186da87802\"\u003e\u003ccode\u003e6894341\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/9\"\u003e#9\u003c/a\u003e into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c121231e1276e11049547bee5ce68d5a2cfe2d9b\"\u003e\u003ccode\u003ec121231\u003c/code\u003e\u003c/a\u003e Fix support for Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/05b64230154f962d518a3a44fcfd7b9b63bab031\"\u003e\u003ccode\u003e05b6423\u003c/code\u003e\u003c/a\u003e ci: switch to GHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/64536a8a66ae59588c981e2199f1dcf410508e07\"\u003e\u003ccode\u003e64536a8\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/cli` from 20.10.11+incompatible to 23.0.3+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/3e7cbfdee1eb5be2ac23ed3668c654362dcd29b5\"\u003e\u003ccode\u003e3e7cbfd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/4139\"\u003e#4139\u003c/a\u003e from thaJeztah/23.0_backport_fix_go_version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/8e38271f238954ad9e61588f71356047e7df3181\"\u003e\u003ccode\u003e8e38271\u003c/code\u003e\u003c/a\u003e gha: align stray go 1.19.4 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/569dd73db13099a7c3104d73aa15117b359045bc\"\u003e\u003ccode\u003e569dd73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/4126\"\u003e#4126\u003c/a\u003e from thaJeztah/23.0_backport_align_go_ver\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/f6643207a24c264049aebe5fa5bdf9b987e04cb1\"\u003e\u003ccode\u003ef664320\u003c/code\u003e\u003c/a\u003e don't use null values in the bake definition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/f381e08425dcc232e9e548d3ff2df243e3324565\"\u003e\u003ccode\u003ef381e08\u003c/code\u003e\u003c/a\u003e Dockerfile: align go version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/18f20a553780d9511ec81792f5a820cbc4b54d37\"\u003e\u003ccode\u003e18f20a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/4124\"\u003e#4124\u003c/a\u003e from thaJeztah/23.0_e2e_fix_certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/d3a36fc38cbb58148065bb6b3534af86c974f948\"\u003e\u003ccode\u003ed3a36fc\u003c/code\u003e\u003c/a\u003e e2e: update notary certificates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/59bb07f2e4abc7aa9816b46f307607084af49150\"\u003e\u003ccode\u003e59bb07f\u003c/code\u003e\u003c/a\u003e e2e: increase tests certificates duration (10 years)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/80f27987f4896582f5eb54587961e3205e7662ce\"\u003e\u003ccode\u003e80f2798\u003c/code\u003e\u003c/a\u003e bake target to generate certs for e2e tets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/6a8406e60243db64a3212a418ad3e23627ed3b9f\"\u003e\u003ccode\u003e6a8406e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/4092\"\u003e#4092\u003c/a\u003e from crazy-max/23.0_backport_buildx-completion\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/cli/compare/v20.10.11...v23.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.1+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003cp\u003eThere have been no changes made in the released binaries other than the bump of the Go runtime.\u003c/p\u003e\n\u003cp\u003eSee the changelog below for a full list of changes.\u003c/p\u003e\n\u003ch3\u003eCI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eci: use proper git ref for versioning \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGo: make Go version explicit and pin it to the latest 1.16 release \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3604\"\u003e#3604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eMilos Gajdos\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/96cc1fdb3cab99df352d6cea3d87e104f0ad8520\"\u003e\u003ccode\u003e96cc1fdb\u003c/code\u003e\u003c/a\u003e FIx typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e744906f090d3fd828984253a3dda07db307e7ca\"\u003e\u003ccode\u003ee744906f\u003c/code\u003e\u003c/a\u003e Update 2.8.1. release notes\u003c/li\u003e\n\u003cli\u003ePrepare for v2.8.1 release (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3596\"\u003e#3596\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/6736d1881aefeea97d0ed7330721821c7cae37a8\"\u003e\u003ccode\u003e6736d188\u003c/code\u003e\u003c/a\u003e Prepare for v2.8.1 release\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[2.8 backport] ci: use proper git ref for versioning (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/80acbdf0a2e282750c608e452ce4ceb5dfe0b5b6\"\u003e\u003ccode\u003e80acbdf0\u003c/code\u003e\u003c/a\u003e ci: use proper git ref for versioning\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003eThe previous release can be found at \u003ca href=\"https://github.com/distribution/distribution/releases/tag/v2.8.0\"\u003ev2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.0\u003c/h2\u003e\n\u003cp\u003eregistry 2.8.0\u003c/p\u003e\n\u003cp\u003eWelcome to the v2.8.0 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.0 registry release has been a long time overdue.\nThis is the first step towards the last 2.x release.\nNo further active development will continue on 2.x branch.\nSecurity vulnerability patches to 2.x might be considered, but\nall active development will be focussed on v3 release due in 2022.\nThis release includes a security vulnerability fix along\nwith a few minor bug fixes and improvemnts in documentation and CI.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/b5ca020cfbe998e5af3457fda087444cf5116496\"\u003e\u003ccode\u003eb5ca020\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3605\"\u003e#3605\u003c/a\u003e from milosgajdos/update-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1b5f094086fcc2306be9bc75ad59b2ccd4b174e6\"\u003e\u003ccode\u003e1b5f094\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3604\"\u003e#3604\u003c/a\u003e from crazy-max/2.8-go-1.16.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/96cc1fdb3cab99df352d6cea3d87e104f0ad8520\"\u003e\u003ccode\u003e96cc1fd\u003c/code\u003e\u003c/a\u003e FIx typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e744906f090d3fd828984253a3dda07db307e7ca\"\u003e\u003ccode\u003ee744906\u003c/code\u003e\u003c/a\u003e Update 2.8.1. release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3df9fce2beb5ee01e2174c0dbb9294c191bfd0a8\"\u003e\u003ccode\u003e3df9fce\u003c/code\u003e\u003c/a\u003e go 1.16.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/9a0196b801ba8b9eb4ae5ad388c8f95de719fcdf\"\u003e\u003ccode\u003e9a0196b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3596\"\u003e#3596\u003c/a\u003e from milosgajdos/fix-go-mod-v2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/6736d1881aefeea97d0ed7330721821c7cae37a8\"\u003e\u003ccode\u003e6736d18\u003c/code\u003e\u003c/a\u003e Prepare for v2.8.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e4a447d0d75f3370dce98690f5f2bb0bb4cb669f\"\u003e\u003ccode\u003ee4a447d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3595\"\u003e#3595\u003c/a\u003e from crazy-max/2.8-ci-gitref\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/80acbdf0a2e282750c608e452ce4ceb5dfe0b5b6\"\u003e\u003ccode\u003e80acbdf\u003c/code\u003e\u003c/a\u003e ci: use proper git ref for versioning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/dcf66392d606f50bf3a9286dcb4bdcdfb7c0e83a\"\u003e\u003ccode\u003edcf6639\u003c/code\u003e\u003c/a\u003e Update README so the release pipeline works properly.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.12+incompatible to 23.0.3+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/59118bff500fc0d95d0560a9788735a8d89568ce\"\u003e\u003ccode\u003e59118bf\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-232p-vwff-86mp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/219f21bf07502b447095649b5a2764661737f164\"\u003e\u003ccode\u003e219f21b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/45196\"\u003e#45196\u003c/a\u003e from vvoland/integration-restart-race-23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b87f7f18b82fbb647b5142c6e5459a88a7652d02\"\u003e\u003ccode\u003eb87f7f1\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: insert the input-drop rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c6bf3071fee48b79c2d48faf8855b8afe0a1e951\"\u003e\u003ccode\u003ec6bf307\u003c/code\u003e\u003c/a\u003e StartWithLogFile: Fix d.cmd race\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/7f49ca259bfea1c08bb3019d0db3aa894ff157a6\"\u003e\u003ccode\u003e7f49ca2\u003c/code\u003e\u003c/a\u003e TestDaemonRestartKillContainers: Fix loop capture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/98cbcb8003b7cf8da35fb5d05f5babbe142ab7c8\"\u003e\u003ccode\u003e98cbcb8\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: add BPF-powered VNI matcher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/5c5fac237425c4bf79d2f048c1850f855f0182aa\"\u003e\u003ccode\u003e5c5fac2\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: extract VNI match rule builder\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c492a22287557860831a7c4f523b8e53692bb822\"\u003e\u003ccode\u003ec492a22\u003c/code\u003e\u003c/a\u003e libn/d/overlay: enforce encryption on sandbox init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/018edb02849100de701d6ab6fb932ffb68843e4b\"\u003e\u003ccode\u003e018edb0\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: document some encryption code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/a1fd2f22f6ee07ab5bf241e7b33c75e395bfa9e5\"\u003e\u003ccode\u003ea1fd2f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/45157\"\u003e#45157\u003c/a\u003e from thaJeztah/23.0_backport_update_shfmt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.12...v23.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v4` from 4.17.2 to 4.18.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.18.2 (March 4, 2024)\u003c/h1\u003e\n\u003cp\u003eFix CVE-2024-27289\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when all of the following conditions are met:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA placeholder for a numeric value must be immediately preceded by a minus.\u003c/li\u003e\n\u003cli\u003eThere must be a second placeholder for a string value after the first placeholder; both must be on the same line.\u003c/li\u003e\n\u003cli\u003eBoth parameter values must be user-controlled.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cp\u003eFix CVE-2024-27304\u003c/p\u003e\n\u003cp\u003eSQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer\noverflow in the calculated message size can cause the one large message to be sent as multiple messages under the\nattacker's control.\u003c/p\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.1 (February 27, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.0 (February 11, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade pgconn to v1.14.0\u003c/li\u003e\n\u003cli\u003eUpgrade pgproto3 to v2.3.2\u003c/li\u003e\n\u003cli\u003eUpgrade pgtype to v1.14.0\u003c/li\u003e\n\u003cli\u003eFix query sanitizer when query text contains Unicode replacement character\u003c/li\u003e\n\u003cli\u003eFix context with value in BeforeConnect (David Harju)\u003c/li\u003e\n\u003cli\u003eSupport pgx v4 and v5 stdlib in same program (Vitalii Solodilov)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/14690df4c533758df97f7cc561cb9062155045c6\"\u003e\u003ccode\u003e14690df\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/779548e1f725060db4f4fc528325d7304aa34f93\"\u003e\u003ccode\u003e779548e\u003c/code\u003e\u003c/a\u003e Update required Go version to 1.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/80e96622d64b9c4dcc7d78a2200c8eade1713118\"\u003e\u003ccode\u003e80e9662\u003c/code\u003e\u003c/a\u003e Update github.com/jackc/pgconn to v1.14.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0bf9ac391c87b05d3c44cf0bbc43b9556761bc64\"\u003e\u003ccode\u003e0bf9ac3\u003c/code\u003e\u003c/a\u003e Fix erroneous test case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df\"\u003e\u003ccode\u003ef94eb0e\u003c/code\u003e\u003c/a\u003e Always wrap arguments in parentheses in the SQL sanitizer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c\"\u003e\u003ccode\u003e826a892\u003c/code\u003e\u003c/a\u003e Fix SQL injection via line comment creation in simple protocol\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7d882f9aa7b33f88fcf9da6b795685c5821950fd\"\u003e\u003ccode\u003e7d882f9\u003c/code\u003e\u003c/a\u003e Fix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1d07b8b939810f2417b6c2010acac08d64be6e7d\"\u003e\u003ccode\u003e1d07b8b\u003c/code\u003e\u003c/a\u003e go mod tidy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/13468eb321a0bacbb0cbdfddb1ea1d62e68e0652\"\u003e\u003ccode\u003e13468eb\u003c/code\u003e\u003c/a\u003e Release v4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7fed69b9540b7725f38abae5759a0cc98c541048\"\u003e\u003ccode\u003e7fed69b\u003c/code\u003e\u003c/a\u003e simplify duplicate \u003ccode\u003epgx\u003c/code\u003e registration guard\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v4.17.2...v4.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus/client_golang` from 1.11.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/releases\"\u003egithub.com/prometheus/client_golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1252\"\u003e#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] api: Fix undefined execution order in return statements. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1260\"\u003e#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] native histograms: Fix bug in bucket key calculation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Reduce constrainLabels allocations for all metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promhttp: Add process start time header for scrape efficiency. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1278\"\u003e#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promlint: Improve metricUnits runtime. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eMerge v1.15 to main by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1250\"\u003eprometheus/client_golang#1250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to POST for LabelNames, Series, and QueryExemplars to DoGetFallback by \u003ca href=\"https://github.com/jacksontj\"\u003e\u003ccode\u003e@​jacksontj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1252\"\u003eprometheus/client_golang#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✏️ [collectors]: fix typo in test assertion by \u003ca href=\"https://github.com/vegerot\"\u003e\u003ccode\u003e@​vegerot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1153\"\u003eprometheus/client_golang#1153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded interactive tutorial [kubeCon] by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1255\"\u003eprometheus/client_golang#1255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed tutorial. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1256\"\u003eprometheus/client_golang#1256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/sys from 0.6.0 to 0.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1265\"\u003eprometheus/client_golang#1265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup proto use in tests by \u003ca href=\"https://github.com/SuperQ\"\u003e\u003ccode\u003e@​SuperQ\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1264\"\u003eprometheus/client_golang#1264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tutorial on WSL-based systems by \u003ca href=\"https://github.com/marevers\"\u003e\u003ccode\u003e@​marevers\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1257\"\u003eprometheus/client_golang#1257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix undefined execution order in return statements by \u003ca href=\"https://github.com/PiotrLewandowski323\"\u003e\u003ccode\u003e@​PiotrLewandowski323\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1260\"\u003eprometheus/client_golang#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge release 1.15.1 to main by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1267\"\u003eprometheus/client_golang#1267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGitHub Workflows security hardening by \u003ca href=\"https://github.com/sashashura\"\u003e\u003ccode\u003e@​sashashura\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1180\"\u003eprometheus/client_golang#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd process start time header to client_golang prometheus by \u003ca href=\"https://github.com/logicalhan\"\u003e\u003ccode\u003e@​logicalhan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1278\"\u003eprometheus/client_golang#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix bug in bucket key calculation by \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1279\"\u003eprometheus/client_golang#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/prometheus/procfs from 0.9.0 to 0.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1283\"\u003eprometheus/client_golang#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce constrainLabels allocations by \u003ca href=\"https://github.com/khasanovbi\"\u003e\u003ccode\u003e@​khasanovbi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1272\"\u003eprometheus/client_golang#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadded circleci as gh action YAML by \u003ca href=\"https://github.com/krishnaduttPanchagnula\"\u003e\u003ccode\u003e@​krishnaduttPanchagnula\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1281\"\u003eprometheus/client_golang#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove metricUnits runtime by \u003ca href=\"https://github.com/avlitman\"\u003e\u003ccode\u003e@​avlitman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1286\"\u003eprometheus/client_golang#1286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMoving fully to GH actions. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1288\"\u003eprometheus/client_golang#1288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix docstring references to renamed native histogram fields / functions. by \u003ca href=\"https://github.com/juliusv\"\u003e\u003ccode\u003e@​juliusv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1290\"\u003eprometheus/client_golang#1290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed README \u0026amp; CHANGELOG; Added fmt makefile command (+bingo) for easier contributions. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1289\"\u003eprometheus/client_golang#1289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vegerot\"\u003e\u003ccode\u003e@​vegerot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1153\"\u003eprometheus/client_golang#1153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marevers\"\u003e\u003ccode\u003e@​marevers\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1257\"\u003eprometheus/client_golang#1257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PiotrLewandowski323\"\u003e\u003ccode\u003e@​PiotrLewandowski323\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1260\"\u003eprometheus/client_golang#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sashashura\"\u003e\u003ccode\u003e@​sashashura\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1180\"\u003eprometheus/client_golang#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/logicalhan\"\u003e\u003ccode\u003e@​logicalhan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1278\"\u003eprometheus/client_golang#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/khasanovbi\"\u003e\u003ccode\u003e@​khasanovbi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1272\"\u003eprometheus/client_golang#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/krishnaduttPanchagnula\"\u003e\u003ccode\u003e@​krishnaduttPanchagnula\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1281\"\u003eprometheus/client_golang#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avlitman\"\u003e\u003ccode\u003e@​avlitman\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1286\"\u003eprometheus/client_golang#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus/client_golang's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.16.0 / 2023-06-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1252\"\u003e#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] api: Fix undefined execution order in return statements. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1260\"\u003e#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] native histograms: Fix bug in bucket key calculation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Reduce constrainLabels allocations for all metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promhttp: Add process start time header for scrape efficiency. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1278\"\u003e#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promlint: Improve metricUnits runtime. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.1 / 2023-05-3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fixed promhttp.Instrument* handlers wrongly trying to attach exemplar to unsupported metrics (e.g. summary), \u003cbr /\u003e\ncausing panics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.0 / 2023-04-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fix issue with atomic variables on ppc64le. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1171\"\u003e#1171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Support for multiple samples within same metric. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1181\"\u003e#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Bump golang.org/x/text to v0.3.8 to mitigate CVE-2022-32149. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1187\"\u003e#1187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add exemplars and middleware examples. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1173\"\u003e#1173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add more context to \u0026quot;duplicate label names\u0026quot; error to enable debugging. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1177\"\u003e#1177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add constrained labels and constrained variant for all MetricVecs. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1151\"\u003e#1151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Moved away from deprecated github.com/golang/protobuf package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1183\"\u003e#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add possibility to dynamically get label values for http instrumentation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1066\"\u003e#1066\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add ability to Pusher to add custom headers. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1218\"\u003e#1218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] api: Extend and improve efficiency of json-iterator usage. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1225\"\u003e#1225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added (official) support for go 1.20. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1234\"\u003e#1234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] timer: Added support for exemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1233\"\u003e#1233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Filter expected metrics as well in CollectAndCompare. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1143\"\u003e#1143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] :warning: Only set start/end if time is not Zero. This breaks compatibility in experimental api package. If you strictly depend on empty time.Time as actual value, the behavior is now changed. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1238\"\u003e#1238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.14.0 / 2022-11-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[FEATURE] Add Support for Native Histograms. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1150\"\u003e#1150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Extend \u003ccode\u003eprometheus.Registry\u003c/code\u003e to implement \u003ccode\u003eprometheus.Collector\u003c/code\u003e interface. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1103\"\u003e#1103\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.1 / 2022-11-01\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fix race condition with Exemplar in Counter. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1146\"\u003e#1146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Fix \u003ccode\u003eCumulativeCount\u003c/code\u003e value of \u003ccode\u003e+Inf\u003c/code\u003e bucket created from exemplar. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1148\"\u003e#1148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Fix double-counting bug in \u003ccode\u003epromhttp.InstrumentRoundTripperCounter\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1118\"\u003e#1118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.0 / 2022-08-05\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added \u003ccode\u003eprometheus.TransactionalGatherer\u003c/code\u003e interface for \u003ccode\u003epromhttp.Handler\u003c/code\u003e use which allows using low allocation update techniques for custom collectors. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/989\"\u003e#989\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added exemplar support to \u003ccode\u003eprometheus.NewConstHistogram\u003c/code\u003e. See \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/prometheus/examples_test.go#L602\"\u003e\u003ccode\u003eExampleNewConstHistogram_WithExemplar\u003c/code\u003e\u003c/a\u003e example on how to use it. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/986\"\u003e#986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003eprometheus/push.Pusher\u003c/code\u003e has now context aware methods that pass context to HTTP request. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1028\"\u003e#1028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003eprometheus/push.Pusher\u003c/code\u003e has now \u003ccode\u003eError\u003c/code\u003e method that retrieve last error. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1075\"\u003e#1075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003etestutil.GatherAndCompare\u003c/code\u003e provides now readable diff on failed comparisons. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/998\"\u003e#998\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/3583c1e1d085b75cab406c78b015562d45552b39\"\u003e\u003ccode\u003e3583c1e\u003c/code\u003e\u003c/a\u003e Cut v1.16.0 (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1292\"\u003e#1292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/2feda42e447efac5bfe39bb226d7025af73c0947\"\u003e\u003ccode\u003e2feda42\u003c/code\u003e\u003c/a\u003e Fixed README \u0026amp; CHANGELOG; Added fmt makefile command (+bingo) for easier cont...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/5b9cf9c6a891de0e7b5ec26d9f4326570a658d17\"\u003e\u003ccode\u003e5b9cf9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1290\"\u003e#1290\u003c/a\u003e from prometheus/fix-nh-docstring-refs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/1b19d5f4589629067111815d0734a1ccbc245268\"\u003e\u003ccode\u003e1b19d5f\u003c/code\u003e\u003c/a\u003e Fix docstring references to renamed native histogram fields / functions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/7352ab7f805ab3bf4d2144f3e8cac92d5caec263\"\u003e\u003ccode\u003e7352ab7\u003c/code\u003e\u003c/a\u003e Moving fully to GH actions. (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1288\"\u003e#1288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/e4ff34d23eacb385c1a9d3d67c4d06aed042ebec\"\u003e\u003ccode\u003ee4ff34d\u003c/code\u003e\u003c/a\u003e Improve metricUnits runtime (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/781ea2802473fd7aff2a92cb16244be57472a085\"\u003e\u003ccode\u003e781ea28\u003c/code\u003e\u003c/a\u003e added circleci as gh action YAML (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1281\"\u003e#1281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/a09a1d34cbc74daa8ed70234b99467a30b020a40\"\u003e\u003ccode\u003ea09a1d3\u003c/code\u003e\u003c/a\u003e Reduce constrainLabels allocations (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/8840afcfc2c3ff3d40357552dbc1d9d43c4bae67\"\u003e\u003ccode\u003e8840afc\u003c/code\u003e\u003c/a\u003e Bump github.com/prometheus/procfs from 0.9.0 to 0.10.1 (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/5e78d5f66b851fef874b783814b2e884df2798d0\"\u003e\u003ccode\u003e5e78d5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e from prometheus/beorn7/histogram\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.0.0-20220411215720-9780585627b5 to 0.30.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/commits/v0.30.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.46.0 to 1.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.59.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer: grpc will switch to case-sensitive balancer names soon; log a warning if a capital letter is encountered in an LB policy name (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6647\"\u003e#6647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eserver: allow applications to send arbitrary data in the \u003ccode\u003egrpc-status-details-bin\u003c/code\u003e trailer (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: validate \u003ccode\u003egrpc-status-details-bin\u003c/code\u003e trailer and pass through the trailer to the application directly (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003etap (experimental): Add Header metadata to tap handler (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6652\"\u003e#6652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/pstibrany\"\u003e\u003ccode\u003e@​pstibrany\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003egrpc: channel idleness enabled by default with an \u003ccode\u003eidle_timeout\u003c/code\u003e of \u003ccode\u003e30m\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6585\"\u003e#6585\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDocumentation\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexamples: add an example of flow control behavior (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6648\"\u003e#6648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: fix hash policy header to skip \u0026quot;-bin\u0026quot; headers and read content-type header as expected (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6609\"\u003e#6609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eserver: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)\u003c/p\u003e\n\u003cp\u003eIn addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebalancer/weighted_round_robin: fix ticker leak on update\u003c/p\u003e\n\u003cp\u003eA new ticker is created every time there is an update of addresses or configuration, but was not properly stopped.  This change stops the ticker when it is no longer needed.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: fix a bug that was decrementing active RPC count too early for streaming RPCs; leading to channel moving to IDLE even though it had open streams\u003c/li\u003e\n\u003cli\u003egrpc: fix a bug where transports were not being closed upon channel entering IDLE\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cp\u003eSee \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6472\"\u003e#6472\u003c/a\u003e for details about these changes.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer: add \u003ccode\u003eStateListener\u003c/code\u003e to \u003ccode\u003eNewSubConnOptions\u003c/code\u003e for \u003ccode\u003eSubConn\u003c/code\u003e state updates and deprecate \u003ccode\u003eBalancer.Upda...\n\n_Description has been truncated_","html_url":"https://github.com/hardihardi/meshery/pull/40","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hardihardi%2Fmeshery/issues/40","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40/packages"},{"uuid":"3935505450","node_id":"PR_kwDOGZIwWs7DeGEQ","number":483,"state":"open","title":"chore(deps): Bump the production-dependencies group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T05:53:58.000Z","updated_at":"2026-02-13T05:54:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":3,"packages":[{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/sylabs/sif/v2","old_version":"2.22.0","new_version":"2.23.0","repository_url":"https://github.com/sylabs/sif"},{"name":"google.golang.org/grpc","old_version":"1.78.0","new_version":"1.79.0","repository_url":"https://github.com/grpc/grpc-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 3 updates in the / directory: [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin), [github.com/sylabs/sif/v2](https://github.com/sylabs/sif) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sylabs/sif/v2` from 2.22.0 to 2.23.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sylabs/sif/releases\"\u003egithub.com/sylabs/sif/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.23.0\u003c/h2\u003e\n\u003cp\u003eThis release drops support for Go 1.24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/430\"\u003esylabs/sif#430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/431\"\u003esylabs/sif#431\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/sebdah/goldie/v2 from 2.7.1 to 2.8.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/432\"\u003esylabs/sif#432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/434\"\u003esylabs/sif#434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/google/go-containerregistry from 0.20.6 to 0.20.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/435\"\u003esylabs/sif#435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/436\"\u003esylabs/sif#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump golangci-lint to v2.8 by \u003ca href=\"https://github.com/tri-adam\"\u003e\u003ccode\u003e@​tri-adam\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/440\"\u003esylabs/sif#440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump module to Go 1.25 by \u003ca href=\"https://github.com/tri-adam\"\u003e\u003ccode\u003e@​tri-adam\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/443\"\u003esylabs/sif#443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/sigstore/sigstore from 1.9.5 to 1.10.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/441\"\u003esylabs/sif#441\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sylabs/sif/compare/v2.22.0...v2.23.0\"\u003ehttps://github.com/sylabs/sif/compare/v2.22.0...v2.23.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/a9bf1a9ef9ea9be59d392b0508dc5ad45e3bb385\"\u003e\u003ccode\u003ea9bf1a9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sylabs/sif/issues/441\"\u003e#441\u003c/a\u003e from sylabs/dependabot/go_modules/github.com/sigstore...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/35bb6a15662869f9661950ae4f1b64efcf2df6ea\"\u003e\u003ccode\u003e35bb6a1\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/sigstore/sigstore from 1.9.5 to 1.10.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/e83475c058a880f689ba197bfe3c696906c9ad96\"\u003e\u003ccode\u003ee83475c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sylabs/sif/issues/443\"\u003e#443\u003c/a\u003e from tri-adam/go-1.26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/58a1f73f820f03fba5bc33120f11a9e451c694e4\"\u003e\u003ccode\u003e58a1f73\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003enode\u003c/code\u003e to latest LTS release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/365c0c836cbbb5b9caaf8ea9da5ce3a2a5db58f4\"\u003e\u003ccode\u003e365c0c8\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003egolangci-lint\u003c/code\u003e to v2.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/e3414ace011cde0d2107510d35b0111b30a5eb08\"\u003e\u003ccode\u003ee3414ac\u003c/code\u003e\u003c/a\u003e chore: bump module to Go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/45c672d238953a49a20040459a83990435f6fd8d\"\u003e\u003ccode\u003e45c672d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sylabs/sif/issues/440\"\u003e#440\u003c/a\u003e from tri-adam/golangci-lint-2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/dac0e143958aab917eda9b752d017ed3b901d85c\"\u003e\u003ccode\u003edac0e14\u003c/code\u003e\u003c/a\u003e chore: bump golangci-lint to v2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/5e80e73f08491c8403ee67f8a5fb7fbe000585d1\"\u003e\u003ccode\u003e5e80e73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sylabs/sif/issues/436\"\u003e#436\u003c/a\u003e from sylabs/dependabot/go_modules/main/github.com/spf...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/82250fc7e96f754556a51b80201aa09f445b3cc2\"\u003e\u003ccode\u003e82250fc\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sylabs/sif/compare/v2.22.0...v2.23.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.78.0 to 1.79.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Include status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0381eb650acdae8e423473e64eef07693fe36305\"\u003e\u003ccode\u003e0381eb6\u003c/code\u003e\u003c/a\u003e xds: Support \u003ccode\u003e:authority\u003c/code\u003e header rewriting for LOGICAL_DNS clusters (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8822\"\u003e#8822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/90f571db95a0ec223ec45187f7399a06ccdc10cf\"\u003e\u003ccode\u003e90f571d\u003c/code\u003e\u003c/a\u003e xds: remove references to ResolverState.Addresses (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/679565f9ae655079807f5ab10e07f41acd2af943\"\u003e\u003ccode\u003e679565f\u003c/code\u003e\u003c/a\u003e xds: remove \u003ccode\u003eHashKey\u003c/code\u003e field from \u003ccode\u003exdsresource.Endpoint\u003c/code\u003e struct (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8844\"\u003e#8844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/bb2073d1e5551b900763979e08e1c11a47a8f150\"\u003e\u003ccode\u003ebb2073d\u003c/code\u003e\u003c/a\u003e mem: Allow overriding the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/bd4444a0a2fdd66245f9e0f0d140aafb5b49044c\"\u003e\u003ccode\u003ebd4444a\u003c/code\u003e\u003c/a\u003e Fix flaky \u003ccode\u003eTestServer_RedundantUpdateSuppression\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8839\"\u003e#8839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/623b3f000b3625aa4a1413f90add1ea367db17c2\"\u003e\u003ccode\u003e623b3f0\u003c/code\u003e\u003c/a\u003e test: add regression test for RecvMsg() error shadowing \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7510\"\u003e#7510\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8820\"\u003e#8820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/58624572f3714825a9690a156123a2aaf4baf5bd\"\u003e\u003ccode\u003e5862457\u003c/code\u003e\u003c/a\u003e encoding: remove unused \u003ccode\u003eDecompressedSize\u003c/code\u003e API (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8830\"\u003e#8830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e15b86731782f816de8c802a56bdb29099ec23d3\"\u003e\u003ccode\u003ee15b867\u003c/code\u003e\u003c/a\u003e dns: set Endpoints in resolver updates (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8812\"\u003e#8812\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/95825a36da908c4ac792814ee79251de96f2fd1e\"\u003e\u003ccode\u003e95825a3\u003c/code\u003e\u003c/a\u003e cdsbalancer: Remove UpdateAddresses handling (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8811\"\u003e#8811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/483","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/483","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/483/packages"},{"uuid":"3924858456","node_id":"PR_kwDOGZIwWs7C6pjE","number":482,"state":"open","title":"chore(deps): Bump github.com/cyphar/filepath-securejoin from 0.5.1 to 0.6.1 in the production-dependencies group","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-11T05:53:54.000Z","updated_at":"2026-02-11T09:09:55.192Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"}],"path":"the production-dependencies group","ecosystem":"go"},"body":"Bumps the production-dependencies group with 1 update: [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin).\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cyphar/filepath-securejoin\u0026package-manager=go_modules\u0026previous-version=0.5.1\u0026new-version=0.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/482","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/482","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/482/packages"},{"uuid":"3918843844","node_id":"PR_kwDOQq4YHM7CnEGc","number":18,"state":"open","title":"Bump the go_modules group across 3 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","issue/stale","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-10T00:38:49.000Z","updated_at":"2026-03-22T01:27:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":16,"packages":[{"name":"github.com/jackc/pgproto3/v2","old_version":"2.3.1","new_version":"2.3.3","repository_url":"https://github.com/jackc/pgproto3"},{"name":"github.com/jackc/pgx/v4","old_version":"4.17.2","new_version":"4.18.2","repository_url":"https://github.com/jackc/pgx"},{"name":"github.com/sirupsen/logrus","old_version":"1.8.1","new_version":"1.8.3","repository_url":"https://github.com/sirupsen/logrus"},{"name":"github.com/containerd/containerd","old_version":"1.6.1","new_version":"1.7.29","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.2.3","new_version":"0.2.4","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"helm.sh/helm/v3","old_version":"3.8.2","new_version":"3.18.5","repository_url":"https://github.com/helm/helm"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the /scripts/component_updation directory: [github.com/jackc/pgproto3/v2](https://github.com/jackc/pgproto3), [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) and [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus).\nBumps the go_modules group with 6 updates in the /scripts/component_generation directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/jackc/pgproto3/v2](https://github.com/jackc/pgproto3) | `2.3.1` | `2.3.3` |\n| [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) | `4.17.2` | `4.18.2` |\n| [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) | `1.8.1` | `1.8.3` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.6.1` | `1.7.29` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.2.3` | `0.2.4` |\n| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.8.2` | `3.18.5` |\n\nBumps the go_modules group with 1 update in the /install/docker-extension directory: [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus).\n\nUpdates `github.com/jackc/pgproto3/v2` from 2.3.1 to 2.3.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007\"\u003e\u003ccode\u003e945c212\u003c/code\u003e\u003c/a\u003e Backport fixes from pgx v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/0c0f7b03fb4967dfff8de06d07a9fe20baf83449\"\u003e\u003ccode\u003e0c0f7b0\u003c/code\u003e\u003c/a\u003e Add pgx v5 note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/f59ff94cbed817a4c9f755696894e1f919756cfc\"\u003e\u003ccode\u003ef59ff94\u003c/code\u003e\u003c/a\u003e UnmarshalJSON: removing hex decode\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jackc/pgproto3/compare/v2.3.1...v2.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v4` from 4.17.2 to 4.18.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.18.2 (March 4, 2024)\u003c/h1\u003e\n\u003cp\u003eFix CVE-2024-27289\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when all of the following conditions are met:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA placeholder for a numeric value must be immediately preceded by a minus.\u003c/li\u003e\n\u003cli\u003eThere must be a second placeholder for a string value after the first placeholder; both must be on the same line.\u003c/li\u003e\n\u003cli\u003eBoth parameter values must be user-controlled.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cp\u003eFix CVE-2024-27304\u003c/p\u003e\n\u003cp\u003eSQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer\noverflow in the calculated message size can cause the one large message to be sent as multiple messages under the\nattacker's control.\u003c/p\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.1 (February 27, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.0 (February 11, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade pgconn to v1.14.0\u003c/li\u003e\n\u003cli\u003eUpgrade pgproto3 to v2.3.2\u003c/li\u003e\n\u003cli\u003eUpgrade pgtype to v1.14.0\u003c/li\u003e\n\u003cli\u003eFix query sanitizer when query text contains Unicode replacement character\u003c/li\u003e\n\u003cli\u003eFix context with value in BeforeConnect (David Harju)\u003c/li\u003e\n\u003cli\u003eSupport pgx v4 and v5 stdlib in same program (Vitalii Solodilov)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/14690df4c533758df97f7cc561cb9062155045c6\"\u003e\u003ccode\u003e14690df\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/779548e1f725060db4f4fc528325d7304aa34f93\"\u003e\u003ccode\u003e779548e\u003c/code\u003e\u003c/a\u003e Update required Go version to 1.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/80e96622d64b9c4dcc7d78a2200c8eade1713118\"\u003e\u003ccode\u003e80e9662\u003c/code\u003e\u003c/a\u003e Update github.com/jackc/pgconn to v1.14.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0bf9ac391c87b05d3c44cf0bbc43b9556761bc64\"\u003e\u003ccode\u003e0bf9ac3\u003c/code\u003e\u003c/a\u003e Fix erroneous test case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df\"\u003e\u003ccode\u003ef94eb0e\u003c/code\u003e\u003c/a\u003e Always wrap arguments in parentheses in the SQL sanitizer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c\"\u003e\u003ccode\u003e826a892\u003c/code\u003e\u003c/a\u003e Fix SQL injection via line comment creation in simple protocol\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7d882f9aa7b33f88fcf9da6b795685c5821950fd\"\u003e\u003ccode\u003e7d882f9\u003c/code\u003e\u003c/a\u003e Fix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1d07b8b939810f2417b6c2010acac08d64be6e7d\"\u003e\u003ccode\u003e1d07b8b\u003c/code\u003e\u003c/a\u003e go mod tidy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/13468eb321a0bacbb0cbdfddb1ea1d62e68e0652\"\u003e\u003ccode\u003e13468eb\u003c/code\u003e\u003c/a\u003e Release v4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7fed69b9540b7725f38abae5759a0cc98c541048\"\u003e\u003ccode\u003e7fed69b\u003c/code\u003e\u003c/a\u003e simplify duplicate \u003ccode\u003epgx\u003c/code\u003e registration guard\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v4.17.2...v4.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sirupsen/logrus` from 1.8.1 to 1.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd instructions to use different log levels for local and syslog by \u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by \u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse text when shows the logrus output by \u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCI: use GitHub Actions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1239\"\u003esirupsen/logrus#1239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: github.com/stretchr/testify v1.7.0 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1246\"\u003esirupsen/logrus#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange godoc badge to pkg.go.dev badge by \u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the logger private buffer pool. by \u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump golang.org/x/sys depency version by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1280\"\u003esirupsen/logrus#1280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eindicates issues as stale automatically by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1281\"\u003esirupsen/logrus#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add go 1.17 to test matrix by \u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ereduce the list of cross build target by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1282\"\u003esirupsen/logrus#1282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove Log methods documentation by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1283\"\u003esirupsen/logrus#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix race condition for SetFormatter and SetReportCaller by \u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version of golang.org/x/sys dependency by \u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate gopkg.in/yaml.v3 to v3.0.1 by \u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate dependencies by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1343\"\u003esirupsen/logrus#1343\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix data race in hooks.test package by \u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b30aa27cf4df89e9b96c68c063486c3162f71aef\"\u003e\u003ccode\u003eb30aa27\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1339\"\u003e#1339\u003c/a\u003e from xieyuschen/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7\"\u003e\u003ccode\u003e6acd903\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e from ozfive/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/105e63f86c7de9d7aab379fdd6721a3476009eaf\"\u003e\u003ccode\u003e105e63f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1\"\u003e#1\u003c/a\u003e from ashmckenzie/ashmckenzie/fix-writer-scanner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/c052ba6a076b368de89029949f68b3b8ccd8e058\"\u003e\u003ccode\u003ec052ba6\u003c/code\u003e\u003c/a\u003e Scan text in 64KB chunks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/e59b167d75f32c4d0db65a2dc6d5f0c4dd548653\"\u003e\u003ccode\u003ee59b167\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1372\"\u003e#1372\u003c/a\u003e from tommyblue/syslog_different_loglevels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/766cfece3701d0b1737681ffb5e6e40b628b664d\"\u003e\u003ccode\u003e766cfec\u003c/code\u003e\u003c/a\u003e This commit fixes a potential denial of service vulnerability in logrus.Write...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/70234da9c319016474284324265b694b2471c903\"\u003e\u003ccode\u003e70234da\u003c/code\u003e\u003c/a\u003e Add instructions to use different log levels for local and syslog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/a448f8228b920021d792e0767626068db5f0e38d\"\u003e\u003ccode\u003ea448f82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1362\"\u003e#1362\u003c/a\u003e from FrancoisWagner/fix-data-race-in-hooks-test-pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/ff07b25fdf830fffcf67b64674799b11941542ac\"\u003e\u003ccode\u003eff07b25\u003c/code\u003e\u003c/a\u003e Fix data race in hooks.test package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/f8bf7650dccb756cea26edaf9217aab85500fe07\"\u003e\u003ccode\u003ef8bf765\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1343\"\u003e#1343\u003c/a\u003e from sirupsen/dbd-upd-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20220722155217-630584e8d5aa to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/6c97a165dd661335ff7bce6104a008558123c353\"\u003e\u003ccode\u003e6c97a16\u003c/code\u003e\u003c/a\u003e all: update go directive to 1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f488e191e67ed95a5b9b7b39024e5a5f5f1ffd02\"\u003e\u003ccode\u003ef488e19\u003c/code\u003e\u003c/a\u003e unicode/norm: fix function name on comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fb697c0580b4b6ab0a21ca17e64788b981fb6018\"\u003e\u003ccode\u003efb697c0\u003c/code\u003e\u003c/a\u003e cmd/gotext: actually use -dir flag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f3e69ed4a8ab60c16ae76f4ddb08f2726b0a9428\"\u003e\u003ccode\u003ef3e69ed\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix misbehaviors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ab07ad1b65bc4cdc738e747f7569a3795d2e60ec\"\u003e\u003ccode\u003eab07ad1\u003c/code\u003e\u003c/a\u003e all: remove repetitive words\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e50348080f29449bcd6808c11400b3d45f08b09d\"\u003e\u003ccode\u003ee503480\u003c/code\u003e\u003c/a\u003e encoding/japanese, language: shorten very long sub-test names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/2df65d769a9e24cb1e11b714ec1918ed5d7657cb\"\u003e\u003ccode\u003e2df65d7\u003c/code\u003e\u003c/a\u003e all: regenerate for Unicode 15.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e3c038a67ff8a7b728cf9a527ca4d14ff7540536\"\u003e\u003ccode\u003ee3c038a\u003c/code\u003e\u003c/a\u003e all: prepare for Unicode 15.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/3a7a2557e7386e7e39d8b31290c3e8962c39e0fc\"\u003e\u003ccode\u003e3a7a255\u003c/code\u003e\u003c/a\u003e internal/export/idna: make more space for mapping index\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/d61dd50441c6e2d3595be435b162ca96c58848f9\"\u003e\u003ccode\u003ed61dd50\u003c/code\u003e\u003c/a\u003e go.mod: delete repeated \u0026quot;indirect\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgproto3/v2` from 2.3.1 to 2.3.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007\"\u003e\u003ccode\u003e945c212\u003c/code\u003e\u003c/a\u003e Backport fixes from pgx v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/0c0f7b03fb4967dfff8de06d07a9fe20baf83449\"\u003e\u003ccode\u003e0c0f7b0\u003c/code\u003e\u003c/a\u003e Add pgx v5 note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/f59ff94cbed817a4c9f755696894e1f919756cfc\"\u003e\u003ccode\u003ef59ff94\u003c/code\u003e\u003c/a\u003e UnmarshalJSON: removing hex decode\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jackc/pgproto3/compare/v2.3.1...v2.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v4` from 4.17.2 to 4.18.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.18.2 (March 4, 2024)\u003c/h1\u003e\n\u003cp\u003eFix CVE-2024-27289\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when all of the following conditions are met:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA placeholder for a numeric value must be immediately preceded by a minus.\u003c/li\u003e\n\u003cli\u003eThere must be a second placeholder for a string value after the first placeholder; both must be on the same line.\u003c/li\u003e\n\u003cli\u003eBoth parameter values must be user-controlled.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cp\u003eFix CVE-2024-27304\u003c/p\u003e\n\u003cp\u003eSQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer\noverflow in the calculated message size can cause the one large message to be sent as multiple messages under the\nattacker's control.\u003c/p\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.1 (February 27, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.0 (February 11, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade pgconn to v1.14.0\u003c/li\u003e\n\u003cli\u003eUpgrade pgproto3 to v2.3.2\u003c/li\u003e\n\u003cli\u003eUpgrade pgtype to v1.14.0\u003c/li\u003e\n\u003cli\u003eFix query sanitizer when query text contains Unicode replacement character\u003c/li\u003e\n\u003cli\u003eFix context with value in BeforeConnect (David Harju)\u003c/li\u003e\n\u003cli\u003eSupport pgx v4 and v5 stdlib in same program (Vitalii Solodilov)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/14690df4c533758df97f7cc561cb9062155045c6\"\u003e\u003ccode\u003e14690df\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/779548e1f725060db4f4fc528325d7304aa34f93\"\u003e\u003ccode\u003e779548e\u003c/code\u003e\u003c/a\u003e Update required Go version to 1.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/80e96622d64b9c4dcc7d78a2200c8eade1713118\"\u003e\u003ccode\u003e80e9662\u003c/code\u003e\u003c/a\u003e Update github.com/jackc/pgconn to v1.14.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0bf9ac391c87b05d3c44cf0bbc43b9556761bc64\"\u003e\u003ccode\u003e0bf9ac3\u003c/code\u003e\u003c/a\u003e Fix erroneous test case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df\"\u003e\u003ccode\u003ef94eb0e\u003c/code\u003e\u003c/a\u003e Always wrap arguments in parentheses in the SQL sanitizer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c\"\u003e\u003ccode\u003e826a892\u003c/code\u003e\u003c/a\u003e Fix SQL injection via line comment creation in simple protocol\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7d882f9aa7b33f88fcf9da6b795685c5821950fd\"\u003e\u003ccode\u003e7d882f9\u003c/code\u003e\u003c/a\u003e Fix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1d07b8b939810f2417b6c2010acac08d64be6e7d\"\u003e\u003ccode\u003e1d07b8b\u003c/code\u003e\u003c/a\u003e go mod tidy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/13468eb321a0bacbb0cbdfddb1ea1d62e68e0652\"\u003e\u003ccode\u003e13468eb\u003c/code\u003e\u003c/a\u003e Release v4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7fed69b9540b7725f38abae5759a0cc98c541048\"\u003e\u003ccode\u003e7fed69b\u003c/code\u003e\u003c/a\u003e simplify duplicate \u003ccode\u003epgx\u003c/code\u003e registration guard\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v4.17.2...v4.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sirupsen/logrus` from 1.8.1 to 1.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd instructions to use different log levels for local and syslog by \u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by \u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse text when shows the logrus output by \u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCI: use GitHub Actions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1239\"\u003esirupsen/logrus#1239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: github.com/stretchr/testify v1.7.0 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1246\"\u003esirupsen/logrus#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange godoc badge to pkg.go.dev badge by \u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the logger private buffer pool. by \u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump golang.org/x/sys depency version by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1280\"\u003esirupsen/logrus#1280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eindicates issues as stale automatically by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1281\"\u003esirupsen/logrus#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add go 1.17 to test matrix by \u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ereduce the list of cross build target by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1282\"\u003esirupsen/logrus#1282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove Log methods documentation by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1283\"\u003esirupsen/logrus#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix race condition for SetFormatter and SetReportCaller by \u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version of golang.org/x/sys dependency by \u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate gopkg.in/yaml.v3 to v3.0.1 by \u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate dependencies by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1343\"\u003esirupsen/logrus#1343\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix data race in hooks.test package by \u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b30aa27cf4df89e9b96c68c063486c3162f71aef\"\u003e\u003ccode\u003eb30aa27\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1339\"\u003e#1339\u003c/a\u003e from xieyuschen/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7\"\u003e\u003ccode\u003e6acd903\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e from ozfive/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/105e63f86c7de9d7aab379fdd6721a3476009eaf\"\u003e\u003ccode\u003e105e63f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1\"\u003e#1\u003c/a\u003e from ashmckenzie/ashmckenzie/fix-writer-scanner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/c052ba6a076b368de89029949f68b3b8ccd8e058\"\u003e\u003ccode\u003ec052ba6\u003c/code\u003e\u003c/a\u003e Scan text in 64KB chunks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/e59b167d75f32c4d0db65a2dc6d5f0c4dd548653\"\u003e\u003ccode\u003ee59b167\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1372\"\u003e#1372\u003c/a\u003e from tommyblue/syslog_different_loglevels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/766cfece3701d0b1737681ffb5e6e40b628b664d\"\u003e\u003ccode\u003e766cfec\u003c/code\u003e\u003c/a\u003e This commit fixes a potential denial of service vulnerability in logrus.Write...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/70234da9c319016474284324265b694b2471c903\"\u003e\u003ccode\u003e70234da\u003c/code\u003e\u003c/a\u003e Add instructions to use different log levels for local and syslog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/a448f8228b920021d792e0767626068db5f0e38d\"\u003e\u003ccode\u003ea448f82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1362\"\u003e#1362\u003c/a\u003e from FrancoisWagner/fix-data-race-in-hooks-test-pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/ff07b25fdf830fffcf67b64674799b11941542ac\"\u003e\u003ccode\u003eff07b25\u003c/code\u003e\u003c/a\u003e Fix data race in hooks.test package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/f8bf7650dccb756cea26edaf9217aab85500fe07\"\u003e\u003ccode\u003ef8bf765\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1343\"\u003e#1343\u003c/a\u003e from sirupsen/dbd-upd-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20220722155217-630584e8d5aa to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/6c97a165dd661335ff7bce6104a008558123c353\"\u003e\u003ccode\u003e6c97a16\u003c/code\u003e\u003c/a\u003e all: update go directive to 1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f488e191e67ed95a5b9b7b39024e5a5f5f1ffd02\"\u003e\u003ccode\u003ef488e19\u003c/code\u003e\u003c/a\u003e unicode/norm: fix function name on comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fb697c0580b4b6ab0a21ca17e64788b981fb6018\"\u003e\u003ccode\u003efb697c0\u003c/code\u003e\u003c/a\u003e cmd/gotext: actually use -dir flag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f3e69ed4a8ab60c16ae76f4ddb08f2726b0a9428\"\u003e\u003ccode\u003ef3e69ed\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix misbehaviors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ab07ad1b65bc4cdc738e747f7569a3795d2e60ec\"\u003e\u003ccode\u003eab07ad1\u003c/code\u003e\u003c/a\u003e all: remove repetitive words\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e50348080f29449bcd6808c11400b3d45f08b09d\"\u003e\u003ccode\u003ee503480\u003c/code\u003e\u003c/a\u003e encoding/japanese, language: shorten very long sub-test names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/2df65d769a9e24cb1e11b714ec1918ed5d7657cb\"\u003e\u003ccode\u003e2df65d7\u003c/code\u003e\u003c/a\u003e all: regenerate for Unicode 15.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e3c038a67ff8a7b728cf9a527ca4d14ff7540536\"\u003e\u003ccode\u003ee3c038a\u003c/code\u003e\u003c/a\u003e all: prepare for Unicode 15.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/3a7a2557e7386e7e39d8b31290c3e8962c39e0fc\"\u003e\u003ccode\u003e3a7a255\u003c/code\u003e\u003c/a\u003e internal/export/idna: make more space for mapping index\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/d61dd50441c6e2d3595be435b162ca96c58848f9\"\u003e\u003ccode\u003ed61dd50\u003c/code\u003e\u003c/a\u003e go.mod: delete repeated \u0026quot;indirect\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.6.1 to 1.7.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.29\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.29 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe twenty-ninth patch release for containerd 1.7 contains various fixes\nand updates including security patches.\u003c/p\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w\"\u003e\u003cstrong\u003eGHSA-pwhc-rpq9-4c8w\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2\"\u003e\u003cstrong\u003eGHSA-m6hq-p25p-ffr2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003erunc\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\"\u003e\u003cstrong\u003eGHSA-qw9x-cqr3-wc7r\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003e\u003cstrong\u003eGHSA-cgrx-mc8f-2prm\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\"\u003e\u003cstrong\u003eGHSA-9493-h29p-rfm2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate differ to handle zstd media types\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12018\"\u003e#12018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.3\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFix lost container logs from quickly closing io\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12375\"\u003e#12375\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003cli\u003eningmingxiao\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eStepSecurity Bot\u003c/li\u003e\n\u003cli\u003ewheat2018\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34bd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0450f046e6942e513d0ebf1ef5c2aff13daa187f\"\u003e\u003ccode\u003e0450f046e\u003c/code\u003e\u003c/a\u003e Fix directory permissions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6ddb7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6dd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9772966401ad3c33a6cd824632f0c61e5049f3a5\"\u003e\u003ccode\u003e9772966\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12486\"\u003e#12486\u003c/a\u003e from dmcgowan/prepare-v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1fc2daaf3ed53f4c9e76fbc5786a6f1ae3bb885f\"\u003e\u003ccode\u003e1fc2daa\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/93f710a528958474f95a95e54516624ef832d80f\"\u003e\u003ccode\u003e93f710a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12480\"\u003e#12480\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-12475-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/68d04befab3284f1dfe2a9f5691ea5da76daace7\"\u003e\u003ccode\u003e68d04be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12471\"\u003e#12471\u003c/a\u003e from austinvazquez/1_7_update_ci_go_and_images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3f5f9f872707a743563d316e85e530193a2e30ac\"\u003e\u003ccode\u003e3f5f9f8\u003c/code\u003e\u003c/a\u003e runc: Update runc binary to v1.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/667409fb63098cb80280940ab06038114e7712da\"\u003e\u003ccode\u003e667409f\u003c/code\u003e\u003c/a\u003e ci: bump Go 1.24.9, 1.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/294f8c027b607c4450b3e52f44280581a737a73f\"\u003e\u003ccode\u003e294f8c0\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest images for basic binaries build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf66b4141defb757dee0fc5653bfd0a7ba1e8fed\"\u003e\u003ccode\u003ecf66b41\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest image for most jobs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.6.1...v1.7.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.2.3 to 0.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.4\u003c/h2\u003e\n\u003cp\u003eThis release fixes a potential security issue in filepath-securejoin\nwhen used on Windows (GHSA-6xv5-86q9-7xr8, which could be used to\ngenerate paths outside of the provided rootfs in certain cases), as well\nas improving the overall behaviour of filepath-securejoin when dealing\nwith Windows paths that contain volume names. Thanks to Paulo Gomes for\ndiscovering and fixing these issues.\u003c/p\u003e\n\u003cp\u003eIn addition, we've switched (at long last) to GitHub Actions and have\ncontinuous integration testing on Linux, MacOS, and Windows.\u003c/p\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePaulo Gomes \u003ca href=\"mailto:pjbgf@linux.com\"\u003epjbgf@linux.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Aleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.2.4] - 2023-09-06\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThis release fixes a potential security issue in filepath-securejoin when\nused on Windows (\u003ca href=\"https://github.com/advisories/GHSA-6xv5-86q9-7xr8\"\u003eGHSA-6xv5-86q9-7xr8\u003c/a\u003e, which could be used to generate\npaths outside of the provided rootfs in certain cases), as well as improving\nthe overall behaviour of filepath-securejoin when dealing with Windows paths\nthat contain volume names. Thanks to Paulo Gomes for discovering and fixing\nthese issues.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to GitHub Actions for CI so we can test on Windows as well as Linux\nand MacOS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/2710d06c5b4ba3168beffa0689798d2db12e8ac4\"\u003e\u003ccode\u003e2710d06\u003c/code\u003e\u003c/a\u003e VERSION: release v0.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/68943415e950190ee33bddfa205e42186da87802\"\u003e\u003ccode\u003e6894341\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/9\"\u003e#9\u003c/a\u003e into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c121231e1276e11049547bee5ce68d5a2cfe2d9b\"\u003e\u003ccode\u003ec121231\u003c/code\u003e\u003c/a\u003e Fix support for Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/05b64230154f962d518a3a44fcfd7b9b63bab031\"\u003e\u003ccode\u003e05b6423\u003c/code\u003e\u003c/a\u003e ci: switch to GHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/64536a8a66ae59588c981e2199f1dcf410508e07\"\u003e\u003ccode\u003e64536a8\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.1+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003cp\u003eThere have been no changes made in the released binaries other than the bump of the Go runtime.\u003c/p\u003e\n\u003cp\u003eSee the changelog below for a full list of changes.\u003c/p\u003e\n\u003ch3\u003eCI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eci: use proper git ref for versioning \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGo: make Go version explicit and pin it to the latest 1.16 release \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3604\"\u003e#3604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eMilos Gajdos\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/96cc1fdb3cab99df352d6cea3d87e104f0ad8520\"\u003e\u003ccode\u003e96cc1fdb\u003c/code\u003e\u003c/a\u003e FIx typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e744906f090d3fd828984253a3dda07db307e7ca\"\u003e\u003ccode\u003ee744906f\u003c/code\u003e\u003c/a\u003e Update 2.8.1. release notes\u003c/li\u003e\n\u003cli\u003ePrepare for v2.8.1 release (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3596\"\u003e#3596\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/6736d1881aefeea97d0ed7330721821c7cae37a8\"\u003e\u003ccode\u003e6736d188\u003c/code\u003e\u003c/a\u003e Prepare for v2.8.1 release\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[2.8 backport] ci: use proper git ref for versioning (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/80acbdf0a2e282750c608e452ce4ceb5dfe0b5b6\"\u003e\u003ccode\u003e80acbdf0\u003c/code\u003e\u003c/a\u003e ci: use proper git ref for versioning\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003eThe previous release can be found at \u003ca href=\"https://github.com/distribution/distribution/releases/tag/v2.8.0\"\u003ev2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.0\u003c/h2\u003e\n\u003cp\u003eregistry 2.8.0\u003c/p\u003e\n\u003cp\u003eWelcome to the v2.8.0 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.0 registry release has been a long time overdue.\nThis is the first step towards the last 2.x release.\nNo further active development will continue on 2.x branch.\nSecurity vulnerability patches to 2.x might be considered, but\nall active development will be focussed on v3 release due in 2022.\nThis release includes a security vulnerability fix along\nwith a few minor bug fixes and improvemnts in documentation and CI.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/b5ca020cfbe998e5af3457fda087444cf5116496\"\u003e\u003ccode\u003eb5ca020\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3605\"\u003e#3605\u003c/a\u003e from milosgajdos/update-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1b5f094086fcc2306be9bc75ad59b2ccd4b174e6\"\u003e\u003ccode\u003e1b5f094\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3604\"\u003e#3604\u003c/a\u003e from crazy-max/2.8-go-1.16.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/96cc1fdb3cab99df352d6cea3d87e104f0ad8520\"\u003e\u003ccode\u003e96cc1fd\u003c/code\u003e\u003c/a\u003e FIx typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e744906f090d3fd828984253a3dda07db307e7ca\"\u003e\u003ccode\u003ee744906\u003c/code\u003e\u003c/a\u003e Update 2.8.1. release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3df9fce2beb5ee01e2174c0dbb9294c191bfd0a8\"\u003e\u003ccode\u003e3df9fce\u003c/code\u003e\u003c/a\u003e go 1.16.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/9a0196b801ba8b9eb4ae5ad388c8f95de719fcdf\"\u003e\u003ccode\u003e9a0196b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3596\"\u003e#3596\u003c/a\u003e from milosgajdos/fix-go-mod-v2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/6736d1881aefeea97d0ed7330721821c7cae37a8\"\u003e\u003ccode\u003e6736d18\u003c/code\u003e\u003c/a\u003e Prepare for v2.8.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e4a447d0d75f3370dce98690f5f2bb0bb4cb669f\"\u003e\u003ccode\u003ee4a447d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3595\"\u003e#3595\u003c/a\u003e from crazy-max/2.8-ci-gitref\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/80acbdf0a2e282750c608e452ce4ceb5dfe0b5b6\"\u003e\u003ccode\u003e80acbdf\u003c/code\u003e\u003c/a\u003e ci: use proper git ref for versioning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/dcf66392d606f50bf3a9286dcb4bdcdfb7c0e83a\"\u003e\u003ccode\u003edcf6639\u003c/code\u003e\u003c/a\u003e Update README so the release pipeline works properly.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.12+incompatible to 23.0.3+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/59118bff500fc0d95d0560a9788735a8d89568ce\"\u003e\u003ccode\u003e59118bf\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-232p-vwff-86mp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/219f21bf07502b447095649b5a2764661737f164\"\u003e\u003ccode\u003e219f21b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/45196\"\u003e#45196\u003c/a\u003e from vvoland/integration-restart-race-23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b87f7f18b82fbb647b5142c6e5459a88a7652d02\"\u003e\u003ccode\u003eb87f7f1\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: insert the input-drop rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c6bf3071fee48b79c2d48faf8855b8afe0a1e951\"\u003e\u003ccode\u003ec6bf307\u003c/code\u003e\u003c/a\u003e StartWithLogFile: Fix d.cmd race\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/7f49ca259bfea1c08bb3019d0db3aa894ff157a6\"\u003e\u003ccode\u003e7f49ca2\u003c/code\u003e\u003c/a\u003e TestDaemonRestartKillContainers: Fix loop capture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/98cbcb8003b7cf8da35fb5d05f5babbe142ab7c8\"\u003e\u003ccode\u003e98cbcb8\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: add BPF-powered VNI matcher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/5c5fac237425c4bf79d2f048c1850f855f0182aa\"\u003e\u003ccode\u003e5c5fac2\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: extract VNI match rule builder\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c492a22287557860831a7c4f523b8e53692bb822\"\u003e\u003ccode\u003ec492a22\u003c/code\u003e\u003c/a\u003e libn/d/overlay: enforce encryption on sandbox init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/018edb02849100de701d6ab6fb932ffb68843e4b\"\u003e\u003ccode\u003e018edb0\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: document some encryption code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/a1fd2f22f6ee07ab5bf241e7b33c75e395bfa9e5\"\u003e\u003ccode\u003ea1fd2f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/45157\"\u003e#45157\u003c/a\u003e from thaJeztah/23.0_backport_update_shfmt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.12...v23.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus/client_golang` from 1.11.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/releases\"\u003egithub.com/prometheus/client_golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1252\"\u003e#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] api: Fix undefined execution order in return statements. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1260\"\u003e#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] native histograms: Fix bug in bucket key calculation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Reduce constrainLabels allocations for all metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promhttp: Add process start time header for scrape efficiency. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1278\"\u003e#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promlint: Improve metricUnits runtime. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eMerge v1.15 to main by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1250\"\u003eprometheus/client_golang#1250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to POST for LabelNames, Series, and QueryExemplars to DoGetFallback by \u003ca href=\"https://github.com/jacksontj\"\u003e\u003ccode\u003e@​jacksontj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1252\"\u003eprometheus/client_golang#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✏️ [collectors]: fix typo in test assertion by \u003ca href=\"https://github.com/vegerot\"\u003e\u003ccode\u003e@​vegerot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1153\"\u003eprometheus/client_golang#1153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded interactive tutorial [kubeCon] by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1255\"\u003eprometheus/client_golang#1255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed tutorial. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1256\"\u003eprometheus/client_golang#1256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/sys from 0.6.0 to 0.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1265\"\u003eprometheus/client_golang#1265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup proto use in tests by \u003ca href=\"https://github.com/SuperQ\"\u003e\u003ccode\u003e@​SuperQ\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1264\"\u003eprometheus/client_golang#1264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tutorial on WSL-based systems by \u003ca href=\"https://github.com/marevers\"\u003e\u003ccode\u003e@​marevers\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1257\"\u003eprometheus/client_golang#1257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix undefined execution order in return statements by \u003ca href=\"https://github.com/PiotrLewandowski323\"\u003e\u003ccode\u003e@​PiotrLewandowski323\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1260\"\u003eprometheus/client_golang#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge release 1.15.1 to main by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1267\"\u003eprometheus/client_golang#1267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGitHub Workflows security hardening by \u003ca href=\"https://github.com/sashashura\"\u003e\u003ccode\u003e@​sashashura\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1180\"\u003eprometheus/client_golang#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd process start time header to client_golang prometheus by \u003ca href=\"https://github.com/logicalhan\"\u003e\u003ccode\u003e@​logicalhan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1278\"\u003eprometheus/client_golang#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix bug in bucket key calculation by \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1279\"\u003eprometheus/client_golang#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/prometheus/procfs from 0.9.0 to 0.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1283\"\u003eprometheus/client_golang#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce constrainLabels allocations by \u003ca href=\"https://github.com/khasanovbi\"\u003e\u003ccode\u003e@​khasanovbi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1272\"\u003eprometheus/client_golang#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadded circleci as gh action YAML by \u003ca href=\"https://github.com/krishnaduttPanchagnula\"\u003e\u003ccode\u003e@​krishnaduttPanchagnula\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1281\"\u003eprometheus/client_golang#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove metricUnits runtime by \u003ca href=\"https://github.com/avlitman\"\u003e\u003ccode\u003e@​avlitman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1286\"\u003eprometheus/client_golang#1286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMoving fully to GH actions. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1288\"\u003eprometheus/client_golang#1288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix docstring references to renamed native histogram fields / functions. by \u003ca href=\"https://github.com/juliusv\"\u003e\u003ccode\u003e@​juliusv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1290\"\u003eprometheus/client_golang#1290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed README \u0026amp; CHANGELOG; Added fmt makefile command (+bingo) for easier contributions. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1289\"\u003eprometheus/client_golang#1289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vegerot\"\u003e\u003ccode\u003e@​vegerot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1153\"\u003eprometheus/client_golang#1153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marevers\"\u003e\u003ccode\u003e@​marevers\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1257\"\u003eprometheus/client_golang#1257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PiotrLewandowski323\"\u003e\u003ccode\u003e@​PiotrLewandowski323\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1260\"\u003eprometheus/client_golang#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sashashura\"\u003e\u003ccode\u003e@​sashashura\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1180\"\u003eprometheus/client_golang#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/logicalhan\"\u003e\u003ccode\u003e@​logicalhan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1278\"\u003eprometheus/client_golang#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/khasanovbi\"\u003e\u003ccode\u003e@​khasanovbi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1272\"\u003eprometheus/client_golang#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/krishnaduttPanchagnula\"\u003e\u003ccode\u003e@​krishnaduttPanchagnula\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1281\"\u003eprometheus/client_golang#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avlitman\"\u003e\u003ccode\u003e@​avlitman\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1286\"\u003eprometheus/client_golang#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus/client_golang's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.16.0 / 2023-06-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1252\"\u003e#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] api: Fix undefined execution order in return statements. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1260\"\u003e#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] native histograms: Fix bug in bucket key calculation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Reduce constrainLabels allocations for all metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promhttp: Add process start time header for scrape efficiency. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1278\"\u003e#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promlint: Improve metricUnits runtime. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.1 / 2023-05-3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fixed promhttp.Instrument* handlers wrongly trying to attach exemplar to unsupported metrics (e.g. summary), \u003cbr /\u003e\ncausing panics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.0 / 2023-04-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fix issue with atomic variables on ppc64le. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1171\"\u003e#1171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Support for multiple samples within same metric. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1181\"\u003e#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Bump golang.org/x/text to v0.3.8 to mitigate CVE-2022-32149. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1187\"\u003e#1187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add exemplars and middleware examples. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1173\"\u003e#1173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add more context to \u0026quot;duplicate label names\u0026quot; error to enable debugging. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1177\"\u003e#1177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add constrained labels and constrained variant for all MetricVecs. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1151\"\u003e#1151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Moved away from deprecated github.com/golang/protobuf package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1183\"\u003e#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add possibility to dynamically get label values for http instrumentation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1066\"\u003e#1066\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add ability to Pusher to add custom headers. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1218\"\u003e#1218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] api: Extend and improve efficiency of json-iterator usage. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1225\"\u003e#1225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added (official) support for go 1.20. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1234\"\u003e#1234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] timer: Added support for exemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1233\"\u003e#1233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Filter expected metrics as well in CollectAndCompare. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1143\"\u003e#1143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] :warning: Only set start/end if time is not Zero. This breaks compatibility in experimental api package. If you strictly depend on empty time.Time as actual value, the behavior is now changed. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1238\"\u003e#1238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.14.0 / 2022-11-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[FEATURE] Add Support for Native Histograms. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1150\"\u003e#1150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Extend \u003ccode\u003eprometheus.Registry\u003c/code\u003e to implement \u003ccode\u003eprometheus.Collector\u003c/code\u003e interface. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1103\"\u003e#1103\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.1 / 2022-11-01\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fix race condition with Exemplar in Counter. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1146\"\u003e#1146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Fix \u003ccode\u003eCumulativeCount\u003c/code\u003e value of \u003ccode\u003e+Inf\u003c/code\u003e bucket created from exemplar. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1148\"\u003e#1148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Fix double-counting bug in \u003ccode\u003epromhttp.InstrumentRoundTripperCounter\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1118\"\u003e#1118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.0 / 2022-08-05\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added \u003ccode\u003eprometheus.TransactionalGatherer\u003c/code\u003e interface for \u003ccode\u003epromhttp.Handler\u003c/code\u003e use which allows using low allocation update techniques for custom collectors. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/989\"\u003e#989\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added exemplar support to \u003ccode\u003eprometheus.NewConstHistogram\u003c/code\u003e. See \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/prometheus/examples_test.go#L602\"\u003e\u003ccode\u003eExampleNewConstHistogram_WithExemplar\u003c/code\u003e\u003c/a\u003e example on how to use it. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/986\"\u003e#986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003eprometheus/push.Pusher\u003c/code\u003e has now context aware methods that pass context to HTTP request. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1028\"\u003e#1028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003eprometheus/push.Pusher\u003c/code\u003e has now \u003ccode\u003eError\u003c/code\u003e method that retrieve last error. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1075\"\u003e#1075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003etestutil.GatherAndCompare\u003c/code\u003e provides now readable diff on failed comparisons. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/998\"\u003e#998\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/3583c1e1d085b75cab406c78b015562d45552b39\"\u003e\u003ccode\u003e3583c1e\u003c/code\u003e\u003c/a\u003e Cut v1.16.0 (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1292\"\u003e#1292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/2feda42e447efac5bfe39bb226d7025af73c0947\"\u003e\u003ccode\u003e2feda42\u003c/code\u003e\u003c/a\u003e Fixed README \u0026amp; CHANGELOG; Added fmt makefile command (+bingo) for easier cont...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/5b9cf9c6a891de0e7b5ec26d9f4326570a658d17\"\u003e\u003ccode\u003e5b9cf9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1290\"\u003e#1290\u003c/a\u003e from prometheus/fix-nh-docstring-refs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/1b19d5f4589629067111815d0734a1ccbc245268\"\u003e\u003ccode\u003e1b19d5f\u003c/code\u003e\u003c/a\u003e Fix docstring references to renamed native histogram fields / functions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/7352ab7f805ab3bf4d2144f3e8cac92d5caec263\"\u003e\u003ccode\u003e7352ab7\u003c/code\u003e\u003c/a\u003e Moving fully to GH actions. (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1288\"\u003e#1288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/e4ff34d23eacb385c1a9d3d67c4d06aed042ebec\"\u003e\u003ccode\u003ee4ff34d\u003c/code\u003e\u003c/a\u003e Improve metricUnits runtime (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/781ea2802473fd7aff2a92cb16244be57472a085\"\u003e\u003ccode\u003e781ea28\u003c/code\u003e\u003c/a\u003e added circleci as gh action YAML (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1281\"\u003e#1281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/a09a1d34cbc74daa8ed70234b99467a30b020a40\"\u003e\u003ccode\u003ea09a1d3\u003c/code\u003e\u003c/a\u003e Reduce constrainLabels allocations (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/8840afcfc2c3ff3d40357552dbc1d9d43c4bae67\"\u003e\u003ccode\u003e8840afc\u003c/code\u003e\u003c/a\u003e Bump github.com/prometheus/procfs from 0.9.0 to 0.10.1 (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/5e78d5f66b851fef874b783814b2e884df2798d0\"\u003e\u003ccode\u003e5e78d5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e from prometheus/beorn7/histogram\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20220412020605-290c469a71a5 to 0.42.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.42.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.0.0-20220411215720-9780585627b5 to 0.30.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/commits/v0.30.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.46.0 to 1.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/...\n\n_Description has been truncated_","html_url":"https://github.com/hardihardi/meshery/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hardihardi%2Fmeshery/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"},{"uuid":"3889574370","node_id":"PR_kwDOEOmcd87BGrhW","number":962,"state":"closed","title":"build(deps): bump the gomod group across 1 directory with 26 updates","user":"dependabot[bot]","labels":["lifecycle/stale","release-note-none"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-01T10:44:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-03T07:02:24.000Z","updated_at":"2026-04-01T10:44:25.000Z","time_to_close":4938118,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":26,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/checkpoint-restore/checkpointctl","old_version":"1.4.0","new_version":"1.5.0","repository_url":"https://github.com/checkpoint-restore/checkpointctl"},{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/coreos/go-systemd/v22","old_version":"22.6.0","new_version":"22.7.0","repository_url":"https://github.com/coreos/go-systemd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.2","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/godbus/dbus/v5","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/godbus/dbus"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.27.3","new_version":"2.28.1","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/opencontainers/runc","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc","old_version":"0.64.0","new_version":"0.65.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go-contrib"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc","old_version":"1.39.0","new_version":"1.40.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"k8s.io/api","old_version":"0.35.0-rc.0","new_version":"0.36.0-alpha.0","repository_url":"https://github.com/kubernetes/api"},{"name":"k8s.io/client-go","old_version":"0.35.0-rc.0","new_version":"0.36.0-alpha.0","repository_url":"https://github.com/kubernetes/client-go"},{"name":"k8s.io/cri-api","old_version":"0.35.0-rc.0","new_version":"0.36.0-alpha.0","repository_url":"https://github.com/kubernetes/cri-api"},{"name":"k8s.io/cri-client","old_version":"0.35.0-rc.0","new_version":"0.36.0-alpha.0","repository_url":"https://github.com/kubernetes/cri-client"},{"name":"k8s.io/kubelet","old_version":"0.35.0-rc.0","new_version":"0.36.0-alpha.0","repository_url":"https://github.com/kubernetes/kubelet"},{"name":"sigs.k8s.io/release-utils","old_version":"0.12.2","new_version":"0.12.3","repository_url":"https://github.com/kubernetes-sigs/release-utils"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/checkpoint-restore/checkpointctl](https://github.com/checkpoint-restore/checkpointctl) | `1.4.0` | `1.5.0` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.29` | `1.7.30` |\n| [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) | `22.6.0` | `22.7.0` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.2` | `0.6.1` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.3` | `5.2.4` |\n| [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) | `5.2.0` | `5.2.2` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.27.3` | `2.28.1` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.3.2` | `1.4.0` |\n| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.64.0` | `0.65.0` |\n| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.39.0` | `1.40.0` |\n| [k8s.io/api](https://github.com/kubernetes/api) | `0.35.0-rc.0` | `0.36.0-alpha.0` |\n| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.35.0-rc.0` | `0.36.0-alpha.0` |\n| [k8s.io/cri-api](https://github.com/kubernetes/cri-api) | `0.35.0-rc.0` | `0.36.0-alpha.0` |\n| [k8s.io/cri-client](https://github.com/kubernetes/cri-client) | `0.35.0-rc.0` | `0.36.0-alpha.0` |\n| [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.35.0-rc.0` | `0.36.0-alpha.0` |\n| [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) | `0.12.2` | `0.12.3` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/checkpoint-restore/checkpointctl` from 1.4.0 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/releases\"\u003egithub.com/checkpoint-restore/checkpointctl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eworkflows: add PR comment on binary size check failure by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/180\"\u003echeckpoint-restore/checkpointctl#180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: update go-criu from v7 to v8 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/179\"\u003echeckpoint-restore/checkpointctl#179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate version number by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/182\"\u003echeckpoint-restore/checkpointctl#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: document asciidoctor and Go version requirements and ignore install artifacts by \u003ca href=\"https://github.com/Lorygold\"\u003e\u003ccode\u003e@​Lorygold\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/183\"\u003echeckpoint-restore/checkpointctl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: update go-criu from v8 to v8.1.0 by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/188\"\u003echeckpoint-restore/checkpointctl#188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for parsing of TaskState by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/187\"\u003echeckpoint-restore/checkpointctl#187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeckpointctl: Version 1.5.0 by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/191\"\u003echeckpoint-restore/checkpointctl#191\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lorygold\"\u003e\u003ccode\u003e@​Lorygold\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/183\"\u003echeckpoint-restore/checkpointctl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TusharMohapatra07\"\u003e\u003ccode\u003e@​TusharMohapatra07\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/187\"\u003echeckpoint-restore/checkpointctl#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.1...v1.5.0\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.1...v1.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in the all group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/172\"\u003echeckpoint-restore/checkpointctl#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/176\"\u003echeckpoint-restore/checkpointctl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eworkflows: add explicit permissions to fix CodeQL warnings by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/177\"\u003echeckpoint-restore/checkpointctl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump minimum Go version to 1.24.6 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/178\"\u003echeckpoint-restore/checkpointctl#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/891978fb0574c92308fd2f94aaa497c705b194bb\"\u003e\u003ccode\u003e891978f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/191\"\u003e#191\u003c/a\u003e from rst0git/version-1.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/16da5b31962b6bcde738a6c5bc4c742d84c2d491\"\u003e\u003ccode\u003e16da5b3\u003c/code\u003e\u003c/a\u003e checkpointctl: Version 1.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/19e162bfe7bcd44a8375619017a5f7deb9346e03\"\u003e\u003ccode\u003e19e162b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/187\"\u003e#187\u003c/a\u003e from rst0git/task-state-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/11d87dac03cd0d247d820e841817984a582b0eeb\"\u003e\u003ccode\u003e11d87da\u003c/code\u003e\u003c/a\u003e test/piggie: add tests for zombie/dead processes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/9817147c1a21c8c10d98b0c5a876725ddbbd00e2\"\u003e\u003ccode\u003e9817147\u003c/code\u003e\u003c/a\u003e test/piggie: use enable variable in setsockopt()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/c80219ebd2f8c3cbce3ecfa4d4739f5347e63a3b\"\u003e\u003ccode\u003ec80219e\u003c/code\u003e\u003c/a\u003e test/piggie: fix log file redirect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/21eb9f9703d9f8a2071d0d72fd0783697b7c6d6c\"\u003e\u003ccode\u003e21eb9f9\u003c/code\u003e\u003c/a\u003e test/piggie: fix pointer arithmetic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/152be2f3beb27e753611fb4b7a48a2d09d42ff78\"\u003e\u003ccode\u003e152be2f\u003c/code\u003e\u003c/a\u003e test/piggie: send correct payload length for ping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/3feab27d671bf945d1da3f038b6a202955cb4429\"\u003e\u003ccode\u003e3feab27\u003c/code\u003e\u003c/a\u003e test/piggie: break loop on client disconnect or error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/d90aad006e6ff1a279c0a21a4320361a7d31c75b\"\u003e\u003ccode\u003ed90aad0\u003c/code\u003e\u003c/a\u003e test/piggie: initialize sockaddr_in structures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.29 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/coreos/go-systemd/v22` from 22.6.0 to 22.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coreos/go-systemd/releases\"\u003egithub.com/coreos/go-systemd/v22's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.7.0\u003c/h2\u003e\n\u003cp\u003eThis release fixes an issue with multiple calls to (e.g.) StopUnit, simplifies and improves code and documentation, and adds a few new methods.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/473\"\u003ecoreos/go-systemd#473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixing error on negative value of LISTEN_FDS by \u003ca href=\"https://github.com/vporoshok\"\u003e\u003ccode\u003e@​vporoshok\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/472\"\u003ecoreos/go-systemd#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMisc error reporting improvements by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/475\"\u003ecoreos/go-systemd#475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edaemon: add \u003ccode\u003eSdNotifyMonotonicUsec\u003c/code\u003e helper function by \u003ca href=\"https://github.com/corhere\"\u003e\u003ccode\u003e@​corhere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/435\"\u003ecoreos/go-systemd#435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/481\"\u003ecoreos/go-systemd#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/483\"\u003ecoreos/go-systemd#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edbus: fix TestSetUnitProperties wrt systemd \u0026gt;= 252 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/489\"\u003ecoreos/go-systemd#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSync repo templates ⚙ by \u003ca href=\"https://github.com/coreosbot-releng\"\u003e\u003ccode\u003e@​coreosbot-releng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/486\"\u003ecoreos/go-systemd#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eunit: simplify escape character by \u003ca href=\"https://github.com/huww98\"\u003e\u003ccode\u003e@​huww98\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/485\"\u003ecoreos/go-systemd#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emachine1: add missing close method to conn. by \u003ca href=\"https://github.com/maartensson\"\u003e\u003ccode\u003e@​maartensson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/487\"\u003ecoreos/go-systemd#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esubscription: Added context cancellation and sync to subscription set by \u003ca href=\"https://github.com/NotSoFancyName\"\u003e\u003ccode\u003e@​NotSoFancyName\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/480\"\u003ecoreos/go-systemd#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: improvements by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/490\"\u003ecoreos/go-systemd#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimport1: add missing close method to conn by \u003ca href=\"https://github.com/maartensson\"\u003e\u003ccode\u003e@​maartensson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/492\"\u003ecoreos/go-systemd#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esdjournal: fix copyrights by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/499\"\u003ecoreos/go-systemd#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eactivation: simplify ListenersWithNames by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/498\"\u003ecoreos/go-systemd#498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edbus: allow multiple calls for the same unit to *Unit by \u003ca href=\"https://github.com/haircommander\"\u003e\u003ccode\u003e@​haircommander\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/496\"\u003ecoreos/go-systemd#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation nits by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/500\"\u003ecoreos/go-systemd#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edbus: dedup result conversion code by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/493\"\u003ecoreos/go-systemd#493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd FilesWithNames() to activation by \u003ca href=\"https://github.com/MayCXC\"\u003e\u003ccode\u003e@​MayCXC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/497\"\u003ecoreos/go-systemd#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for transient units with auxiliary units by \u003ca href=\"https://github.com/gwenya\"\u003e\u003ccode\u003e@​gwenya\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/495\"\u003ecoreos/go-systemd#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eactivation: stub out for plan9 by \u003ca href=\"https://github.com/flokli\"\u003e\u003ccode\u003e@​flokli\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/440\"\u003ecoreos/go-systemd#440\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vporoshok\"\u003e\u003ccode\u003e@​vporoshok\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/472\"\u003ecoreos/go-systemd#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corhere\"\u003e\u003ccode\u003e@​corhere\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/435\"\u003ecoreos/go-systemd#435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huww98\"\u003e\u003ccode\u003e@​huww98\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/485\"\u003ecoreos/go-systemd#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/maartensson\"\u003e\u003ccode\u003e@​maartensson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/487\"\u003ecoreos/go-systemd#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haircommander\"\u003e\u003ccode\u003e@​haircommander\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/496\"\u003ecoreos/go-systemd#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MayCXC\"\u003e\u003ccode\u003e@​MayCXC\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/497\"\u003ecoreos/go-systemd#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gwenya\"\u003e\u003ccode\u003e@​gwenya\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/495\"\u003ecoreos/go-systemd#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flokli\"\u003e\u003ccode\u003e@​flokli\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/440\"\u003ecoreos/go-systemd#440\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ehttps://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/4dc4ee60b8394d431f19a3c599040ef758884a27\"\u003e\u003ccode\u003e4dc4ee6\u003c/code\u003e\u003c/a\u003e activation: stub out for plan9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/8f5a75c278158e2cf18b413f02c25f5628a5feda\"\u003e\u003ccode\u003e8f5a75c\u003c/code\u003e\u003c/a\u003e dbus: add StartTransientUnitAux for starting transient units with auxiliary u...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/9211a7bb9050c57bf853f71a184803c71b9effe7\"\u003e\u003ccode\u003e9211a7b\u003c/code\u003e\u003c/a\u003e activation: add FilesWithNames()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/2c3ebed22d7a23765394bade71e7c0451e1b1efd\"\u003e\u003ccode\u003e2c3ebed\u003c/code\u003e\u003c/a\u003e dbus: dedup result conversion code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/aac8e000ad77a1a12ca5493f127dd72d72b387e2\"\u003e\u003ccode\u003eaac8e00\u003c/code\u003e\u003c/a\u003e unit: fix Deserialize deprecation notice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/d4795ceb4873780fd6d601700ea44fecd6f8d4a0\"\u003e\u003ccode\u003ed4795ce\u003c/code\u003e\u003c/a\u003e Fix doc references\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/abb50b3ef702fd889c2806ac0a79eeed7dee6a17\"\u003e\u003ccode\u003eabb50b3\u003c/code\u003e\u003c/a\u003e dbus: allow multiple calls for the same unit to *Unit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/27f6beaf75ffc911bbeff76dc3dbf8ee4bf86d86\"\u003e\u003ccode\u003e27f6bea\u003c/code\u003e\u003c/a\u003e activation: simplify ListenersWithNames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/e615438da4253e7970d9647cc6916fcc91e644af\"\u003e\u003ccode\u003ee615438\u003c/code\u003e\u003c/a\u003e sdjournal: fix copyrights\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/d25876d629af5d60f8d6681719509721c2ab4a25\"\u003e\u003ccode\u003ed25876d\u003c/code\u003e\u003c/a\u003e import1: add missing close method to conn\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.2 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f466aa3630920b694b2d32b037375e55520bdf5b\"\u003e\u003ccode\u003ef466aa3\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/83\"\u003e#83\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/67db5d4c764ad99bc947581f1973b24bc62ffc20\"\u003e\u003ccode\u003e67db5d4\u003c/code\u003e\u003c/a\u003e tests: hard-fail openat2 in openat2-disabled tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f51984fd0a9093abd4047041537c7dfcb79fbd8b\"\u003e\u003ccode\u003ef51984f\u003c/code\u003e\u003c/a\u003e gha: run tests on vX.Y.Z branches\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.2...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.3 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/6eb35881c0e438ffb663ddbad3a61babaa5e5d8a\"\u003e\u003ccode\u003e6eb3588\u003c/code\u003e\u003c/a\u003e middleware: harden RedirectSlashes handler (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1044\"\u003e#1044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/de0d16e6d23092aeef0b6e78f146799369160651\"\u003e\u003ccode\u003ede0d16e\u003c/code\u003e\u003c/a\u003e Update comment about min Go version (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1023\"\u003e#1023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/9fb4a15daa6d4ccd5e7286c1227d58872f89f4cb\"\u003e\u003ccode\u003e9fb4a15\u003c/code\u003e\u003c/a\u003e update reverseMethodMap in RegisterMethod (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1022\"\u003e#1022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/51c977c2da872d16d05531d5bc49ccd027599ce2\"\u003e\u003ccode\u003e51c977c\u003c/code\u003e\u003c/a\u003e Refactor to use atomic type (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1019\"\u003e#1019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/563ab118626b47810852303c3a60c2106a6bc23c\"\u003e\u003ccode\u003e563ab11\u003c/code\u003e\u003c/a\u003e Refactor graceful shutdown example (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/994\"\u003e#994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a52c582b532cd261dbedc4c811d809d6e024c1ff\"\u003e\u003ccode\u003ea52c582\u003c/code\u003e\u003c/a\u003e Bump minimum Go and use new features (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1017\"\u003e#1017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.3...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/godbus/dbus/v5` from 5.2.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/godbus/dbus/releases\"\u003egithub.com/godbus/dbus/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ununsed import in windows specific code by \u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump freebsd to 14.3 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/421\"\u003egodbus/dbus#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow more than 32 containers / struct fields in a signature by \u003ca href=\"https://github.com/guelfey\"\u003e\u003ccode\u003e@​guelfey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/426\"\u003egodbus/dbus#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci-lint to v2, fix some issues found by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/419\"\u003egodbus/dbus#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and simplify getHomeDir by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/422\"\u003egodbus/dbus#422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/a8ac15ba63645f02ffd57f4b443203279ab40b30\"\u003e\u003ccode\u003ea8ac15b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/427\"\u003e#427\u003c/a\u003e from dims/drop-unused-import-in-windows-specific-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/e638c721d984eab99e7a5d674ece2e17ea913aca\"\u003e\u003ccode\u003ee638c72\u003c/code\u003e\u003c/a\u003e Drop ununsed import in windows specific code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/20d95a3d9a57a5cb72cbdafb3fd9ecb6d2ccd038\"\u003e\u003ccode\u003e20d95a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/422\"\u003e#422\u003c/a\u003e from kolyshkin/homedir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d3fc3b583895e27c3337f77ea7134b0a81159955\"\u003e\u003ccode\u003ed3fc3b5\u003c/code\u003e\u003c/a\u003e Fix and simplify getHomeDir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/88ce46364db66b69f70017265a312b26ad7feba8\"\u003e\u003ccode\u003e88ce463\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/419\"\u003e#419\u003c/a\u003e from kolyshkin/golangci-v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/feb892a0347fb361350229d969a2666a4791504e\"\u003e\u003ccode\u003efeb892a\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/c5ff039e5883a86f848ad6fbb820e471818c0bde\"\u003e\u003ccode\u003ec5ff039\u003c/code\u003e\u003c/a\u003e Ignore ST1008 warning for validSingle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/135663e52698feb5ad4b0733d7e457c82227214a\"\u003e\u003ccode\u003e135663e\u003c/code\u003e\u003c/a\u003e Omit embedded fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/1b92cdcc136567c781bcc0ad1ccb4bd78b11e151\"\u003e\u003ccode\u003e1b92cdc\u003c/code\u003e\u003c/a\u003e variant_parser: simplify switch statement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d03c0bea70755580de832141a43f544950e76fc7\"\u003e\u003ccode\u003ed03c0be\u003c/code\u003e\u003c/a\u003e Use switch where it makes sense\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.27.3 to 2.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.28.1\u003c/h2\u003e\n\u003ch2\u003e2.28.1\u003c/h2\u003e\n\u003cp\u003eUpdate all dependencies.  This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.\u003c/p\u003e\n\u003ch2\u003ev2.28.0\u003c/h2\u003e\n\u003ch2\u003e2.28.0\u003c/h2\u003e\n\u003cp\u003eGinkgo's SemVer filter now supports filtering multiple components by SemVer version:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eIt(\u0026quot;should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)\u0026quot;, SemVerConstraint(\u0026quot;\u0026gt;= 3.2.0\u0026quot;), ComponentSemVerConstraint(\u0026quot;redis\u0026quot;, \u0026quot;\u0026gt;= 8.0.0\u0026quot;) func() {\n    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is \u0026gt;= 8.0.0\n})\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ecan be filtered in or out with an invocation like:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eginkgo --sem-ver-filter=\u0026quot;2.1.1, redis=8.2.0\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/Icarus9913\"\u003e\u003ccode\u003e@​Icarus9913\u003c/code\u003e\u003c/a\u003e for working on this!\u003c/p\u003e\n\u003ch2\u003ev2.27.5\u003c/h2\u003e\n\u003ch2\u003e2.27.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eDon't make a new formatter for each GinkgoT(); that's just silly and uses precious memory\u003c/p\u003e\n\u003ch2\u003ev2.27.4\u003c/h2\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.28.1\u003c/h2\u003e\n\u003cp\u003eUpdate all dependencies.  This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.\u003c/p\u003e\n\u003ch2\u003e2.28.0\u003c/h2\u003e\n\u003cp\u003eGinkgo's SemVer filter now supports filtering multiple components by SemVer version:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eIt(\u0026quot;should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)\u0026quot;, SemVerConstraint(\u0026quot;\u0026gt;= 3.2.0\u0026quot;), ComponentSemVerConstraint(\u0026quot;redis\u0026quot;, \u0026quot;\u0026gt;= 8.0.0\u0026quot;) func() {\n    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is \u0026gt;= 8.0.0\n})\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ecan be filtered in or out with an invocation like:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eginkgo --sem-ver-filter=\u0026quot;2.1.1, redis=8.2.0\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/Icarus9913\"\u003e\u003ccode\u003e@​Icarus9913\u003c/code\u003e\u003c/a\u003e for working on this!\u003c/p\u003e\n\u003ch2\u003e2.27.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eDon't make a new formatter for each GinkgoT(); that's just silly and uses precious memory\u003c/p\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/5d1d628ac86668c8f944c8c491c3d1ab86b3bed4\"\u003e\u003ccode\u003e5d1d628\u003c/code\u003e\u003c/a\u003e v2.28.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/676f985d26d9b5d02f73086760883f7086bb5386\"\u003e\u003ccode\u003e676f985\u003c/code\u003e\u003c/a\u003e update test mu language\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/8032100d256f25df9be61f2623fc244c9ea0cafb\"\u003e\u003ccode\u003e8032100\u003c/code\u003e\u003c/a\u003e appease go vet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/41ca8077223910d4d20e099204a8520057ab8b82\"\u003e\u003ccode\u003e41ca807\u003c/code\u003e\u003c/a\u003e bump dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/2b2305b02aad8f5316b0bfcaabe5b9789d988db6\"\u003e\u003ccode\u003e2b2305b\u003c/code\u003e\u003c/a\u003e v2.28.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/71d2d89adc9387d4f4fc579438b5631d9180d687\"\u003e\u003ccode\u003e71d2d89\u003c/code\u003e\u003c/a\u003e feat: support component semantic version filtering\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/8cbbcb4709d306183de94f0699dd92affeb6f5b0\"\u003e\u003ccode\u003e8cbbcb4\u003c/code\u003e\u003c/a\u003e Fix doclink for ginkgo run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/a92830749ce9b1271ffac08abce793ae937fe9d4\"\u003e\u003ccode\u003ea928307\u003c/code\u003e\u003c/a\u003e v2.27.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/0d0e96db305b01ce8642008053b857363ca87ecb\"\u003e\u003ccode\u003e0d0e96d\u003c/code\u003e\u003c/a\u003e don't make a new formatter for each GinkgoT(); that's just silly and uses pre...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/867ce95f5142649695406f751f883c99ea45c0d5\"\u003e\u003ccode\u003e867ce95\u003c/code\u003e\u003c/a\u003e v2.27.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.3...v2.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.38.3 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.39.0\u003c/h2\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/49561ad293853e660030f8397b07607127e3ebb7\"\u003e\u003ccode\u003e49561ad\u003c/code\u003e\u003c/a\u003e v1.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8f7f42585ccc794dcb3a4979ac7d67e00fb070ae\"\u003e\u003ccode\u003e8f7f425\u003c/code\u003e\u003c/a\u003e document MatchErrorStrictly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/bae643da0469185d9502e8d7528da137f4c62320\"\u003e\u003ccode\u003ebae643d\u003c/code\u003e\u003c/a\u003e add matcher relecting errors.Is behavior\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.3...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.0 -- \u0026quot;路漫漫其修远兮，吾将上下而求索！\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the first release of the 1.4.z release branch of runc. It\ncontains a few fixes for issues found in 1.4.0-rc.3. This version of\nrunc supports runtime-spec v1.3 (see [\u003ccode\u003edocs/spec-conformance.md\u003c/code\u003e][] for the\nfew features that are still missing).\u003c/p\u003e\n\u003cp\u003eThis is the second release of runc following our new release and support\npolicy (see [\u003ccode\u003eRELEASES.md\u003c/code\u003e][] for more details). This means that, as of this\nrelease:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe runc 1.2.z release branch will now only receive \u003cem\u003ehigh severity\u003c/em\u003e\nCVE fixes, and will no longer be supported in less than 6 months (end\nof April 2026).\u003c/li\u003e\n\u003cli\u003eThe runc 1.3.z release branch will now only receive security and\n\u0026quot;significant\u0026quot; bugfixes.\u003c/li\u003e\n\u003cli\u003eUsers are encouraged to plan migrating to runc 1.4.0 as soon as\npossible.\u003c/li\u003e\n\u003cli\u003eDespite this release being delayed by a month, users should still\nexpect a runc 1.5.0 release in late April 2026.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n[CVE-2025-52881][] mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the [CVE-2025-52881][]\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.0] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e路漫漫其修远兮，吾将上下而求索！\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\nusers. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: switch to \u003ccode\u003e(*CPUSet).Fill\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4927\"\u003e#4927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs/spec-conformance.md: update for spec v1.3.0. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4948\"\u003e#4948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.3.4] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTake me to your heart, take me to your soul.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4966\"\u003e#4966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the\ntarget path already existed. This fixes a regression introduced in our\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bd78a9977e604c4d5f67a7415d7b8b8c109cdc4\"\u003e\u003ccode\u003e8bd78a9\u003c/code\u003e\u003c/a\u003e VERSION: release 1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7d84a1282aaab9f106b19511de011df1a4510752\"\u003e\u003ccode\u003e7d84a12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5005\"\u003e#5005\u003c/a\u003e from cyphar/1.4-hallucinated-paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c362d6bd2107bc8ae25f88e93b31fe85c8222b81\"\u003e\u003ccode\u003ec362d6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5040\"\u003e#5040\u003c/a\u003e from cyphar/1.4-better-init-errors-4928\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/f1d0dd8fb36abf4ad5e8502bca7f18d921560790\"\u003e\u003ccode\u003ef1d0dd8\u003c/code\u003e\u003c/a\u003e runc create/run/exec: show fatal errors from init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/46156624b77fd995e6fc45df097aa94a6b8be5c2\"\u003e\u003ccode\u003e4615662\u003c/code\u003e\u003c/a\u003e libct/nsenter: better read/write errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c4a61c0227580d730b887788f6a9c5d09238ed64\"\u003e\u003ccode\u003ec4a61c0\u003c/code\u003e\u003c/a\u003e libct/nsenter: sprinkle missing sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/493f1b10fea838dc01ab5f99e4fc3ca6a236c8b6\"\u003e\u003ccode\u003e493f1b1\u003c/code\u003e\u003c/a\u003e libct/nsenter: add and use bailx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7f9fc53c34ead1880c839da432130a3d0bb96d25\"\u003e\u003ccode\u003e7f9fc53\u003c/code\u003e\u003c/a\u003e libct/nsenter: save errno in sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e18c06bf8ee87ac6472d03ed2e28d8a9077f978f\"\u003e\u003ccode\u003ee18c06b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5041\"\u003e#5041\u003c/a\u003e from lifubang/backport-5014-fd-leaks-flake-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5bb89872f8d3cb6e58268e16644f8ca2d8ade2cf\"\u003e\u003ccode\u003e5bb8987\u003c/code\u003e\u003c/a\u003e libct/int: TestFdLeaks: deflake\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.12.0 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003cp\u003eThis release includes a minor update to reduce the minimum version\nrequirement of the \u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e package from\nv0.6.0 to v0.5.1. We did not use any of the newer features, so\ndowngrading is a no-op but will help with downstreams that need to\nbackport \u003ccode\u003egithub.com/opencontainers/selinux\u003c/code\u003e updates.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/240\"\u003eopencontainers/selinux#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edowngrade github.com/cyphar/filepath-securejoin to v0.5.1 by \u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to golangci-lint v2 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/230\"\u003eopencontainers/selinux#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/233\"\u003eopencontainers/selinux#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/234\"\u003eopencontainers/selinux#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekeyring: fix typo in EACCES check by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/235\"\u003eopencontainers/selinux#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Go 1.25, drop go 1.23, bump golangci-lint by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/236\"\u003eopencontainers/selinux#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eselinux: migrate to pathrs-lite procfs API by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/237\"\u003eopencontainers/selinux#237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/5647f06491288afa5ea45747896b359f51f7c509\"\u003e\u003ccode\u003e5647f06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/242\"\u003e#242\u003c/a\u003e from Luap99/securejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/69a52b85c9831ced6f3f512822063bff5eb41dac\"\u003e\u003ccode\u003e69a52b8\u003c/code\u003e\u003c/a\u003e downgrade github.com/cyphar/filepath-securejoin to v0.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/6950c322825bbede8032e70fbac550c497a49943\"\u003e\u003ccode\u003e6950c32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/240\"\u003e#240\u003c/a\u003e from opencontainers/dependabot/github_actions/golangc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9a88c886b3ca4f6e016057eab6f2770aff9c2024\"\u003e\u003ccode\u003e9a88c88\u003c/code\u003e\u003c/a\u003e build(deps): bump golangci/golangci-lint-action from 8 to 9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/4be9937fb76c0c49a30469135a4077fcc33712b8\"\u003e\u003ccode\u003e4be9937\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/237\"\u003e#237\u003c/a\u003e from cyphar/selinux-safe-procfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8cfa6fd2d285a96022203163c2075eda85bff54\"\u003e\u003ccode\u003ec8cfa6f\u003c/code\u003e\u003c/a\u003e selinux: migrate to pathrs-lite procfs API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/f2424d8145e2ac45a0ec457e39758cd58e573285\"\u003e\u003ccode\u003ef2424d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/236\"\u003e#236\u003c/a\u003e from kolyshkin/modernize-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/648ce7f0f85f4a310d1cd7317986fc1d6c8ff41c\"\u003e\u003ccode\u003e648ce7f\u003c/code\u003e\u003c/a\u003e ci: add go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/916cab932c940e0fc55f0c8404d503665160dd9c\"\u003e\u003ccode\u003e916cab9\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/b42e5c8eff8eab7ee590cc61d78fd3e2d38e3309\"\u003e\u003ccode\u003eb42e5c8\u003c/code\u003e\u003c/a\u003e all: format sources with latest gofumpt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.9.4\u003c/h2\u003e\n\u003ch2\u003eNotable changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ego.mod: update minimum supported go version to v1.17 \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump up dependencies  \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTouch-up godoc and add \u0026quot;doc\u0026quot; links.\u003c/li\u003e\n\u003cli\u003eREADME: fix links, grammar, and update examples.\u003c/li\u003e\n\u003cli\u003eAdd GNU/Hurd support \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1364\"\u003esirupsen/logrus#1364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd WASI wasip1 support \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1388\"\u003esirupsen/logrus#1388\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove uses of deprecated \u003ccode\u003eioutil\u003c/code\u003e package \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1472\"\u003esirupsen/logrus#1472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: update actions and golangci-lint \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1459\"\u003esirupsen/logrus#1459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: remove appveyor, add macOS  \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b61f268f75b6ff134a62cd62aee1095fa12e8d2e\"\u003e\u003ccode\u003eb61f268\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1472\"\u003e#1472\u003c/a\u003e from goldlinker/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/15c29db7129cc15331e9c52493d5aaab217146c7\"\u003e\u003ccode\u003e15c29db\u003c/code\u003e\u003c/a\u003e refactor: replace the deprecated function in the ioutil package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/cb253f3080f18ec7e55b4c8f15b62fe0a806f130\"\u003e\u003ccode\u003ecb253f3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1464\"\u003e#1464\u003c/a\u003e from thaJeztah/touchup_godoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/29b233793060a07fb76eda791f604d87e08d23d1\"\u003e\u003ccode\u003e29b2337\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1468\"\u003e#1468\u003c/a\u003e from thaJeztah/touchup_readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/d9168199e06807d8959126bc8c823ad8b96e3969\"\u003e\u003ccode\u003ed916819\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1427\"\u003e#1427\u003c/a\u003e from dolmen/fix-testify-usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/135e4820b2140747fb868073e4dca1619996417a\"\u003e\u003ccode\u003e135e482\u003c/code\u003e\u003c/a\u003e README: small touch-ups\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/2c5fa36b73abb8b007474417571e268685d0d84e\"\u003e\u003ccode\u003e2c5fa36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1467\"\u003e#1467\u003c/a\u003e from thaJeztah/rm_old_badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/877ecec10d61675855189ece38d70d8804302fa4\"\u003e\u003ccode\u003e877ecec\u003c/code\u003e\u003c/a\u003e README: remove travis badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/55cf2560b5e5fd3f0e6ff59e6ce766eb12db4522\"\u003e\u003ccode\u003e55cf256\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1393\"\u003e#1393\u003c/a\u003e from jsoref/grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/21bae50b76794e93449c3f0f845ea0ac903847db\"\u003e\u003ccode\u003e21bae50\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1426\"\u003e#1426\u003c/a\u003e from dolmen/testing-fix-use-of-math-rand\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.64.0 to 0.65.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go-contrib/releases\"\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.40.0/v2.2.0/v0.65.0/v0.34.0/v0.20.0/v0.15.0/v0.13.0/v0.12.0\u003c/h2\u003e\n\u003ch2\u003eOverview\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eWithMetricAttributesFn\u003c/code\u003e option in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\u003c/code\u003e to define dynamic attributes on auto-instrumented metrics. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8191\"\u003e#8191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for configuring propagators in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8281\"\u003e#8281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003econst Version\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/prometheus\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8401\"\u003e#8401\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003econst Version\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8461\"\u003e#8461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003econst Version\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otellogr\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8477\"\u003e#8477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003econst Version\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/brid...\n\n_Description has been truncated_","html_url":"https://github.com/saschagrunert/cri-o/pull/962","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/saschagrunert%2Fcri-o/issues/962","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/962/packages"},{"uuid":"3874602175","node_id":"PR_kwDOEBQoV87AVkr9","number":412,"state":"open","title":"build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.6.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-30T08:25:33.000Z","updated_at":"2026-01-30T08:25:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.2.3","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.6.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.1] - 2025-10-31\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eSpooky scary skeletons send shivers down your spine!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cyphar/filepath-securejoin\u0026package-manager=go_modules\u0026previous-version=0.2.3\u0026new-version=0.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wgahnagl/cri-o/pull/412","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wgahnagl%2Fcri-o/issues/412","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/412/packages"},{"uuid":"3873566555","node_id":"PR_kwDOEX2eOc7ASGxG","number":263,"state":"open","title":"build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.6.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-30T02:46:16.000Z","updated_at":"2026-01-30T02:46:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.2.3","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.6.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.1] - 2025-10-31\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eSpooky scary skeletons send shivers down your spine!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cyphar/filepath-securejoin\u0026package-manager=go_modules\u0026previous-version=0.2.3\u0026new-version=0.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/maolin-sen/cri-o/pull/263","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/maolin-sen%2Fcri-o/issues/263","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/263/packages"},{"uuid":"3834530756","node_id":"PR_kwDOBAr5ps6-Qbf3","number":9720,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 14 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-20T16:43:15.000Z","updated_at":"2026-01-20T17:08:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":14,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/checkpoint-restore/checkpointctl","old_version":"1.4.0","new_version":"1.5.0","repository_url":"https://github.com/checkpoint-restore/checkpointctl"},{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.2","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/godbus/dbus/v5","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/godbus/dbus"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.27.3","new_version":"2.27.5","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.38.3","new_version":"1.39.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"golang.org/x/net","old_version":"0.48.0","new_version":"0.49.0","repository_url":"https://github.com/golang/net"},{"name":"sigs.k8s.io/release-utils","old_version":"0.12.2","new_version":"0.12.3","repository_url":"https://github.com/kubernetes-sigs/release-utils"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/checkpoint-restore/checkpointctl](https://github.com/checkpoint-restore/checkpointctl) | `1.4.0` | `1.5.0` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.29` | `1.7.30` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.2` | `0.6.1` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.3` | `5.2.4` |\n| [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) | `5.2.0` | `5.2.2` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.27.3` | `2.27.5` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.3` | `1.39.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.3.2` | `1.4.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.48.0` | `0.49.0` |\n| [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) | `0.12.2` | `0.12.3` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/checkpoint-restore/checkpointctl` from 1.4.0 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/releases\"\u003egithub.com/checkpoint-restore/checkpointctl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eworkflows: add PR comment on binary size check failure by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/180\"\u003echeckpoint-restore/checkpointctl#180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: update go-criu from v7 to v8 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/179\"\u003echeckpoint-restore/checkpointctl#179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate version number by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/182\"\u003echeckpoint-restore/checkpointctl#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: document asciidoctor and Go version requirements and ignore install artifacts by \u003ca href=\"https://github.com/Lorygold\"\u003e\u003ccode\u003e@​Lorygold\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/183\"\u003echeckpoint-restore/checkpointctl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: update go-criu from v8 to v8.1.0 by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/188\"\u003echeckpoint-restore/checkpointctl#188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for parsing of TaskState by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/187\"\u003echeckpoint-restore/checkpointctl#187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeckpointctl: Version 1.5.0 by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/191\"\u003echeckpoint-restore/checkpointctl#191\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lorygold\"\u003e\u003ccode\u003e@​Lorygold\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/183\"\u003echeckpoint-restore/checkpointctl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TusharMohapatra07\"\u003e\u003ccode\u003e@​TusharMohapatra07\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/187\"\u003echeckpoint-restore/checkpointctl#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.1...v1.5.0\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.1...v1.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in the all group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/172\"\u003echeckpoint-restore/checkpointctl#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/176\"\u003echeckpoint-restore/checkpointctl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eworkflows: add explicit permissions to fix CodeQL warnings by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/177\"\u003echeckpoint-restore/checkpointctl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump minimum Go version to 1.24.6 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/178\"\u003echeckpoint-restore/checkpointctl#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/891978fb0574c92308fd2f94aaa497c705b194bb\"\u003e\u003ccode\u003e891978f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/191\"\u003e#191\u003c/a\u003e from rst0git/version-1.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/16da5b31962b6bcde738a6c5bc4c742d84c2d491\"\u003e\u003ccode\u003e16da5b3\u003c/code\u003e\u003c/a\u003e checkpointctl: Version 1.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/19e162bfe7bcd44a8375619017a5f7deb9346e03\"\u003e\u003ccode\u003e19e162b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/187\"\u003e#187\u003c/a\u003e from rst0git/task-state-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/11d87dac03cd0d247d820e841817984a582b0eeb\"\u003e\u003ccode\u003e11d87da\u003c/code\u003e\u003c/a\u003e test/piggie: add tests for zombie/dead processes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/9817147c1a21c8c10d98b0c5a876725ddbbd00e2\"\u003e\u003ccode\u003e9817147\u003c/code\u003e\u003c/a\u003e test/piggie: use enable variable in setsockopt()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/c80219ebd2f8c3cbce3ecfa4d4739f5347e63a3b\"\u003e\u003ccode\u003ec80219e\u003c/code\u003e\u003c/a\u003e test/piggie: fix log file redirect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/21eb9f9703d9f8a2071d0d72fd0783697b7c6d6c\"\u003e\u003ccode\u003e21eb9f9\u003c/code\u003e\u003c/a\u003e test/piggie: fix pointer arithmetic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/152be2f3beb27e753611fb4b7a48a2d09d42ff78\"\u003e\u003ccode\u003e152be2f\u003c/code\u003e\u003c/a\u003e test/piggie: send correct payload length for ping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/3feab27d671bf945d1da3f038b6a202955cb4429\"\u003e\u003ccode\u003e3feab27\u003c/code\u003e\u003c/a\u003e test/piggie: break loop on client disconnect or error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/d90aad006e6ff1a279c0a21a4320361a7d31c75b\"\u003e\u003ccode\u003ed90aad0\u003c/code\u003e\u003c/a\u003e test/piggie: initialize sockaddr_in structures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.29 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.2 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f466aa3630920b694b2d32b037375e55520bdf5b\"\u003e\u003ccode\u003ef466aa3\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/83\"\u003e#83\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/67db5d4c764ad99bc947581f1973b24bc62ffc20\"\u003e\u003ccode\u003e67db5d4\u003c/code\u003e\u003c/a\u003e tests: hard-fail openat2 in openat2-disabled tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f51984fd0a9093abd4047041537c7dfcb79fbd8b\"\u003e\u003ccode\u003ef51984f\u003c/code\u003e\u003c/a\u003e gha: run tests on vX.Y.Z branches\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.2...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.3 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/6eb35881c0e438ffb663ddbad3a61babaa5e5d8a\"\u003e\u003ccode\u003e6eb3588\u003c/code\u003e\u003c/a\u003e middleware: harden RedirectSlashes handler (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1044\"\u003e#1044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/de0d16e6d23092aeef0b6e78f146799369160651\"\u003e\u003ccode\u003ede0d16e\u003c/code\u003e\u003c/a\u003e Update comment about min Go version (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1023\"\u003e#1023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/9fb4a15daa6d4ccd5e7286c1227d58872f89f4cb\"\u003e\u003ccode\u003e9fb4a15\u003c/code\u003e\u003c/a\u003e update reverseMethodMap in RegisterMethod (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1022\"\u003e#1022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/51c977c2da872d16d05531d5bc49ccd027599ce2\"\u003e\u003ccode\u003e51c977c\u003c/code\u003e\u003c/a\u003e Refactor to use atomic type (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1019\"\u003e#1019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/563ab118626b47810852303c3a60c2106a6bc23c\"\u003e\u003ccode\u003e563ab11\u003c/code\u003e\u003c/a\u003e Refactor graceful shutdown example (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/994\"\u003e#994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a52c582b532cd261dbedc4c811d809d6e024c1ff\"\u003e\u003ccode\u003ea52c582\u003c/code\u003e\u003c/a\u003e Bump minimum Go and use new features (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1017\"\u003e#1017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.3...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/godbus/dbus/v5` from 5.2.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/godbus/dbus/releases\"\u003egithub.com/godbus/dbus/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ununsed import in windows specific code by \u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump freebsd to 14.3 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/421\"\u003egodbus/dbus#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow more than 32 containers / struct fields in a signature by \u003ca href=\"https://github.com/guelfey\"\u003e\u003ccode\u003e@​guelfey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/426\"\u003egodbus/dbus#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci-lint to v2, fix some issues found by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/419\"\u003egodbus/dbus#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and simplify getHomeDir by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/422\"\u003egodbus/dbus#422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/a8ac15ba63645f02ffd57f4b443203279ab40b30\"\u003e\u003ccode\u003ea8ac15b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/427\"\u003e#427\u003c/a\u003e from dims/drop-unused-import-in-windows-specific-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/e638c721d984eab99e7a5d674ece2e17ea913aca\"\u003e\u003ccode\u003ee638c72\u003c/code\u003e\u003c/a\u003e Drop ununsed import in windows specific code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/20d95a3d9a57a5cb72cbdafb3fd9ecb6d2ccd038\"\u003e\u003ccode\u003e20d95a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/422\"\u003e#422\u003c/a\u003e from kolyshkin/homedir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d3fc3b583895e27c3337f77ea7134b0a81159955\"\u003e\u003ccode\u003ed3fc3b5\u003c/code\u003e\u003c/a\u003e Fix and simplify getHomeDir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/88ce46364db66b69f70017265a312b26ad7feba8\"\u003e\u003ccode\u003e88ce463\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/419\"\u003e#419\u003c/a\u003e from kolyshkin/golangci-v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/feb892a0347fb361350229d969a2666a4791504e\"\u003e\u003ccode\u003efeb892a\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/c5ff039e5883a86f848ad6fbb820e471818c0bde\"\u003e\u003ccode\u003ec5ff039\u003c/code\u003e\u003c/a\u003e Ignore ST1008 warning for validSingle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/135663e52698feb5ad4b0733d7e457c82227214a\"\u003e\u003ccode\u003e135663e\u003c/code\u003e\u003c/a\u003e Omit embedded fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/1b92cdcc136567c781bcc0ad1ccb4bd78b11e151\"\u003e\u003ccode\u003e1b92cdc\u003c/code\u003e\u003c/a\u003e variant_parser: simplify switch statement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d03c0bea70755580de832141a43f544950e76fc7\"\u003e\u003ccode\u003ed03c0be\u003c/code\u003e\u003c/a\u003e Use switch where it makes sense\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.27.3 to 2.27.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.27.5\u003c/h2\u003e\n\u003ch2\u003e2.27.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eDon't make a new formatter for each GinkgoT(); that's just silly and uses precious memory\u003c/p\u003e\n\u003ch2\u003ev2.27.4\u003c/h2\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.27.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eDon't make a new formatter for each GinkgoT(); that's just silly and uses precious memory\u003c/p\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/a92830749ce9b1271ffac08abce793ae937fe9d4\"\u003e\u003ccode\u003ea928307\u003c/code\u003e\u003c/a\u003e v2.27.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/0d0e96db305b01ce8642008053b857363ca87ecb\"\u003e\u003ccode\u003e0d0e96d\u003c/code\u003e\u003c/a\u003e don't make a new formatter for each GinkgoT(); that's just silly and uses pre...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/867ce95f5142649695406f751f883c99ea45c0d5\"\u003e\u003ccode\u003e867ce95\u003c/code\u003e\u003c/a\u003e v2.27.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/59bc751e3d44779e1e92c30035924590f917d6b8\"\u003e\u003ccode\u003e59bc751\u003c/code\u003e\u003c/a\u003e CurrentTreeConstructionNodeReport: fix for nested container nodes\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.3...v2.27.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.38.3 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.39.0\u003c/h2\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/49561ad293853e660030f8397b07607127e3ebb7\"\u003e\u003ccode\u003e49561ad\u003c/code\u003e\u003c/a\u003e v1.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8f7f42585ccc794dcb3a4979ac7d67e00fb070ae\"\u003e\u003ccode\u003e8f7f425\u003c/code\u003e\u003c/a\u003e document MatchErrorStrictly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/bae643da0469185d9502e8d7528da137f4c62320\"\u003e\u003ccode\u003ebae643d\u003c/code\u003e\u003c/a\u003e add matcher relecting errors.Is behavior\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.3...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.0 -- \u0026quot;路漫漫其修远兮，吾将上下而求索！\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the first release of the 1.4.z release branch of runc. It\ncontains a few fixes for issues found in 1.4.0-rc.3. This version of\nrunc supports runtime-spec v1.3 (see [\u003ccode\u003edocs/spec-conformance.md\u003c/code\u003e][] for the\nfew features that are still missing).\u003c/p\u003e\n\u003cp\u003eThis is the second release of runc following our new release and support\npolicy (see [\u003ccode\u003eRELEASES.md\u003c/code\u003e][] for more details). This means that, as of this\nrelease:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe runc 1.2.z release branch will now only receive \u003cem\u003ehigh severity\u003c/em\u003e\nCVE fixes, and will no longer be supported in less than 6 months (end\nof April 2026).\u003c/li\u003e\n\u003cli\u003eThe runc 1.3.z release branch will now only receive security and\n\u0026quot;significant\u0026quot; bugfixes.\u003c/li\u003e\n\u003cli\u003eUsers are encouraged to plan migrating to runc 1.4.0 as soon as\npossible.\u003c/li\u003e\n\u003cli\u003eDespite this release being delayed by a month, users should still\nexpect a runc 1.5.0 release in late April 2026.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n[CVE-2025-52881][] mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the [CVE-2025-52881][]\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.0] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e路漫漫其修远兮，吾将上下而求索！\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\nusers. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: switch to \u003ccode\u003e(*CPUSet).Fill\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4927\"\u003e#4927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs/spec-conformance.md: update for spec v1.3.0. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4948\"\u003e#4948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.3.4] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTake me to your heart, take me to your soul.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4966\"\u003e#4966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the\ntarget path already existed. This fixes a regression introduced in our\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bd78a9977e604c4d5f67a7415d7b8b8c109cdc4\"\u003e\u003ccode\u003e8bd78a9\u003c/code\u003e\u003c/a\u003e VERSION: release 1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7d84a1282aaab9f106b19511de011df1a4510752\"\u003e\u003ccode\u003e7d84a12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5005\"\u003e#5005\u003c/a\u003e from cyphar/1.4-hallucinated-paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c362d6bd2107bc8ae25f88e93b31fe85c8222b81\"\u003e\u003ccode\u003ec362d6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5040\"\u003e#5040\u003c/a\u003e from cyphar/1.4-better-init-errors-4928\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/f1d0dd8fb36abf4ad5e8502bca7f18d921560790\"\u003e\u003ccode\u003ef1d0dd8\u003c/code\u003e\u003c/a\u003e runc create/run/exec: show fatal errors from init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/46156624b77fd995e6fc45df097aa94a6b8be5c2\"\u003e\u003ccode\u003e4615662\u003c/code\u003e\u003c/a\u003e libct/nsenter: better read/write errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c4a61c0227580d730b887788f6a9c5d09238ed64\"\u003e\u003ccode\u003ec4a61c0\u003c/code\u003e\u003c/a\u003e libct/nsenter: sprinkle missing sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/493f1b10fea838dc01ab5f99e4fc3ca6a236c8b6\"\u003e\u003ccode\u003e493f1b1\u003c/code\u003e\u003c/a\u003e libct/nsenter: add and use bailx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7f9fc53c34ead1880c839da432130a3d0bb96d25\"\u003e\u003ccode\u003e7f9fc53\u003c/code\u003e\u003c/a\u003e libct/nsenter: save errno in sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e18c06bf8ee87ac6472d03ed2e28d8a9077f978f\"\u003e\u003ccode\u003ee18c06b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5041\"\u003e#5041\u003c/a\u003e from lifubang/backport-5014-fd-leaks-flake-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5bb89872f8d3cb6e58268e16644f8ca2d8ade2cf\"\u003e\u003ccode\u003e5bb8987\u003c/code\u003e\u003c/a\u003e libct/int: TestFdLeaks: deflake\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.12.0 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003cp\u003eThis release includes a minor update to reduce the minimum version\nrequirement of the \u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e package from\nv0.6.0 to v0.5.1. We did not use any of the newer features, so\ndowngrading is a no-op but will help with downstreams that need to\nbackport \u003ccode\u003egithub.com/opencontainers/selinux\u003c/code\u003e updates.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/240\"\u003eopencontainers/selinux#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edowngrade github.com/cyphar/filepath-securejoin to v0.5.1 by \u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to golangci-lint v2 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/230\"\u003eopencontainers/selinux#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/233\"\u003eopencontainers/selinux#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/234\"\u003eopencontainers/selinux#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekeyring: fix typo in EACCES check by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/235\"\u003eopencontainers/selinux#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Go 1.25, drop go 1.23, bump golangci-lint by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/236\"\u003eopencontainers/selinux#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eselinux: migrate to pathrs-lite procfs API by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/237\"\u003eopencontainers/selinux#237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/5647f06491288afa5ea45747896b359f51f7c509\"\u003e\u003ccode\u003e5647f06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/242\"\u003e#242\u003c/a\u003e from Luap99/securejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/69a52b85c9831ced6f3f512822063bff5eb41dac\"\u003e\u003ccode\u003e69a52b8\u003c/code\u003e\u003c/a\u003e downgrade github.com/cyphar/filepath-securejoin to v0.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/6950c322825bbede8032e70fbac550c497a49943\"\u003e\u003ccode\u003e6950c32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/240\"\u003e#240\u003c/a\u003e from opencontainers/dependabot/github_actions/golangc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9a88c886b3ca4f6e016057eab6f2770aff9c2024\"\u003e\u003ccode\u003e9a88c88\u003c/code\u003e\u003c/a\u003e build(deps): bump golangci/golangci-lint-action from 8 to 9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/4be9937fb76c0c49a30469135a4077fcc33712b8\"\u003e\u003ccode\u003e4be9937\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/237\"\u003e#237\u003c/a\u003e from cyphar/selinux-safe-procfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8cfa6fd2d285a96022203163c2075eda85bff54\"\u003e\u003ccode\u003ec8cfa6f\u003c/code\u003e\u003c/a\u003e selinux: migrate to pathrs-lite procfs API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/f2424d8145e2ac45a0ec457e39758cd58e573285\"\u003e\u003ccode\u003ef2424d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/236\"\u003e#236\u003c/a\u003e from kolyshkin/modernize-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/648ce7f0f85f4a310d1cd7317986fc1d6c8ff41c\"\u003e\u003ccode\u003e648ce7f\u003c/code\u003e\u003c/a\u003e ci: add go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/916cab932c940e0fc55f0c8404d503665160dd9c\"\u003e\u003ccode\u003e916cab9\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/b42e5c8eff8eab7ee590cc61d78fd3e2d38e3309\"\u003e\u003ccode\u003eb42e5c8\u003c/code\u003e\u003c/a\u003e all: format sources with latest gofumpt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.9.4\u003c/h2\u003e\n\u003ch2\u003eNotable changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ego.mod: update minimum supported go version to v1.17 \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump up dependencies  \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTouch-up godoc and add \u0026quot;doc\u0026quot; links.\u003c/li\u003e\n\u003cli\u003eREADME: fix links, grammar, and update examples.\u003c/li\u003e\n\u003cli\u003eAdd GNU/Hurd support \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1364\"\u003esirupsen/logrus#1364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd WASI wasip1 support \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1388\"\u003esirupsen/logrus#1388\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove uses of deprecated \u003ccode\u003eioutil\u003c/code\u003e package \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1472\"\u003esirupsen/logrus#1472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: update actions and golangci-lint \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1459\"\u003esirupsen/logrus#1459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: remove appveyor, add macOS  \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b61f268f75b6ff134a62cd62aee1095fa12e8d2e\"\u003e\u003ccode\u003eb61f268\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1472\"\u003e#1472\u003c/a\u003e from goldlinker/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/15c29db7129cc15331e9c52493d5aaab217146c7\"\u003e\u003ccode\u003e15c29db\u003c/code\u003e\u003c/a\u003e refactor: replace the deprecated function in the ioutil package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/cb253f3080f18ec7e55b4c8f15b62fe0a806f130\"\u003e\u003ccode\u003ecb253f3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1464\"\u003e#1464\u003c/a\u003e from thaJeztah/touchup_godoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/29b233793060a07fb76eda791f604d87e08d23d1\"\u003e\u003ccode\u003e29b2337\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1468\"\u003e#1468\u003c/a\u003e from thaJeztah/touchup_readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/d9168199e06807d8959126bc8c823ad8b96e3969\"\u003e\u003ccode\u003ed916819\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1427\"\u003e#1427\u003c/a\u003e from dolmen/fix-testify-usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/135e4820b2140747fb868073e4dca1619996417a\"\u003e\u003ccode\u003e135e482\u003c/code\u003e\u003c/a\u003e README: small touch-ups\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/2c5fa36b73abb8b007474417571e268685d0d84e\"\u003e\u003ccode\u003e2c5fa36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1467\"\u003e#1467\u003c/a\u003e from thaJeztah/rm_old_badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/877ecec10d61675855189ece38d70d8804302fa4\"\u003e\u003ccode\u003e877ecec\u003c/code\u003e\u003c/a\u003e README: remove travis badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/55cf2560b5e5fd3f0e6ff59e6ce766eb12db4522\"\u003e\u003ccode\u003e55cf256\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1393\"\u003e#1393\u003c/a\u003e from jsoref/grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/21bae50b76794e93449c3f0f845ea0ac903847db\"\u003e\u003ccode\u003e21bae50\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1426\"\u003e#1426\u003c/a\u003e from dolmen/testing-fix-use-of-math-rand\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.48.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/d977772e17ccaa1903b2af736f6405ab3a9f05cc\"\u003e\u003ccode\u003ed977772\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/eea413e2942fbb59b323a2af0b1740da4d8aa93e\"\u003e\u003ccode\u003eeea413e\u003c/code\u003e\u003c/a\u003e internal/http3: use go1.25 synctest.Test instead of go1.24 synctest.Run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/9ace223794aa203b4c877d08a1f7bf2f595f6242\"\u003e\u003ccode\u003e9ace223\u003c/code\u003e\u003c/a\u003e websocket: add missing call to resp.Body.Close\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7d3dbb06ceb45c3180f4f446cd635e6b59a0b9c2\"\u003e\u003ccode\u003e7d3dbb0\u003c/code\u003e\u003c/a\u003e http2: buffer the most recently received PRIORITY_UPDATE frame\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/compare/v0.48.0...v0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.39.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2f442297556c884f9b52fc6ef7280083f4d65023\"\u003e\u003ccode\u003e2f44229\u003c/code\u003e\u003c/a\u003e sys/cpu: add symbolic constants for remaining cpuid bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e5770d27b7f2fca0e959b31bdb18fad4afba8565\"\u003e\u003ccode\u003ee5770d2\u003c/code\u003e\u003c/a\u003e sys/cpu: use symbolic names for masks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/714a44c845225bf4314182db4c910ef151c32d2f\"\u003e\u003ccode\u003e714a44c\u003c/code\u003e\u003c/a\u003e sys/cpu: modify x86 port to match what internal/cpu does\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/compare/v0.39.0...v0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigs.k8s.io/release-utils` from 0.12.2 to 0.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kubernetes-sigs/release-utils/releases\"\u003esigs.k8s.io/release-utils's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.12.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/97fe5349f9f25345806673d85cf9c6058e4246c3\"\u003e\u003ccode\u003e97fe534\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kubernetes-sigs/release-utils/issues/167\"\u003e#167\u003c/a\u003e from puerco/bump-ko\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/11254e870e0e730df0a933ce2284ea04d874d8ed\"\u003e\u003ccode\u003e11254e8\u003c/code\u003e\u003c/a\u003e Bump ko to 0.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/4399ec1bd096143e4c8b0cc8cc2b1598546fd002\"\u003e\u003ccode\u003e4399ec1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kubernetes-sigs/release-utils/issues/166\"\u003e#166\u003c/a\u003e from kubernetes-sigs/dependabot/go_modules/all-a2c59b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/1fca68c7fcb039409d3680c0ae5057773d0687be\"\u003e\u003ccode\u003e1fca68c\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/sirupsen/logrus in the all group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/7e56f68b4681a834e646b46139105193641aa433\"\u003e\u003ccode\u003e7e56f68\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kubernetes-sigs/release-utils/issues/164\"\u003e#164\u003c/a\u003e from kubernetes-sigs/dependabot/docker/all-711e1845b7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/be48f19f00ca41efd0cfa4d4cb3d34d3a656261b\"\u003e\u003ccode\u003ebe48f19\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kubernetes-sigs/release-utils/issues/163\"\u003e#163\u003c/a\u003e from kubernetes-sigs/dependabot/github_actions/action...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/f7341a32ce9df2bd89e065d53ca5c607b42edbe2\"\u003e\u003ccode\u003ef7341a3\u003c/code\u003e\u003c/a\u003e build(deps): bump golang from 1.25.4 to 1.25.5 in the all group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/f74c412f972e44b3fdea2174902928c816d57fd0\"\u003e\u003ccode\u003ef74c412\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/7ecd4409a98bb3d553f5145feb66cf8e958d90e6\"\u003e\u003ccode\u003e7ecd440\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kubernetes-sigs/release-utils/issues/162\"\u003e#162\u003c/a\u003e from kubernetes-sigs/dependabot/go_modules/all-f0625c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/f83884235012d94ed3bcad5fb1740c9e3ef2408b\"\u003e\u003ccode\u003ef838842\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/spf13/cobra in the all group\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kubernetes-sigs/release-utils/compare/v0.12.2...v0.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cri-o/cri-o/pull/9720","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9720","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9720/packages"},{"uuid":"3807508374","node_id":"PR_kwDOGZIwWs683F9N","number":464,"state":"open","title":"chore(deps): Bump the production-dependencies group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-13T07:24:18.000Z","updated_at":"2026-01-13T12:03:30.588Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":9,"packages":[{"name":"golang.org/x/crypto","old_version":"0.46.0","new_version":"0.47.0","repository_url":"https://github.com/golang/crypto"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/docker/cli","old_version":"29.1.3+incompatible","new_version":"29.1.4+incompatible","repository_url":"https://github.com/docker/cli"},{"name":"github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring","old_version":"0.87.1","new_version":"0.88.0","repository_url":"https://github.com/prometheus-operator/prometheus-operator"},{"name":"golang.org/x/mod","old_version":"0.31.0","new_version":"0.32.0","repository_url":"https://github.com/golang/mod"},{"name":"golang.org/x/net","old_version":"0.48.0","new_version":"0.49.0","repository_url":"https://github.com/golang/net"},{"name":"golang.org/x/tools","old_version":"0.40.0","new_version":"0.41.0","repository_url":"https://github.com/golang/tools"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.46.0` | `0.47.0` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.1` | `0.6.1` |\n| [github.com/docker/cli](https://github.com/docker/cli) | `29.1.3+incompatible` | `29.1.4+incompatible` |\n| [github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring](https://github.com/prometheus-operator/prometheus-operator) | `0.87.1` | `0.88.0` |\n| [golang.org/x/mod](https://github.com/golang/mod) | `0.31.0` | `0.32.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.48.0` | `0.49.0` |\n| [golang.org/x/tools](https://github.com/golang/tools) | `0.40.0` | `0.41.0` |\n\n\nUpdates `golang.org/x/crypto` from 0.46.0 to 0.47.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/506e022208b864bc3c9c4a416fe56be75d10ad24\"\u003e\u003ccode\u003e506e022\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7dacc380ba001e8fe7c3c7a46bf3cbdaa5064df9\"\u003e\u003ccode\u003e7dacc38\u003c/code\u003e\u003c/a\u003e chacha20poly1305: error out in fips140=only mode\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/compare/v0.46.0...v0.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.32.0 to 0.33.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/536231a9abc69feaab8d726b5ec75ee8d3620829\"\u003e\u003ccode\u003e536231a\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/text/compare/v0.32.0...v0.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/cli` from 29.1.3+incompatible to 29.1.4+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/0e6fee6c52f761dc79dc4bf712ea9fe4095c9bd2\"\u003e\u003ccode\u003e0e6fee6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6698\"\u003e#6698\u003c/a\u003e from thaJeztah/inline_parseWindowsDevice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/88be58884ca7f7f0ddcd0cd236a59ac42c16f242\"\u003e\u003ccode\u003e88be588\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6709\"\u003e#6709\u003c/a\u003e from vvoland/img-list-all-doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/f7ddc8a7d173970fcb5e64f7502e15293f949fc4\"\u003e\u003ccode\u003ef7ddc8a\u003c/code\u003e\u003c/a\u003e docs: Update --all flag description to clarify it shows dangling images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/00e23cfdb7096069f030db63d61f077069a53ce1\"\u003e\u003ccode\u003e00e23cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6706\"\u003e#6706\u003c/a\u003e from docker/dependabot/github_actions/actions/upload...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/4d7a8b0fd5767b6833ae485f56e74abfded2e73e\"\u003e\u003ccode\u003e4d7a8b0\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/2e3425fbd4fb52cba345d8fb24b3dca858d62dfb\"\u003e\u003ccode\u003e2e3425f\u003c/code\u003e\u003c/a\u003e cli/command/container: use consistent casing for dockerCLI arg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/de098367d0a19683241d41ab4a426a064cba0052\"\u003e\u003ccode\u003ede09836\u003c/code\u003e\u003c/a\u003e cli/command/container: inline parseWindowsDevice\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/docker/cli/compare/v29.1.3...v29.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring` from 0.87.1 to 0.88.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/releases\"\u003egithub.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.88.0 / 2026-01-09\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Use narrower selectors for StatefulSet informers in \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e controllers. It is recommended to upgrade from \u003ccode\u003ev0.85.0\u003c/code\u003e (at least). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8246\"\u003e#8246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Reject \u003ccode\u003eEC2/Lightsail\u003c/code\u003e SD for Prometheus \u0026gt;= 3.8.0 in \u003ccode\u003eScrapeConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8175\"\u003e#8175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003epodManagementPolicy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8119\"\u003e#8119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eupdateStrategy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8202\"\u003e#8202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escrapeNativeHistograms\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eServiceMonitor\u003c/code\u003e, \u003ccode\u003ePodMonitor\u003c/code\u003e, \u003ccode\u003eProbe\u003c/code\u003e and \u003ccode\u003eScrapeConfig\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8102\"\u003e#8102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escope\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8240\"\u003e#8240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eworkloadIdentity\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7998\"\u003e#7998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add support for PrometheusRule fields \u003ccode\u003egroupLabels\u003c/code\u003e and \u003ccode\u003equeryOffset\u003c/code\u003e in \u003ccode\u003eThanosRuler\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8137\"\u003e#8137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eslackAppToken\u003c/code\u003e and \u003ccode\u003eslackAppUrl\u003c/code\u003e fields to Alertmanager global config for Slack App support. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8238\"\u003e#8238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eincident.io\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8190\"\u003e#8190\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8245\"\u003e#8245\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8228\"\u003e#8228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eMattermost\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8188\"\u003e#8188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eapiType\u003c/code\u003e field to \u003ccode\u003eJira\u003c/code\u003e receiver in \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8218\"\u003e#8218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003ePagerDuty\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8162\"\u003e#8162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003eSlack\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8161\"\u003e#8161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Use \u003ccode\u003eminReadySeconds\u003c/code\u003e to set \u003ccode\u003e--dispatch.start-delay\u003c/code\u003e in \u003ccode\u003eAlertmanager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8177\"\u003e#8177\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8201\"\u003e#8201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Expose native histograms in operator metrics. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8194\"\u003e#8194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eNoSelectedResources\u003c/code\u003e reason to status conditions. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8124\"\u003e#8124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eenableHttp2\u003c/code\u003e and \u003ccode\u003efollowRedirects\u003c/code\u003e fields to HTTP configuration for \u003ccode\u003eProbe\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8112\"\u003e#8112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add CEL validations for \u003ccode\u003eDaemonSet\u003c/code\u003e mode in \u003ccode\u003ePrometheusAgent\u003c/code\u003e CRD (requires the \u003ccode\u003ePrometheusAgentDaemonSetFeature\u003c/code\u003e featuregate). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7881\"\u003e#7881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Improve validation for \u003ccode\u003ePushover\u003c/code\u003e, \u003ccode\u003ePagerDuty\u003c/code\u003e and \u003ccode\u003eVictorOps\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8239\"\u003e#8239\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8113\"\u003e#8113\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8220\"\u003e#8220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eapiURL\u003c/code\u003e validation for \u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eOpsGenie\u003c/code\u003e and \u003ccode\u003eTelegram\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8196\"\u003e#8196\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8206\"\u003e#8206\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8199\"\u003e#8199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e receivers (\u003ccode\u003eMSTeams\u003c/code\u003e, \u003ccode\u003eWebhook\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8125\"\u003e#8125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanager\u003c/code\u003e configuration secret (\u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eTelegram\u003c/code\u003e, \u003ccode\u003ePushover\u003c/code\u003e receivers). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8233\"\u003e#8233\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8232\"\u003e#8232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichalTomczakSE\"\u003e\u003ccode\u003e@​MichalTomczakSE\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8144\"\u003eprometheus-operator/prometheus-operator#8144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kartikangiras\"\u003e\u003ccode\u003e@​kartikangiras\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8098\"\u003eprometheus-operator/prometheus-operator#8098\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/varundeepsaini\"\u003e\u003ccode\u003e@​varundeepsaini\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8207\"\u003eprometheus-operator/prometheus-operator#8207\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tomlin7\"\u003e\u003ccode\u003e@​tomlin7\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8209\"\u003eprometheus-operator/prometheus-operator#8209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluktuid\"\u003e\u003ccode\u003e@​fluktuid\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8248\"\u003eprometheus-operator/prometheus-operator#8248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.88.0 / 2026-01-09\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Use narrower selectors for StatefulSet informers in \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e controllers. It is recommended to upgrade from \u003ccode\u003ev0.85.0\u003c/code\u003e (at least). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8246\"\u003e#8246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Reject \u003ccode\u003eEC2/Lightsail\u003c/code\u003e SD for Prometheus \u0026gt;= 3.8.0 in \u003ccode\u003eScrapeConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8175\"\u003e#8175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003epodManagementPolicy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8119\"\u003e#8119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eupdateStrategy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8202\"\u003e#8202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escrapeNativeHistograms\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eServiceMonitor\u003c/code\u003e, \u003ccode\u003ePodMonitor\u003c/code\u003e, \u003ccode\u003eProbe\u003c/code\u003e and \u003ccode\u003eScrapeConfig\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8102\"\u003e#8102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escope\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8240\"\u003e#8240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eworkloadIdentity\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7998\"\u003e#7998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add support for PrometheusRule fields \u003ccode\u003egroupLabels\u003c/code\u003e and \u003ccode\u003equeryOffset\u003c/code\u003e in \u003ccode\u003eThanosRuler\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8137\"\u003e#8137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eslackAppToken\u003c/code\u003e and \u003ccode\u003eslackAppUrl\u003c/code\u003e fields to Alertmanager global config for Slack App support. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8238\"\u003e#8238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eincident.io\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8190\"\u003e#8190\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8245\"\u003e#8245\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8228\"\u003e#8228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eMattermost\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8188\"\u003e#8188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eapiType\u003c/code\u003e field to \u003ccode\u003eJira\u003c/code\u003e receiver in \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8218\"\u003e#8218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003ePagerDuty\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8162\"\u003e#8162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003eSlack\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8161\"\u003e#8161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Use \u003ccode\u003eminReadySeconds\u003c/code\u003e to set \u003ccode\u003e--dispatch.start-delay\u003c/code\u003e in \u003ccode\u003eAlertmanager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8177\"\u003e#8177\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8201\"\u003e#8201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Expose native histograms in operator metrics. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8194\"\u003e#8194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eNoSelectedResources\u003c/code\u003e reason to status conditions. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8124\"\u003e#8124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eenableHttp2\u003c/code\u003e and \u003ccode\u003efollowRedirects\u003c/code\u003e fields to HTTP configuration for \u003ccode\u003eProbe\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8112\"\u003e#8112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add CEL validations for \u003ccode\u003eDaemonSet\u003c/code\u003e mode in \u003ccode\u003ePrometheusAgent\u003c/code\u003e CRD (requires the \u003ccode\u003ePrometheusAgentDaemonSetFeature\u003c/code\u003e featuregate). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7881\"\u003e#7881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Improve validation for \u003ccode\u003ePushover\u003c/code\u003e, \u003ccode\u003ePagerDuty\u003c/code\u003e and \u003ccode\u003eVictorOps\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8239\"\u003e#8239\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8113\"\u003e#8113\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8220\"\u003e#8220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eapiURL\u003c/code\u003e validation for \u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eOpsGenie\u003c/code\u003e and \u003ccode\u003eTelegram\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8196\"\u003e#8196\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8206\"\u003e#8206\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8199\"\u003e#8199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e receivers (\u003ccode\u003eMSTeams\u003c/code\u003e, \u003ccode\u003eWebhook\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8125\"\u003e#8125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanager\u003c/code\u003e configuration secret (\u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eTelegram\u003c/code\u003e, \u003ccode\u003ePushover\u003c/code\u003e receivers). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8233\"\u003e#8233\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8232\"\u003e#8232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/21974db4687ad80a6ea79af66d410db54510e35e\"\u003e\u003ccode\u003e21974db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8263\"\u003e#8263\u003c/a\u003e from slashpai/cut-v0.88\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/7d1d99052daa6b10f65a3901bf050c501ec8f131\"\u003e\u003ccode\u003e7d1d990\u003c/code\u003e\u003c/a\u003e chore: cut v0.88.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/1746a839980861cc3dcbcf7f27e8ee965f4c8fb3\"\u003e\u003ccode\u003e1746a83\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8252\"\u003e#8252\u003c/a\u003e from heliapb/fix/bump_prom_3_9_1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/fd282ba2f23b10249049c9a4297982dde4026dfe\"\u003e\u003ccode\u003efd282ba\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8253\"\u003e#8253\u003c/a\u003e from prometheus-operator/dependabot/go_modules/githu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/14b8ed2eaf429afd802d5f5278875e331fb53d7d\"\u003e\u003ccode\u003e14b8ed2\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/prometheus/prometheus\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/e0d02b23ece75731dfbea93201baca23d9e9536a\"\u003e\u003ccode\u003ee0d02b2\u003c/code\u003e\u003c/a\u003e chore: bump prometheus 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/a4fbeedbced6ad0cacbb04043b82403efac15f76\"\u003e\u003ccode\u003ea4fbeed\u003c/code\u003e\u003c/a\u003e pkg/alertmanager: add URL validation for MSTeams receiver (\u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/4a393db953bf90261208dedb10f9e25f8eb4093a\"\u003e\u003ccode\u003e4a393db\u003c/code\u003e\u003c/a\u003e Chore: add WeChat global config secret validation in Alertmanager (\u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/37ac74f4023c3006ab6288540a6b066e01bd3497\"\u003e\u003ccode\u003e37ac74f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8235\"\u003e#8235\u003c/a\u003e from nutmos/feat/add-slack-validations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/c2a010fd57f5ef562f000d50763f34e6894122e4\"\u003e\u003ccode\u003ec2a010f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8250\"\u003e#8250\u003c/a\u003e from prometheus-operator/dependabot/go_modules/githu...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/compare/v0.87.1...v0.88.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/mod` from 0.31.0 to 0.32.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/mod/commit/4c04067938546e62fc0572259a68a6912726bcdd\"\u003e\u003ccode\u003e4c04067\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/mod/compare/v0.31.0...v0.32.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.48.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/d977772e17ccaa1903b2af736f6405ab3a9f05cc\"\u003e\u003ccode\u003ed977772\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/eea413e2942fbb59b323a2af0b1740da4d8aa93e\"\u003e\u003ccode\u003eeea413e\u003c/code\u003e\u003c/a\u003e internal/http3: use go1.25 synctest.Test instead of go1.24 synctest.Run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/9ace223794aa203b4c877d08a1f7bf2f595f6242\"\u003e\u003ccode\u003e9ace223\u003c/code\u003e\u003c/a\u003e websocket: add missing call to resp.Body.Close\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7d3dbb06ceb45c3180f4f446cd635e6b59a0b9c2\"\u003e\u003ccode\u003e7d3dbb0\u003c/code\u003e\u003c/a\u003e http2: buffer the most recently received PRIORITY_UPDATE frame\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/compare/v0.48.0...v0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/term` from 0.38.0 to 0.39.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/a7e5b0437ffa3159709172efbe396bc546550e23\"\u003e\u003ccode\u003ea7e5b04\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/943f25d3595f79ce29c4175d889758d38b375688\"\u003e\u003ccode\u003e943f25d\u003c/code\u003e\u003c/a\u003e x/term: handle transpose\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/9b991dd831b8a478f9fc99a0b39b492b4e25a3c0\"\u003e\u003ccode\u003e9b991dd\u003c/code\u003e\u003c/a\u003e x/term: handle delete key\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/term/compare/v0.38.0...v0.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/tools` from 0.40.0 to 0.41.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/2ad2b30edf98d0e3b67a7b3e8f6d1d6e41c963c3\"\u003e\u003ccode\u003e2ad2b30\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/5832cce571d5c6583d80a58f5c0ff69664056e6c\"\u003e\u003ccode\u003e5832cce\u003c/code\u003e\u003c/a\u003e internal/diff/lcs: introduce line diffs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/67c42573e2e2b0a6b9c421a2bd2ef4c95adb93d5\"\u003e\u003ccode\u003e67c4257\u003c/code\u003e\u003c/a\u003e gopls/internal/golang: Definition: fix Windows bug wrt //go:embed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/12c1f0453e55dae26e5fa2206e34a059380e6191\"\u003e\u003ccode\u003e12c1f04\u003c/code\u003e\u003c/a\u003e gopls/completion: check Selection invariant\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/6d871857886c38ce4fbc25c25c4da1619271051e\"\u003e\u003ccode\u003e6d87185\u003c/code\u003e\u003c/a\u003e internal/server: add vulncheck scanning after vulncheck prompt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/0c3a1fec5617ed70197ee010406883919ede02d7\"\u003e\u003ccode\u003e0c3a1fe\u003c/code\u003e\u003c/a\u003e go/ast/inspector: FindByPos returns the first innermost node\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/ca281cf9505443eb482db8a3e806721c29dfa7f2\"\u003e\u003ccode\u003eca281cf\u003c/code\u003e\u003c/a\u003e go/analysis/passes/ctrlflow: add noreturn funcs from popular pkgs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/09c21a934282b0bcf790d54982ff24b869f832c9\"\u003e\u003ccode\u003e09c21a9\u003c/code\u003e\u003c/a\u003e gopls/internal/analysis/unusedfunc: remove warnings for unused enum consts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/03cb4551c662c0e078502fe5f317ca4114b89cd8\"\u003e\u003ccode\u003e03cb455\u003c/code\u003e\u003c/a\u003e internal/modindex: suppress missing modcacheindex message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/15d13e8a95dd0247dec2960fb57e85252984509d\"\u003e\u003ccode\u003e15d13e8\u003c/code\u003e\u003c/a\u003e gopls/internal/util/typesutil: refine EnclosingSignature bug.Report\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/tools/compare/v0.40.0...v0.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/464","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/464","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/464/packages"},{"uuid":"3805413578","node_id":"PR_kwDOBAr5ps68wd9j","number":9709,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-12T18:10:46.000Z","updated_at":"2026-01-12T18:10:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":13,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/checkpoint-restore/checkpointctl","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/checkpoint-restore/checkpointctl"},{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.2","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/godbus/dbus/v5","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/godbus/dbus"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.27.3","new_version":"2.27.4","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.38.3","new_version":"1.39.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"golang.org/x/net","old_version":"0.48.0","new_version":"0.49.0","repository_url":"https://github.com/golang/net"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"},{"name":"google.golang.org/protobuf","old_version":"1.36.10","new_version":"1.36.11"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/checkpoint-restore/checkpointctl](https://github.com/checkpoint-restore/checkpointctl) | `1.4.0` | `1.4.1` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.29` | `1.7.30` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.2` | `0.6.1` |\n| [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) | `5.2.0` | `5.2.2` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.27.3` | `2.27.4` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.3` | `1.39.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.3.2` | `1.4.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.48.0` | `0.49.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.77.0` | `1.78.0` |\n| google.golang.org/protobuf | `1.36.10` | `1.36.11` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/checkpoint-restore/checkpointctl` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/releases\"\u003egithub.com/checkpoint-restore/checkpointctl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in the all group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/172\"\u003echeckpoint-restore/checkpointctl#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/176\"\u003echeckpoint-restore/checkpointctl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eworkflows: add explicit permissions to fix CodeQL warnings by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/177\"\u003echeckpoint-restore/checkpointctl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump minimum Go version to 1.24.6 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/178\"\u003echeckpoint-restore/checkpointctl#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/e9889f5c195f05f00137c9a77ad32d7d6ee53f7f\"\u003e\u003ccode\u003ee9889f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/178\"\u003e#178\u003c/a\u003e from adrianreber/2025-12-10-1-24-6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/b336c8e4a34e8cb3ccc9e64ec6e338f807b10c90\"\u003e\u003ccode\u003eb336c8e\u003c/code\u003e\u003c/a\u003e go.mod: bump minimum Go version to 1.24.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/251977630df3bd5ff051081d645d0acac73cd6de\"\u003e\u003ccode\u003e2519776\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/177\"\u003e#177\u003c/a\u003e from adrianreber/2025-12-10-codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/050500942d1d11281653a19a0a703992f1849258\"\u003e\u003ccode\u003e0505009\u003c/code\u003e\u003c/a\u003e workflows: add explicit permissions to fix CodeQL warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d6f6e40aabf8e837b6d85d3a5b59b9e7e58e478\"\u003e\u003ccode\u003e1d6f6e4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/176\"\u003e#176\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-737...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/969270bba8ab3778da1c3bace124416bfe114aa7\"\u003e\u003ccode\u003e969270b\u003c/code\u003e\u003c/a\u003e chore(deps): Bump the all group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/fd183169177789401ba7fcff355971ced22884bd\"\u003e\u003ccode\u003efd18316\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/172\"\u003e#172\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-ba2...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d82e5ac9f3e219cdbfc75334153fa651151a770\"\u003e\u003ccode\u003e1d82e5a\u003c/code\u003e\u003c/a\u003e chore(deps): Bump github.com/spf13/cobra in the all group\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.29 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.2 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f466aa3630920b694b2d32b037375e55520bdf5b\"\u003e\u003ccode\u003ef466aa3\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/83\"\u003e#83\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/67db5d4c764ad99bc947581f1973b24bc62ffc20\"\u003e\u003ccode\u003e67db5d4\u003c/code\u003e\u003c/a\u003e tests: hard-fail openat2 in openat2-disabled tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f51984fd0a9093abd4047041537c7dfcb79fbd8b\"\u003e\u003ccode\u003ef51984f\u003c/code\u003e\u003c/a\u003e gha: run tests on vX.Y.Z branches\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.2...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/godbus/dbus/v5` from 5.2.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/godbus/dbus/releases\"\u003egithub.com/godbus/dbus/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ununsed import in windows specific code by \u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump freebsd to 14.3 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/421\"\u003egodbus/dbus#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow more than 32 containers / struct fields in a signature by \u003ca href=\"https://github.com/guelfey\"\u003e\u003ccode\u003e@​guelfey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/426\"\u003egodbus/dbus#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci-lint to v2, fix some issues found by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/419\"\u003egodbus/dbus#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and simplify getHomeDir by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/422\"\u003egodbus/dbus#422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/a8ac15ba63645f02ffd57f4b443203279ab40b30\"\u003e\u003ccode\u003ea8ac15b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/427\"\u003e#427\u003c/a\u003e from dims/drop-unused-import-in-windows-specific-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/e638c721d984eab99e7a5d674ece2e17ea913aca\"\u003e\u003ccode\u003ee638c72\u003c/code\u003e\u003c/a\u003e Drop ununsed import in windows specific code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/20d95a3d9a57a5cb72cbdafb3fd9ecb6d2ccd038\"\u003e\u003ccode\u003e20d95a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/422\"\u003e#422\u003c/a\u003e from kolyshkin/homedir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d3fc3b583895e27c3337f77ea7134b0a81159955\"\u003e\u003ccode\u003ed3fc3b5\u003c/code\u003e\u003c/a\u003e Fix and simplify getHomeDir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/88ce46364db66b69f70017265a312b26ad7feba8\"\u003e\u003ccode\u003e88ce463\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/419\"\u003e#419\u003c/a\u003e from kolyshkin/golangci-v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/feb892a0347fb361350229d969a2666a4791504e\"\u003e\u003ccode\u003efeb892a\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/c5ff039e5883a86f848ad6fbb820e471818c0bde\"\u003e\u003ccode\u003ec5ff039\u003c/code\u003e\u003c/a\u003e Ignore ST1008 warning for validSingle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/135663e52698feb5ad4b0733d7e457c82227214a\"\u003e\u003ccode\u003e135663e\u003c/code\u003e\u003c/a\u003e Omit embedded fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/1b92cdcc136567c781bcc0ad1ccb4bd78b11e151\"\u003e\u003ccode\u003e1b92cdc\u003c/code\u003e\u003c/a\u003e variant_parser: simplify switch statement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d03c0bea70755580de832141a43f544950e76fc7\"\u003e\u003ccode\u003ed03c0be\u003c/code\u003e\u003c/a\u003e Use switch where it makes sense\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.27.3 to 2.27.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.27.4\u003c/h2\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/867ce95f5142649695406f751f883c99ea45c0d5\"\u003e\u003ccode\u003e867ce95\u003c/code\u003e\u003c/a\u003e v2.27.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/59bc751e3d44779e1e92c30035924590f917d6b8\"\u003e\u003ccode\u003e59bc751\u003c/code\u003e\u003c/a\u003e CurrentTreeConstructionNodeReport: fix for nested container nodes\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.3...v2.27.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.38.3 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.39.0\u003c/h2\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/49561ad293853e660030f8397b07607127e3ebb7\"\u003e\u003ccode\u003e49561ad\u003c/code\u003e\u003c/a\u003e v1.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8f7f42585ccc794dcb3a4979ac7d67e00fb070ae\"\u003e\u003ccode\u003e8f7f425\u003c/code\u003e\u003c/a\u003e document MatchErrorStrictly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/bae643da0469185d9502e8d7528da137f4c62320\"\u003e\u003ccode\u003ebae643d\u003c/code\u003e\u003c/a\u003e add matcher relecting errors.Is behavior\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.3...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.0 -- \u0026quot;路漫漫其修远兮，吾将上下而求索！\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the first release of the 1.4.z release branch of runc. It\ncontains a few fixes for issues found in 1.4.0-rc.3. This version of\nrunc supports runtime-spec v1.3 (see [\u003ccode\u003edocs/spec-conformance.md\u003c/code\u003e][] for the\nfew features that are still missing).\u003c/p\u003e\n\u003cp\u003eThis is the second release of runc following our new release and support\npolicy (see [\u003ccode\u003eRELEASES.md\u003c/code\u003e][] for more details). This means that, as of this\nrelease:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe runc 1.2.z release branch will now only receive \u003cem\u003ehigh severity\u003c/em\u003e\nCVE fixes, and will no longer be supported in less than 6 months (end\nof April 2026).\u003c/li\u003e\n\u003cli\u003eThe runc 1.3.z release branch will now only receive security and\n\u0026quot;significant\u0026quot; bugfixes.\u003c/li\u003e\n\u003cli\u003eUsers are encouraged to plan migrating to runc 1.4.0 as soon as\npossible.\u003c/li\u003e\n\u003cli\u003eDespite this release being delayed by a month, users should still\nexpect a runc 1.5.0 release in late April 2026.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n[CVE-2025-52881][] mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the [CVE-2025-52881][]\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.0] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e路漫漫其修远兮，吾将上下而求索！\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\nusers. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: switch to \u003ccode\u003e(*CPUSet).Fill\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4927\"\u003e#4927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs/spec-conformance.md: update for spec v1.3.0. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4948\"\u003e#4948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.3.4] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTake me to your heart, take me to your soul.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4966\"\u003e#4966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the\ntarget path already existed. This fixes a regression introduced in our\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bd78a9977e604c4d5f67a7415d7b8b8c109cdc4\"\u003e\u003ccode\u003e8bd78a9\u003c/code\u003e\u003c/a\u003e VERSION: release 1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7d84a1282aaab9f106b19511de011df1a4510752\"\u003e\u003ccode\u003e7d84a12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5005\"\u003e#5005\u003c/a\u003e from cyphar/1.4-hallucinated-paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c362d6bd2107bc8ae25f88e93b31fe85c8222b81\"\u003e\u003ccode\u003ec362d6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5040\"\u003e#5040\u003c/a\u003e from cyphar/1.4-better-init-errors-4928\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/f1d0dd8fb36abf4ad5e8502bca7f18d921560790\"\u003e\u003ccode\u003ef1d0dd8\u003c/code\u003e\u003c/a\u003e runc create/run/exec: show fatal errors from init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/46156624b77fd995e6fc45df097aa94a6b8be5c2\"\u003e\u003ccode\u003e4615662\u003c/code\u003e\u003c/a\u003e libct/nsenter: better read/write errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c4a61c0227580d730b887788f6a9c5d09238ed64\"\u003e\u003ccode\u003ec4a61c0\u003c/code\u003e\u003c/a\u003e libct/nsenter: sprinkle missing sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/493f1b10fea838dc01ab5f99e4fc3ca6a236c8b6\"\u003e\u003ccode\u003e493f1b1\u003c/code\u003e\u003c/a\u003e libct/nsenter: add and use bailx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7f9fc53c34ead1880c839da432130a3d0bb96d25\"\u003e\u003ccode\u003e7f9fc53\u003c/code\u003e\u003c/a\u003e libct/nsenter: save errno in sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e18c06bf8ee87ac6472d03ed2e28d8a9077f978f\"\u003e\u003ccode\u003ee18c06b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5041\"\u003e#5041\u003c/a\u003e from lifubang/backport-5014-fd-leaks-flake-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5bb89872f8d3cb6e58268e16644f8ca2d8ade2cf\"\u003e\u003ccode\u003e5bb8987\u003c/code\u003e\u003c/a\u003e libct/int: TestFdLeaks: deflake\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.12.0 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003cp\u003eThis release includes a minor update to reduce the minimum version\nrequirement of the \u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e package from\nv0.6.0 to v0.5.1. We did not use any of the newer features, so\ndowngrading is a no-op but will help with downstreams that need to\nbackport \u003ccode\u003egithub.com/opencontainers/selinux\u003c/code\u003e updates.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/240\"\u003eopencontainers/selinux#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edowngrade github.com/cyphar/filepath-securejoin to v0.5.1 by \u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to golangci-lint v2 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/230\"\u003eopencontainers/selinux#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/233\"\u003eopencontainers/selinux#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/234\"\u003eopencontainers/selinux#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekeyring: fix typo in EACCES check by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/235\"\u003eopencontainers/selinux#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Go 1.25, drop go 1.23, bump golangci-lint by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/236\"\u003eopencontainers/selinux#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eselinux: migrate to pathrs-lite procfs API by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/237\"\u003eopencontainers/selinux#237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/5647f06491288afa5ea45747896b359f51f7c509\"\u003e\u003ccode\u003e5647f06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/242\"\u003e#242\u003c/a\u003e from Luap99/securejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/69a52b85c9831ced6f3f512822063bff5eb41dac\"\u003e\u003ccode\u003e69a52b8\u003c/code\u003e\u003c/a\u003e downgrade github.com/cyphar/filepath-securejoin to v0.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/6950c322825bbede8032e70fbac550c497a49943\"\u003e\u003ccode\u003e6950c32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/240\"\u003e#240\u003c/a\u003e from opencontainers/dependabot/github_actions/golangc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9a88c886b3ca4f6e016057eab6f2770aff9c2024\"\u003e\u003ccode\u003e9a88c88\u003c/code\u003e\u003c/a\u003e build(deps): bump golangci/golangci-lint-action from 8 to 9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/4be9937fb76c0c49a30469135a4077fcc33712b8\"\u003e\u003ccode\u003e4be9937\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/237\"\u003e#237\u003c/a\u003e from cyphar/selinux-safe-procfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8cfa6fd2d285a96022203163c2075eda85bff54\"\u003e\u003ccode\u003ec8cfa6f\u003c/code\u003e\u003c/a\u003e selinux: migrate to pathrs-lite procfs API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/f2424d8145e2ac45a0ec457e39758cd58e573285\"\u003e\u003ccode\u003ef2424d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/236\"\u003e#236\u003c/a\u003e from kolyshkin/modernize-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/648ce7f0f85f4a310d1cd7317986fc1d6c8ff41c\"\u003e\u003ccode\u003e648ce7f\u003c/code\u003e\u003c/a\u003e ci: add go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/916cab932c940e0fc55f0c8404d503665160dd9c\"\u003e\u003ccode\u003e916cab9\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/b42e5c8eff8eab7ee590cc61d78fd3e2d38e3309\"\u003e\u003ccode\u003eb42e5c8\u003c/code\u003e\u003c/a\u003e all: format sources with latest gofumpt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.48.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/d977772e17ccaa1903b2af736f6405ab3a9f05cc\"\u003e\u003ccode\u003ed977772\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/eea413e2942fbb59b323a2af0b1740da4d8aa93e\"\u003e\u003ccode\u003eeea413e\u003c/code\u003e\u003c/a\u003e internal/http3: use go1.25 synctest.Test instead of go1.24 synctest.Run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/9ace223794aa203b4c877d08a1f7bf2f595f6242\"\u003e\u003ccode\u003e9ace223\u003c/code\u003e\u003c/a\u003e websocket: add missing call to resp.Body.Close\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7d3dbb06ceb45c3180f4f446cd635e6b59a0b9c2\"\u003e\u003ccode\u003e7d3dbb0\u003c/code\u003e\u003c/a\u003e http2: buffer the most recently received PRIORITY_UPDATE frame\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/compare/v0.48.0...v0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.39.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2f442297556c884f9b52fc6ef7280083f4d65023\"\u003e\u003ccode\u003e2f44229\u003c/code\u003e\u003c/a\u003e sys/cpu: add symbolic constants for remaining cpuid bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e5770d27b7f2fca0e959b31bdb18fad4afba8565\"\u003e\u003ccode\u003ee5770d2\u003c/code\u003e\u003c/a\u003e sys/cpu: use symbolic names for masks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/714a44c845225bf4314182db4c910ef151c32d2f\"\u003e\u003ccode\u003e714a44c\u003c/code\u003e\u003c/a\u003e sys/cpu: modify x86 port to match what internal/cpu does\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/compare/v0.39.0...v0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Align URL validation with Go 1.26+ to now reject target URLs with unbracketed colons in the hostname. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003exds/resolver:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to weighted round robin metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.36.10 to 1.36.11\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cri-o/cri-o/pull/9709","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9709","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9709/packages"},{"uuid":"3802936012","node_id":"PR_kwDOGZIwWs68oLlr","number":462,"state":"open","title":"chore(deps): Bump the production-dependencies group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-12T06:23:29.000Z","updated_at":"2026-01-12T06:23:45.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":11,"packages":[{"name":"github.com/onsi/gomega","old_version":"1.38.3","new_version":"1.39.0","repository_url":"https://github.com/onsi/gomega"},{"name":"golang.org/x/text","old_version":"0.32.0","new_version":"0.33.0","repository_url":"https://github.com/golang/text"},{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/docker/cli","old_version":"29.1.3+incompatible","new_version":"29.1.4+incompatible","repository_url":"https://github.com/docker/cli"},{"name":"github.com/docker/docker-credential-helpers","old_version":"0.9.4","new_version":"0.9.5","repository_url":"https://github.com/docker/docker-credential-helpers"},{"name":"github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring","old_version":"0.87.1","new_version":"0.88.0","repository_url":"https://github.com/prometheus-operator/prometheus-operator"},{"name":"golang.org/x/mod","old_version":"0.31.0","new_version":"0.32.0","repository_url":"https://github.com/golang/mod"},{"name":"golang.org/x/sys","old_version":"0.39.0","new_version":"0.40.0","repository_url":"https://github.com/golang/sys"},{"name":"golang.org/x/term","old_version":"0.38.0","new_version":"0.39.0","repository_url":"https://github.com/golang/term"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.3` | `1.39.0` |\n| [golang.org/x/text](https://github.com/golang/text) | `0.32.0` | `0.33.0` |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.1` | `0.6.1` |\n| [github.com/docker/cli](https://github.com/docker/cli) | `29.1.3+incompatible` | `29.1.4+incompatible` |\n| [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers) | `0.9.4` | `0.9.5` |\n| [github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring](https://github.com/prometheus-operator/prometheus-operator) | `0.87.1` | `0.88.0` |\n| [golang.org/x/mod](https://github.com/golang/mod) | `0.31.0` | `0.32.0` |\n| [golang.org/x/sys](https://github.com/golang/sys) | `0.39.0` | `0.40.0` |\n| [golang.org/x/term](https://github.com/golang/term) | `0.38.0` | `0.39.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.77.0` | `1.78.0` |\n\n\nUpdates `github.com/onsi/gomega` from 1.38.3 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.39.0\u003c/h2\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/49561ad293853e660030f8397b07607127e3ebb7\"\u003e\u003ccode\u003e49561ad\u003c/code\u003e\u003c/a\u003e v1.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8f7f42585ccc794dcb3a4979ac7d67e00fb070ae\"\u003e\u003ccode\u003e8f7f425\u003c/code\u003e\u003c/a\u003e document MatchErrorStrictly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/bae643da0469185d9502e8d7528da137f4c62320\"\u003e\u003ccode\u003ebae643d\u003c/code\u003e\u003c/a\u003e add matcher relecting errors.Is behavior\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.3...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.32.0 to 0.33.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/536231a9abc69feaab8d726b5ec75ee8d3620829\"\u003e\u003ccode\u003e536231a\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/text/compare/v0.32.0...v0.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/cli` from 29.1.3+incompatible to 29.1.4+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/0e6fee6c52f761dc79dc4bf712ea9fe4095c9bd2\"\u003e\u003ccode\u003e0e6fee6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6698\"\u003e#6698\u003c/a\u003e from thaJeztah/inline_parseWindowsDevice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/88be58884ca7f7f0ddcd0cd236a59ac42c16f242\"\u003e\u003ccode\u003e88be588\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6709\"\u003e#6709\u003c/a\u003e from vvoland/img-list-all-doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/f7ddc8a7d173970fcb5e64f7502e15293f949fc4\"\u003e\u003ccode\u003ef7ddc8a\u003c/code\u003e\u003c/a\u003e docs: Update --all flag description to clarify it shows dangling images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/00e23cfdb7096069f030db63d61f077069a53ce1\"\u003e\u003ccode\u003e00e23cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6706\"\u003e#6706\u003c/a\u003e from docker/dependabot/github_actions/actions/upload...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/4d7a8b0fd5767b6833ae485f56e74abfded2e73e\"\u003e\u003ccode\u003e4d7a8b0\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/2e3425fbd4fb52cba345d8fb24b3dca858d62dfb\"\u003e\u003ccode\u003e2e3425f\u003c/code\u003e\u003c/a\u003e cli/command/container: use consistent casing for dockerCLI arg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/de098367d0a19683241d41ab4a426a064cba0052\"\u003e\u003ccode\u003ede09836\u003c/code\u003e\u003c/a\u003e cli/command/container: inline parseWindowsDevice\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/docker/cli/compare/v29.1.3...v29.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker-credential-helpers` from 0.9.4 to 0.9.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker-credential-helpers/releases\"\u003egithub.com/docker/docker-credential-helpers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.9.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/395\"\u003edocker/docker-credential-helpers#395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4 to 6 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/398\"\u003edocker/docker-credential-helpers#398\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump softprops/action-gh-release from 2.3.3 to 2.4.1 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/391\"\u003edocker/docker-credential-helpers#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump softprops/action-gh-release from 2.4.1 to 2.5.0 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/397\"\u003edocker/docker-credential-helpers#397\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: remove redundant DEBIAN_FRONTEND=noninteractive \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/404\"\u003edocker/docker-credential-helpers#404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update golangci-lint to v2.8  \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/402\"\u003edocker/docker-credential-helpers#402\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: update some actions to ubuntu 24.04 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/401\"\u003edocker/docker-credential-helpers#401\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.25.2 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/392\"\u003edocker/docker-credential-helpers#392\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.25.5 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/399\"\u003edocker/docker-credential-helpers#399\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\"\u003ehttps://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/b871f765408aa5d1fa2aa490f05cab8c133937c3\"\u003e\u003ccode\u003eb871f76\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/404\"\u003e#404\u003c/a\u003e from thaJeztah/rm_noninteractive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/50c1460bf5b16ab491e0229585dfc3b9aa8d5afb\"\u003e\u003ccode\u003e50c1460\u003c/code\u003e\u003c/a\u003e Dockerfile: remove redundant DEBIAN_FRONTEND=noninteractive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/aecf6e5780107c399b55a84685340267424eb395\"\u003e\u003ccode\u003eaecf6e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/402\"\u003e#402\u003c/a\u003e from thaJeztah/bump_golangci_lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/ecf6c1ccc76ccce8b831feb3242d26f167c5f852\"\u003e\u003ccode\u003eecf6c1c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/399\"\u003e#399\u003c/a\u003e from ameya-keskar/bump_go_1.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/b844409a1263c5e16b7d0916c97feeb910587f2b\"\u003e\u003ccode\u003eb844409\u003c/code\u003e\u003c/a\u003e update to go1.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/9df2c7782a1ba4c349bf0e9150e9756a6e39f9b3\"\u003e\u003ccode\u003e9df2c77\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/401\"\u003e#401\u003c/a\u003e from thaJeztah/bump_ubuntu\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/7a15b77bcbc59e8e8d98bb771b71b27730b576de\"\u003e\u003ccode\u003e7a15b77\u003c/code\u003e\u003c/a\u003e Dockerfile: update golangci-lint to v2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/81f7ebebfd9ae664f965fbc6f14ce953774ec639\"\u003e\u003ccode\u003e81f7ebe\u003c/code\u003e\u003c/a\u003e gha: update some actions to ubuntu 24.04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/3f97cf3ce306a81eaaa50d4e0f0afc4a12e04aef\"\u003e\u003ccode\u003e3f97cf3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/398\"\u003e#398\u003c/a\u003e from docker/dependabot/github_actions/actions/upload-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/8b5e6dffc66a0fea386a7ec05539a4da3155562d\"\u003e\u003ccode\u003e8b5e6df\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/397\"\u003e#397\u003c/a\u003e from docker/dependabot/github_actions/softprops/actio...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring` from 0.87.1 to 0.88.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/releases\"\u003egithub.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.88.0 / 2026-01-09\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Use narrower selectors for StatefulSet informers in \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e controllers. It is recommended to upgrade from \u003ccode\u003ev0.85.0\u003c/code\u003e (at least). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8246\"\u003e#8246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Reject \u003ccode\u003eEC2/Lightsail\u003c/code\u003e SD for Prometheus \u0026gt;= 3.8.0 in \u003ccode\u003eScrapeConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8175\"\u003e#8175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003epodManagementPolicy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8119\"\u003e#8119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eupdateStrategy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8202\"\u003e#8202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escrapeNativeHistograms\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eServiceMonitor\u003c/code\u003e, \u003ccode\u003ePodMonitor\u003c/code\u003e, \u003ccode\u003eProbe\u003c/code\u003e and \u003ccode\u003eScrapeConfig\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8102\"\u003e#8102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escope\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8240\"\u003e#8240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eworkloadIdentity\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7998\"\u003e#7998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add support for PrometheusRule fields \u003ccode\u003egroupLabels\u003c/code\u003e and \u003ccode\u003equeryOffset\u003c/code\u003e in \u003ccode\u003eThanosRuler\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8137\"\u003e#8137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eslackAppToken\u003c/code\u003e and \u003ccode\u003eslackAppUrl\u003c/code\u003e fields to Alertmanager global config for Slack App support. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8238\"\u003e#8238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eincident.io\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8190\"\u003e#8190\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8245\"\u003e#8245\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8228\"\u003e#8228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eMattermost\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8188\"\u003e#8188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eapiType\u003c/code\u003e field to \u003ccode\u003eJira\u003c/code\u003e receiver in \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8218\"\u003e#8218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003ePagerDuty\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8162\"\u003e#8162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003eSlack\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8161\"\u003e#8161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Use \u003ccode\u003eminReadySeconds\u003c/code\u003e to set \u003ccode\u003e--dispatch.start-delay\u003c/code\u003e in \u003ccode\u003eAlertmanager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8177\"\u003e#8177\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8201\"\u003e#8201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Expose native histograms in operator metrics. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8194\"\u003e#8194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eNoSelectedResources\u003c/code\u003e reason to status conditions. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8124\"\u003e#8124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eenableHttp2\u003c/code\u003e and \u003ccode\u003efollowRedirects\u003c/code\u003e fields to HTTP configuration for \u003ccode\u003eProbe\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8112\"\u003e#8112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add CEL validations for \u003ccode\u003eDaemonSet\u003c/code\u003e mode in \u003ccode\u003ePrometheusAgent\u003c/code\u003e CRD (requires the \u003ccode\u003ePrometheusAgentDaemonSetFeature\u003c/code\u003e featuregate). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7881\"\u003e#7881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Improve validation for \u003ccode\u003ePushover\u003c/code\u003e, \u003ccode\u003ePagerDuty\u003c/code\u003e and \u003ccode\u003eVictorOps\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8239\"\u003e#8239\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8113\"\u003e#8113\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8220\"\u003e#8220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eapiURL\u003c/code\u003e validation for \u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eOpsGenie\u003c/code\u003e and \u003ccode\u003eTelegram\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8196\"\u003e#8196\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8206\"\u003e#8206\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8199\"\u003e#8199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e receivers (\u003ccode\u003eMSTeams\u003c/code\u003e, \u003ccode\u003eWebhook\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8125\"\u003e#8125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanager\u003c/code\u003e configuration secret (\u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eTelegram\u003c/code\u003e, \u003ccode\u003ePushover\u003c/code\u003e receivers). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8233\"\u003e#8233\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8232\"\u003e#8232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichalTomczakSE\"\u003e\u003ccode\u003e@​MichalTomczakSE\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8144\"\u003eprometheus-operator/prometheus-operator#8144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kartikangiras\"\u003e\u003ccode\u003e@​kartikangiras\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8098\"\u003eprometheus-operator/prometheus-operator#8098\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/varundeepsaini\"\u003e\u003ccode\u003e@​varundeepsaini\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8207\"\u003eprometheus-operator/prometheus-operator#8207\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tomlin7\"\u003e\u003ccode\u003e@​tomlin7\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8209\"\u003eprometheus-operator/prometheus-operator#8209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluktuid\"\u003e\u003ccode\u003e@​fluktuid\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8248\"\u003eprometheus-operator/prometheus-operator#8248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.88.0 / 2026-01-09\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Use narrower selectors for StatefulSet informers in \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e controllers. It is recommended to upgrade from \u003ccode\u003ev0.85.0\u003c/code\u003e (at least). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8246\"\u003e#8246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Reject \u003ccode\u003eEC2/Lightsail\u003c/code\u003e SD for Prometheus \u0026gt;= 3.8.0 in \u003ccode\u003eScrapeConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8175\"\u003e#8175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003epodManagementPolicy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8119\"\u003e#8119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eupdateStrategy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8202\"\u003e#8202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escrapeNativeHistograms\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eServiceMonitor\u003c/code\u003e, \u003ccode\u003ePodMonitor\u003c/code\u003e, \u003ccode\u003eProbe\u003c/code\u003e and \u003ccode\u003eScrapeConfig\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8102\"\u003e#8102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escope\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8240\"\u003e#8240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eworkloadIdentity\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7998\"\u003e#7998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add support for PrometheusRule fields \u003ccode\u003egroupLabels\u003c/code\u003e and \u003ccode\u003equeryOffset\u003c/code\u003e in \u003ccode\u003eThanosRuler\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8137\"\u003e#8137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eslackAppToken\u003c/code\u003e and \u003ccode\u003eslackAppUrl\u003c/code\u003e fields to Alertmanager global config for Slack App support. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8238\"\u003e#8238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eincident.io\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8190\"\u003e#8190\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8245\"\u003e#8245\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8228\"\u003e#8228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eMattermost\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8188\"\u003e#8188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eapiType\u003c/code\u003e field to \u003ccode\u003eJira\u003c/code\u003e receiver in \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8218\"\u003e#8218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003ePagerDuty\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8162\"\u003e#8162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003eSlack\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8161\"\u003e#8161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Use \u003ccode\u003eminReadySeconds\u003c/code\u003e to set \u003ccode\u003e--dispatch.start-delay\u003c/code\u003e in \u003ccode\u003eAlertmanager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8177\"\u003e#8177\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8201\"\u003e#8201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Expose native histograms in operator metrics. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8194\"\u003e#8194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eNoSelectedResources\u003c/code\u003e reason to status conditions. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8124\"\u003e#8124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eenableHttp2\u003c/code\u003e and \u003ccode\u003efollowRedirects\u003c/code\u003e fields to HTTP configuration for \u003ccode\u003eProbe\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8112\"\u003e#8112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add CEL validations for \u003ccode\u003eDaemonSet\u003c/code\u003e mode in \u003ccode\u003ePrometheusAgent\u003c/code\u003e CRD (requires the \u003ccode\u003ePrometheusAgentDaemonSetFeature\u003c/code\u003e featuregate). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7881\"\u003e#7881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Improve validation for \u003ccode\u003ePushover\u003c/code\u003e, \u003ccode\u003ePagerDuty\u003c/code\u003e and \u003ccode\u003eVictorOps\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8239\"\u003e#8239\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8113\"\u003e#8113\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8220\"\u003e#8220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eapiURL\u003c/code\u003e validation for \u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eOpsGenie\u003c/code\u003e and \u003ccode\u003eTelegram\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8196\"\u003e#8196\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8206\"\u003e#8206\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8199\"\u003e#8199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e receivers (\u003ccode\u003eMSTeams\u003c/code\u003e, \u003ccode\u003eWebhook\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8125\"\u003e#8125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanager\u003c/code\u003e configuration secret (\u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eTelegram\u003c/code\u003e, \u003ccode\u003ePushover\u003c/code\u003e receivers). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8233\"\u003e#8233\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8232\"\u003e#8232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/21974db4687ad80a6ea79af66d410db54510e35e\"\u003e\u003ccode\u003e21974db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8263\"\u003e#8263\u003c/a\u003e from slashpai/cut-v0.88\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/7d1d99052daa6b10f65a3901bf050c501ec8f131\"\u003e\u003ccode\u003e7d1d990\u003c/code\u003e\u003c/a\u003e chore: cut v0.88.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/1746a839980861cc3dcbcf7f27e8ee965f4c8fb3\"\u003e\u003ccode\u003e1746a83\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8252\"\u003e#8252\u003c/a\u003e from heliapb/fix/bump_prom_3_9_1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/fd282ba2f23b10249049c9a4297982dde4026dfe\"\u003e\u003ccode\u003efd282ba\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8253\"\u003e#8253\u003c/a\u003e from prometheus-operator/dependabot/go_modules/githu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/14b8ed2eaf429afd802d5f5278875e331fb53d7d\"\u003e\u003ccode\u003e14b8ed2\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/prometheus/prometheus\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/e0d02b23ece75731dfbea93201baca23d9e9536a\"\u003e\u003ccode\u003ee0d02b2\u003c/code\u003e\u003c/a\u003e chore: bump prometheus 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/a4fbeedbced6ad0cacbb04043b82403efac15f76\"\u003e\u003ccode\u003ea4fbeed\u003c/code\u003e\u003c/a\u003e pkg/alertmanager: add URL validation for MSTeams receiver (\u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/4a393db953bf90261208dedb10f9e25f8eb4093a\"\u003e\u003ccode\u003e4a393db\u003c/code\u003e\u003c/a\u003e Chore: add WeChat global config secret validation in Alertmanager (\u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/37ac74f4023c3006ab6288540a6b066e01bd3497\"\u003e\u003ccode\u003e37ac74f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8235\"\u003e#8235\u003c/a\u003e from nutmos/feat/add-slack-validations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/c2a010fd57f5ef562f000d50763f34e6894122e4\"\u003e\u003ccode\u003ec2a010f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8250\"\u003e#8250\u003c/a\u003e from prometheus-operator/dependabot/go_modules/githu...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/compare/v0.87.1...v0.88.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/mod` from 0.31.0 to 0.32.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/mod/commit/4c04067938546e62fc0572259a68a6912726bcdd\"\u003e\u003ccode\u003e4c04067\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/mod/compare/v0.31.0...v0.32.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.39.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2f442297556c884f9b52fc6ef7280083f4d65023\"\u003e\u003ccode\u003e2f44229\u003c/code\u003e\u003c/a\u003e sys/cpu: add symbolic constants for remaining cpuid bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e5770d27b7f2fca0e959b31bdb18fad4afba8565\"\u003e\u003ccode\u003ee5770d2\u003c/code\u003e\u003c/a\u003e sys/cpu: use symbolic names for masks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/714a44c845225bf4314182db4c910ef151c32d2f\"\u003e\u003ccode\u003e714a44c\u003c/code\u003e\u003c/a\u003e sys/cpu: modify x86 port to match what internal/cpu does\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/compare/v0.39.0...v0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/term` from 0.38.0 to 0.39.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/a7e5b0437ffa3159709172efbe396bc546550e23\"\u003e\u003ccode\u003ea7e5b04\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/943f25d3595f79ce29c4175d889758d38b375688\"\u003e\u003ccode\u003e943f25d\u003c/code\u003e\u003c/a\u003e x/term: handle transpose\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/9b991dd831b8a478f9fc99a0b39b492b4e25a3c0\"\u003e\u003ccode\u003e9b991dd\u003c/code\u003e\u003c/a\u003e x/term: handle delete key\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/term/compare/v0.38.0...v0.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Align URL validation with Go 1.26+ to now reject target URLs with unbracketed colons in the hostname. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003exds/resolver:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to weighted round robin metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/462","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/462","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/462/packages"},{"uuid":"3795587502","node_id":"PR_kwDOGZIwWs68QuSN","number":460,"state":"open","title":"chore(deps): Bump the production-dependencies group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-09T05:53:43.000Z","updated_at":"2026-01-09T11:00:19.347Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":6,"packages":[{"name":"github.com/onsi/gomega","old_version":"1.38.3","new_version":"1.39.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/docker/docker-credential-helpers","old_version":"0.9.4","new_version":"0.9.5","repository_url":"https://github.com/docker/docker-credential-helpers"},{"name":"golang.org/x/sys","old_version":"0.39.0","new_version":"0.40.0","repository_url":"https://github.com/golang/sys"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.3` | `1.39.0` |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.1` | `0.6.1` |\n| [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers) | `0.9.4` | `0.9.5` |\n| [golang.org/x/sys](https://github.com/golang/sys) | `0.39.0` | `0.40.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.77.0` | `1.78.0` |\n\n\nUpdates `github.com/onsi/gomega` from 1.38.3 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.39.0\u003c/h2\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/49561ad293853e660030f8397b07607127e3ebb7\"\u003e\u003ccode\u003e49561ad\u003c/code\u003e\u003c/a\u003e v1.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8f7f42585ccc794dcb3a4979ac7d67e00fb070ae\"\u003e\u003ccode\u003e8f7f425\u003c/code\u003e\u003c/a\u003e document MatchErrorStrictly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/bae643da0469185d9502e8d7528da137f4c62320\"\u003e\u003ccode\u003ebae643d\u003c/code\u003e\u003c/a\u003e add matcher relecting errors.Is behavior\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.3...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker-credential-helpers` from 0.9.4 to 0.9.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker-credential-helpers/releases\"\u003egithub.com/docker/docker-credential-helpers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.9.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/395\"\u003edocker/docker-credential-helpers#395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4 to 6 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/398\"\u003edocker/docker-credential-helpers#398\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump softprops/action-gh-release from 2.3.3 to 2.4.1 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/391\"\u003edocker/docker-credential-helpers#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump softprops/action-gh-release from 2.4.1 to 2.5.0 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/397\"\u003edocker/docker-credential-helpers#397\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: remove redundant DEBIAN_FRONTEND=noninteractive \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/404\"\u003edocker/docker-credential-helpers#404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update golangci-lint to v2.8  \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/402\"\u003edocker/docker-credential-helpers#402\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: update some actions to ubuntu 24.04 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/401\"\u003edocker/docker-credential-helpers#401\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.25.2 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/392\"\u003edocker/docker-credential-helpers#392\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.25.5 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/399\"\u003edocker/docker-credential-helpers#399\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\"\u003ehttps://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/b871f765408aa5d1fa2aa490f05cab8c133937c3\"\u003e\u003ccode\u003eb871f76\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/404\"\u003e#404\u003c/a\u003e from thaJeztah/rm_noninteractive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/50c1460bf5b16ab491e0229585dfc3b9aa8d5afb\"\u003e\u003ccode\u003e50c1460\u003c/code\u003e\u003c/a\u003e Dockerfile: remove redundant DEBIAN_FRONTEND=noninteractive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/aecf6e5780107c399b55a84685340267424eb395\"\u003e\u003ccode\u003eaecf6e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/402\"\u003e#402\u003c/a\u003e from thaJeztah/bump_golangci_lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/ecf6c1ccc76ccce8b831feb3242d26f167c5f852\"\u003e\u003ccode\u003eecf6c1c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/399\"\u003e#399\u003c/a\u003e from ameya-keskar/bump_go_1.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/b844409a1263c5e16b7d0916c97feeb910587f2b\"\u003e\u003ccode\u003eb844409\u003c/code\u003e\u003c/a\u003e update to go1.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/9df2c7782a1ba4c349bf0e9150e9756a6e39f9b3\"\u003e\u003ccode\u003e9df2c77\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/401\"\u003e#401\u003c/a\u003e from thaJeztah/bump_ubuntu\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/7a15b77bcbc59e8e8d98bb771b71b27730b576de\"\u003e\u003ccode\u003e7a15b77\u003c/code\u003e\u003c/a\u003e Dockerfile: update golangci-lint to v2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/81f7ebebfd9ae664f965fbc6f14ce953774ec639\"\u003e\u003ccode\u003e81f7ebe\u003c/code\u003e\u003c/a\u003e gha: update some actions to ubuntu 24.04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/3f97cf3ce306a81eaaa50d4e0f0afc4a12e04aef\"\u003e\u003ccode\u003e3f97cf3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/398\"\u003e#398\u003c/a\u003e from docker/dependabot/github_actions/actions/upload-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/8b5e6dffc66a0fea386a7ec05539a4da3155562d\"\u003e\u003ccode\u003e8b5e6df\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/397\"\u003e#397\u003c/a\u003e from docker/dependabot/github_actions/softprops/actio...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.39.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2f442297556c884f9b52fc6ef7280083f4d65023\"\u003e\u003ccode\u003e2f44229\u003c/code\u003e\u003c/a\u003e sys/cpu: add symbolic constants for remaining cpuid bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e5770d27b7f2fca0e959b31bdb18fad4afba8565\"\u003e\u003ccode\u003ee5770d2\u003c/code\u003e\u003c/a\u003e sys/cpu: use symbolic names for masks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/714a44c845225bf4314182db4c910ef151c32d2f\"\u003e\u003ccode\u003e714a44c\u003c/code\u003e\u003c/a\u003e sys/cpu: modify x86 port to match what internal/cpu does\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/compare/v0.39.0...v0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Align URL validation with Go 1.26+ to now reject target URLs with unbracketed colons in the hostname. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003exds/resolver:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to weighted round robin metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/460","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/460","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/460/packages"},{"uuid":"3793121717","node_id":"PR_kwDOBAr5ps68IhJl","number":9701,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-08T14:28:14.000Z","updated_at":"2026-01-08T14:46:29.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":10,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/checkpoint-restore/checkpointctl","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/checkpoint-restore/checkpointctl"},{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.2","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/godbus/dbus/v5","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/godbus/dbus"},{"name":"github.com/opencontainers/runc","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"golang.org/x/sys","old_version":"0.39.0","new_version":"0.40.0","repository_url":"https://github.com/golang/sys"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"},{"name":"google.golang.org/protobuf","old_version":"1.36.10","new_version":"1.36.11"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/checkpoint-restore/checkpointctl](https://github.com/checkpoint-restore/checkpointctl) | `1.4.0` | `1.4.1` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.29` | `1.7.30` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.2` | `0.6.1` |\n| [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) | `5.2.0` | `5.2.2` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.3.2` | `1.4.0` |\n| [golang.org/x/sys](https://github.com/golang/sys) | `0.39.0` | `0.40.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.77.0` | `1.78.0` |\n| google.golang.org/protobuf | `1.36.10` | `1.36.11` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/checkpoint-restore/checkpointctl` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/releases\"\u003egithub.com/checkpoint-restore/checkpointctl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in the all group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/172\"\u003echeckpoint-restore/checkpointctl#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/176\"\u003echeckpoint-restore/checkpointctl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eworkflows: add explicit permissions to fix CodeQL warnings by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/177\"\u003echeckpoint-restore/checkpointctl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump minimum Go version to 1.24.6 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/178\"\u003echeckpoint-restore/checkpointctl#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/e9889f5c195f05f00137c9a77ad32d7d6ee53f7f\"\u003e\u003ccode\u003ee9889f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/178\"\u003e#178\u003c/a\u003e from adrianreber/2025-12-10-1-24-6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/b336c8e4a34e8cb3ccc9e64ec6e338f807b10c90\"\u003e\u003ccode\u003eb336c8e\u003c/code\u003e\u003c/a\u003e go.mod: bump minimum Go version to 1.24.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/251977630df3bd5ff051081d645d0acac73cd6de\"\u003e\u003ccode\u003e2519776\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/177\"\u003e#177\u003c/a\u003e from adrianreber/2025-12-10-codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/050500942d1d11281653a19a0a703992f1849258\"\u003e\u003ccode\u003e0505009\u003c/code\u003e\u003c/a\u003e workflows: add explicit permissions to fix CodeQL warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d6f6e40aabf8e837b6d85d3a5b59b9e7e58e478\"\u003e\u003ccode\u003e1d6f6e4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/176\"\u003e#176\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-737...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/969270bba8ab3778da1c3bace124416bfe114aa7\"\u003e\u003ccode\u003e969270b\u003c/code\u003e\u003c/a\u003e chore(deps): Bump the all group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/fd183169177789401ba7fcff355971ced22884bd\"\u003e\u003ccode\u003efd18316\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/172\"\u003e#172\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-ba2...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d82e5ac9f3e219cdbfc75334153fa651151a770\"\u003e\u003ccode\u003e1d82e5a\u003c/code\u003e\u003c/a\u003e chore(deps): Bump github.com/spf13/cobra in the all group\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.29 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.2 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f466aa3630920b694b2d32b037375e55520bdf5b\"\u003e\u003ccode\u003ef466aa3\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/83\"\u003e#83\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/67db5d4c764ad99bc947581f1973b24bc62ffc20\"\u003e\u003ccode\u003e67db5d4\u003c/code\u003e\u003c/a\u003e tests: hard-fail openat2 in openat2-disabled tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f51984fd0a9093abd4047041537c7dfcb79fbd8b\"\u003e\u003ccode\u003ef51984f\u003c/code\u003e\u003c/a\u003e gha: run tests on vX.Y.Z branches\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.2...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/godbus/dbus/v5` from 5.2.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/godbus/dbus/releases\"\u003egithub.com/godbus/dbus/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ununsed import in windows specific code by \u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump freebsd to 14.3 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/421\"\u003egodbus/dbus#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow more than 32 containers / struct fields in a signature by \u003ca href=\"https://github.com/guelfey\"\u003e\u003ccode\u003e@​guelfey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/426\"\u003egodbus/dbus#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci-lint to v2, fix some issues found by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/419\"\u003egodbus/dbus#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and simplify getHomeDir by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/422\"\u003egodbus/dbus#422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/a8ac15ba63645f02ffd57f4b443203279ab40b30\"\u003e\u003ccode\u003ea8ac15b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/427\"\u003e#427\u003c/a\u003e from dims/drop-unused-import-in-windows-specific-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/e638c721d984eab99e7a5d674ece2e17ea913aca\"\u003e\u003ccode\u003ee638c72\u003c/code\u003e\u003c/a\u003e Drop ununsed import in windows specific code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/20d95a3d9a57a5cb72cbdafb3fd9ecb6d2ccd038\"\u003e\u003ccode\u003e20d95a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/422\"\u003e#422\u003c/a\u003e from kolyshkin/homedir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d3fc3b583895e27c3337f77ea7134b0a81159955\"\u003e\u003ccode\u003ed3fc3b5\u003c/code\u003e\u003c/a\u003e Fix and simplify getHomeDir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/88ce46364db66b69f70017265a312b26ad7feba8\"\u003e\u003ccode\u003e88ce463\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/419\"\u003e#419\u003c/a\u003e from kolyshkin/golangci-v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/feb892a0347fb361350229d969a2666a4791504e\"\u003e\u003ccode\u003efeb892a\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/c5ff039e5883a86f848ad6fbb820e471818c0bde\"\u003e\u003ccode\u003ec5ff039\u003c/code\u003e\u003c/a\u003e Ignore ST1008 warning for validSingle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/135663e52698feb5ad4b0733d7e457c82227214a\"\u003e\u003ccode\u003e135663e\u003c/code\u003e\u003c/a\u003e Omit embedded fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/1b92cdcc136567c781bcc0ad1ccb4bd78b11e151\"\u003e\u003ccode\u003e1b92cdc\u003c/code\u003e\u003c/a\u003e variant_parser: simplify switch statement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d03c0bea70755580de832141a43f544950e76fc7\"\u003e\u003ccode\u003ed03c0be\u003c/code\u003e\u003c/a\u003e Use switch where it makes sense\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.0 -- \u0026quot;路漫漫其修远兮，吾将上下而求索！\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the first release of the 1.4.z release branch of runc. It\ncontains a few fixes for issues found in 1.4.0-rc.3. This version of\nrunc supports runtime-spec v1.3 (see [\u003ccode\u003edocs/spec-conformance.md\u003c/code\u003e][] for the\nfew features that are still missing).\u003c/p\u003e\n\u003cp\u003eThis is the second release of runc following our new release and support\npolicy (see [\u003ccode\u003eRELEASES.md\u003c/code\u003e][] for more details). This means that, as of this\nrelease:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe runc 1.2.z release branch will now only receive \u003cem\u003ehigh severity\u003c/em\u003e\nCVE fixes, and will no longer be supported in less than 6 months (end\nof April 2026).\u003c/li\u003e\n\u003cli\u003eThe runc 1.3.z release branch will now only receive security and\n\u0026quot;significant\u0026quot; bugfixes.\u003c/li\u003e\n\u003cli\u003eUsers are encouraged to plan migrating to runc 1.4.0 as soon as\npossible.\u003c/li\u003e\n\u003cli\u003eDespite this release being delayed by a month, users should still\nexpect a runc 1.5.0 release in late April 2026.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n[CVE-2025-52881][] mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the [CVE-2025-52881][]\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.0] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e路漫漫其修远兮，吾将上下而求索！\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\nusers. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: switch to \u003ccode\u003e(*CPUSet).Fill\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4927\"\u003e#4927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs/spec-conformance.md: update for spec v1.3.0. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4948\"\u003e#4948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.3.4] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTake me to your heart, take me to your soul.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4966\"\u003e#4966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the\ntarget path already existed. This fixes a regression introduced in our\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bd78a9977e604c4d5f67a7415d7b8b8c109cdc4\"\u003e\u003ccode\u003e8bd78a9\u003c/code\u003e\u003c/a\u003e VERSION: release 1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7d84a1282aaab9f106b19511de011df1a4510752\"\u003e\u003ccode\u003e7d84a12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5005\"\u003e#5005\u003c/a\u003e from cyphar/1.4-hallucinated-paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c362d6bd2107bc8ae25f88e93b31fe85c8222b81\"\u003e\u003ccode\u003ec362d6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5040\"\u003e#5040\u003c/a\u003e from cyphar/1.4-better-init-errors-4928\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/f1d0dd8fb36abf4ad5e8502bca7f18d921560790\"\u003e\u003ccode\u003ef1d0dd8\u003c/code\u003e\u003c/a\u003e runc create/run/exec: show fatal errors from init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/46156624b77fd995e6fc45df097aa94a6b8be5c2\"\u003e\u003ccode\u003e4615662\u003c/code\u003e\u003c/a\u003e libct/nsenter: better read/write errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c4a61c0227580d730b887788f6a9c5d09238ed64\"\u003e\u003ccode\u003ec4a61c0\u003c/code\u003e\u003c/a\u003e libct/nsenter: sprinkle missing sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/493f1b10fea838dc01ab5f99e4fc3ca6a236c8b6\"\u003e\u003ccode\u003e493f1b1\u003c/code\u003e\u003c/a\u003e libct/nsenter: add and use bailx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7f9fc53c34ead1880c839da432130a3d0bb96d25\"\u003e\u003ccode\u003e7f9fc53\u003c/code\u003e\u003c/a\u003e libct/nsenter: save errno in sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e18c06bf8ee87ac6472d03ed2e28d8a9077f978f\"\u003e\u003ccode\u003ee18c06b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5041\"\u003e#5041\u003c/a\u003e from lifubang/backport-5014-fd-leaks-flake-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5bb89872f8d3cb6e58268e16644f8ca2d8ade2cf\"\u003e\u003ccode\u003e5bb8987\u003c/code\u003e\u003c/a\u003e libct/int: TestFdLeaks: deflake\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.12.0 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003cp\u003eThis release includes a minor update to reduce the minimum version\nrequirement of the \u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e package from\nv0.6.0 to v0.5.1. We did not use any of the newer features, so\ndowngrading is a no-op but will help with downstreams that need to\nbackport \u003ccode\u003egithub.com/opencontainers/selinux\u003c/code\u003e updates.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/240\"\u003eopencontainers/selinux#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edowngrade github.com/cyphar/filepath-securejoin to v0.5.1 by \u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to golangci-lint v2 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/230\"\u003eopencontainers/selinux#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/233\"\u003eopencontainers/selinux#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/234\"\u003eopencontainers/selinux#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekeyring: fix typo in EACCES check by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/235\"\u003eopencontainers/selinux#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Go 1.25, drop go 1.23, bump golangci-lint by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/236\"\u003eopencontainers/selinux#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eselinux: migrate to pathrs-lite procfs API by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/237\"\u003eopencontainers/selinux#237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/5647f06491288afa5ea45747896b359f51f7c509\"\u003e\u003ccode\u003e5647f06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/242\"\u003e#242\u003c/a\u003e from Luap99/securejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/69a52b85c9831ced6f3f512822063bff5eb41dac\"\u003e\u003ccode\u003e69a52b8\u003c/code\u003e\u003c/a\u003e downgrade github.com/cyphar/filepath-securejoin to v0.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/6950c322825bbede8032e70fbac550c497a49943\"\u003e\u003ccode\u003e6950c32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/240\"\u003e#240\u003c/a\u003e from opencontainers/dependabot/github_actions/golangc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9a88c886b3ca4f6e016057eab6f2770aff9c2024\"\u003e\u003ccode\u003e9a88c88\u003c/code\u003e\u003c/a\u003e build(deps): bump golangci/golangci-lint-action from 8 to 9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/4be9937fb76c0c49a30469135a4077fcc33712b8\"\u003e\u003ccode\u003e4be9937\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/237\"\u003e#237\u003c/a\u003e from cyphar/selinux-safe-procfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8cfa6fd2d285a96022203163c2075eda85bff54\"\u003e\u003ccode\u003ec8cfa6f\u003c/code\u003e\u003c/a\u003e selinux: migrate to pathrs-lite procfs API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/f2424d8145e2ac45a0ec457e39758cd58e573285\"\u003e\u003ccode\u003ef2424d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/236\"\u003e#236\u003c/a\u003e from kolyshkin/modernize-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/648ce7f0f85f4a310d1cd7317986fc1d6c8ff41c\"\u003e\u003ccode\u003e648ce7f\u003c/code\u003e\u003c/a\u003e ci: add go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/916cab932c940e0fc55f0c8404d503665160dd9c\"\u003e\u003ccode\u003e916cab9\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/b42e5c8eff8eab7ee590cc61d78fd3e2d38e3309\"\u003e\u003ccode\u003eb42e5c8\u003c/code\u003e\u003c/a\u003e all: format sources with latest gofumpt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.39.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2f442297556c884f9b52fc6ef7280083f4d65023\"\u003e\u003ccode\u003e2f44229\u003c/code\u003e\u003c/a\u003e sys/cpu: add symbolic constants for remaining cpuid bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e5770d27b7f2fca0e959b31bdb18fad4afba8565\"\u003e\u003ccode\u003ee5770d2\u003c/code\u003e\u003c/a\u003e sys/cpu: use symbolic names for masks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/714a44c845225bf4314182db4c910ef151c32d2f\"\u003e\u003ccode\u003e714a44c\u003c/code\u003e\u003c/a\u003e sys/cpu: modify x86 port to match what internal/cpu does\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/compare/v0.39.0...v0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Align URL validation with Go 1.26+ to now reject target URLs with unbracketed colons in the hostname. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003exds/resolver:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to weighted round robin metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.36.10 to 1.36.11\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cri-o/cri-o/pull/9701","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9701","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9701/packages"},{"uuid":"3785257048","node_id":"PR_kwDOBAr5ps67ukeN","number":9698,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-06T14:03:19.000Z","updated_at":"2026-01-06T14:03:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":9,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/checkpoint-restore/checkpointctl","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/checkpoint-restore/checkpointctl"},{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.2","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/godbus/dbus/v5","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/godbus/dbus"},{"name":"github.com/opencontainers/runc","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"},{"name":"google.golang.org/protobuf","old_version":"1.36.10","new_version":"1.36.11"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/checkpoint-restore/checkpointctl](https://github.com/checkpoint-restore/checkpointctl) | `1.4.0` | `1.4.1` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.29` | `1.7.30` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.2` | `0.6.1` |\n| [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) | `5.2.0` | `5.2.2` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.3.2` | `1.4.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.77.0` | `1.78.0` |\n| google.golang.org/protobuf | `1.36.10` | `1.36.11` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/checkpoint-restore/checkpointctl` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/releases\"\u003egithub.com/checkpoint-restore/checkpointctl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in the all group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/172\"\u003echeckpoint-restore/checkpointctl#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/176\"\u003echeckpoint-restore/checkpointctl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eworkflows: add explicit permissions to fix CodeQL warnings by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/177\"\u003echeckpoint-restore/checkpointctl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump minimum Go version to 1.24.6 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/178\"\u003echeckpoint-restore/checkpointctl#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/e9889f5c195f05f00137c9a77ad32d7d6ee53f7f\"\u003e\u003ccode\u003ee9889f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/178\"\u003e#178\u003c/a\u003e from adrianreber/2025-12-10-1-24-6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/b336c8e4a34e8cb3ccc9e64ec6e338f807b10c90\"\u003e\u003ccode\u003eb336c8e\u003c/code\u003e\u003c/a\u003e go.mod: bump minimum Go version to 1.24.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/251977630df3bd5ff051081d645d0acac73cd6de\"\u003e\u003ccode\u003e2519776\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/177\"\u003e#177\u003c/a\u003e from adrianreber/2025-12-10-codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/050500942d1d11281653a19a0a703992f1849258\"\u003e\u003ccode\u003e0505009\u003c/code\u003e\u003c/a\u003e workflows: add explicit permissions to fix CodeQL warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d6f6e40aabf8e837b6d85d3a5b59b9e7e58e478\"\u003e\u003ccode\u003e1d6f6e4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/176\"\u003e#176\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-737...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/969270bba8ab3778da1c3bace124416bfe114aa7\"\u003e\u003ccode\u003e969270b\u003c/code\u003e\u003c/a\u003e chore(deps): Bump the all group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/fd183169177789401ba7fcff355971ced22884bd\"\u003e\u003ccode\u003efd18316\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/172\"\u003e#172\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-ba2...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d82e5ac9f3e219cdbfc75334153fa651151a770\"\u003e\u003ccode\u003e1d82e5a\u003c/code\u003e\u003c/a\u003e chore(deps): Bump github.com/spf13/cobra in the all group\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.29 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.2 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f466aa3630920b694b2d32b037375e55520bdf5b\"\u003e\u003ccode\u003ef466aa3\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/83\"\u003e#83\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/67db5d4c764ad99bc947581f1973b24bc62ffc20\"\u003e\u003ccode\u003e67db5d4\u003c/code\u003e\u003c/a\u003e tests: hard-fail openat2 in openat2-disabled tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f51984fd0a9093abd4047041537c7dfcb79fbd8b\"\u003e\u003ccode\u003ef51984f\u003c/code\u003e\u003c/a\u003e gha: run tests on vX.Y.Z branches\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.2...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/godbus/dbus/v5` from 5.2.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/godbus/dbus/releases\"\u003egithub.com/godbus/dbus/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ununsed import in windows specific code by \u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump freebsd to 14.3 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/421\"\u003egodbus/dbus#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow more than 32 containers / struct fields in a signature by \u003ca href=\"https://github.com/guelfey\"\u003e\u003ccode\u003e@​guelfey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/426\"\u003egodbus/dbus#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci-lint to v2, fix some issues found by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/419\"\u003egodbus/dbus#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and simplify getHomeDir by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/422\"\u003egodbus/dbus#422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/a8ac15ba63645f02ffd57f4b443203279ab40b30\"\u003e\u003ccode\u003ea8ac15b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/427\"\u003e#427\u003c/a\u003e from dims/drop-unused-import-in-windows-specific-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/e638c721d984eab99e7a5d674ece2e17ea913aca\"\u003e\u003ccode\u003ee638c72\u003c/code\u003e\u003c/a\u003e Drop ununsed import in windows specific code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/20d95a3d9a57a5cb72cbdafb3fd9ecb6d2ccd038\"\u003e\u003ccode\u003e20d95a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/422\"\u003e#422\u003c/a\u003e from kolyshkin/homedir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d3fc3b583895e27c3337f77ea7134b0a81159955\"\u003e\u003ccode\u003ed3fc3b5\u003c/code\u003e\u003c/a\u003e Fix and simplify getHomeDir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/88ce46364db66b69f70017265a312b26ad7feba8\"\u003e\u003ccode\u003e88ce463\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/419\"\u003e#419\u003c/a\u003e from kolyshkin/golangci-v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/feb892a0347fb361350229d969a2666a4791504e\"\u003e\u003ccode\u003efeb892a\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/c5ff039e5883a86f848ad6fbb820e471818c0bde\"\u003e\u003ccode\u003ec5ff039\u003c/code\u003e\u003c/a\u003e Ignore ST1008 warning for validSingle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/135663e52698feb5ad4b0733d7e457c82227214a\"\u003e\u003ccode\u003e135663e\u003c/code\u003e\u003c/a\u003e Omit embedded fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/1b92cdcc136567c781bcc0ad1ccb4bd78b11e151\"\u003e\u003ccode\u003e1b92cdc\u003c/code\u003e\u003c/a\u003e variant_parser: simplify switch statement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d03c0bea70755580de832141a43f544950e76fc7\"\u003e\u003ccode\u003ed03c0be\u003c/code\u003e\u003c/a\u003e Use switch where it makes sense\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.0 -- \u0026quot;路漫漫其修远兮，吾将上下而求索！\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the first release of the 1.4.z release branch of runc. It\ncontains a few fixes for issues found in 1.4.0-rc.3. This version of\nrunc supports runtime-spec v1.3 (see [\u003ccode\u003edocs/spec-conformance.md\u003c/code\u003e][] for the\nfew features that are still missing).\u003c/p\u003e\n\u003cp\u003eThis is the second release of runc following our new release and support\npolicy (see [\u003ccode\u003eRELEASES.md\u003c/code\u003e][] for more details). This means that, as of this\nrelease:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe runc 1.2.z release branch will now only receive \u003cem\u003ehigh severity\u003c/em\u003e\nCVE fixes, and will no longer be supported in less than 6 months (end\nof April 2026).\u003c/li\u003e\n\u003cli\u003eThe runc 1.3.z release branch will now only receive security and\n\u0026quot;significant\u0026quot; bugfixes.\u003c/li\u003e\n\u003cli\u003eUsers are encouraged to plan migrating to runc 1.4.0 as soon as\npossible.\u003c/li\u003e\n\u003cli\u003eDespite this release being delayed by a month, users should still\nexpect a runc 1.5.0 release in late April 2026.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n[CVE-2025-52881][] mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the [CVE-2025-52881][]\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.0] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e路漫漫其修远兮，吾将上下而求索！\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\nusers. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: switch to \u003ccode\u003e(*CPUSet).Fill\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4927\"\u003e#4927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs/spec-conformance.md: update for spec v1.3.0. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4948\"\u003e#4948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.3.4] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTake me to your heart, take me to your soul.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4966\"\u003e#4966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the\ntarget path already existed. This fixes a regression introduced in our\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bd78a9977e604c4d5f67a7415d7b8b8c109cdc4\"\u003e\u003ccode\u003e8bd78a9\u003c/code\u003e\u003c/a\u003e VERSION: release 1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7d84a1282aaab9f106b19511de011df1a4510752\"\u003e\u003ccode\u003e7d84a12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5005\"\u003e#5005\u003c/a\u003e from cyphar/1.4-hallucinated-paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c362d6bd2107bc8ae25f88e93b31fe85c8222b81\"\u003e\u003ccode\u003ec362d6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5040\"\u003e#5040\u003c/a\u003e from cyphar/1.4-better-init-errors-4928\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/f1d0dd8fb36abf4ad5e8502bca7f18d921560790\"\u003e\u003ccode\u003ef1d0dd8\u003c/code\u003e\u003c/a\u003e runc create/run/exec: show fatal errors from init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/46156624b77fd995e6fc45df097aa94a6b8be5c2\"\u003e\u003ccode\u003e4615662\u003c/code\u003e\u003c/a\u003e libct/nsenter: better read/write errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c4a61c0227580d730b887788f6a9c5d09238ed64\"\u003e\u003ccode\u003ec4a61c0\u003c/code\u003e\u003c/a\u003e libct/nsenter: sprinkle missing sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/493f1b10fea838dc01ab5f99e4fc3ca6a236c8b6\"\u003e\u003ccode\u003e493f1b1\u003c/code\u003e\u003c/a\u003e libct/nsenter: add and use bailx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7f9fc53c34ead1880c839da432130a3d0bb96d25\"\u003e\u003ccode\u003e7f9fc53\u003c/code\u003e\u003c/a\u003e libct/nsenter: save errno in sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e18c06bf8ee87ac6472d03ed2e28d8a9077f978f\"\u003e\u003ccode\u003ee18c06b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5041\"\u003e#5041\u003c/a\u003e from lifubang/backport-5014-fd-leaks-flake-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5bb89872f8d3cb6e58268e16644f8ca2d8ade2cf\"\u003e\u003ccode\u003e5bb8987\u003c/code\u003e\u003c/a\u003e libct/int: TestFdLeaks: deflake\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.12.0 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003cp\u003eThis release includes a minor update to reduce the minimum version\nrequirement of the \u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e package from\nv0.6.0 to v0.5.1. We did not use any of the newer features, so\ndowngrading is a no-op but will help with downstreams that need to\nbackport \u003ccode\u003egithub.com/opencontainers/selinux\u003c/code\u003e updates.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/240\"\u003eopencontainers/selinux#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edowngrade github.com/cyphar/filepath-securejoin to v0.5.1 by \u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to golangci-lint v2 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/230\"\u003eopencontainers/selinux#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/233\"\u003eopencontainers/selinux#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/234\"\u003eopencontainers/selinux#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekeyring: fix typo in EACCES check by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/235\"\u003eopencontainers/selinux#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Go 1.25, drop go 1.23, bump golangci-lint by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/236\"\u003eopencontainers/selinux#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eselinux: migrate to pathrs-lite procfs API by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/237\"\u003eopencontainers/selinux#237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/5647f06491288afa5ea45747896b359f51f7c509\"\u003e\u003ccode\u003e5647f06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/242\"\u003e#242\u003c/a\u003e from Luap99/securejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/69a52b85c9831ced6f3f512822063bff5eb41dac\"\u003e\u003ccode\u003e69a52b8\u003c/code\u003e\u003c/a\u003e downgrade github.com/cyphar/filepath-securejoin to v0.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/6950c322825bbede8032e70fbac550c497a49943\"\u003e\u003ccode\u003e6950c32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/240\"\u003e#240\u003c/a\u003e from opencontainers/dependabot/github_actions/golangc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9a88c886b3ca4f6e016057eab6f2770aff9c2024\"\u003e\u003ccode\u003e9a88c88\u003c/code\u003e\u003c/a\u003e build(deps): bump golangci/golangci-lint-action from 8 to 9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/4be9937fb76c0c49a30469135a4077fcc33712b8\"\u003e\u003ccode\u003e4be9937\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/237\"\u003e#237\u003c/a\u003e from cyphar/selinux-safe-procfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8cfa6fd2d285a96022203163c2075eda85bff54\"\u003e\u003ccode\u003ec8cfa6f\u003c/code\u003e\u003c/a\u003e selinux: migrate to pathrs-lite procfs API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/f2424d8145e2ac45a0ec457e39758cd58e573285\"\u003e\u003ccode\u003ef2424d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/236\"\u003e#236\u003c/a\u003e from kolyshkin/modernize-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/648ce7f0f85f4a310d1cd7317986fc1d6c8ff41c\"\u003e\u003ccode\u003e648ce7f\u003c/code\u003e\u003c/a\u003e ci: add go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/916cab932c940e0fc55f0c8404d503665160dd9c\"\u003e\u003ccode\u003e916cab9\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/b42e5c8eff8eab7ee590cc61d78fd3e2d38e3309\"\u003e\u003ccode\u003eb42e5c8\u003c/code\u003e\u003c/a\u003e all: format sources with latest gofumpt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Align URL validation with Go 1.26+ to now reject target URLs with unbracketed colons in the hostname. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003exds/resolver:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to weighted round robin metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.36.10 to 1.36.11\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cri-o/cri-o/pull/9698","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9698","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9698/packages"},{"uuid":"3785252635","node_id":"PR_kwDODz9-J867ujip","number":1564,"state":"closed","title":"Bump the go-deps group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-01-22T11:58:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-01-06T14:01:49.000Z","updated_at":"2026-01-22T11:58:23.000Z","time_to_close":1374993,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go-deps","update_count":7,"packages":[{"name":"filippo.io/age","old_version":"1.2.1","new_version":"1.3.1","repository_url":"https://github.com/FiloSottile/age"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.6.0","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/fluxcd/cli-utils","old_version":"0.36.0-flux.15","new_version":"0.37.0-flux.1","repository_url":"https://github.com/fluxcd/cli-utils"},{"name":"github.com/fluxcd/pkg/auth","old_version":"0.33.0","new_version":"0.34.0","repository_url":"https://github.com/fluxcd/pkg"},{"name":"github.com/onsi/gomega","old_version":"1.38.2","new_version":"1.38.3","repository_url":"https://github.com/onsi/gomega"},{"name":"golang.org/x/net","old_version":"0.47.0","new_version":"0.48.0","repository_url":"https://github.com/golang/net"},{"name":"golang.org/x/oauth2","old_version":"0.33.0","new_version":"0.34.0","repository_url":"https://github.com/golang/oauth2"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-deps group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [filippo.io/age](https://github.com/FiloSottile/age) | `1.2.1` | `1.3.1` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.6.0` | `0.6.1` |\n| [github.com/fluxcd/cli-utils](https://github.com/fluxcd/cli-utils) | `0.36.0-flux.15` | `0.37.0-flux.1` |\n| [github.com/fluxcd/pkg/auth](https://github.com/fluxcd/pkg) | `0.33.0` | `0.34.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.2` | `1.38.3` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.47.0` | `0.48.0` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.33.0` | `0.34.0` |\n\n\nUpdates `filippo.io/age` from 1.2.1 to 1.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/FiloSottile/age/releases\"\u003efilippo.io/age's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003ev1.3.1 is a minor release to restore version injection from downstream package build processes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/FiloSottile/age/releases/tag/v1.3.0\"\u003ethe v1.3.0 release notes\u003c/a\u003e for an overview of recent additions.\u003c/p\u003e\n\u003ch2\u003eage v1.3.0: post-quantum (and more)!\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eExactly six years after \u003ca href=\"https://github.com/FiloSottile/age/releases/tag/v1.0.0-beta1\"\u003ethe first age beta release\u003c/a\u003e, v1.3.0 brings post-quantum resistance to age, along with a couple long-requested features, built-in support for recipients compatible with hardware plugins, I/O API improvements, and many usability enhancements.\u003c/p\u003e\n\u003ch3\u003ePost-quantum recipients\u003c/h3\u003e\n\u003cp\u003eage now has native post-quantum recipients based on HPKE with a hybrid ML-KEM-768 KEM. The recipients start with \u003ccode\u003eage1pq1...\u003c/code\u003e, and the identities start with \u003ccode\u003eAGE-SECRET-KEY-PQ-1...\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eTo generate a post-quantum keypair:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e$ age-keygen -pq\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eIf you have your own age implementation, C2SP has \u003ca href=\"http://c2sp.org/age#the-mlkem768-x25519-ie-x-wing-hybrid-post-quantum-recipient-type\"\u003ethe specification\u003c/a\u003e, and CCTV has \u003ca href=\"https://github.com/C2SP/CCTV/tree/main/age\"\u003etest vectors\u003c/a\u003e for the new hybrid recipient types.\u003c/p\u003e\n\u003cp\u003e(If you are using an older age client, \u003ca href=\"https://github.com/FiloSottile/age/tree/main/extra/age-plugin-pq\"\u003ean optional plugin\u003c/a\u003e is available that provides out-of-the-box support for encryption to hybrid recipients. Hybrid identities can be converted to work with the plugin with \u003ccode\u003eage-plugin-pq -identity\u003c/code\u003e.)\u003c/p\u003e\n\u003ch3\u003eNew I/O APIs\u003c/h3\u003e\n\u003cp\u003eThe new \u003ca href=\"https://filippo.io/age#DecryptReaderAt\"\u003eDecryptReaderAt\u003c/a\u003e API implements seeking decryption, which can be used with \u003ca href=\"https://pkg.go.dev/archive/zip#NewReader\"\u003ezip.NewReader\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThe new \u003ca href=\"https://filippo.io/age#EncryptReader\"\u003eEncryptReader\u003c/a\u003e API implements pull-based encryption by wrapping an io.Reader, as opposed to wrapping an io.Writer like \u003ca href=\"https://filippo.io/age#Encrypt\"\u003eEncrypt\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eage-inspect\u003c/h3\u003e\n\u003cp\u003eThe new \u003ca href=\"https://htmlpreview.github.io/?https://github.com/FiloSottile/age/blob/main/doc/age-inspect.1.html\"\u003eage-inspect(1) tool\u003c/a\u003e presents the metadata of an age file without decrypting it.\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ehello.age is an age file, version \u0026quot;age-encryption.org/v1\u0026quot;.\n\u003cp\u003eThis file is ASCII-armored.\u003c/p\u003e\n\u003cp\u003eThis file is encrypted to the following recipient types:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;mlkem768x25519\u0026quot;\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis file uses post-quantum encryption.\u003c/p\u003e\n\u003cp\u003eSize breakdown (assuming it decrypts successfully):\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eHeader                      1627 bytes\nArmor overhead              1350 bytes\nEncryption overhead           32 bytes\nPayload                     1959 bytes\n                    -------------------\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/b8564adb6d58329b8a3e267360ca2b0abc4efe1d\"\u003e\u003ccode\u003eb8564ad\u003c/code\u003e\u003c/a\u003e .github/workflows: inject version into source release artifact\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/e4c611f7788591615ce7aaa3022aef970f8c80ca\"\u003e\u003ccode\u003ee4c611f\u003c/code\u003e\u003c/a\u003e cmd,extra: restore the Version link-time variable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/6a8065f2da1cc3e00a1b4cb39bef5fbdf4c48960\"\u003e\u003ccode\u003e6a8065f\u003c/code\u003e\u003c/a\u003e SIGSUM.md: update policy for v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/50a600eef58908b394750b5136fc825fb0650d0e\"\u003e\u003ccode\u003e50a600e\u003c/code\u003e\u003c/a\u003e .github/workflows: improve release reproducibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/13aab81842ab690a438a36307438fefcbc04d12d\"\u003e\u003ccode\u003e13aab81\u003c/code\u003e\u003c/a\u003e .github/workflows: build and release source tarball\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/52338c20dfda76394fc555026c609bdae4b2b02f\"\u003e\u003ccode\u003e52338c2\u003c/code\u003e\u003c/a\u003e .github/workflows: enable GitHub artifact attestation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/b70af412152535872ee5888c5eac4e8b516b188a\"\u003e\u003ccode\u003eb70af41\u003c/code\u003e\u003c/a\u003e cmd/age: don't output binary plaintext to terminal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/420273952ab2e5a321b984846411e973b8da867f\"\u003e\u003ccode\u003e4202739\u003c/code\u003e\u003c/a\u003e internal/stream: fix DecryptReaderAt concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/da2191789a4db9a68ed5f078aca2ac49d55e7740\"\u003e\u003ccode\u003eda21917\u003c/code\u003e\u003c/a\u003e age: add ExampleDecryptReaderAt with zip.NewReader\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/2ff5d341f60048df811511920737328b55bb54be\"\u003e\u003ccode\u003e2ff5d34\u003c/code\u003e\u003c/a\u003e age: add DecryptReaderAt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FiloSottile/age/compare/v1.2.1...v1.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.6.0 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.6.0...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/fluxcd/cli-utils` from 0.36.0-flux.15 to 0.37.0-flux.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/aebccc70091575a3bd9aca3513698be58abcd281\"\u003e\u003ccode\u003eaebccc7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/cli-utils/issues/17\"\u003e#17\u003c/a\u003e from mattfarina/1.35-support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/52021630a467da52ed0f0d01e099666245b46ff5\"\u003e\u003ccode\u003e5202163\u003c/code\u003e\u003c/a\u003e Updating golangci-lint for Go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/86f17bb553b584812a236c63b668308fb56170ba\"\u003e\u003ccode\u003e86f17bb\u003c/code\u003e\u003c/a\u003e Upgrade golangci-lint and fix warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/244d65b69ed0020842448723cf9a94e100ca1521\"\u003e\u003ccode\u003e244d65b\u003c/code\u003e\u003c/a\u003e Add k8s 1.35 support\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/cli-utils/compare/v0.36.0-flux.15...v0.37.0-flux.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/fluxcd/pkg/auth` from 0.33.0 to 0.34.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/c866cff616bd964918fb5a00109d132c6f7d3ef6\"\u003e\u003ccode\u003ec866cff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/980\"\u003e#980\u003c/a\u003e from fluxcd/fix-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/72ea7ac97f37f7bf414a31442df9d1270519ca4e\"\u003e\u003ccode\u003e72ea7ac\u003c/code\u003e\u003c/a\u003e github: Remove redundant options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/66a0184e4d194649da36b6249da24f6f469a3773\"\u003e\u003ccode\u003e66a0184\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/979\"\u003e#979\u003c/a\u003e from fluxcd/preview-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/e9a43c60b3cc785248b3fbcd1e51dfa81d63bfdf\"\u003e\u003ccode\u003ee9a43c6\u003c/code\u003e\u003c/a\u003e Add Preview Release workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/6d798f435313c60b254c0361d60eabf86eada463\"\u003e\u003ccode\u003e6d798f4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/960\"\u003e#960\u003c/a\u003e from fluxcd/restconfig\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/8bef64b1663501bbd044205ec131ff6651f41be0\"\u003e\u003ccode\u003e8bef64b\u003c/code\u003e\u003c/a\u003e [RFC-0010] Introduce authentication for clusters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/97cc6ae9e4e1df680bf4b2039c7526773bbfc368\"\u003e\u003ccode\u003e97cc6ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/978\"\u003e#978\u003c/a\u003e from fluxcd/make-sops-secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/e4649aeb4cf821e815819a1a9bb80e47666f9f6a\"\u003e\u003ccode\u003ee4649ae\u003c/code\u003e\u003c/a\u003e runtime/secrets: Add \u003ccode\u003eMakeSOPSSecret\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/5d6f266ea7ce1ee52548fd62349cc4ba53a42d44\"\u003e\u003ccode\u003e5d6f266\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/977\"\u003e#977\u003c/a\u003e from fluxcd/set-secret-gvk\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/5aaefdfd833ffa40fffa5aaff5febd167d233cd5\"\u003e\u003ccode\u003e5aaefdf\u003c/code\u003e\u003c/a\u003e runtime/secrets: Set GVK on generated secrets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fluxcd/pkg/compare/git/v0.33.0...git/v0.34.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.38.2 to 1.38.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.38.3\u003c/h2\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/a3ca2ca026268dc6acfc60a2e8393b33b428c507\"\u003e\u003ccode\u003ea3ca2ca\u003c/code\u003e\u003c/a\u003e v1.38.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/4dada364c7635fffe6b8a6b45a7588dabd64cdf4\"\u003e\u003ccode\u003e4dada36\u003c/code\u003e\u003c/a\u003e fix failing have http tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/d40c6917ce1a2c9299bda4b900b59d80bdefc689\"\u003e\u003ccode\u003ed40c691\u003c/code\u003e\u003c/a\u003e make string formatitng more consistent for users who use format.Object directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/2a37b463cac790e945d16f52c1c13a4e835511a1\"\u003e\u003ccode\u003e2a37b46\u003c/code\u003e\u003c/a\u003e doc: fix typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/ee26170d3a0a21d5702f4164df42eb99c50221d7\"\u003e\u003ccode\u003eee26170\u003c/code\u003e\u003c/a\u003e docs: fix HaveValue example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/cc85c057ff99d6ed21998bd44f5983e42d20df81\"\u003e\u003ccode\u003ecc85c05\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 5 to 6 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/866\"\u003e#866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8905788e27ddae9e222ee6062e25fcf256fdb738\"\u003e\u003ccode\u003e8905788\u003c/code\u003e\u003c/a\u003e Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/865\"\u003e#865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/67552c5961c7c6ca98bfb5c28fedafe8a046b4e7\"\u003e\u003ccode\u003e67552c5\u003c/code\u003e\u003c/a\u003e chore: apply fixes from Go modernize command\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.38.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.47.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/35e1306bddd863f360fb94480c5fed84229953f0\"\u003e\u003ccode\u003e35e1306\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7c360367ab7e57c0cfb7aef368fc6acefaaac3b1\"\u003e\u003ccode\u003e7c36036\u003c/code\u003e\u003c/a\u003e http2, webdav, websocket: fix %q verb uses with wrong type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ec11eccf5a0f725281df0cdf40bb7ebef51d57ea\"\u003e\u003ccode\u003eec11ecc\u003c/code\u003e\u003c/a\u003e trace: fix data race in RenderEvents\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/bff14c52567061031b9761881907c39e24792736\"\u003e\u003ccode\u003ebff14c5\u003c/code\u003e\u003c/a\u003e http2: don't PING a responsive server when resetting a stream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/88a642172c174ab11f4c56f0ede777de3c8a21d4\"\u003e\u003ccode\u003e88a6421\u003c/code\u003e\u003c/a\u003e dns/dnsmessage: avoid use of \u0026quot;strings\u0026quot; and \u0026quot;math\u0026quot; in dns/dnsmessage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/123d099e1bd872b38247bbcf9856540b8420d18d\"\u003e\u003ccode\u003e123d099\u003c/code\u003e\u003c/a\u003e http2: support net/http.Transport.NewClientConn\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/346cc6157ee53301dea14e57a45c22368ab46e55\"\u003e\u003ccode\u003e346cc61\u003c/code\u003e\u003c/a\u003e webdav: relax test to check for any redirect status, not just 301\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/compare/v0.47.0...v0.48.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.33.0 to 0.34.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/acc38155b7f6f36aefcb58faff6f36d314dd915c\"\u003e\u003ccode\u003eacc3815\u003c/code\u003e\u003c/a\u003e endpoints: fix %q verb use with wrong type\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/compare/v0.33.0...v0.34.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/fluxcd/kustomize-controller/pull/1564","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fluxcd%2Fkustomize-controller/issues/1564","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1564/packages"},{"uuid":"3774017192","node_id":"PR_kwDODxdq0c67K0DN","number":1952,"state":"closed","title":"build(deps): bump the go-deps group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-01-12T14:46:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-01-01T02:04:21.000Z","updated_at":"2026-01-12T14:46:50.000Z","time_to_close":996148,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go-deps","update_count":13,"packages":[{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.6.0","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/fluxcd/cli-utils","old_version":"0.36.0-flux.15","new_version":"0.37.0-flux.1","repository_url":"https://github.com/fluxcd/cli-utils"},{"name":"github.com/fluxcd/pkg/runtime","old_version":"0.90.0","new_version":"0.92.0","repository_url":"https://github.com/fluxcd/pkg"},{"name":"github.com/go-git/go-billy/v5","old_version":"5.6.2","new_version":"5.7.0","repository_url":"https://github.com/go-git/go-billy"},{"name":"github.com/go-git/go-git/v5","old_version":"5.16.3","new_version":"5.16.4","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/minio/minio-go/v7","old_version":"7.0.95","new_version":"7.0.97","repository_url":"https://github.com/minio/minio-go"},{"name":"github.com/onsi/gomega","old_version":"1.38.2","new_version":"1.38.3","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/sigstore/cosign/v2","old_version":"2.5.2","new_version":"2.6.1","repository_url":"https://github.com/sigstore/cosign"},{"name":"golang.org/x/oauth2","old_version":"0.33.0","new_version":"0.34.0","repository_url":"https://github.com/golang/oauth2"},{"name":"golang.org/x/sync","old_version":"0.18.0","new_version":"0.19.0","repository_url":"https://github.com/golang/sync"},{"name":"google.golang.org/api","old_version":"0.256.0","new_version":"0.258.0","repository_url":"https://github.com/googleapis/google-api-go-client"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-deps group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.6.0` | `0.6.1` |\n| [github.com/fluxcd/cli-utils](https://github.com/fluxcd/cli-utils) | `0.36.0-flux.15` | `0.37.0-flux.1` |\n| [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) | `0.90.0` | `0.92.0` |\n| [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.6.2` | `5.7.0` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.3` | `5.16.4` |\n| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.95` | `7.0.97` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.2` | `1.38.3` |\n| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.5.2` | `2.6.1` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.33.0` | `0.34.0` |\n| [golang.org/x/sync](https://github.com/golang/sync) | `0.18.0` | `0.19.0` |\n| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.256.0` | `0.258.0` |\n\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.6.0 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.6.0...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/fluxcd/cli-utils` from 0.36.0-flux.15 to 0.37.0-flux.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/aebccc70091575a3bd9aca3513698be58abcd281\"\u003e\u003ccode\u003eaebccc7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/cli-utils/issues/17\"\u003e#17\u003c/a\u003e from mattfarina/1.35-support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/52021630a467da52ed0f0d01e099666245b46ff5\"\u003e\u003ccode\u003e5202163\u003c/code\u003e\u003c/a\u003e Updating golangci-lint for Go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/86f17bb553b584812a236c63b668308fb56170ba\"\u003e\u003ccode\u003e86f17bb\u003c/code\u003e\u003c/a\u003e Upgrade golangci-lint and fix warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/244d65b69ed0020842448723cf9a94e100ca1521\"\u003e\u003ccode\u003e244d65b\u003c/code\u003e\u003c/a\u003e Add k8s 1.35 support\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/cli-utils/compare/v0.36.0-flux.15...v0.37.0-flux.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/fluxcd/pkg/runtime` from 0.90.0 to 0.92.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/cac55028ec9b367d40381b50f75d7bd26abc36cc\"\u003e\u003ccode\u003ecac5502\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/1054\"\u003e#1054\u003c/a\u003e from cappyzawa/proxy-url-validation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/e4755cafec3190a9c67fc5c98877766c6d966718\"\u003e\u003ccode\u003ee4755ca\u003c/code\u003e\u003c/a\u003e Prepare for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/8a1b9500e3e046bb329207c5814a2c92362ff106\"\u003e\u003ccode\u003e8a1b950\u003c/code\u003e\u003c/a\u003e runtime/secrets: validate proxy URL scheme and length\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/c346f722d59779ceacf5c23eebdc34e1f60bc385\"\u003e\u003ccode\u003ec346f72\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/1052\"\u003e#1052\u003c/a\u003e from fluxcd/dependabot/github_actions/ci-5da62fd8be\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/1f716aff7f99e157a866475e70dc1e2d3cc28544\"\u003e\u003ccode\u003e1f716af\u003c/code\u003e\u003c/a\u003e build(deps): bump the ci group across 1 directory with 6 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/6c31cd0161c345ed8f990596e3183417fc2152d7\"\u003e\u003ccode\u003e6c31cd0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/1051\"\u003e#1051\u003c/a\u003e from fluxcd/gate-watch-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/42a3f1b17d6a8f020702902cf75906d6e922dc4a\"\u003e\u003ccode\u003e42a3f1b\u003c/code\u003e\u003c/a\u003e Prepare for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/1449666797ba6754a146dc2fbd64a2bc8ddfb59c\"\u003e\u003ccode\u003e1449666\u003c/code\u003e\u003c/a\u003e runtime/controller: add feature gate for config watchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/pkg/compare/runtime/v0.90.0...runtime/v0.92.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-git/go-billy/v5` from 5.6.2 to 5.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-git/go-billy/releases\"\u003egithub.com/go-git/go-billy/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.7.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Chmod on billy.Filesystem by \u003ca href=\"https://github.com/bitfehler\"\u003e\u003ccode\u003e@​bitfehler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-billy/pull/171\"\u003ego-git/go-billy#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-billy/pull/177\"\u003ego-git/go-billy#177\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0\"\u003ehttps://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-billy/commit/cc50ee75c06c917f097a7ea5f1e3cbb21b7b8e0a\"\u003e\u003ccode\u003ecc50ee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-billy/issues/177\"\u003e#177\u003c/a\u003e from go-git/renovate/releases/v5.x-go-golang.org-x-ne...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-billy/commit/c3a90034ee126d2f28feaf9cd8e241a70e19a51b\"\u003e\u003ccode\u003ec3a9003\u003c/code\u003e\u003c/a\u003e build: Update module golang.org/x/net to v0.38.0 [SECURITY]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-billy/commit/9263834eec5f778f6991567928e9c4bcfab2c78f\"\u003e\u003ccode\u003e9263834\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-billy/issues/171\"\u003e#171\u003c/a\u003e from bitfehler/releases/v5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-billy/commit/94b84fc5c88ca2d2c1e07bd4e4260dee80575ec7\"\u003e\u003ccode\u003e94b84fc\u003c/code\u003e\u003c/a\u003e Add support for Chmod on billy.Filesystem\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-git/go-git/v5` from 5.16.3 to 5.16.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-git/go-git/releases\"\u003egithub.com/go-git/go-git/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.16.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebackport plumbing: format/idxfile, prevent panic by \u003ca href=\"https://github.com/swills\"\u003e\u003ccode\u003e@​swills\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1732\"\u003ego-git/go-git#1732\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[backport] build: test, Fix build on Windows. by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1734\"\u003ego-git/go-git#1734\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1742\"\u003ego-git/go-git#1742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1741\"\u003ego-git/go-git#1741\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1743\"\u003ego-git/go-git#1743\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.16.3...v5.16.4\"\u003ehttps://github.com/go-git/go-git/compare/v5.16.3...v5.16.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/de8ecc3b52e6a37b24a5a8ca362b54cafed2bc0b\"\u003e\u003ccode\u003ede8ecc3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1743\"\u003e#1743\u003c/a\u003e from go-git/renovate/releases/v5.x-go-github.com-go-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/3e752f043d07fd7f34edb6818b187c0267a5c762\"\u003e\u003ccode\u003e3e752f0\u003c/code\u003e\u003c/a\u003e build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/3a317549e0ca40927f062a3d53873ecc36a810c1\"\u003e\u003ccode\u003e3a31754\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1741\"\u003e#1741\u003c/a\u003e from go-git/renovate/releases/v5.x-go-github.com-clo...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/acc28f117fb304f9197601cf0230ef8d263258a6\"\u003e\u003ccode\u003eacc28f1\u003c/code\u003e\u003c/a\u003e build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/95f388043ec1dd955327cec8b3b4b566a6e356ee\"\u003e\u003ccode\u003e95f3880\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1742\"\u003e#1742\u003c/a\u003e from go-git/renovate/releases/v5.x-go-golang.org-x-n...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/329f9266ae5d8ca6cb58ce3206004165090bd3cc\"\u003e\u003ccode\u003e329f926\u003c/code\u003e\u003c/a\u003e build: Update module golang.org/x/net to v0.38.0 [SECURITY]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/399e04beb0b3284c5cb0d2bf684bb430c6612146\"\u003e\u003ccode\u003e399e04b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1734\"\u003e#1734\u003c/a\u003e from pjbgf/fix-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/2025eae3aed7eeb0659893c069f918155c6b8b78\"\u003e\u003ccode\u003e2025eae\u003c/code\u003e\u003c/a\u003e build: test, Fix build on Windows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/fb6806f2711e17db162623faa01b1fb25c4dbfcc\"\u003e\u003ccode\u003efb6806f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1732\"\u003e#1732\u003c/a\u003e from swills/find-hash-panic-fix-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/382530f513390f06a5271148b3e133eaa8ebf725\"\u003e\u003ccode\u003e382530f\u003c/code\u003e\u003c/a\u003e plumbing: format/idxfile, prevent panic\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-git/go-git/compare/v5.16.3...v5.16.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/minio/minio-go/v7` from 7.0.95 to 7.0.97\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/83bf4e2234fb4166e94000b5e718919cec4c2059\"\u003e\u003ccode\u003e83bf4e2\u003c/code\u003e\u003c/a\u003e Wrap brackets only for  IPv6 address (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2176\"\u003e#2176\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/f14663fdc9cddaee5dad20b0f14aae7a37ca0a1e\"\u003e\u003ccode\u003ef14663f\u003c/code\u003e\u003c/a\u003e fix: putObjectMultipartStreamFromReadAt goroutine leak (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2170\"\u003e#2170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/6217ce28dccaffe70d7153678ab5b971f21b16ae\"\u003e\u003ccode\u003e6217ce2\u003c/code\u003e\u003c/a\u003e Add ConfigName option to LDAP STS request (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/9207380c711f31fb534e9f3b389e7f8ee3622fac\"\u003e\u003ccode\u003e9207380\u003c/code\u003e\u003c/a\u003e removed NodeHostname from InventoryJobStatus (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2172\"\u003e#2172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/785b638cc4afc979cb92a1358f172d05d32a18bf\"\u003e\u003ccode\u003e785b638\u003c/code\u003e\u003c/a\u003e update InventoryJobStatus field ExecutionTime from time.Duration to string (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/a5f6380cfb157b1f8550c15868544ce0be0b7540\"\u003e\u003ccode\u003ea5f6380\u003c/code\u003e\u003c/a\u003e Added fields to InventoryJobStatus (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2168\"\u003e#2168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/f4c4350a79636314092251ec5cdd22fff5a0934d\"\u003e\u003ccode\u003ef4c4350\u003c/code\u003e\u003c/a\u003e update all missing docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/af6dc51d5ed03b62d41989625d28fd9c9605f621\"\u003e\u003ccode\u003eaf6dc51\u003c/code\u003e\u003c/a\u003e feat: add error reporting fields to InventoryJobStatus (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2164\"\u003e#2164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/ec35de6b33f8d367cbf2b5274ea130bb63f488bf\"\u003e\u003ccode\u003eec35de6\u003c/code\u003e\u003c/a\u003e Add QOS API's (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2148\"\u003e#2148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/ec103a716e57a991d030c5314b2a8b23becc5ee9\"\u003e\u003ccode\u003eec103a7\u003c/code\u003e\u003c/a\u003e add AGENTS.md and also updated API documentation\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/minio/minio-go/compare/v7.0.95...v7.0.97\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.38.2 to 1.38.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.38.3\u003c/h2\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/a3ca2ca026268dc6acfc60a2e8393b33b428c507\"\u003e\u003ccode\u003ea3ca2ca\u003c/code\u003e\u003c/a\u003e v1.38.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/4dada364c7635fffe6b8a6b45a7588dabd64cdf4\"\u003e\u003ccode\u003e4dada36\u003c/code\u003e\u003c/a\u003e fix failing have http tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/d40c6917ce1a2c9299bda4b900b59d80bdefc689\"\u003e\u003ccode\u003ed40c691\u003c/code\u003e\u003c/a\u003e make string formatitng more consistent for users who use format.Object directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/2a37b463cac790e945d16f52c1c13a4e835511a1\"\u003e\u003ccode\u003e2a37b46\u003c/code\u003e\u003c/a\u003e doc: fix typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/ee26170d3a0a21d5702f4164df42eb99c50221d7\"\u003e\u003ccode\u003eee26170\u003c/code\u003e\u003c/a\u003e docs: fix HaveValue example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/cc85c057ff99d6ed21998bd44f5983e42d20df81\"\u003e\u003ccode\u003ecc85c05\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 5 to 6 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/866\"\u003e#866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8905788e27ddae9e222ee6062e25fcf256fdb738\"\u003e\u003ccode\u003e8905788\u003c/code\u003e\u003c/a\u003e Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/865\"\u003e#865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/67552c5961c7c6ca98bfb5c28fedafe8a046b4e7\"\u003e\u003ccode\u003e67552c5\u003c/code\u003e\u003c/a\u003e chore: apply fixes from Go modernize command\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.38.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sigstore/cosign/v2` from 2.5.2 to 2.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign/releases\"\u003egithub.com/sigstore/cosign/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e634fabe54f9fbbab55d821a83ba93b2d25bdba5f Bump sigstore-go, move conformance back to tagged release\u003c/li\u003e\n\u003cli\u003ec5545eda23d770180880c245bf0d8f78c354ecc4 Partially populate the output of cosign verify when working with new bundles (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4416\"\u003e#4416\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee191024a636883b4e6b7de8db2f5cfb85a1fcd0c bump go builder to use 1.25.1 and cosign (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4417\"\u003e#4417\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eThanks to all contributors!\u003c/h3\u003e\n\u003cp\u003ev2.6.0 introduces a number of new features, including:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSigning an in-toto statement rather than Cosign constructing one from a predicate, along with verifying a statement's subject using a digest and digest algorithm rather than providing a file reference (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4306\"\u003e#4306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUploading a signature and its verification material (a \u003ca href=\"https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto\"\u003e\u0026quot;bundle\u0026quot;\u003c/a\u003e) as an OCI Image 1.1 referring artifact, completing \u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/3927\"\u003e#3927\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProviding service URLs for signing and attesting using a \u003ca href=\"https://github.com/sigstore/protobuf-specs/blob/4df5baadcdb582a70c2bc032e042c0a218eb3841/protos/sigstore_trustroot.proto#L185\"\u003eSigningConfig\u003c/a\u003e. Note that this is required when using a \u003ca href=\"https://github.com/sigstore/rekor-tiles\"\u003eRekor v2\u003c/a\u003e instance (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4319\"\u003e#4319\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eExample generation and verification of a signed in-toto statement:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign attest-blob --new-bundle-format=true --bundle=\u0026quot;digest-key-test.sigstore.json\u0026quot; --key=\u0026quot;cosign.key\u0026quot; --statement=\u0026quot;../sigstore-go/examples/sigstore-go-signing/intoto.txt\u0026quot;\ncosign verify-blob-attestation --bundle=\u0026quot;digest-key-test.sigstore.json\u0026quot; --key=cosign.pub --type=unused --digest=\u0026quot;b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9\u0026quot; --digestAlg=\u0026quot;sha256\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eExample container signing and verification using the new bundle format and referring artifacts:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign sign --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733\ncosign verify --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eExample usage of a signing config provided by the public good instance's TUF repository:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign sign-blob --use-signing-config --bundle sigstore.json README.md\ncosign verify-blob --new-bundle-format --bundle sigstore.json --certificate-identity $EMAIL --certificate-oidc-issuer $ISSUER --use-signed-timestamps README.md\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ev2.6.0 leverages sigstore-go's signing and verification APIs gated behind these new flags. In an upcoming major release, we will be\nupdating Cosign to default to producing and consuming bundles to align with all other Sigstore SDKs.\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd to \u003ccode\u003eattest-blob\u003c/code\u003e the ability to supply a complete in-toto statement, and add to \u003ccode\u003everify-blob-attestation\u003c/code\u003e the ability to verify with just a digest (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4306\"\u003e#4306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHave cosign sign support bundle format (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for SigningConfig for sign-blob/attest-blob, support Rekor v2 (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4319\"\u003e#4319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for SigningConfig in sign/attest (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4371\"\u003e#4371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport self-managed keys when signing with sigstore-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4368\"\u003e#4368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't require timestamps when verifying with a key (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4337\"\u003e#4337\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't load content from TUF if trusted root path is specified (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4347\"\u003e#4347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a terminal spinner while signing with sigstore-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4402\"\u003e#4402\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign/blob/main/CHANGELOG.md\"\u003egithub.com/sigstore/cosign/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev2.6.1\u003c/h1\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePartially populate the output of cosign verify when working with new bundles (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4416\"\u003e#4416\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump sigstore-go, move conformance back to tagged release (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4426\"\u003e#4426\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev2.6.0\u003c/h1\u003e\n\u003cp\u003ev2.6.0 introduces a number of new features, including:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSigning an in-toto statement rather than Cosign constructing one from a predicate, along with verifying a statement's subject using a digest and digest algorithm rather than providing a file reference (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4306\"\u003e#4306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUploading a signature and its verification material (a \u003ca href=\"https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto\"\u003e\u0026quot;bundle\u0026quot;\u003c/a\u003e) as an OCI Image 1.1 referring artifact, completing \u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/3927\"\u003e#3927\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProviding service URLs for signing and attesting using a \u003ca href=\"https://github.com/sigstore/protobuf-specs/blob/4df5baadcdb582a70c2bc032e042c0a218eb3841/protos/sigstore_trustroot.proto#L185\"\u003eSigningConfig\u003c/a\u003e. Note that this is required when using a \u003ca href=\"https://github.com/sigstore/rekor-tiles\"\u003eRekor v2\u003c/a\u003e instance (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4319\"\u003e#4319\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eExample generation and verification of a signed in-toto statement:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign attest-blob --new-bundle-format=true --bundle=\u0026quot;digest-key-test.sigstore.json\u0026quot; --key=\u0026quot;cosign.key\u0026quot; --statement=\u0026quot;../sigstore-go/examples/sigstore-go-signing/intoto.txt\u0026quot;\ncosign verify-blob-attestation --bundle=\u0026quot;digest-key-test.sigstore.json\u0026quot; --key=cosign.pub --type=unused --digest=\u0026quot;b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9\u0026quot; --digestAlg=\u0026quot;sha256\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eExample container signing and verification using the new bundle format and referring artifacts:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign sign --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733\ncosign verify --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eExample usage of a signing config provided by the public good instance's TUF repository:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign sign-blob --use-signing-config --bundle sigstore.json README.md\ncosign verify-blob --new-bundle-format --bundle sigstore.json --certificate-identity $EMAIL --certificate-oidc-issuer $ISSUER --use-signed-timestamps README.md\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ev2.6.0 leverages sigstore-go's signing and verification APIs gated behind these new flags. In an upcoming major release, we will be\nupdating Cosign to default to producing and consuming bundles to align with all other Sigstore SDKs.\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd to \u003ccode\u003eattest-blob\u003c/code\u003e the ability to supply a complete in-toto statement, and add to \u003ccode\u003everify-blob-attestation\u003c/code\u003e the ability to verify with just a digest (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4306\"\u003e#4306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHave cosign sign support bundle format (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for SigningConfig for sign-blob/attest-blob, support Rekor v2 (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4319\"\u003e#4319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for SigningConfig in sign/attest (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4371\"\u003e#4371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport self-managed keys when signing with sigstore-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4368\"\u003e#4368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't require timestamps when verifying with a key (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4337\"\u003e#4337\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't load content from TUF if trusted root path is specified (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4347\"\u003e#4347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a terminal spinner while signing with sigstore-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4402\"\u003e#4402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire exclusively a SigningConfig or service URLs when signing (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4403\"\u003e#4403\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/634fabe54f9fbbab55d821a83ba93b2d25bdba5f\"\u003e\u003ccode\u003e634fabe\u003c/code\u003e\u003c/a\u003e Bump sigstore-go, move conformance back to tagged release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/c5545eda23d770180880c245bf0d8f78c354ecc4\"\u003e\u003ccode\u003ec5545ed\u003c/code\u003e\u003c/a\u003e Partially populate the output of cosign verify when working with new bundles ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/e191024a636883b4e6b7de8db2f5cfb85a1fcd0c\"\u003e\u003ccode\u003ee191024\u003c/code\u003e\u003c/a\u003e bump go builder to use 1.25.1 and cosign (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4417\"\u003e#4417\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/37fbfc7018fb4d60a9a2c9175bd64c75dda5869a\"\u003e\u003ccode\u003e37fbfc7\u003c/code\u003e\u003c/a\u003e Require exclusively a SigningConfig or service URLs when signing (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4403\"\u003e#4403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/b1acaeb92cc9e6a2a35f8d1a8f0a58c482914025\"\u003e\u003ccode\u003eb1acaeb\u003c/code\u003e\u003c/a\u003e Add a terminal spinner while signing with sigstore-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4402\"\u003e#4402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/2581dfd2bf9572f9b662367c6180434de46b358a\"\u003e\u003ccode\u003e2581dfd\u003c/code\u003e\u003c/a\u003e chore(deps): bump the gomod group across 1 directory with 8 updates (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4401\"\u003e#4401\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/11163ae7d806cb13f2563ef837ce1c985ac788d3\"\u003e\u003ccode\u003e11163ae\u003c/code\u003e\u003c/a\u003e Bump sigstore-go, support alternative hash algorithms with keys (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4386\"\u003e#4386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/153df46c9ee93f73eba5a3b6379717d439ec2a37\"\u003e\u003ccode\u003e153df46\u003c/code\u003e\u003c/a\u003e chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.42.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4391\"\u003e#4391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/1a1ee13ce9edfb98dc50693f6f7efcc16dc35822\"\u003e\u003ccode\u003e1a1ee13\u003c/code\u003e\u003c/a\u003e chore(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4393\"\u003e#4393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/8c7c09d4b1c9af9326f7f73f5da34d144bdbe323\"\u003e\u003ccode\u003e8c7c09d\u003c/code\u003e\u003c/a\u003e chore(deps): bump gitlab.com/gitlab-org/api/client-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4394\"\u003e#4394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sigstore/cosign/compare/v2.5.2...v2.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sigstore/sigstore` from 1.9.5 to 1.9.6-0.20250729224751-181c5d3339b3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sigstore/sigstore/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.44.0 to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/compare/v0.44.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.33.0 to 0.34.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/acc38155b7f6f36aefcb58faff6f36d314dd915c\"\u003e\u003ccode\u003eacc3815\u003c/code\u003e\u003c/a\u003e endpoints: fix %q verb use with wrong type\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/compare/v0.33.0...v0.34.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sync` from 0.18.0 to 0.19.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sync/commit/2a180e22fddcc336475e72aa950be958c1b68d33\"\u003e\u003ccode\u003e2a180e2\u003c/code\u003e\u003c/a\u003e errgroup: use consistent read for SetLimit panic\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sync/compare/v0.18.0...v0.19.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/api` from 0.256.0 to 0.258.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-api-go-client/releases\"\u003egoogle.golang.org/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.258.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0\"\u003e0.258.0\u003c/a\u003e (2025-12-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3392\"\u003e#3392\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee\"\u003edb6e653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3394\"\u003e#3394\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b\"\u003e7a9ae94\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3395\"\u003e#3395\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18\"\u003edd93f67\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3396\"\u003e#3396\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041\"\u003e302ad5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3398\"\u003e#3398\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246\"\u003e5dfcd09\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3401\"\u003e#3401\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294\"\u003ecd3e656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3402\"\u003e#3402\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1\"\u003e9e6446a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3404\"\u003e#3404\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee\"\u003e453c04a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3406\"\u003e#3406\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918\"\u003eaf03509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3407\"\u003e#3407\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170\"\u003e41e2f8f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3408\"\u003e#3408\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c\"\u003eba64741\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3409\"\u003e#3409\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367\"\u003e5d17056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3410\"\u003e#3410\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a\"\u003e90b301b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoption:\u003c/strong\u003e Deprecate unsafe credentials JSON loading options (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3356\"\u003e#3356\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f\"\u003ea5426fa\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.257.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.256.0...v0.257.0\"\u003e0.257.0\u003c/a\u003e (2025-12-02)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3376\"\u003e#3376\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/b0c07d2f5cc4aa2cf974c2938508626f8430855e\"\u003eb0c07d2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3380\"\u003e#3380\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/47fcc39088f806c4202ca47159416ce99a0a0c72\"\u003e47fcc39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3381\"\u003e#3381\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/cf5cf20d07fac3acc66c1f9ade705bb99701519a\"\u003ecf5cf20\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3382\"\u003e#3382\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/2931d4b217c6934f85bdc378ebbbbe4fa54db96d\"\u003e2931d4b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3383\"\u003e#3383\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/446402e7d6aedbe169505c07aafcf45e96563a8e\"\u003e446402e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3384\"\u003e#3384\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/d82a5d02f83b3455f747cbb1fb14930703dad60e\"\u003ed82a5d0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3386\"\u003e#3386\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/6a0b46d49312d528dab4dce8daee48866f38ba25\"\u003e6a0b46d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3387\"\u003e#3387\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/f3dc8f4bd57ade8c6ffb37cda8d55289228ebcd1\"\u003ef3dc8f4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3388\"\u003e#3388\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e3ca7fd5738afd1a8aa046431ef005c48e701358\"\u003ee3ca7fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3389\"\u003e#3389\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/b78dd96b2c603926daca6c30baae9c4843bf5664\"\u003eb78dd96\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md\"\u003egoogle.golang.org/api's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0\"\u003e0.258.0\u003c/a\u003e (2025-12-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3392\"\u003e#3392\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee\"\u003edb6e653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3394\"\u003e#3394\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b\"\u003e7a9ae94\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3395\"\u003e#3395\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18\"\u003edd93f67\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3396\"\u003e#3396\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041\"\u003e302ad5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3398\"\u003e#3398\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246\"\u003e5dfcd09\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3401\"\u003e#3401\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294\"\u003ecd3e656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3402\"\u003e#3402\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1\"\u003e9e6446a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3404\"\u003e#3404\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee\"\u003e453c04a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3406\"\u003e#3406\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918\"\u003eaf03509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3407\"\u003e#3407\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170\"\u003e41e2f8f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3408\"\u003e#3408\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c\"\u003eba64741\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3409\"\u003e#3409\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367\"\u003e5d17056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3410\"\u003e#3410\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a\"\u003e90b301b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoption:\u003c/strong\u003e Deprecate unsafe credentials JSON loading options (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3356\"\u003e#3356\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f\"\u003ea5426fa\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.256.0...v0.257.0\"\u003e0.257.0\u003c/a\u003e (2025-12-02)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3376\"\u003e#3376\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/b0c07d2f5cc4aa2cf974c2938508626f8430855e\"\u003eb0c07d2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3380\"\u003e#3380\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/47fcc39088f806c4202ca47159416ce99a0a0c72\"\u003e47fcc39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3381\"\u003e#3381\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/cf5cf20d07fac3acc66c1f9ade705bb99701519a\"\u003ecf5cf20\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3382\"\u003e#3382\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/2931d4b217c6934f85bdc378ebbbbe4fa54db96d\"\u003e2931d4b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3383\"\u003e#3383\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/446402e7d6aedbe169505c07aafcf45e96563a8e\"\u003e446402e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3384\"\u003e#3384\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/d82a5d02f83b3455f747cbb1fb14930703dad60e\"\u003ed82a5d0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3386\"\u003e#3386\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/6a0b46d49312d528dab4dce8daee48866f38ba25\"\u003e6a0b46d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3387\"\u003e#3387\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/f3dc8f4bd57ade8c6ffb37cda8d55289228ebcd1\"\u003ef3dc8f4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3388\"\u003e#3388\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e3ca7fd5738afd1a8aa046431ef005c48e701358\"\u003ee3ca7fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3389\"\u003e#3389\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/b78dd96b2c603926daca6c30baae9c4843bf5664\"\u003eb78dd96\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8fbb157241ba8949d2072c101538aad33e56a596\"\u003e\u003ccode\u003e8fbb157\u003c/code\u003e\u003c/a\u003e chore(main): release 0.258.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3393\"\u003e#3393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a\"\u003e\u003ccode\u003e90b301b\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3410\"\u003e#3410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/046fc2c59a898d6012622d3a5e21918853f2914e\"\u003e\u003ccode\u003e046fc2c\u003c/code\u003e\u003c/a\u003e chore(all): update all (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3397\"\u003e#3397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367\"\u003e\u003ccode\u003e5d17056\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3409\"\u003e#3409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c\"\u003e\u003ccode\u003eba64741\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3408\"\u003e#3408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170\"\u003e\u003ccode\u003e41e2f8f\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3407\"\u003e#3407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918\"\u003e\u003ccode\u003eaf03509\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3406\"\u003e#3406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f\"\u003e\u003ccode\u003ea5426fa\u003c/code\u003e\u003c/a\u003e feat(option): Deprecate unsafe credentials JSON loading options (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3356\"\u003e#3356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee\"\u003e\u003ccode\u003e453c04a\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3404\"\u003e#3404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1\"\u003e\u003ccode\u003e9e6446a\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3402\"\u003e#3402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.256.0...v0.258.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/fluxcd/source-controller/pull/1952","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fluxcd%2Fsource-controller/issues/1952","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1952/packages"},{"uuid":"3759252615","node_id":"PR_kwDOGZIwWs66bNuj","number":459,"state":"open","title":"chore(deps): Bump the production-dependencies group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2025-12-24T05:15:44.000Z","updated_at":"2025-12-24T05:15:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":3,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 3 updates in the / directory: [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml), [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Reject target URLs containing unbracketed colons in the hostname in Go version 1.26+. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to wrr metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/resolver:\n\u003cul\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/459","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/459","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/459/packages"},{"uuid":"3753997066","node_id":"PR_kwDOPRPVL866JySY","number":69,"state":"closed","title":"build(deps): bump the go-modules group across 1 directory with 105 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-12-23T14:23:05.000Z","author_association":null,"state_reason":null,"created_at":"2025-12-22T14:26:54.000Z","updated_at":"2025-12-23T14:23:07.000Z","time_to_close":86171,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go-modules","update_count":105,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/onsi/gomega","old_version":"1.37.0","new_version":"1.38.3","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/paketo-buildpacks/occam","old_version":"0.28.0","new_version":"0.31.0","repository_url":"https://github.com/paketo-buildpacks/occam"},{"name":"cel.dev/expr","old_version":"0.24.0","new_version":"0.25.1","repository_url":"https://github.com/google/cel-spec"},{"name":"cloud.google.com/go","old_version":"0.121.4","new_version":"0.123.0","repository_url":"https://github.com/googleapis/google-cloud-go"},{"name":"cloud.google.com/go/iam","old_version":"1.5.2","new_version":"1.5.3","repository_url":"https://github.com/googleapis/google-cloud-go"},{"name":"cloud.google.com/go/monitoring","old_version":"1.24.2","new_version":"1.24.3","repository_url":"https://github.com/googleapis/google-cloud-go"},{"name":"github.com/CycloneDX/cyclonedx-go","old_version":"0.9.2","new_version":"0.9.3","repository_url":"https://github.com/CycloneDX/cyclonedx-go"},{"name":"github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp","old_version":"1.29.0","new_version":"1.30.0","repository_url":"https://github.com/GoogleCloudPlatform/opentelemetry-operations-go"},{"name":"github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric","old_version":"0.53.0","new_version":"0.54.0","repository_url":"https://github.com/GoogleCloudPlatform/opentelemetry-operations-go"},{"name":"github.com/anchore/go-struct-converter","old_version":"0.0.0-20221221214134-65614c61201e","new_version":"0.1.0","repository_url":"https://github.com/anchore/go-struct-converter"},{"name":"github.com/charmbracelet/colorprofile","old_version":"0.3.1","new_version":"0.4.1","repository_url":"https://github.com/charmbracelet/colorprofile"},{"name":"github.com/charmbracelet/x/cellbuf","old_version":"0.0.13","new_version":"0.0.14","repository_url":"https://github.com/charmbracelet/x"},{"name":"github.com/containerd/cgroups/v3","old_version":"3.0.5","new_version":"3.1.2","repository_url":"https://github.com/containerd/cgroups"},{"name":"github.com/containerd/containerd/api","old_version":"1.9.0","new_version":"1.10.0","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/stargz-snapshotter/estargz","old_version":"0.16.3","new_version":"0.18.1","repository_url":"https://github.com/containerd/stargz-snapshotter"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.4.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/docker/docker-credential-helpers","old_version":"0.9.3","new_version":"0.9.4","repository_url":"https://github.com/docker/docker-credential-helpers"},{"name":"github.com/ebitengine/purego","old_version":"0.8.4","new_version":"0.9.1","repository_url":"https://github.com/ebitengine/purego"},{"name":"github.com/envoyproxy/go-control-plane/envoy","old_version":"1.32.4","new_version":"1.36.0","repository_url":"https://github.com/envoyproxy/go-control-plane"},{"name":"github.com/envoyproxy/protoc-gen-validate","old_version":"1.2.1","new_version":"1.3.0","repository_url":"https://github.com/envoyproxy/protoc-gen-validate"},{"name":"github.com/gabriel-vasile/mimetype","old_version":"1.4.9","new_version":"1.4.12","repository_url":"https://github.com/gabriel-vasile/mimetype"},{"name":"github.com/github/go-spdx/v2","old_version":"2.3.3","new_version":"2.3.5","repository_url":"https://github.com/github/go-spdx"},{"name":"github.com/go-git/go-billy/v5","old_version":"5.6.2","new_version":"5.7.0","repository_url":"https://github.com/go-git/go-billy"},{"name":"github.com/go-git/go-git/v5","old_version":"5.16.2","new_version":"5.16.4","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.1","new_version":"4.1.3","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/goccy/go-yaml","old_version":"1.18.0","new_version":"1.19.1","repository_url":"https://github.com/goccy/go-yaml"},{"name":"github.com/gohugoio/hashstructure","old_version":"0.5.0","new_version":"0.6.0","repository_url":"https://github.com/gohugoio/hashstructure"},{"name":"github.com/google/go-containerregistry","old_version":"0.20.6","new_version":"0.20.7","repository_url":"https://github.com/google/go-containerregistry"},{"name":"github.com/googleapis/enterprise-certificate-proxy","old_version":"0.3.6","new_version":"0.3.7","repository_url":"https://github.com/googleapis/enterprise-certificate-proxy"},{"name":"github.com/googleapis/gax-go/v2","old_version":"2.15.0","new_version":"2.16.0","repository_url":"https://github.com/googleapis/gax-go"},{"name":"github.com/hashicorp/go-version","old_version":"1.7.0","new_version":"1.8.0","repository_url":"https://github.com/hashicorp/go-version"},{"name":"github.com/kevinburke/ssh_config","old_version":"1.2.0","new_version":"1.4.0","repository_url":"https://github.com/kevinburke/ssh_config"},{"name":"github.com/mholt/archives","old_version":"0.1.3","new_version":"0.1.5","repository_url":"https://github.com/mholt/archives"},{"name":"github.com/moby/go-archive","old_version":"0.1.0","new_version":"0.2.0","repository_url":"https://github.com/moby/go-archive"},{"name":"github.com/morikuni/aec","old_version":"1.0.0","new_version":"1.1.0","repository_url":"https://github.com/morikuni/aec"},{"name":"github.com/olekukonko/ll","old_version":"0.0.9","new_version":"0.1.3","repository_url":"https://github.com/olekukonko/ll"},{"name":"github.com/opencontainers/selinux","old_version":"1.12.0","new_version":"1.13.1","repository_url":"https://github.com/opencontainers/selinux"},{"name":"github.com/pierrec/lz4/v4","old_version":"4.1.22","new_version":"4.1.23","repository_url":"https://github.com/pierrec/lz4"},{"name":"github.com/pjbgf/sha1cd","old_version":"0.4.0","new_version":"0.5.0","repository_url":"https://github.com/pjbgf/sha1cd"},{"name":"github.com/sagikazarmark/locafero","old_version":"0.9.0","new_version":"0.12.0","repository_url":"https://github.com/sagikazarmark/locafero"},{"name":"github.com/shirou/gopsutil/v4","old_version":"4.25.6","new_version":"4.25.11","repository_url":"https://github.com/shirou/gopsutil"},{"name":"github.com/skeema/knownhosts","old_version":"1.3.1","new_version":"1.3.2","repository_url":"https://github.com/skeema/knownhosts"},{"name":"github.com/spf13/cast","old_version":"1.9.2","new_version":"1.10.0","repository_url":"https://github.com/spf13/cast"},{"name":"github.com/spf13/viper","old_version":"1.20.1","new_version":"1.21.0","repository_url":"https://github.com/spf13/viper"},{"name":"github.com/zclconf/go-cty","old_version":"1.16.3","new_version":"1.17.0","repository_url":"https://github.com/zclconf/go-cty"},{"name":"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp","old_version":"0.62.0","new_version":"0.64.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go-contrib"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-modules group with 47 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.37.0` | `1.38.3` |\n| [github.com/paketo-buildpacks/occam](https://github.com/paketo-buildpacks/occam) | `0.28.0` | `0.31.0` |\n| [cel.dev/expr](https://github.com/google/cel-spec) | `0.24.0` | `0.25.1` |\n| [cloud.google.com/go](https://github.com/googleapis/google-cloud-go) | `0.121.4` | `0.123.0` |\n| [cloud.google.com/go/iam](https://github.com/googleapis/google-cloud-go) | `1.5.2` | `1.5.3` |\n| [cloud.google.com/go/monitoring](https://github.com/googleapis/google-cloud-go) | `1.24.2` | `1.24.3` |\n| [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) | `0.9.2` | `0.9.3` |\n| [github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go) | `1.29.0` | `1.30.0` |\n| [github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go) | `0.53.0` | `0.54.0` |\n| [github.com/anchore/go-struct-converter](https://github.com/anchore/go-struct-converter) | `0.0.0-20221221214134-65614c61201e` | `0.1.0` |\n| [github.com/charmbracelet/colorprofile](https://github.com/charmbracelet/colorprofile) | `0.3.1` | `0.4.1` |\n| [github.com/charmbracelet/x/cellbuf](https://github.com/charmbracelet/x) | `0.0.13` | `0.0.14` |\n| [github.com/containerd/cgroups/v3](https://github.com/containerd/cgroups) | `3.0.5` | `3.1.2` |\n| [github.com/containerd/containerd/api](https://github.com/containerd/containerd) | `1.9.0` | `1.10.0` |\n| [github.com/containerd/stargz-snapshotter/estargz](https://github.com/containerd/stargz-snapshotter) | `0.16.3` | `0.18.1` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.4.1` | `0.6.1` |\n| [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers) | `0.9.3` | `0.9.4` |\n| [github.com/ebitengine/purego](https://github.com/ebitengine/purego) | `0.8.4` | `0.9.1` |\n| [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) | `1.32.4` | `1.36.0` |\n| [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) | `1.2.1` | `1.3.0` |\n| [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) | `1.4.9` | `1.4.12` |\n| [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) | `2.3.3` | `2.3.5` |\n| [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.6.2` | `5.7.0` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.2` | `5.16.4` |\n| [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) | `4.1.1` | `4.1.3` |\n| [github.com/goccy/go-yaml](https://github.com/goccy/go-yaml) | `1.18.0` | `1.19.1` |\n| [github.com/gohugoio/hashstructure](https://github.com/gohugoio/hashstructure) | `0.5.0` | `0.6.0` |\n| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.6` | `0.20.7` |\n| [github.com/googleapis/enterprise-certificate-proxy](https://github.com/googleapis/enterprise-certificate-proxy) | `0.3.6` | `0.3.7` |\n| [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) | `2.15.0` | `2.16.0` |\n| [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) | `1.7.0` | `1.8.0` |\n| [github.com/kevinburke/ssh_config](https://github.com/kevinburke/ssh_config) | `1.2.0` | `1.4.0` |\n| [github.com/mholt/archives](https://github.com/mholt/archives) | `0.1.3` | `0.1.5` |\n| [github.com/moby/go-archive](https://github.com/moby/go-archive) | `0.1.0` | `0.2.0` |\n| [github.com/morikuni/aec](https://github.com/morikuni/aec) | `1.0.0` | `1.1.0` |\n| [github.com/olekukonko/ll](https://github.com/olekukonko/ll) | `0.0.9` | `0.1.3` |\n| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.12.0` | `1.13.1` |\n| [github.com/pierrec/lz4/v4](https://github.com/pierrec/lz4) | `4.1.22` | `4.1.23` |\n| [github.com/pjbgf/sha1cd](https://github.com/pjbgf/sha1cd) | `0.4.0` | `0.5.0` |\n| [github.com/sagikazarmark/locafero](https://github.com/sagikazarmark/locafero) | `0.9.0` | `0.12.0` |\n| [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) | `4.25.6` | `4.25.11` |\n| [github.com/skeema/knownhosts](https://github.com/skeema/knownhosts) | `1.3.1` | `1.3.2` |\n| [github.com/spf13/cast](https://github.com/spf13/cast) | `1.9.2` | `1.10.0` |\n| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.20.1` | `1.21.0` |\n| [github.com/zclconf/go-cty](https://github.com/zclconf/go-cty) | `1.16.3` | `1.17.0` |\n| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.62.0` | `0.64.0` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.37.0 to 1.38.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.38.3\u003c/h2\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003ch2\u003ev1.38.2\u003c/h2\u003e\n\u003ch2\u003e1.38.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eroll back to go 1.23.0 [c404969]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.38.1\u003c/h2\u003e\n\u003ch2\u003e1.38.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eNumerous minor fixes and dependency bumps\u003c/p\u003e\n\u003ch2\u003ev1.38.0\u003c/h2\u003e\n\u003ch2\u003e1.38.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egstruct handles extra unexported fields [4ee7ed0]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esupport [] in IgnoringTopFunction function signatures (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/851\"\u003e#851\u003c/a\u003e) [36bbf72]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump golang.org/x/net from 0.40.0 to 0.41.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/846\"\u003e#846\u003c/a\u003e) [529d408]\u003c/li\u003e\n\u003cli\u003eFix typo [acd1f55]\u003c/li\u003e\n\u003cli\u003eBump google.golang.org/protobuf from 1.36.5 to 1.36.6 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/835\"\u003e#835\u003c/a\u003e) [bae65a0]\u003c/li\u003e\n\u003cli\u003eBump nokogiri from 1.18.4 to 1.18.8 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/842\"\u003e#842\u003c/a\u003e) [8dda91f]\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/net from 0.39.0 to 0.40.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/843\"\u003e#843\u003c/a\u003e) [212d812]\u003c/li\u003e\n\u003cli\u003eBump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/839\"\u003e#839\u003c/a\u003e) [59bd7f9]\u003c/li\u003e\n\u003cli\u003eBump nokogiri from 1.18.1 to 1.18.4 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/834\"\u003e#834\u003c/a\u003e) [328c729]\u003c/li\u003e\n\u003cli\u003eBump uri from 1.0.2 to 1.0.3 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/826\"\u003e#826\u003c/a\u003e) [9a798a1]\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/net from 0.37.0 to 0.39.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/841\"\u003e#841\u003c/a\u003e) [04a72c6]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003ch2\u003e1.38.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eroll back to go 1.23.0 [c404969]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.38.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eNumerous minor fixes and dependency bumps\u003c/p\u003e\n\u003ch2\u003e1.38.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egstruct handles extra unexported fields [4ee7ed0]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esupport [] in IgnoringTopFunction function signatures (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/851\"\u003e#851\u003c/a\u003e) [36bbf72]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump golang.org/x/net from 0.40.0 to 0.41.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/846\"\u003e#846\u003c/a\u003e) [529d408]\u003c/li\u003e\n\u003cli\u003eFix typo [acd1f55]\u003c/li\u003e\n\u003cli\u003eBump google.golang.org/protobuf from 1.36.5 to 1.36.6 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/835\"\u003e#835\u003c/a\u003e) [bae65a0]\u003c/li\u003e\n\u003cli\u003eBump nokogiri from 1.18.4 to 1.18.8 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/842\"\u003e#842\u003c/a\u003e) [8dda91f]\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/net from 0.39.0 to 0.40.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/843\"\u003e#843\u003c/a\u003e) [212d812]\u003c/li\u003e\n\u003cli\u003eBump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/839\"\u003e#839\u003c/a\u003e) [59bd7f9]\u003c/li\u003e\n\u003cli\u003eBump nokogiri from 1.18.1 to 1.18.4 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/834\"\u003e#834\u003c/a\u003e) [328c729]\u003c/li\u003e\n\u003cli\u003eBump uri from 1.0.2 to 1.0.3 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/826\"\u003e#826\u003c/a\u003e) [9a798a1]\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/net from 0.37.0 to 0.39.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/841\"\u003e#841\u003c/a\u003e) [04a72c6]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/a3ca2ca026268dc6acfc60a2e8393b33b428c507\"\u003e\u003ccode\u003ea3ca2ca\u003c/code\u003e\u003c/a\u003e v1.38.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/4dada364c7635fffe6b8a6b45a7588dabd64cdf4\"\u003e\u003ccode\u003e4dada36\u003c/code\u003e\u003c/a\u003e fix failing have http tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/d40c6917ce1a2c9299bda4b900b59d80bdefc689\"\u003e\u003ccode\u003ed40c691\u003c/code\u003e\u003c/a\u003e make string formatitng more consistent for users who use format.Object directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/2a37b463cac790e945d16f52c1c13a4e835511a1\"\u003e\u003ccode\u003e2a37b46\u003c/code\u003e\u003c/a\u003e doc: fix typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/ee26170d3a0a21d5702f4164df42eb99c50221d7\"\u003e\u003ccode\u003eee26170\u003c/code\u003e\u003c/a\u003e docs: fix HaveValue example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/cc85c057ff99d6ed21998bd44f5983e42d20df81\"\u003e\u003ccode\u003ecc85c05\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 5 to 6 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/866\"\u003e#866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8905788e27ddae9e222ee6062e25fcf256fdb738\"\u003e\u003ccode\u003e8905788\u003c/code\u003e\u003c/a\u003e Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/865\"\u003e#865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/67552c5961c7c6ca98bfb5c28fedafe8a046b4e7\"\u003e\u003ccode\u003e67552c5\u003c/code\u003e\u003c/a\u003e chore: apply fixes from Go modernize command\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/79b8a75a10e36ee598344c040317f5ab1c907f53\"\u003e\u003ccode\u003e79b8a75\u003c/code\u003e\u003c/a\u003e v1.38.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/c404969c07179a8533d5daa283cd6307add66620\"\u003e\u003ccode\u003ec404969\u003c/code\u003e\u003c/a\u003e roll back to go 1.23.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.37.0...v1.38.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/paketo-buildpacks/occam` from 0.28.0 to 0.31.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/paketo-buildpacks/occam/releases\"\u003egithub.com/paketo-buildpacks/occam's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd new WithAdditionalEnv helper function to pack build. by \u003ca href=\"https://github.com/robdimsdale\"\u003e\u003ccode\u003e@​robdimsdale\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/438\"\u003epaketo-buildpacks/occam#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.30.2...v0.31.0\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.30.2...v0.31.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.30.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdates github-config by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/436\"\u003epaketo-buildpacks/occam#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing pack CLI --cache flag to always specify the volumes by \u003ca href=\"https://github.com/pacostas\"\u003e\u003ccode\u003e@​pacostas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/437\"\u003epaketo-buildpacks/occam#437\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): updated module github.com/paketo-buildpacks/packit/v2 from v2.25.0 to v2.25.2 by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/434\"\u003epaketo-buildpacks/occam#434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): updated module github.com/docker/docker from v28.4.0+incompatible to v28.5.1+incompatible by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/435\"\u003epaketo-buildpacks/occam#435\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.30.1...v0.30.2\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.30.1...v0.30.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.30.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdates github-config by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/431\"\u003epaketo-buildpacks/occam#431\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): updated module github.com/testcontainers/testcontainers-go from v0.38.0 to v0.39.0 by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/432\"\u003epaketo-buildpacks/occam#432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for registry extension images by \u003ca href=\"https://github.com/jericop\"\u003e\u003ccode\u003e@​jericop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/433\"\u003epaketo-buildpacks/occam#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): updated module github.com/paketo-buildpacks/packit/v2 from v2.24.0 to v2.25.0 by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/430\"\u003epaketo-buildpacks/occam#430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): updated module github.com/docker/docker from v28.3.3+incompatible to v28.4.0+incompatible by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/429\"\u003epaketo-buildpacks/occam#429\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.30.0...v0.30.1\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.30.0...v0.30.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.30.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate packit to v2.24.0 by \u003ca href=\"https://github.com/modulo11\"\u003e\u003ccode\u003e@​modulo11\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/428\"\u003epaketo-buildpacks/occam#428\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.29.1...v0.30.0\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.29.1...v0.30.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.29.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReturn the correct value from GetBuildpackRootAndVersion func by \u003ca href=\"https://github.com/jericop\"\u003e\u003ccode\u003e@​jericop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/427\"\u003epaketo-buildpacks/occam#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.29.0...v0.29.1\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.29.0...v0.29.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdates go mod version to 1.24.6 by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/423\"\u003epaketo-buildpacks/occam#423\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates github-config by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/424\"\u003epaketo-buildpacks/occam#424\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport registry buildpack URIs by \u003ca href=\"https://github.com/jericop\"\u003e\u003ccode\u003e@​jericop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/426\"\u003epaketo-buildpacks/occam#426\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.28.1...v0.29.0\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.28.1...v0.29.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/f3f9dedb9a9c922ecec39fec38f7ecabf1d933b3\"\u003e\u003ccode\u003ef3f9ded\u003c/code\u003e\u003c/a\u003e Add new WithAdditionalEnv helper function to pack build. (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/issues/438\"\u003e#438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/4325ba8ccb050a0ea3e501fe4a629f4ef64fdc5d\"\u003e\u003ccode\u003e4325ba8\u003c/code\u003e\u003c/a\u003e chore(deps): updated module github.com/docker/docker from v28.4.0+incompatibl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/ca1870167867783927746e9f770b2f95884eb480\"\u003e\u003ccode\u003eca18701\u003c/code\u003e\u003c/a\u003e chore(deps): updated module github.com/paketo-buildpacks/packit/v2 from v2.25...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/9cb6d448f50ae1d4d2175114d605e288866f45eb\"\u003e\u003ccode\u003e9cb6d44\u003c/code\u003e\u003c/a\u003e fix: always setting the cache volumes (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/8a84072575f5c5e87e2defed9d9e2c50220fac2e\"\u003e\u003ccode\u003e8a84072\u003c/code\u003e\u003c/a\u003e Updating github-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/3b96b2432a591d5c12b7de4d3f2973d8cfa74258\"\u003e\u003ccode\u003e3b96b24\u003c/code\u003e\u003c/a\u003e chore(deps): updated module github.com/docker/docker from v28.3.3+incompatibl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/f005efeb6ef479d05c83220445be4fd46f70462a\"\u003e\u003ccode\u003ef005efe\u003c/code\u003e\u003c/a\u003e chore(deps): updated module github.com/paketo-buildpacks/packit/v2 from v2.24...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/e7da996494197d9406e27229a69a5dfcb36d004c\"\u003e\u003ccode\u003ee7da996\u003c/code\u003e\u003c/a\u003e Add support for registry extension images (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/issues/433\"\u003e#433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/aa947da47eed74547b440855668f969d0b17f732\"\u003e\u003ccode\u003eaa947da\u003c/code\u003e\u003c/a\u003e chore(deps): updated module github.com/testcontainers/testcontainers-go from ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/b9a7a83f84406e3d83aca5811c90395fc05384fe\"\u003e\u003ccode\u003eb9a7a83\u003c/code\u003e\u003c/a\u003e Updating github-config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.28.0...v0.31.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/paketo-buildpacks/packit/v2` from 2.21.0 to 2.25.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/paketo-buildpacks/packit/releases\"\u003egithub.com/paketo-buildpacks/packit/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.25.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverting commit with additional logging data by \u003ca href=\"https://github.com/pacostas\"\u003e\u003ccode\u003e@​pacostas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/693\"\u003epaketo-buildpacks/packit#693\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.25.1...v2.25.2\"\u003ehttps://github.com/paketo-buildpacks/packit/compare/v2.25.1...v2.25.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.25.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump github.com/anchore/syft from 1.32.0 to 1.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/688\"\u003epaketo-buildpacks/packit#688\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates github-config by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/690\"\u003epaketo-buildpacks/packit#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport fetch the CNB_TARGET_* env variables by \u003ca href=\"https://github.com/pacostas\"\u003e\u003ccode\u003e@​pacostas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/691\"\u003epaketo-buildpacks/packit#691\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.25.0...v2.25.1\"\u003ehttps://github.com/paketo-buildpacks/packit/compare/v2.25.0...v2.25.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump github.com/ulikunitz/xz from 0.5.14 to 0.5.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/686\"\u003epaketo-buildpacks/packit#686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFetching dependencies based on the CNB_TARGET_ARCH and CNB_TARGET_OS by \u003ca href=\"https://github.com/pacostas\"\u003e\u003ccode\u003e@​pacostas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/687\"\u003epaketo-buildpacks/packit#687\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.24.0...v2.25.0\"\u003ehttps://github.com/paketo-buildpacks/packit/compare/v2.24.0...v2.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.24.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/672\"\u003epaketo-buildpacks/packit#672\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/anchore/syft from 1.29.0 to 1.29.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/673\"\u003epaketo-buildpacks/packit#673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/anchore/syft from 1.29.1 to 1.30.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/675\"\u003epaketo-buildpacks/packit#675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates go mod version to 1.24.6 by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/674\"\u003epaketo-buildpacks/packit#674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates github-config by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/677\"\u003epaketo-buildpacks/packit#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/678\"\u003epaketo-buildpacks/packit#678\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/ulikunitz/xz from 0.5.12 to 0.5.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/679\"\u003epaketo-buildpacks/packit#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/onsi/gomega from 1.38.0 to 1.38.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/680\"\u003epaketo-buildpacks/packit#680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/onsi/gomega from 1.38.1 to 1.38.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/683\"\u003epaketo-buildpacks/packit#683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump syft to v1.32.0 by \u003ca href=\"https://github.com/modulo11\"\u003e\u003ccode\u003e@​modulo11\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/682\"\u003epaketo-buildpacks/packit#682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/ulikunitz/xz from 0.5.13 to 0.5.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/685\"\u003epaketo-buildpacks/packit#685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.23.0...v2.24.0\"\u003ehttps://github.com/paketo-buildpacks/packit/compare/v2.23.0...v2.24.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump github.com/anchore/syft from 1.28.0 to 1.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/669\"\u003epaketo-buildpacks/packit#669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/onsi/gomega from 1.37.0 to 1.38.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/670\"\u003epaketo-buildpacks/packit#670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly enforce strict arch checking when dependency specifies arch by \u003ca href=\"https://github.com/jericop\"\u003e\u003ccode\u003e@​jericop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/671\"\u003epaketo-buildpacks/packit#671\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.22.0...v2.23.0\"\u003ehttps://github.com/paketo-buildpacks/packit/compare/v2.22.0...v2.23.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/65b286992cde7663c32cbe4e5ee7759454548040\"\u003e\u003ccode\u003e65b2869\u003c/code\u003e\u003c/a\u003e fix: reverting loging with additional data (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/ebc8d8defadd65f70b859ffc85adbf8f4af43dce\"\u003e\u003ccode\u003eebc8d8d\u003c/code\u003e\u003c/a\u003e Support fetch the CNB_TARGET_* env variables (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/4a9b12890b6648f92eb1c1227b4786c67c3a82b8\"\u003e\u003ccode\u003e4a9b128\u003c/code\u003e\u003c/a\u003e Updating github-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/24c78cf200d4246d892553b55d853752b6558417\"\u003e\u003ccode\u003e24c78cf\u003c/code\u003e\u003c/a\u003e Bump github.com/anchore/syft from 1.32.0 to 1.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/331b7709092b568214190dbd0f96eacef4a2ea86\"\u003e\u003ccode\u003e331b770\u003c/code\u003e\u003c/a\u003e Fetching dependencies based on the CNB_TARGET_ARCH and CNB_TARGET_OS (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/issues/687\"\u003e#687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/42161c0ce281421a1c8a577cba294f9eab2152d0\"\u003e\u003ccode\u003e42161c0\u003c/code\u003e\u003c/a\u003e Bump github.com/ulikunitz/xz from 0.5.14 to 0.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/424acac9ae1897f9234773753eceddde372e1659\"\u003e\u003ccode\u003e424acac\u003c/code\u003e\u003c/a\u003e Bump github.com/ulikunitz/xz from 0.5.13 to 0.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/2340d7f842fd257efacd571b4e30dea988f98910\"\u003e\u003ccode\u003e2340d7f\u003c/code\u003e\u003c/a\u003e Bump syft to v1.32.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/2d14be6d6a49949c16e0f905798be32eb821124a\"\u003e\u003ccode\u003e2d14be6\u003c/code\u003e\u003c/a\u003e Bump github.com/onsi/gomega from 1.38.1 to 1.38.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/5b3decf158be12ae15a4ba35ca9df9ec8f5cc122\"\u003e\u003ccode\u003e5b3decf\u003c/code\u003e\u003c/a\u003e Bump github.com/onsi/gomega from 1.38.0 to 1.38.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.21.0...v2.25.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cel.dev/expr` from 0.24.0 to 0.25.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/cel-spec/releases\"\u003ecel.dev/expr's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v0.25.1\u003c/h2\u003e\n\u003cp\u003eMinor additions to the v0.25.0 release\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove test/v1 directory and its protos by \u003ca href=\"https://github.com/l46kok\"\u003e\u003ccode\u003e@​l46kok\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/487\"\u003egoogle/cel-spec#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd parsing tests for string and bytes literals by \u003ca href=\"https://github.com/hudlow\"\u003e\u003ccode\u003e@​hudlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/489\"\u003egoogle/cel-spec#489\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/google/cel-spec/compare/v0.25.0...v0.25.1\"\u003ehttps://github.com/google/cel-spec/compare/v0.25.0...v0.25.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease v0.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInitial version of the policy specification by \u003ca href=\"https://github.com/jcking\"\u003e\u003ccode\u003e@​jcking\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/477\"\u003egoogle/cel-spec#477\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove orphaned ToC entry for enums as ints from the specification by \u003ca href=\"https://github.com/timostamm\"\u003e\u003ccode\u003e@​timostamm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/476\"\u003egoogle/cel-spec#476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests for selector, function, and field names formerly defined as reserved by \u003ca href=\"https://github.com/hudlow\"\u003e\u003ccode\u003e@​hudlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/480\"\u003egoogle/cel-spec#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a test case for lastIndexOf in string_ext against an empty string by \u003ca href=\"https://github.com/l46kok\"\u003e\u003ccode\u003e@​l46kok\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/468\"\u003egoogle/cel-spec#468\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove TOC from language definition by \u003ca href=\"https://github.com/hudlow\"\u003e\u003ccode\u003e@​hudlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/482\"\u003egoogle/cel-spec#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove int(enum) -\u0026gt; int signature by \u003ca href=\"https://github.com/hudlow\"\u003e\u003ccode\u003e@​hudlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/483\"\u003egoogle/cel-spec#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify formatting decimals, add %f formatting test cases around rounding by \u003ca href=\"https://github.com/l46kok\"\u003e\u003ccode\u003e@​l46kok\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/485\"\u003egoogle/cel-spec#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove remaining google.rpc.Status deps from cel-spec by \u003ca href=\"https://github.com/TristonianJones\"\u003e\u003ccode\u003e@​TristonianJones\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/486\"\u003egoogle/cel-spec#486\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timostamm\"\u003e\u003ccode\u003e@​timostamm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/476\"\u003egoogle/cel-spec#476\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/google/cel-spec/compare/v0.24.0...v0.25.0\"\u003ehttps://github.com/google/cel-spec/compare/v0.24.0...v0.25.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/7f3c4c513b42d471d0be9439bf5bde38f45f8404\"\u003e\u003ccode\u003e7f3c4c5\u003c/code\u003e\u003c/a\u003e Add parsing tests for string and bytes literals (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/489\"\u003e#489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/d3430a81d403aa600083d041bcc729e6d97d31dd\"\u003e\u003ccode\u003ed3430a8\u003c/code\u003e\u003c/a\u003e Remove test/v1 directory and its protos (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/487\"\u003e#487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/3c96c7153bfb230150a84a34d4d7cc9bc670ca18\"\u003e\u003ccode\u003e3c96c71\u003c/code\u003e\u003c/a\u003e Remove remaining google.rpc.Status deps from cel-spec (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/486\"\u003e#486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/750024aed484c12d8837c4be612ddb8a5b65ecc4\"\u003e\u003ccode\u003e750024a\u003c/code\u003e\u003c/a\u003e Clarify formatting decimals, add %f formatting test cases around rounding (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/485\"\u003e#485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/9dd5f5ca72b3e8cbc890a3e13b6b218c9369cc4a\"\u003e\u003ccode\u003e9dd5f5c\u003c/code\u003e\u003c/a\u003e Remove int(enum) -\u0026gt; int signature (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/483\"\u003e#483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/808c918ee19b44613528838c994bdc3961148af2\"\u003e\u003ccode\u003e808c918\u003c/code\u003e\u003c/a\u003e Remove TOC from language definition (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/482\"\u003e#482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/bad3928b9c12d07c4d46c56b90534584480ba4fb\"\u003e\u003ccode\u003ebad3928\u003c/code\u003e\u003c/a\u003e Add a test case for lastIndexOf in string_ext against an empty string (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/468\"\u003e#468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/14cdd3f394daf7a14482e19deececb0f1b01bad4\"\u003e\u003ccode\u003e14cdd3f\u003c/code\u003e\u003c/a\u003e Tests for selector, function, and field names formerly defined as reserved (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/8a3339430fdf8f216d3e3a786d39c75f9e5c413c\"\u003e\u003ccode\u003e8a33394\u003c/code\u003e\u003c/a\u003e Remove orphaned ToC entry for enums as ints from the specification (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/476\"\u003e#476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/a8f582aae6a65b5c417c0ab7d22aab68f41ec4b2\"\u003e\u003ccode\u003ea8f582a\u003c/code\u003e\u003c/a\u003e Initial version of the policy specification (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/477\"\u003e#477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/google/cel-spec/compare/v0.24.0...v0.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go` from 0.121.4 to 0.123.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md\"\u003ecloud.google.com/go's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.122.0...v0.123.0\"\u003e0.123.0\u003c/a\u003e (2025-09-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/stategen:\u003c/strong\u003e Populate the latest googleapis commit (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12880\"\u003e#12880\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/7b017a083ddd322b21faf413a329ba870a98db96\"\u003e7b017a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elibrariangen:\u003c/strong\u003e Implement the build command (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12817\"\u003e#12817\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/14734c875103f97748857b9b0472fd0b2658663f\"\u003e14734c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Add link to source commit in release notes (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12881\"\u003e#12881\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1c06cc6109a84941c367896575b187b79befc3af\"\u003e1c06cc6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Fix CHANGES.md headers (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12849\"\u003e#12849\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/baf515dfe0d94f36c9dc232f6b55e9828b268eb0\"\u003ebaf515d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Remove go mod init/tidy from postprocessor (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12832\"\u003e#12832\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1fe506a37e68497b6da4587d409b79e7b4d2a113\"\u003e1fe506a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Test for error path with flags (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12830\"\u003e#12830\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/f0da7b22488b4d9f6232d227d3e196d8d2b92858\"\u003ef0da7b2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/postprocessor:\u003c/strong\u003e Add dlp to skip-module-scan-paths (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12857\"\u003e#12857\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/45a7d9b4b9083d1bcaca89c3d86878ba77c230e3\"\u003e45a7d9b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elibrariangen:\u003c/strong\u003e Honor original container contract (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12846\"\u003e#12846\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/71c8fd368667f74426aa31b6c50def8151482480\"\u003e71c8fd3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elibrariangen:\u003c/strong\u003e Improvements to release-init (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12842\"\u003e#12842\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/0db677a93fe16b9a62bb69a3cea7bc45d5aaec36\"\u003e0db677a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003estategen:\u003c/strong\u003e Specify an appropriate tag format for google-cloud-go (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12835\"\u003e#12835\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/ffcff33a0c3fad720a31083672c4cf2498af719f\"\u003effcff33\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.121.6...v0.122.0\"\u003e0.122.0\u003c/a\u003e (2025-09-04)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Add release-init command (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12751\"\u003e#12751\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/52e84cc9a11077eb3c50a0b5fc9aa26361d63b47\"\u003e52e84cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/godocfx:\u003c/strong\u003e Better support for v2 modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12797\"\u003e#12797\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/4bc878597a5e6bd97cf3ee2174f6df7fbdd2d47b\"\u003e4bc8785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/godocfx:\u003c/strong\u003e Module detection when tidy errors (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12801\"\u003e#12801\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/83d46cdc5ed7cfbb94038e7fa1f787adfe532c74\"\u003e83d46cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Fix goimports errors (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12765\"\u003e#12765\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/83bdaa4ce4e42f8b4a29e2055fc4894d8c6b1e2c\"\u003e83bdaa4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.121.5...v0.121.6\"\u003e0.121.6\u003c/a\u003e (2025-08-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Fix Dockerfile permissions for go mod tidy (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12704\"\u003e#12704\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/0e70a0b6afccc016c67337f340e2755fe7a476ca\"\u003e0e70a0b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.121.4...v0.121.5\"\u003e0.121.5\u003c/a\u003e (2025-08-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Get README title from service config yaml (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12676\"\u003e#12676\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/b3b8f70a15ae477885f3ecc92e01ae37b7505de3\"\u003eb3b8f70\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Update source_paths to source_roots in generate-request.json (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12691\"\u003e#12691\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/2adb6f9a67f21fba32371fb4b3dcfb7204309560\"\u003e2adb6f9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/4e8373586a5e48c18fbfd4bb0a3e259184e49a91\"\u003e\u003ccode\u003e4e83735\u003c/code\u003e\u003c/a\u003e chore(main): release 0.123.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12825\"\u003e#12825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/f557e308cb70fa4fde7104ebe9327892729a8d36\"\u003e\u003ccode\u003ef557e30\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12913\"\u003e#12913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/a10ecc9b3c22e320e9a32dedef7248b42465cd49\"\u003e\u003ccode\u003ea10ecc9\u003c/code\u003e\u003c/a\u003e chore: bump changed modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12915\"\u003e#12915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/3ae39f92307c14a6ac55e635e52d45969520fa9e\"\u003e\u003ccode\u003e3ae39f9\u003c/code\u003e\u003c/a\u003e chore: refactor request/response handling and metadata updates (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12875\"\u003e#12875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/30a42997bc488b3f8711a79d0e42f22e12db01ea\"\u003e\u003ccode\u003e30a4299\u003c/code\u003e\u003c/a\u003e fix: upgrade gRPC service registration func (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12914\"\u003e#12914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/061983381c66dbc6d4a0f2d2c285231e775ad8ff\"\u003e\u003ccode\u003e0619833\u003c/code\u003e\u003c/a\u003e test(spanner): increase context timeout to allow one executeSql to be execute...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9e2646b1821231183fd775bb107c062865eeaccd\"\u003e\u003ccode\u003e9e2646b\u003c/code\u003e\u003c/a\u003e fix(compute/metadata): set subClient for UseDefaultClient case (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12911\"\u003e#12911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/4b404fafe4cdb51d4485e7f6fed056eb47edb78b\"\u003e\u003ccode\u003e4b404fa\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12906\"\u003e#12906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/187a58a540494e1e8562b046325b8cad8cf7af4a\"\u003e\u003ccode\u003e187a58a\u003c/code\u003e\u003c/a\u003e fix(compute/metadata): disable Client timeouts for subscription client (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12910\"\u003e#12910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/003abca9172082ad1f2fbcc9b37639f389ade8ee\"\u003e\u003ccode\u003e003abca\u003c/code\u003e\u003c/a\u003e feat(spanner): support \u0026quot;readOnly\u0026quot; column tag parsing for Go struct operations...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.121.4...v0.123.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go/auth` from 0.16.3 to 0.16.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/833f2f2bc08f21098ecb82f264d746e2baa92869\"\u003e\u003ccode\u003e833f2f2\u003c/code\u003e\u003c/a\u003e chore(main): release auth 0.16.4 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12667\"\u003e#12667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1482191e88236693efef68769752638281566766\"\u003e\u003ccode\u003e1482191\u003c/code\u003e\u003c/a\u003e fix(auth): add UseDefaultClient: true to metadata.Options (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12666\"\u003e#12666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/d24181fbd33e9ddb254279d001925b0765d985a6\"\u003e\u003ccode\u003ed24181f\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12636\"\u003e#12636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/a0a855cdbf1eaab1dcc2adc53ab0326b34bde665\"\u003e\u003ccode\u003ea0a855c\u003c/code\u003e\u003c/a\u003e chore(main): release spanner 1.84.1 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12664\"\u003e#12664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/a1ce8c26651e7a0ba4f1b20aba4c0fefbab0b972\"\u003e\u003ccode\u003ea1ce8c2\u003c/code\u003e\u003c/a\u003e chore(spanner): release 1.84.1 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12665\"\u003e#12665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/8b410ec689591a591aecb46831f2f50706cb973f\"\u003e\u003ccode\u003e8b410ec\u003c/code\u003e\u003c/a\u003e feat(spanner): release 1.84.1 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12663\"\u003e#12663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/7558990fffc196a58cecd2ac4289b7bb16290e22\"\u003e\u003ccode\u003e7558990\u003c/code\u003e\u003c/a\u003e fix: receive trailers to prevent buildup of pending goroutines (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12662\"\u003e#12662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1a8820900f20e038291c4bb2c5284a449196e81f\"\u003e\u003ccode\u003e1a88209\u003c/code\u003e\u003c/a\u003e feat(compute/metadata): add Options.UseDefaultClient (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12657\"\u003e#12657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/3edcbf3b5093322ca3f9a96cdc243c8043a01902\"\u003e\u003ccode\u003e3edcbf3\u003c/code\u003e\u003c/a\u003e chore(storage): update apiary dependency (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12654\"\u003e#12654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/c3574a2b4448330a9d46bdc810ebdc090f2d7246\"\u003e\u003ccode\u003ec3574a2\u003c/code\u003e\u003c/a\u003e feat(aiplatform): add FeatureViewDirectWrite API in v1 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12645\"\u003e#12645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/auth/v0.16.3...auth/v0.16.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go/compute/metadata` from 0.7.0 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md\"\u003ecloud.google.com/go/compute/metadata's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eprofiler package added.\u003c/li\u003e\n\u003cli\u003estorage:\n\u003cul\u003e\n\u003cli\u003eRetry Objects.Insert call.\u003c/li\u003e\n\u003cli\u003eAdd ProgressFunc to WRiter.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003epubsub: breaking changes:\n\u003cul\u003e\n\u003cli\u003ePublish is now asynchronous (\u003ca href=\"https://groups.google.com/d/topic/google-api-go-announce/aaqRDIQ3rvU/discussion\"\u003eannouncement\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eSubscription.Pull replaced by Subscription.Receive, which takes a callback (\u003ca href=\"https://groups.google.com/d/topic/google-api-go-announce/8pt6oetAdKc/discussion\"\u003eannouncement\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eMessage.Done replaced with Message.Ack and Message.Nack.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e11d9d1a1722e191d3d017c08077f2c15189769a\"\u003e\u003ccode\u003ee11d9d1\u003c/code\u003e\u003c/a\u003e rpcreplay: file format and I/O\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/f5c3fe2352c8d679cfc47d2f102449571022c323\"\u003e\u003ccode\u003ef5c3fe2\u003c/code\u003e\u003c/a\u003e profiler: Add Cloud Profiler runtime agent for Go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/87cc1d286587530f709063127a1faef4ed8431c5\"\u003e\u003ccode\u003e87cc1d2\u003c/code\u003e\u003c/a\u003e rpcreplay: package doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/b4e9a381a01e953e880e6d2cf7fd02d412977cae\"\u003e\u003ccode\u003eb4e9a38\u003c/code\u003e\u003c/a\u003e storage: retry Objects.Insert call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9a04fc8dc5de830157ea2887ab5565f964c311a7\"\u003e\u003ccode\u003e9a04fc8\u003c/code\u003e\u003c/a\u003e trace: respond with trace context to report the sampling options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e8b5f2cc58266b603c1d7dc9f6ac0f254d1670df\"\u003e\u003ccode\u003ee8b5f2c\u003c/code\u003e\u003c/a\u003e spanner: Increased the maximum allowed sending and recieving msg size to 100 MB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/dd88571a2747f25e093c425b9a598db5bec04e57\"\u003e\u003ccode\u003edd88571\u003c/code\u003e\u003c/a\u003e bigtable: Fix documentation for timestamp range filters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/c60d02f3cdeb4bf91d4810e9e505800cad03ce9f\"\u003e\u003ccode\u003ec60d02f\u003c/code\u003e\u003c/a\u003e pubsub: clarify that Topic is goroutine-safe\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/69931d826ffbbcb4f8451b42d5cf7fc2ac6c7443\"\u003e\u003ccode\u003e69931d8\u003c/code\u003e\u003c/a\u003e bigquery: get streaming buffer info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/7d132fead24899d37a2aef0112d06b9d5b891d19\"\u003e\u003ccode\u003e7d132fe\u003c/code\u003e\u003c/a\u003e bigtable: Fix GCRuleToString when GcRule is nil\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.7.0...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go/iam` from 1.5.2 to 1.5.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/bf00b9db931a52688d14eb44d4fdf4443338dc9a\"\u003e\u003ccode\u003ebf00b9d\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13076\"\u003e#13076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9dd3adf2bb0d57dff8d85f89a29e8cea03274c29\"\u003e\u003ccode\u003e9dd3adf\u003c/code\u003e\u003c/a\u003e chore: bump changed modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13075\"\u003e#13075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9f9d01f1ba68b8352c76ff582f6a5c6adc22663b\"\u003e\u003ccode\u003e9f9d01f\u003c/code\u003e\u003c/a\u003e fix: upgrade gRPC service registration func (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13063\"\u003e#13063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/f14260d44bcc559ad063e9e2d70ae10b081b2b66\"\u003e\u003ccode\u003ef14260d\u003c/code\u003e\u003c/a\u003e chore(.github): restore deep-remove-regex entries (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13073\"\u003e#13073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e127d945db690aeec0c8b470a3bf63a2a646418c\"\u003e\u003ccode\u003ee127d94\u003c/code\u003e\u003c/a\u003e test(bigtable): refactor TestRetryApply for clarity (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13052\"\u003e#13052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/2930b5c509e774a071de56d1610ad5510e55fc01\"\u003e\u003ccode\u003e2930b5c\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13065\"\u003e#13065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/bc93e83f566ff1ea7682d785f40f2422c3ad0ed6\"\u003e\u003ccode\u003ebc93e83\u003c/code\u003e\u003c/a\u003e chore: bump changed modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13064\"\u003e#13064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/0ce207f307dab7c6bc907bee285694dd696ae66c\"\u003e\u003ccode\u003e0ce207f\u003c/code\u003e\u003c/a\u003e test(firestore): correct TestIntegration_WatchQuery (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13053\"\u003e#13053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/04ac2d2c53053fbcefac7bbf2cc5c0c0063e0866\"\u003e\u003ccode\u003e04ac2d2\u003c/code\u003e\u003c/a\u003e chore(.librarian): special-case fixes in state.yaml (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13062\"\u003e#13062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/b94c3ba69994d9c56ae8f302449dd8df6f287296\"\u003e\u003ccode\u003eb94c3ba\u003c/code\u003e\u003c/a\u003e fix(storage): remove default timeout for gRPC operations (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13022\"\u003e#13022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/iam/v1.5.2...iam/v1.5.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go/monitoring` from 1.24.2 to 1.24.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/bf00b9db931a52688d14eb44d4fdf4443338dc9a\"\u003e\u003ccode\u003ebf00b9d\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13076\"\u003e#13076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9dd3adf2bb0d57dff8d85f89a29e8cea03274c29\"\u003e\u003ccode\u003e9dd3adf\u003c/code\u003e\u003c/a\u003e chore: bump changed modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13075\"\u003e#13075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9f9d01f1ba68b8352c76ff582f6a5c6adc22663b\"\u003e\u003ccode\u003e9f9d01f\u003c/code\u003e\u003c/a\u003e fix: upgrade gRPC service registration func (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13063\"\u003e#13063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/f14260d44bcc559ad063e9e2d70ae10b081b2b66\"\u003e\u003ccode\u003ef14260d\u003c/code\u003e\u003c/a\u003e chore(.github): restore deep-remove-regex entries (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13073\"\u003e#13073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e127d945db690aeec0c8b470a3bf63a2a646418c\"\u003e\u003ccode\u003ee127d94\u003c/code\u003e\u003c/a\u003e test(bigtable): refactor TestRetryApply for clarity (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13052\"\u003e#13052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/2930b5c509e774a071de56d1610ad5510e55fc01\"\u003e\u003ccode\u003e2930b5c\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13065\"\u003e#13065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/bc93e83f566ff1ea7682d785f40f2422c3ad0ed6\"\u003e\u003ccode\u003ebc93e83\u003c/code\u003e\u003c/a\u003e chore: bump changed modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13064\"\u003e#13064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/0ce207f307dab7c6bc907bee285694dd696ae66c\"\u003e\u003ccode\u003e0ce207f\u003c/code\u003e\u003c/a\u003e test(firestore): correct TestIntegration_WatchQuery (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13053\"\u003e#13053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/04ac2d2c53053fbcefac7bbf2cc5c0c0063e0866\"\u003e\u003ccode\u003e04ac2d2\u003c/code\u003e\u003c/a\u003e chore(.librarian): special-case fixes in state.yaml (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13062\"\u003e#13062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/b94c3ba69994d9c56ae8f302449dd8df6f287296\"\u003e\u003ccode\u003eb94c3ba\u003c/code\u003e\u003c/a\u003e fix(storage): remove default timeout for gRPC operations (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13022\"\u003e#13022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/monitoring/v1.24.2...monitoring/v1.24.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go/storage` from 1.55.0 to 1.56.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1782dc379aaa69a69c08df54adcc6b93af691f7b\"\u003e\u003ccode\u003e1782dc3\u003c/code\u003e\u003c/a\u003e chore(main): release spanner 1.56.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9271\"\u003e#9271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/5f156e8c88f4729f569ee5b4ac9378dda3907997\"\u003e\u003ccode\u003e5f156e8\u003c/code\u003e\u003c/a\u003e feat(spanner/spansql): add support for CREATE VIEW with SQL SECURITY DEFINER ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e577006768472799930f3f5d62fc619732c4c460\"\u003e\u003ccode\u003ee577006\u003c/code\u003e\u003c/a\u003e chore(internal/actions): add touch flag to changefinder (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9325\"\u003e#9325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/dce9db4edb82502af57dfa7ac08b8d6a4b41ce44\"\u003e\u003ccode\u003edce9db4\u003c/code\u003e\u003c/a\u003e deps(bigqueyry): bump google.golang.org/api to 0.160.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9323\"\u003e#9323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/4b4c56706469866e2faeaae59e36ca52e62ecf7b\"\u003e\u003ccode\u003e4b4c567\u003c/code\u003e\u003c/a\u003e chore(visionai): add config to generate apiv1 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9322\"\u003e#9322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/053ea29437dae1bbe4f3351f90e92db714e6cbe4\"\u003e\u003ccode\u003e053ea29\u003c/code\u003e\u003c/a\u003e chore: update Go gapic generator to v0.40.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9314\"\u003e#9314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/d39c8a89af5864b2e8280bfc4517269e18d00c96\"\u003e\u003ccode\u003ed39c8a8\u003c/code\u003e\u003c/a\u003e chore(main): release pubsub 1.36.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9313\"\u003e#9313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/2b6b0da48517fd0b682077b0fdf6f6a8f162910b\"\u003e\u003ccode\u003e2b6b0da\u003c/code\u003e\u003c/a\u003e fix(pubsub): move flow control release to callback completion (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9311\"\u003e#9311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/97d62c7a6a305c47670ea9c147edc444f4bf8620\"\u003e\u003ccode\u003e97d62c7\u003c/code\u003e\u003c/a\u003e docs(maps/fleetengine): update comment on Waypoint (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9291\"\u003e#9291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/10c82609951329526f164a7ec4dd766eb8293382\"\u003e\u003ccode\u003e10c8260\u003c/code\u003e\u003c/a\u003e chore(internal/gapicgen/git): run gofmt (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9307\"\u003e#9307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/spanner/v1.55.0...spanner/v1.56.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/CycloneDX/cyclonedx-go` from 0.9.2 to 0.9.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/releases\"\u003egithub.com/CycloneDX/cyclonedx-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.9.3\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e6636ce32f8b15a5104fda6636937e91d62d647e7: fix: \u003ccode\u003e.component.data\u003c/code\u003e was not a slice as per CycloneDX schema \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/242\"\u003e#242\u003c/a\u003e (\u003ca href=\"https://github.com/madpah\"\u003e\u003ccode\u003e@​madpah\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e3e0f245f7b936eb38e16d0518a2a0020c0d69223: fix: add missing properties (\u003ca href=\"https://github.com/rdghe\"\u003e\u003ccode\u003e@​rdghe\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBuilding and Packaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e24c8c33dd36390754b63f9ab056b2bf62b1eb70f: build(deps): bump actions/setup-go from 5.2.0 to 5.4.0 (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e5fcf097fbdcedb6832989d0a74195f0698b48de8: build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003eedea8aedbc8467a478ac4b11d587c9bdff68f0dd: build(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003ef32eebc413c71327df4fd6f264aa9f22e6e8cce1: build(deps): bump gitpod/workspace-go from \u003ccode\u003e4702df2\u003c/code\u003e to \u003ccode\u003e8985eb7\u003c/code\u003e (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e7fdaa7fc2b0fe25ff5eb17d57bede84131415674: build(deps): bump gitpod/workspace-go from \u003ccode\u003e6932342\u003c/code\u003e to \u003ccode\u003e4702df2\u003c/code\u003e (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003ed62ea3cd450cbd3aebcbf9a50c8d12b2e4187b13: build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e4709461dea7961fbd824e433b3c68217ff856122: build(deps): bump goreleaser/goreleaser-action from 6.1.0 to 6.3.0 (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/72e4629d580624c7d6bd815e2d209a0a62d08047\"\u003e\u003ccode\u003e72e4629\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/243\"\u003e#243\u003c/a\u003e from madpah/fix/component-data-schema\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/6636ce32f8b15a5104fda6636937e91d62d647e7\"\u003e\u003ccode\u003e6636ce3\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003e.component.data\u003c/code\u003e was not a slice as per CycloneDX schema \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/242\"\u003e#242\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/a39bf6be93d4ecca076f4379031dc24cddac4937\"\u003e\u003ccode\u003ea39bf6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/232\"\u003e#232\u003c/a\u003e from CycloneDX/dependabot/github_actions/actions/setu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/cff8cd548a906d6a5534b60056f2ab4b3e9c522b\"\u003e\u003ccode\u003ecff8cd5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/233\"\u003e#233\u003c/a\u003e from CycloneDX/dependabot/docker/gitpod/workspace-go-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/6a93b76287597c06d2aa64e9281bb8e003bb8bbb\"\u003e\u003ccode\u003e6a93b76\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/234\"\u003e#234\u003c/a\u003e from rdghe/fix/add-missing-properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/3e0f245f7b936eb38e16d0518a2a0020c0d69223\"\u003e\u003ccode\u003e3e0f245\u003c/code\u003e\u003c/a\u003e fix: add missing properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/f32eebc413c71327df4fd6f264aa9f22e6e8cce1\"\u003e\u003ccode\u003ef32eebc\u003c/code\u003e\u003c/a\u003e build(deps): bump gitpod/workspace-go from \u003ccode\u003e4702df2\u003c/code\u003e to \u003ccode\u003e8985eb7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/5fcf097fbdcedb6832989d0a74195f0698b48de8\"\u003e\u003ccode\u003e5fcf097\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/setup-go from 5.4.0 to 5.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/75427c8613483b8939c4c5916d55f00fc1f458ef\"\u003e\u003ccode\u003e75427c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/222\"\u003e#222\u003c/a\u003e from CycloneDX/dependabot/docker/gitpod/workspace-go-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/551624d8f7fd283bc4b8d25fde912659b3f9a18e\"\u003e\u003ccode\u003e551624d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/217\"\u003e#217\u003c/a\u003e from CycloneDX/dependabot/github_actions/apache/skywa...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/compare/v0.9.2...v0.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp` from 1.29.0 to 1.30.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/releases\"\u003egithub.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.5.1 and v0.29.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle explicit reset points in the disabled normalizer by \u003ca href=\"https://github.com/dashpole\"\u003e\u003ccode\u003e@​dashpole\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/378\"\u003eGoogleCloudPlatform/opentelemetry-operations-go#378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd struct tag for sum of squared deviations estimate and factory test. by \u003ca href=\"https://github.com/dashpole\"\u003e\u003ccode\u003e@​dashpole\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/GoogleCloudPlatform/op...\n\n_Description has been truncated_","html_url":"https://github.com/cyrillesondag/paketo-buildpacks-pnpm/pull/69","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyrillesondag%2Fpaketo-buildpacks-pnpm/issues/69","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/69/packages"}],"issue_packages":[{"old_version":"0.5.1","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-05-21T05:53:32.000Z","version_change":"0.5.1 → 0.6.1","issue":{"uuid":"4492101499","node_id":"PR_kwDOGZIwWs7dzxQF","number":529,"state":"closed","title":"chore(deps): Bump the production-dependencies group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","lgtm","size/XXL"],"assignees":["jcanocan"],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-05-22T05:54:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T05:53:32.000Z","updated_at":"2026-05-22T05:54:19.000Z","time_to_close":86445,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":5,"packages":[{"name":"github.com/google/go-containerregistry","old_version":"0.21.5","new_version":"0.21.6","repository_url":"https://github.com/google/go-containerregistry"},{"name":"go.podman.io/image/v5","old_version":"5.39.2","new_version":"5.40.0","repository_url":"https://github.com/containers/container-libs"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1"},{"name":"github.com/docker/cli","old_version":"29.5.0+incompatible","new_version":"29.5.1+incompatible"},{"name":"go.podman.io/storage","old_version":"1.62.0","new_version":"1.63.0"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 2 updates in the / directory: [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) and [go.podman.io/image/v5](https://github.com/containers/container-libs).\n\nUpdates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/go-containerregistry/releases\"\u003egithub.com/google/go-containerregistry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.21.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: update dependencies to use new azure sdk components by \u003ca href=\"https://github.com/gaganhr94\"\u003e\u003ccode\u003e@​gaganhr94\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2262\"\u003egoogle/go-containerregistry#2262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etransport: restore resp.Body in retryError so CheckError can parse it by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2264\"\u003egoogle/go-containerregistry#2264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epkg/registry: return 202 Accepted for PATCH chunk uploads by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2265\"\u003egoogle/go-containerregistry#2265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFollow OCI distribution spec for artifactType and annotations by \u003ca href=\"https://github.com/malt3\"\u003e\u003ccode\u003e@​malt3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2269\"\u003egoogle/go-containerregistry#2269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eactions: attach Codecov token to coverage tests on main by \u003ca href=\"https://github.com/Subserial\"\u003e\u003ccode\u003e@​Subserial\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2270\"\u003egoogle/go-containerregistry#2270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremote: use DeleteScope (with \u0026quot;delete\u0026quot; action) for manifest deletion by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2266\"\u003egoogle/go-containerregistry#2266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremote: limit concurrent layer pulls by \u003ca href=\"https://github.com/gnix0\"\u003e\u003ccode\u003e@​gnix0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2271\"\u003egoogle/go-containerregistry#2271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epkg/registry: reject corrupt disk blobs by \u003ca href=\"https://github.com/gnix0\"\u003e\u003ccode\u003e@​gnix0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2272\"\u003egoogle/go-containerregistry#2272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emutate: close layer readers during export by \u003ca href=\"https://github.com/gnix0\"\u003e\u003ccode\u003e@​gnix0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2277\"\u003egoogle/go-containerregistry#2277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecrane/flatten: preserve image media type when flattening by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2267\"\u003egoogle/go-containerregistry#2267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 in the actions group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2273\"\u003egoogle/go-containerregistry#2273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2278\"\u003egoogle/go-containerregistry#2278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the go-deps group across 3 directories with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2280\"\u003egoogle/go-containerregistry#2280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace go-homedir with os.UserHomeDir by \u003ca href=\"https://github.com/jammie-jelly\"\u003e\u003ccode\u003e@​jammie-jelly\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2282\"\u003egoogle/go-containerregistry#2282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epkg/name: only treat .localhost as non-HTTPS, not .local by \u003ca href=\"https://github.com/blackwell-systems\"\u003e\u003ccode\u003e@​blackwell-systems\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2281\"\u003egoogle/go-containerregistry#2281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etransport: block unspecified IPs (0.0.0.0, ::) in validateRealmURL by \u003ca href=\"https://github.com/marwan9696\"\u003e\u003ccode\u003e@​marwan9696\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2285\"\u003egoogle/go-containerregistry#2285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(mutate): add Extract round-trip test for filesystem object preservation by \u003ca href=\"https://github.com/blackwell-systems\"\u003e\u003ccode\u003e@​blackwell-systems\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2283\"\u003egoogle/go-containerregistry#2283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexperiments: remove deprecated support for estargz by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2288\"\u003egoogle/go-containerregistry#2288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 in the actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2289\"\u003egoogle/go-containerregistry#2289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: limit HTTP response body reads to prevent OOM by \u003ca href=\"https://github.com/evilgensec\"\u003e\u003ccode\u003e@​evilgensec\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2296\"\u003egoogle/go-containerregistry#2296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the go-deps group across 3 directories with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2297\"\u003egoogle/go-containerregistry#2297\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etransport: block redirects from token server to private/link-local addresses (SSRF fix) by \u003ca href=\"https://github.com/evilgensec\"\u003e\u003ccode\u003e@​evilgensec\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2292\"\u003egoogle/go-containerregistry#2292\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract by \u003ca href=\"https://github.com/anishesg\"\u003e\u003ccode\u003e@​anishesg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2279\"\u003egoogle/go-containerregistry#2279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003evalidate: skip non-layer layers by \u003ca href=\"https://github.com/imjasonh\"\u003e\u003ccode\u003e@​imjasonh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2298\"\u003egoogle/go-containerregistry#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremote: validate foreign layer URLs to prevent SSRF (fixes \u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2259\"\u003e#2259\u003c/a\u003e) by \u003ca href=\"https://github.com/evilgensec\"\u003e\u003ccode\u003e@​evilgensec\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2293\"\u003egoogle/go-containerregistry#2293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremote: block SSRF via private-IP Location headers in blob uploads by \u003ca href=\"https://github.com/adilburaksen\"\u003e\u003ccode\u003e@​adilburaksen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2295\"\u003egoogle/go-containerregistry#2295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mutate): preserve config blob and layers for non-Docker OCI artifacts by \u003ca href=\"https://github.com/blackwell-systems\"\u003e\u003ccode\u003e@​blackwell-systems\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2286\"\u003egoogle/go-containerregistry#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: preserve per-occurrence layer identity in mutate.Image.Layers() by \u003ca href=\"https://github.com/iahsanGill\"\u003e\u003ccode\u003e@​iahsanGill\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2299\"\u003egoogle/go-containerregistry#2299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etransport: retry HTTP 429 (Too Many Requests) by \u003ca href=\"https://github.com/iahsanGill\"\u003e\u003ccode\u003e@​iahsanGill\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2301\"\u003egoogle/go-containerregistry#2301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etransport: allow bearer realm at same host:port as registry by \u003ca href=\"https://github.com/iahsanGill\"\u003e\u003ccode\u003e@​iahsanGill\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2302\"\u003egoogle/go-containerregistry#2302\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate go version to 1.26.3 by \u003ca href=\"https://github.com/Subserial\"\u003e\u003ccode\u003e@​Subserial\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2300\"\u003egoogle/go-containerregistry#2300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gaganhr94\"\u003e\u003ccode\u003e@​gaganhr94\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2262\"\u003egoogle/go-containerregistry#2262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2264\"\u003egoogle/go-containerregistry#2264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/malt3\"\u003e\u003ccode\u003e@​malt3\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2269\"\u003egoogle/go-containerregistry#2269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gnix0\"\u003e\u003ccode\u003e@​gnix0\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2271\"\u003egoogle/go-containerregistry#2271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/blackwell-systems\"\u003e\u003ccode\u003e@​blackwell-systems\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2281\"\u003egoogle/go-containerregistry#2281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marwan9696\"\u003e\u003ccode\u003e@​marwan9696\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2285\"\u003egoogle/go-containerregistry#2285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishesg\"\u003e\u003ccode\u003e@​anishesg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2279\"\u003egoogle/go-containerregistry#2279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adilburaksen\"\u003e\u003ccode\u003e@​adilburaksen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2295\"\u003egoogle/go-containerregistry#2295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/iahsanGill\"\u003e\u003ccode\u003e@​iahsanGill\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/go-containerregistry/pull/2299\"\u003egoogle/go-containerregistry#2299\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/google/go-containerregistry/compare/v0.21.5...v0.21.6\"\u003ehttps://github.com/google/go-containerregistry/compare/v0.21.5...v0.21.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/53f7e39e15bfd6aeea6a5f733ee1a8fcf54c15cf\"\u003e\u003ccode\u003e53f7e39\u003c/code\u003e\u003c/a\u003e Update go version to 1.26.3 (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2300\"\u003e#2300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/bf87c3bfe4cc3218ac0baa364545d72729d2906d\"\u003e\u003ccode\u003ebf87c3b\u003c/code\u003e\u003c/a\u003e transport: allow bearer realm at same host:port as registry (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2302\"\u003e#2302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/c55facddfbd7fc3d648c6fdda9860b350b013a76\"\u003e\u003ccode\u003ec55facd\u003c/code\u003e\u003c/a\u003e transport: retry HTTP 429 (Too Many Requests) (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2301\"\u003e#2301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/68a569e4a0eb927d36ccb0fcdf4578425c03b5a2\"\u003e\u003ccode\u003e68a569e\u003c/code\u003e\u003c/a\u003e fix: preserve per-occurrence layer identity in Layers() (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2299\"\u003e#2299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/35b354b436879457221028f05a580fe1c0deccbc\"\u003e\u003ccode\u003e35b354b\u003c/code\u003e\u003c/a\u003e fix(mutate): preserve config blob and layers for non-Docker OCI artifacts (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2\"\u003e#2\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/e5983f2a67ec46b76984ce6de85de08a44eee955\"\u003e\u003ccode\u003ee5983f2\u003c/code\u003e\u003c/a\u003e remote: block SSRF via private-IP Location headers in blob uploads (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2295\"\u003e#2295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/6dad820da7de0d619f1127c46914f2eaf58e3b46\"\u003e\u003ccode\u003e6dad820\u003c/code\u003e\u003c/a\u003e remote: validate foreign layer URLs to prevent SSRF (fixes \u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2259\"\u003e#2259\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2293\"\u003e#2293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/78bdf1b7e2105cdfcd8f23509992c78357ce16ed\"\u003e\u003ccode\u003e78bdf1b\u003c/code\u003e\u003c/a\u003e validate: skip non-layer layers (\u003ca href=\"https://redirect.github.com/google/go-containerregistry/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/c29d91cdc394cb288270f4dd04a31f81054946f4\"\u003e\u003ccode\u003ec29d91c\u003c/code\u003e\u003c/a\u003e pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-containerregistry/commit/a70d75a6915ed3137792206dac4bca21d1924959\"\u003e\u003ccode\u003ea70d75a\u003c/code\u003e\u003c/a\u003e transport: block redirects from token server to private/link-local addresses ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/google/go-containerregistry/compare/v0.21.5...v0.21.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/image/v5` from 5.39.2 to 5.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/3c2fa91fe10032693063faac91470a84523dd26a\"\u003e\u003ccode\u003e3c2fa91\u003c/code\u003e\u003c/a\u003e Bump to c/image v5.40\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/f871d195072be221537d1d7d5fd969c9a3ac9f17\"\u003e\u003ccode\u003ef871d19\u003c/code\u003e\u003c/a\u003e Bump to c/storage v1.63.0 in c/image, c/image to v5.40\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/550f62f274dbfc1523ade003f1e9384fff829f17\"\u003e\u003ccode\u003e550f62f\u003c/code\u003e\u003c/a\u003e Bump c/storage to v1.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/4fa186482657d75f3a09beec74090040527bc8d6\"\u003e\u003ccode\u003e4fa1864\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/816\"\u003e#816\u003c/a\u003e from alexlarsson/fix-composefs-verity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/32704ef886484dac01d986ed459da3f632a03ce8\"\u003e\u003ccode\u003e32704ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/855\"\u003e#855\u003c/a\u003e from containers/renovate/github.com-docker-cli-29.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/98ff31ac75a0d58ceb4a37ff80a7be1d6d2e5ced\"\u003e\u003ccode\u003e98ff31a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/853\"\u003e#853\u003c/a\u003e from mheon/containers_conf_documentation_removals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/3e1614595cda86809c27a8be66bbbe9e65c383ba\"\u003e\u003ccode\u003e3e16145\u003c/code\u003e\u003c/a\u003e Update module github.com/docker/cli to v29.5.1+incompatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/206fff340ff068bd07193556a8a254c1b59b826f\"\u003e\u003ccode\u003e206fff3\u003c/code\u003e\u003c/a\u003e Manpage: remove slirp4netns/boltdb references\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/3592bda57d2498defdf73f2d53f899267cda74d7\"\u003e\u003ccode\u003e3592bda\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/852\"\u003e#852\u003c/a\u003e from containers/renovate/github.com-onsi-gomega-1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/f04d9c8daa467c4cae240b3ec62059df87c0c726\"\u003e\u003ccode\u003ef04d9c8\u003c/code\u003e\u003c/a\u003e Update module github.com/onsi/gomega to v1.41.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/container-libs/compare/image/v5.39.2...image/v5.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/cli` from 29.5.0+incompatible to 29.5.1+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/2518b52d948a0cbee071d394c03c86a3005636ba\"\u003e\u003ccode\u003e2518b52\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6991\"\u003e#6991\u003c/a\u003e from mickael-docker/docs-clarify-authz\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/9f18a0a70c9228f5892594c6b56425b8bed1899f\"\u003e\u003ccode\u003e9f18a0a\u003c/code\u003e\u003c/a\u003e docs: clarify authz content type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/2944fd1daa5d54315ab8fcd874ea9cb6199c6117\"\u003e\u003ccode\u003e2944fd1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6989\"\u003e#6989\u003c/a\u003e from thaJeztah/bump_version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/c41489ac3901885bb3891aef9cfe65ca69dc4580\"\u003e\u003ccode\u003ec41489a\u003c/code\u003e\u003c/a\u003e bump VERSION to v29.5.1-dev\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/docker/cli/compare/v29.5.0...v29.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/storage` from 1.62.0 to 1.63.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/550f62f274dbfc1523ade003f1e9384fff829f17\"\u003e\u003ccode\u003e550f62f\u003c/code\u003e\u003c/a\u003e Bump c/storage to v1.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/4fa186482657d75f3a09beec74090040527bc8d6\"\u003e\u003ccode\u003e4fa1864\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/816\"\u003e#816\u003c/a\u003e from alexlarsson/fix-composefs-verity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/32704ef886484dac01d986ed459da3f632a03ce8\"\u003e\u003ccode\u003e32704ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/855\"\u003e#855\u003c/a\u003e from containers/renovate/github.com-docker-cli-29.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/98ff31ac75a0d58ceb4a37ff80a7be1d6d2e5ced\"\u003e\u003ccode\u003e98ff31a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/853\"\u003e#853\u003c/a\u003e from mheon/containers_conf_documentation_removals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/3e1614595cda86809c27a8be66bbbe9e65c383ba\"\u003e\u003ccode\u003e3e16145\u003c/code\u003e\u003c/a\u003e Update module github.com/docker/cli to v29.5.1+incompatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/206fff340ff068bd07193556a8a254c1b59b826f\"\u003e\u003ccode\u003e206fff3\u003c/code\u003e\u003c/a\u003e Manpage: remove slirp4netns/boltdb references\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/3592bda57d2498defdf73f2d53f899267cda74d7\"\u003e\u003ccode\u003e3592bda\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/852\"\u003e#852\u003c/a\u003e from containers/renovate/github.com-onsi-gomega-1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/f04d9c8daa467c4cae240b3ec62059df87c0c726\"\u003e\u003ccode\u003ef04d9c8\u003c/code\u003e\u003c/a\u003e Update module github.com/onsi/gomega to v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/21fcc1a3fc8b9fcd1d438f4647ed0aa4930f6919\"\u003e\u003ccode\u003e21fcc1a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/755\"\u003e#755\u003c/a\u003e from Honny1/pesto-support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/131c1709ef52b977694a1b355281275feea8ae92\"\u003e\u003ccode\u003e131c170\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/851\"\u003e#851\u003c/a\u003e from containers/renovate/github.com-onsi-ginkgo-v2-2.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/container-libs/compare/storage/v1.62.0...storage/v1.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eMost Recent Ignore Conditions Applied to This Pull Request\u003c/summary\u003e\n\n| Dependency Name | Ignore Conditions |\n| --- | --- |\n| github.com/cyphar/filepath-securejoin | [\u003e 0.5.1] |\n\u003c/details\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/529","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/529","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/529/packages"}},{"old_version":"0.4.1","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-05-01T04:22:42.000Z","version_change":"0.4.1 → 0.6.1","issue":{"uuid":"4362780299","node_id":"PR_kwDOSQZXqs7XVomI","number":6,"state":"closed","title":"build(deps): bump the go-dependencies group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-01T04:40:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-01T04:22:42.000Z","updated_at":"2026-05-01T04:40:52.000Z","time_to_close":1089,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go-dependencies","update_count":10,"packages":[{"name":"dario.cat/mergo","old_version":"1.0.0","new_version":"1.0.2","repository_url":"https://github.com/imdario/mergo"},{"name":"github.com/ProtonMail/go-crypto","old_version":"1.1.6","new_version":"1.4.1","repository_url":"https://github.com/ProtonMail/go-crypto"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.4.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/kevinburke/ssh_config","old_version":"1.2.0","new_version":"1.6.0","repository_url":"https://github.com/kevinburke/ssh_config"},{"name":"github.com/pjbgf/sha1cd","old_version":"0.3.2","new_version":"0.5.0","repository_url":"https://github.com/pjbgf/sha1cd"},{"name":"github.com/sergi/go-diff","old_version":"1.3.2-0.20230802210424-5b0b94c5c0d3","new_version":"1.4.0","repository_url":"https://github.com/sergi/go-diff"},{"name":"github.com/skeema/knownhosts","old_version":"1.3.1","new_version":"1.3.2","repository_url":"https://github.com/skeema/knownhosts"},{"name":"golang.org/x/crypto","old_version":"0.45.0","new_version":"0.50.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-dependencies group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dario.cat/mergo](https://github.com/imdario/mergo) | `1.0.0` | `1.0.2` |\n| [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) | `1.1.6` | `1.4.1` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.4.1` | `0.6.1` |\n| [github.com/kevinburke/ssh_config](https://github.com/kevinburke/ssh_config) | `1.2.0` | `1.6.0` |\n| [github.com/pjbgf/sha1cd](https://github.com/pjbgf/sha1cd) | `0.3.2` | `0.5.0` |\n| [github.com/sergi/go-diff](https://github.com/sergi/go-diff) | `1.3.2-0.20230802210424-5b0b94c5c0d3` | `1.4.0` |\n| [github.com/skeema/knownhosts](https://github.com/skeema/knownhosts) | `1.3.1` | `1.3.2` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.45.0` | `0.50.0` |\n\n\nUpdates `dario.cat/mergo` from 1.0.0 to 1.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/imdario/mergo/releases\"\u003edario.cat/mergo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrops \u003ccode\u003egopkg.in/yaml.v3\u003c/code\u003e, only used for loading fixtures. Thanks \u003ca href=\"https://github.com/trim21\"\u003e\u003ccode\u003e@​trim21\u003c/code\u003e\u003c/a\u003e for bringing to my attention (\u003ca href=\"https://redirect.github.com/imdario/mergo/issues/262\"\u003e#262\u003c/a\u003e) that this library is no longer maintained.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/darccio/mergo/compare/v1.0.1...v1.0.2\"\u003ehttps://github.com/darccio/mergo/compare/v1.0.1...v1.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes issue \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/187\"\u003e#187\u003c/a\u003e by \u003ca href=\"https://github.com/vsemichev\"\u003e\u003ccode\u003e@​vsemichev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/darccio/mergo/pull/253\"\u003edarccio/mergo#253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ccode\u003eWithoutDereference\u003c/code\u003e should respect non-nil struct pointers by \u003ca href=\"https://github.com/joshkaplinsky\"\u003e\u003ccode\u003e@​joshkaplinsky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/darccio/mergo/pull/251\"\u003edarccio/mergo#251\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsemichev\"\u003e\u003ccode\u003e@​vsemichev\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/darccio/mergo/pull/253\"\u003edarccio/mergo#253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joshkaplinsky\"\u003e\u003ccode\u003e@​joshkaplinsky\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/darccio/mergo/pull/251\"\u003edarccio/mergo#251\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1\"\u003ehttps://github.com/darccio/mergo/compare/v1.0.0...v1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/7b33b2b01026fbbbbfcfbb1ee2c9c0a5e0c9a9f7\"\u003e\u003ccode\u003e7b33b2b\u003c/code\u003e\u003c/a\u003e refactor: migrate from YAML to JSON for test data and update related functions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/229a2148678d4519fffd30dff24685551e57544a\"\u003e\u003ccode\u003e229a214\u003c/code\u003e\u003c/a\u003e chore(.well-known): add funding manifest URLs file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/6be20c6d7d20645054fcc648b9226ae11d48ad27\"\u003e\u003ccode\u003e6be20c6\u003c/code\u003e\u003c/a\u003e chore(SECURITY.md): update supported versions to reflect current versioning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/9007623e5248b4a61fff3b3969168d1dc313df9e\"\u003e\u003ccode\u003e9007623\u003c/code\u003e\u003c/a\u003e chore(README) : remove kubernetes from the list of users\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/2b1eb9c67d7332f286430af241180c5005a6a5a4\"\u003e\u003ccode\u003e2b1eb9c\u003c/code\u003e\u003c/a\u003e Update FUNDING.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/2ceb99467bfe70a74b30b1194774ac63f1888632\"\u003e\u003ccode\u003e2ceb994\u003c/code\u003e\u003c/a\u003e Create FUNDING.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/59ea6a9cd9f9c60cb6b1c58476f76cd3172ccebf\"\u003e\u003ccode\u003e59ea6a9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/251\"\u003e#251\u003c/a\u003e from joshkaplinsky/joshkaplinsky/without-dereference-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/96f24afa924ff3b6f024de9f5aa72020078b06f9\"\u003e\u003ccode\u003e96f24af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/253\"\u003e#253\u003c/a\u003e from vsemichev/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/2f1a6156ce0c8b8a6291926b75bc27b9b8fc2bfe\"\u003e\u003ccode\u003e2f1a615\u003c/code\u003e\u003c/a\u003e fixes issue \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/187\"\u003e#187\u003c/a\u003e. adds test to verify the fix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/darccio/mergo/commit/4da170b81eef59e84cfa68070a73aea40f98ddbd\"\u003e\u003ccode\u003e4da170b\u003c/code\u003e\u003c/a\u003e fixes issue \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/187\"\u003e#187\u003c/a\u003e. attempt \u003ca href=\"https://redirect.github.com/imdario/mergo/issues/3\"\u003e#3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/imdario/mergo/compare/v1.0.0...v1.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/ProtonMail/go-crypto` from 1.1.6 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ProtonMail/go-crypto/releases\"\u003egithub.com/ProtonMail/go-crypto's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProperly handle ECC keys with invalid points in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/304\"\u003eProtonMail/go-crypto#304\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ProtonMail/go-crypto/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/ProtonMail/go-crypto/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease v1.4.1-proton\u003c/h2\u003e\n\u003cp\u003eThis release is v1.4.1 with support for the following non-standardized features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePresistent symmetric keys experimental + latest draft \u003ca href=\"https://www.ietf.org/archive/id/draft-ietf-openpgp-persistent-symmetric-keys-00.html\"\u003edraft-ietf-openpgp-persistent-symmetric-keys-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAutomatic forwarding \u003ca href=\"https://www.ietf.org/archive/id/draft-wussler-openpgp-forwarding-00.html\"\u003edraft-wussler-openpgp-forwarding-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePost-quantum algorithms \u003ca href=\"https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/\"\u003edraft-ietf-openpgp-pqc\u003c/a\u003e (Updated to draft-ietf-openpgp-pqc-09)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore leading and trailing whitespaces in the armor body in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/288\"\u003eProtonMail/go-crypto#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate key_generation.go, rename variables to avoid shadowing in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/290\"\u003eProtonMail/go-crypto#290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd InsecureGenerateNonCriticalKeyFlags option to generate non-critical key flags signature subpackets in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/291\"\u003eProtonMail/go-crypto#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd InsecureGenerateNonCriticalSignatureCreationTime option to generate non-critical signature creation time subpackets in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/292\"\u003eProtonMail/go-crypto#292\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump dependencies and min go version to 1.23 in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/294\"\u003eProtonMail/go-crypto#294\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eECDHv4: Error on low-order x25519 public key curve points in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/299\"\u003eProtonMail/go-crypto#299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleartext: Only allow valid hashes in header in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/298\"\u003eProtonMail/go-crypto#298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ProtonMail/go-crypto/compare/v1.3.0...v1.4.0\"\u003ehttps://github.com/ProtonMail/go-crypto/compare/v1.3.0...v1.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease v1.4.0-proton\u003c/h2\u003e\n\u003cp\u003eThis release is v1.4.0 with support for the following non-standardized features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePresistent symmetric keys experimental + latest draft \u003ca href=\"https://www.ietf.org/archive/id/draft-ietf-openpgp-persistent-symmetric-keys-00.html\"\u003edraft-ietf-openpgp-persistent-symmetric-keys-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAutomatic forwarding \u003ca href=\"https://www.ietf.org/archive/id/draft-wussler-openpgp-forwarding-00.html\"\u003edraft-wussler-openpgp-forwarding-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePost-quantum algorithms \u003ca href=\"https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/\"\u003edraft-ietf-openpgp-pqc\u003c/a\u003e (Updated to draft-ietf-openpgp-pqc-09)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAPI v2: Tolerate invalid key signatures if one verifies in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/284\"\u003eProtonMail/go-crypto#284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce acceptable hash functions in clearsign in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/281\"\u003eProtonMail/go-crypto#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow to set a decompressed message size limit in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/285\"\u003eProtonMail/go-crypto#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAPI v1: Only allow acceptable hashes when writing signatures in \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/pull/286\"\u003eProtonMail/go-crypto#286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ProtonMail/go-crypto/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/ProtonMail/go-crypto/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease v1.3.0-proton\u003c/h2\u003e\n\u003cp\u003eThis release is v1.3.0 with support for the following non-standardized features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePresistent symmetric keys experimental + latest draft \u003ca href=\"https://www.ietf.org/archive/id/draft-ietf-openpgp-persistent-symmetric-keys-00.html\"\u003edraft-ietf-openpgp-persistent-symmetric-keys-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAutomatic forwarding \u003ca href=\"https://www.ietf.org/archive/id/draft-wussler-openpgp-forwarding-00.html\"\u003edraft-wussler-openpgp-forwarding-00\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePost-quantum algorithms \u003ca href=\"https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/\"\u003edraft-ietf-openpgp-pqc\u003c/a\u003e (Updated to draft-ietf-openpgp-pqc-09)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/2e73b118bb72881b92b292f85cb2d057c3d7bef0\"\u003e\u003ccode\u003e2e73b11\u003c/code\u003e\u003c/a\u003e Properly handle ECC keys with invalid points (\u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/issues/304\"\u003e#304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/a8cc4f09f6cb247ab2180b45029ddaa736674f87\"\u003e\u003ccode\u003ea8cc4f0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/issues/298\"\u003e#298\u003c/a\u003e from ProtonMail/feat/cleartext-hash-header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/57f891b6b4d198fb18adb4877d4192fb96f9f5a0\"\u003e\u003ccode\u003e57f891b\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/cleartext-hash-header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/da5c190d0ba1061cb21d8d311f6032c8bc43e80d\"\u003e\u003ccode\u003eda5c190\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/issues/299\"\u003e#299\u003c/a\u003e from ProtonMail/fix/ecdh-low-order-curve-points\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/3cc59b0193219e5850b874a52873671c65a0c907\"\u003e\u003ccode\u003e3cc59b0\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/cleartext-hash-header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/b11bd2375b66c0f6b33c355563b59029edd7f117\"\u003e\u003ccode\u003eb11bd23\u003c/code\u003e\u003c/a\u003e fix(ecdh): Do not allow low order public key points\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/b6bdd12c063898caa069ec5379fe5080d1bafcd1\"\u003e\u003ccode\u003eb6bdd12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ProtonMail/go-crypto/issues/294\"\u003e#294\u003c/a\u003e from ProtonMail/chore/bump-go-and-circl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/b1ff3d56014e94dfd37402b2c1c25d239bb38405\"\u003e\u003ccode\u003eb1ff3d5\u003c/code\u003e\u003c/a\u003e Bump crypto dependencies and min go version to 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/cfb2af9d2cff2ca2e2d403f9118a1a9265e86e02\"\u003e\u003ccode\u003ecfb2af9\u003c/code\u003e\u003c/a\u003e fix(cleartext): Check hashes in headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ProtonMail/go-crypto/commit/de877883d43979a32c829304ad8119dddd8b0dd9\"\u003e\u003ccode\u003ede87788\u003c/code\u003e\u003c/a\u003e Add InsecureGenerateNonCriticalSignatureCreationTime option to generate non-c...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ProtonMail/go-crypto/compare/v1.1.6...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.4.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.1] - 2025-10-31\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eSpooky scary skeletons send shivers down your spine!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.4.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/kevinburke/ssh_config` from 1.2.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kevinburke/ssh_config/blob/master/CHANGELOG.md\"\u003egithub.com/kevinburke/ssh_config's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003ch2\u003eVersion 1.7 (unreleased)\u003c/h2\u003e\n\u003cp\u003eUpdate default values to match current openssh-portable (previously based on\nOpenSSH 7.4p1 from 2016).\u003c/p\u003e\n\u003cp\u003eBreaking changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003eCipher\u003c/code\u003e default (SSH protocol 1 only, deprecated in openssh-portable)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eChallengeResponseAuthentication\u003c/code\u003e default (alias for \u003ccode\u003eKbdInteractiveAuthentication\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eCompressionLevel\u003c/code\u003e default (unsupported in openssh-portable)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eProtocol\u003c/code\u003e default (silently ignored in openssh-portable)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eRhostsRSAAuthentication\u003c/code\u003e default (SSH protocol 1 only, unsupported)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eRSAAuthentication\u003c/code\u003e default (SSH protocol 1 only, unsupported)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eUsePrivilegedPort\u003c/code\u003e default (deprecated in openssh-portable)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eIdentityFile\u003c/code\u003e default of \u003ccode\u003e~/.ssh/identity\u003c/code\u003e (SSH protocol 1 only)\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eCheckHostIP\u003c/code\u003e default from \u003ccode\u003e\u0026quot;yes\u0026quot;\u003c/code\u003e to \u003ccode\u003e\u0026quot;no\u0026quot;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eUpdateHostKeys\u003c/code\u003e default from \u003ccode\u003e\u0026quot;no\u0026quot;\u003c/code\u003e to \u003ccode\u003e\u0026quot;yes\u0026quot;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eCiphers\u003c/code\u003e default to remove CBC ciphers\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eKexAlgorithms\u003c/code\u003e default to add post-quantum algorithms and remove SHA1 variants\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eHostKeyAlgorithms\u003c/code\u003e default to add sk-\u003cem\u003e, webauthn-\u003c/em\u003e, rsa-sha2-* and remove ssh-rsa\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eHostbasedKeyTypes\u003c/code\u003e default (same as \u003ccode\u003eHostKeyAlgorithms\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003ePubkeyAcceptedKeyTypes\u003c/code\u003e default (same as \u003ccode\u003eHostKeyAlgorithms\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003eForwardX11Timeout\u003c/code\u003e default from \u003ccode\u003e\u0026quot;20m\u0026quot;\u003c/code\u003e to \u003ccode\u003e\u0026quot;1200\u0026quot;\u003c/code\u003e (same duration, now in seconds)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003edefaultProtocol2Identities\u003c/code\u003e to \u003ccode\u003edefaultIdentityFiles\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003e~/.ssh/id_dsa\u003c/code\u003e from default identity files\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eForwardAgent\u003c/code\u003e from strict yes/no validation (now also accepts a socket path)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eCompressionLevel\u003c/code\u003e from uint validation\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOther changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eControlPersist\u003c/code\u003e default (\u003ccode\u003e\u0026quot;no\u0026quot;\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRequestTTY\u003c/code\u003e default (\u003ccode\u003e\u0026quot;auto\u0026quot;\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eSessionType\u003c/code\u003e default (\u003ccode\u003e\u0026quot;default\u0026quot;\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eCASignatureAlgorithms\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eHostbasedAcceptedAlgorithms\u003c/code\u003e default (new name for \u003ccode\u003eHostbasedKeyTypes\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ePubkeyAcceptedAlgorithms\u003c/code\u003e default (new name for \u003ccode\u003ePubkeyAcceptedKeyTypes\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e~/.ssh/id_ecdsa_sk\u003c/code\u003e and \u003ccode\u003e~/.ssh/id_ed25519_sk\u003c/code\u003e to default identity files\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6 (released February 16, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSupport \u003ccode\u003e~\u003c/code\u003e as the user's home directory in \u003ccode\u003eInclude\u003c/code\u003e directives, matching\nthe behavior described in ssh_config(5). Thanks to Neil Williams for the report\n(\u003ca href=\"https://redirect.github.com/kevinburke/ssh_config/issues/31\"\u003e#31\u003c/a\u003e).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStrip surrounding double quotes from parsed values. OpenSSH allows values\nlike \u003ccode\u003eIdentityFile \u0026quot;/path/to/file\u0026quot;\u003c/code\u003e, but Get/GetAll previously returned the\nquotes as literal characters. Quotes are now stripped from the returned value\nwhile preserving the original text for faithful roundtripping via String() and\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/ac007ea1b91b739786f2a9dc42f5ed9e6e915319\"\u003e\u003ccode\u003eac007ea\u003c/code\u003e\u003c/a\u003e CHANGELOG.md: add v1.6.0 changes, backfill v1.5.0 section\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/6f3abd72f38c8dca4fd146634216f4b5d3301646\"\u003e\u003ccode\u003e6f3abd7\u003c/code\u003e\u003c/a\u003e config: support ~ as user's home directory in Include\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/cc9f70053599eab616aa522f34eae1b32d6d3e23\"\u003e\u003ccode\u003ecc9f700\u003c/code\u003e\u003c/a\u003e config: simplify composite literal in newConfig\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/538d5a78536d897be3ed48a94d41d863b92961ed\"\u003e\u003ccode\u003e538d5a7\u003c/code\u003e\u003c/a\u003e config: default to a space before '#' in EOL comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/04e0fd693c75ffbe3377458a77e19c414b11193c\"\u003e\u003ccode\u003e04e0fd6\u003c/code\u003e\u003c/a\u003e config: strip surrounding double quotes from parsed values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/568811ae7cc1ae0265dcc717bcf5a3f6e416a2b6\"\u003e\u003ccode\u003e568811a\u003c/code\u003e\u003c/a\u003e ci: disable setup-go cache, update checkout to v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/e0b4ce953a70794a085eb763967633a835c1e7f4\"\u003e\u003ccode\u003ee0b4ce9\u003c/code\u003e\u003c/a\u003e 1.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/f2e12b8b8c1769efe9f803f351fd5d19fd303ce5\"\u003e\u003ccode\u003ef2e12b8\u003c/code\u003e\u003c/a\u003e CHANGELOG.md: improve fidelity and dates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/f1fac02d87e79645383834fa89e9bb7ca049320e\"\u003e\u003ccode\u003ef1fac02\u003c/code\u003e\u003c/a\u003e all: implement Match support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kevinburke/ssh_config/commit/482de704302ff32e1f95f3e7d4e09a99fb10e36e\"\u003e\u003ccode\u003e482de70\u003c/code\u003e\u003c/a\u003e SECURITY.md: add\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kevinburke/ssh_config/compare/v1.2...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/pjbgf/sha1cd` from 0.3.2 to 0.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pjbgf/sha1cd/releases\"\u003egithub.com/pjbgf/sha1cd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor arm64 implementation and drop use of AVO by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/192\"\u003epjbgf/sha1cd#192\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Decrease dependabot interval by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/193\"\u003epjbgf/sha1cd#193\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e20a022e\u003c/code\u003e to \u003ccode\u003e14fd8a5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/194\"\u003epjbgf/sha1cd#194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce allocations per operation to zero by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/195\"\u003epjbgf/sha1cd#195\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Add bench execution by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/197\"\u003epjbgf/sha1cd#197\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce SIMD for arm64 by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/198\"\u003epjbgf/sha1cd#198\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eamd64: Add SHANI implementation by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/199\"\u003epjbgf/sha1cd#199\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pjbgf/sha1cd/compare/v0.4.0...v0.5.0\"\u003ehttps://github.com/pjbgf/sha1cd/compare/v0.4.0...v0.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eARM64 native support for improved performance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eArm64 implementation for UBC by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/184\"\u003epjbgf/sha1cd#184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003earm64\u003c/code\u003e native version by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/188\"\u003epjbgf/sha1cd#188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Add GitHub arm64 runners to workflows by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/189\"\u003epjbgf/sha1cd#189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003earm64: Drop unused vregs by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/191\"\u003epjbgf/sha1cd#191\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003ecrypto.RegisterHash\u003c/code\u003e call by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/170\"\u003epjbgf/sha1cd#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Remove \u003ccode\u003ecrypto.RegisterHash\u003c/code\u003e call\u0026quot; by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/190\"\u003epjbgf/sha1cd#190\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency bumps\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e51a6466\u003c/code\u003e to \u003ccode\u003e8c10f21\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/153\"\u003epjbgf/sha1cd#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 5.2.0 to 5.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/151\"\u003epjbgf/sha1cd#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.1 to 3.28.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/152\"\u003epjbgf/sha1cd#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.5 to 3.28.8 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/154\"\u003epjbgf/sha1cd#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.8 to 3.28.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/155\"\u003epjbgf/sha1cd#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e8c10f21\u003c/code\u003e to \u003ccode\u003e9271129\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/156\"\u003epjbgf/sha1cd#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from 1.23 to 1.24 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/157\"\u003epjbgf/sha1cd#157\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.9 to 3.28.10 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/158\"\u003epjbgf/sha1cd#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.10 to 3.28.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/160\"\u003epjbgf/sha1cd#160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e2b1cbf2\u003c/code\u003e to \u003ccode\u003e3f74443\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/159\"\u003epjbgf/sha1cd#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.11 to 3.28.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/161\"\u003epjbgf/sha1cd#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e3f74443\u003c/code\u003e to \u003ccode\u003e52ff1b3\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/163\"\u003epjbgf/sha1cd#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 5.3.0 to 5.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/162\"\u003epjbgf/sha1cd#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.12 to 3.28.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/164\"\u003epjbgf/sha1cd#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.13 to 3.28.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/166\"\u003epjbgf/sha1cd#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e52ff1b3\u003c/code\u003e to \u003ccode\u003e991aa6a\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/165\"\u003epjbgf/sha1cd#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003e991aa6a\u003c/code\u003e to \u003ccode\u003e1ecc479\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/168\"\u003epjbgf/sha1cd#168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from 1.24@sha256:1ecc479bc712a6bdb56df3e346e33edcc141f469f82840bab9f4bc2bc41bf91d to sha256:d9db32125db0c3a680cfb7a1afcaefb89c898a075ec148fdc2f0f646cc2ed509 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/169\"\u003epjbgf/sha1cd#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.14 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/167\"\u003epjbgf/sha1cd#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.15 to 3.28.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/171\"\u003epjbgf/sha1cd#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump github/codeql-action from 3.28.16 to 3.28.17 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/173\"\u003epjbgf/sha1cd#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump golang from \u003ccode\u003ed9db321\u003c/code\u003e to \u003ccode\u003e30baaea\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/172\"\u003epjbgf/sha1cd#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): Bump actions/setup-go from 5.4.0 to 5.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/pull/174\"\u003epjbgf/sha1cd#174\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/85c7a3d70262468410b9929213afcd36867cb67b\"\u003e\u003ccode\u003e85c7a3d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/issues/199\"\u003e#199\u003c/a\u003e from pjbgf/amd64-simd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/75a44616b6b130fed23801f067e96e7d18386ca9\"\u003e\u003ccode\u003e75a4461\u003c/code\u003e\u003c/a\u003e ubc: Remove native implementations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/e239975695a7a0276bc8a130a276fc04b937a34c\"\u003e\u003ccode\u003ee239975\u003c/code\u003e\u003c/a\u003e amd64: Introduce SHANI implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/f052d33297d687d11a6267634503a7ede49b3f80\"\u003e\u003ccode\u003ef052d33\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/issues/198\"\u003e#198\u003c/a\u003e from pjbgf/arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/8792028ed6b081186695df4cc2e95a3ef015ffa0\"\u003e\u003ccode\u003e8792028\u003c/code\u003e\u003c/a\u003e arm64: Introduce SIMD implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/1d04cf2182431eb162cbabeec8e324149edfb14f\"\u003e\u003ccode\u003e1d04cf2\u003c/code\u003e\u003c/a\u003e Remove redundant go:generate instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/6fb6277ed91a9966d2add8237c5ed9a00a65ef87\"\u003e\u003ccode\u003e6fb6277\u003c/code\u003e\u003c/a\u003e Run golden tests on generic and native implementations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/88099dc9d5922903b22642b2bcf78ea8658899bc\"\u003e\u003ccode\u003e88099dc\u003c/code\u003e\u003c/a\u003e ubc: Add noescape and nosplit directives\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/2692cee336a0f7baa1cfcacc95a1e45783f74195\"\u003e\u003ccode\u003e2692cee\u003c/code\u003e\u003c/a\u003e cgo: Align digest creation with purego implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pjbgf/sha1cd/commit/d390839223c3c24b27e49c17c2702c69ede16200\"\u003e\u003ccode\u003ed390839\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pjbgf/sha1cd/issues/197\"\u003e#197\u003c/a\u003e from pjbgf/bench\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pjbgf/sha1cd/compare/v0.3.2...v0.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sergi/go-diff` from 1.3.2-0.20230802210424-5b0b94c5c0d3 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sergi/go-diff/commits/v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/skeema/knownhosts` from 1.3.1 to 1.3.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/b9f50b4a05dbf3a2392d9ffba3399dd74315ab4c\"\u003e\u003ccode\u003eb9f50b4\u003c/code\u003e\u003c/a\u003e ci: use Go 1.24 as per minimum in go.mod\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/3e58378eb0efa27430c1e06fc25d59cb9e6887d7\"\u003e\u003ccode\u003e3e58378\u003c/code\u003e\u003c/a\u003e update golang.org/x/crypto to v0.42.0; revise IPv6 logic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/5b6f59f4b742234a6353d4bab3c6a9e2e0a901a2\"\u003e\u003ccode\u003e5b6f59f\u003c/code\u003e\u003c/a\u003e tests: fix test logic for x/crypto 0.37.0 change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/eef745591bbaffdbaef2e742c543f1a7258e6fda\"\u003e\u003ccode\u003eeef7455\u003c/code\u003e\u003c/a\u003e update dependency golang.org/x/crypto to v0.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/e3098efa96b0f3a1b3afc30a03f5fa73e3c9454f\"\u003e\u003ccode\u003ee3098ef\u003c/code\u003e\u003c/a\u003e update dependency golang.org/x/crypto to v0.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/c884d65c077861e6c7190de0ef6b9d316f76847f\"\u003e\u003ccode\u003ec884d65\u003c/code\u003e\u003c/a\u003e ci: add govulncheck; pin goveralls version; use Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skeema/knownhosts/commit/a8761da3f2ccc3cdb4809d5026c24283842a4ba7\"\u003e\u003ccode\u003ea8761da\u003c/code\u003e\u003c/a\u003e comments: update to reflect golang.org/x/crypto/ssh/knownhosts change\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/skeema/knownhosts/compare/v1.3.1...v1.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.45.0 to 0.50.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/03ca0dcccbd37ba6be80adf74dde8d78a4d72817\"\u003e\u003ccode\u003e03ca0dc\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/8400f4a938077a7a7817ab7d163d148e371b320b\"\u003e\u003ccode\u003e8400f4a\u003c/code\u003e\u003c/a\u003e ssh: respect signer's algorithm preference in pickSignatureAlgorithm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/81c6cb34a8fc386ed53293cd79e3c0c232ee7366\"\u003e\u003ccode\u003e81c6cb3\u003c/code\u003e\u003c/a\u003e ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/982eaa62dfb7273603b97fc1835561450096f3bd\"\u003e\u003ccode\u003e982eaa6\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/159944f128e9b3fdeb5a5b9b102a961904601a87\"\u003e\u003ccode\u003e159944f\u003c/code\u003e\u003c/a\u003e ssh,acme: clean up tautological/impossible nil conditions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a408498e55412f2ae2a058336f78889fb1ba6115\"\u003e\u003ccode\u003ea408498\u003c/code\u003e\u003c/a\u003e acme: only require prompt if server has terms of service\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/cab0f718548e8a858701b7b48161f44748532f58\"\u003e\u003ccode\u003ecab0f71\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.25.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2f26647a795e74e712b3aebc2655bca60b2686f9\"\u003e\u003ccode\u003e2f26647\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e08b06753d6a72f1fe375b6e0fefefb39917c165\"\u003e\u003ccode\u003ee08b067\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7d0074ccc6f17acbf2ebb10db06d492e08f887dc\"\u003e\u003ccode\u003e7d0074c\u003c/code\u003e\u003c/a\u003e scrypt: fix panic on parameters \u0026lt;= 0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.45.0...v0.50.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.47.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/316e20ce34d380337f7983808c26948232e16455\"\u003e\u003ccode\u003e316e20c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/9767a42264fa70b674c643d0c87ee95c309a4553\"\u003e\u003ccode\u003e9767a42\u003c/code\u003e\u003c/a\u003e internal/http3: add support for plugging into net/http\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/4a812844d820f49985ee15998af285c43b0a6b96\"\u003e\u003ccode\u003e4a81284\u003c/code\u003e\u003c/a\u003e http2: update docs to disrecommend this package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/dec6603c16144712aab7f44821471346b35a2230\"\u003e\u003ccode\u003edec6603\u003c/code\u003e\u003c/a\u003e dns/dnsmessage: reject too large of names early during unpack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/8afa12f927391ba32da2b75b864a3ad04cac6376\"\u003e\u003ccode\u003e8afa12f\u003c/code\u003e\u003c/a\u003e http2: deprecate write schedulers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/38019a2dbc2645a4c06a1e983681eefb041171c8\"\u003e\u003ccode\u003e38019a2\u003c/code\u003e\u003c/a\u003e http2: add missing copyright header to export_test.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/039b87fac41ca283465e12a3bcc170ccd6c92f84\"\u003e\u003ccode\u003e039b87f\u003c/code\u003e\u003c/a\u003e internal/http3: return error when Write is used after status 304 is set\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/6267c6c4c825a78e4c9cbdc19c705bc81716597c\"\u003e\u003ccode\u003e6267c6c\u003c/code\u003e\u003c/a\u003e internal/http3: add HTTP 103 Early Hints support to ClientConn\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/591bdf35bce56ad50f53555c3cbb31e4bdda2d58\"\u003e\u003ccode\u003e591bdf3\u003c/code\u003e\u003c/a\u003e internal/http3: add HTTP 103 Early Hints support to Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1faa6d8722697d9a1d8d4e973b3c46c7a5563f6c\"\u003e\u003ccode\u003e1faa6d8\u003c/code\u003e\u003c/a\u003e internal/http3: avoid potential race when aborting RoundTrip\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.47.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.38.0 to 0.43.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/f33a730cd0c449cfd6f7106780c73052e96cc33d\"\u003e\u003ccode\u003ef33a730\u003c/code\u003e\u003c/a\u003e windows: support nil security descriptor on GetNamedSecurityInfo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/493d1725989a7a3f3582adfa68faf7207aec666b\"\u003e\u003ccode\u003e493d172\u003c/code\u003e\u003c/a\u003e cpu: add runtime import in cpu_darwin_arm64_other.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2c2be756b97dee6d15aba69839acfbd4e0f3ccc5\"\u003e\u003ccode\u003e2c2be75\u003c/code\u003e\u003c/a\u003e windows: use syscall.SyscallN in Proc.Call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/a76ec62d6c5389e4fe51c659ba926bf71e471a67\"\u003e\u003ccode\u003ea76ec62\u003c/code\u003e\u003c/a\u003e cpu: roll back \u0026quot;use IsProcessorFeaturePresent to calculate ARM64 on windows\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/eaaaaee1dc1aacededf4a89bc4544558f425d5f1\"\u003e\u003ccode\u003eeaaaaee\u003c/code\u003e\u003c/a\u003e windows/registry: correct KeyInfo.ModTime calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/942780bbc19517df4948a6dbc8c33d2228e5f905\"\u003e\u003ccode\u003e942780b\u003c/code\u003e\u003c/a\u003e cpu: darwin/arm64 feature detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/acef38879efe90cf77ebc2b3dd49d4283ad7c6d6\"\u003e\u003ccode\u003eacef388\u003c/code\u003e\u003c/a\u003e unix/linux: Prefixmsg and PrefixCacheinfo structs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/3687fbd71652878ab091f7272b84537b63fe0b55\"\u003e\u003ccode\u003e3687fbd\u003c/code\u003e\u003c/a\u003e cpu: better defaults on darwin ARM64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/48062e9b9abf3dc7106bd8e3990ba8f47862022a\"\u003e\u003ccode\u003e48062e9\u003c/code\u003e\u003c/a\u003e plan9: change Note to alias syscall.Note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/4f23f804edb0e01ed41cebeafbc82374889eddee\"\u003e\u003ccode\u003e4f23f80\u003c/code\u003e\u003c/a\u003e windows: change Signal to alias syscall.Signal\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/sys/compare/v0.38.0...v0.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/ESousa97/gochangelog-gen/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ESousa97%2Fgochangelog-gen/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"0.2.3","new_version":"0.2.4","update_type":"patch","path":null,"pr_created_at":"2026-04-10T18:23:58.000Z","version_change":"0.2.3 → 0.2.4","issue":{"uuid":"4241008389","node_id":"PR_kwDOQq4YHM7RiSUt","number":40,"state":"closed","title":"Bump the go_modules group across 3 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","issue/stale","go"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-31T00:14:46.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-10T18:23:58.000Z","updated_at":"2026-05-31T00:14:56.000Z","time_to_close":4341048,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":16,"packages":[{"name":"github.com/sirupsen/logrus","old_version":"1.8.1","new_version":"1.8.3","repository_url":"https://github.com/sirupsen/logrus"},{"name":"golang.org/x/crypto","old_version":"0.0.0-20220722155217-630584e8d5aa","new_version":"0.45.0","repository_url":"https://github.com/golang/crypto"},{"name":"github.com/containerd/containerd","old_version":"1.6.1","new_version":"1.7.29","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.2.3","new_version":"0.2.4","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/jackc/pgx/v4","old_version":"4.17.2","new_version":"4.18.2","repository_url":"https://github.com/jackc/pgx"},{"name":"helm.sh/helm/v3","old_version":"3.8.2","new_version":"3.20.2","repository_url":"https://github.com/helm/helm"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the /install/docker-extension directory: [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus).\nBumps the go_modules group with 6 updates in the /scripts/component_generation directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) | `1.8.1` | `1.8.3` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.0.0-20220722155217-630584e8d5aa` | `0.45.0` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.6.1` | `1.7.29` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.2.3` | `0.2.4` |\n| [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) | `4.17.2` | `4.18.2` |\n| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.8.2` | `3.20.2` |\n\nBumps the go_modules group with 3 updates in the /scripts/component_updation directory: [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus), [golang.org/x/crypto](https://github.com/golang/crypto) and [github.com/jackc/pgx/v4](https://github.com/jackc/pgx).\n\nUpdates `github.com/sirupsen/logrus` from 1.8.1 to 1.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd instructions to use different log levels for local and syslog by \u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by \u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse text when shows the logrus output by \u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCI: use GitHub Actions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1239\"\u003esirupsen/logrus#1239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: github.com/stretchr/testify v1.7.0 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1246\"\u003esirupsen/logrus#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange godoc badge to pkg.go.dev badge by \u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the logger private buffer pool. by \u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump golang.org/x/sys depency version by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1280\"\u003esirupsen/logrus#1280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eindicates issues as stale automatically by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1281\"\u003esirupsen/logrus#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add go 1.17 to test matrix by \u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ereduce the list of cross build target by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1282\"\u003esirupsen/logrus#1282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove Log methods documentation by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1283\"\u003esirupsen/logrus#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix race condition for SetFormatter and SetReportCaller by \u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version of golang.org/x/sys dependency by \u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate gopkg.in/yaml.v3 to v3.0.1 by \u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate dependencies by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1343\"\u003esirupsen/logrus#1343\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix data race in hooks.test package by \u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md\"\u003egithub.com/sirupsen/logrus's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.8.3\u003c/h1\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential denial of service in logrus.Writer() when logging \u0026gt;64KB single-line payloads without newlines (\u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.8.2\u003c/h1\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for the logger private buffer pool (\u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1253\"\u003e#1253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix race condition for SetFormatter and SetReportCaller\u003c/li\u003e\n\u003cli\u003eFix data race in hooks test package\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b30aa27cf4df89e9b96c68c063486c3162f71aef\"\u003e\u003ccode\u003eb30aa27\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1339\"\u003e#1339\u003c/a\u003e from xieyuschen/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7\"\u003e\u003ccode\u003e6acd903\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e from ozfive/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/105e63f86c7de9d7aab379fdd6721a3476009eaf\"\u003e\u003ccode\u003e105e63f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1\"\u003e#1\u003c/a\u003e from ashmckenzie/ashmckenzie/fix-writer-scanner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/c052ba6a076b368de89029949f68b3b8ccd8e058\"\u003e\u003ccode\u003ec052ba6\u003c/code\u003e\u003c/a\u003e Scan text in 64KB chunks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/e59b167d75f32c4d0db65a2dc6d5f0c4dd548653\"\u003e\u003ccode\u003ee59b167\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1372\"\u003e#1372\u003c/a\u003e from tommyblue/syslog_different_loglevels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/766cfece3701d0b1737681ffb5e6e40b628b664d\"\u003e\u003ccode\u003e766cfec\u003c/code\u003e\u003c/a\u003e This commit fixes a potential denial of service vulnerability in logrus.Write...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/70234da9c319016474284324265b694b2471c903\"\u003e\u003ccode\u003e70234da\u003c/code\u003e\u003c/a\u003e Add instructions to use different log levels for local and syslog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/a448f8228b920021d792e0767626068db5f0e38d\"\u003e\u003ccode\u003ea448f82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1362\"\u003e#1362\u003c/a\u003e from FrancoisWagner/fix-data-race-in-hooks-test-pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/ff07b25fdf830fffcf67b64674799b11941542ac\"\u003e\u003ccode\u003eff07b25\u003c/code\u003e\u003c/a\u003e Fix data race in hooks.test package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/f8bf7650dccb756cea26edaf9217aab85500fe07\"\u003e\u003ccode\u003ef8bf765\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1343\"\u003e#1343\u003c/a\u003e from sirupsen/dbd-upd-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.0.0-20211103235746-7861aae1554b to 0.10.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/commits/v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sirupsen/logrus` from 1.8.1 to 1.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd instructions to use different log levels for local and syslog by \u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by \u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse text when shows the logrus output by \u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCI: use GitHub Actions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1239\"\u003esirupsen/logrus#1239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: github.com/stretchr/testify v1.7.0 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1246\"\u003esirupsen/logrus#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange godoc badge to pkg.go.dev badge by \u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the logger private buffer pool. by \u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump golang.org/x/sys depency version by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1280\"\u003esirupsen/logrus#1280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eindicates issues as stale automatically by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1281\"\u003esirupsen/logrus#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add go 1.17 to test matrix by \u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ereduce the list of cross build target by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1282\"\u003esirupsen/logrus#1282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove Log methods documentation by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1283\"\u003esirupsen/logrus#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix race condition for SetFormatter and SetReportCaller by \u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version of golang.org/x/sys dependency by \u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate gopkg.in/yaml.v3 to v3.0.1 by \u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate dependencies by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1343\"\u003esirupsen/logrus#1343\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix data race in hooks.test package by \u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md\"\u003egithub.com/sirupsen/logrus's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.8.3\u003c/h1\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential denial of service in logrus.Writer() when logging \u0026gt;64KB single-line payloads without newlines (\u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.8.2\u003c/h1\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for the logger private buffer pool (\u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1253\"\u003e#1253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix race condition for SetFormatter and SetReportCaller\u003c/li\u003e\n\u003cli\u003eFix data race in hooks test package\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b30aa27cf4df89e9b96c68c063486c3162f71aef\"\u003e\u003ccode\u003eb30aa27\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1339\"\u003e#1339\u003c/a\u003e from xieyuschen/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7\"\u003e\u003ccode\u003e6acd903\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e from ozfive/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/105e63f86c7de9d7aab379fdd6721a3476009eaf\"\u003e\u003ccode\u003e105e63f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1\"\u003e#1\u003c/a\u003e from ashmckenzie/ashmckenzie/fix-writer-scanner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/c052ba6a076b368de89029949f68b3b8ccd8e058\"\u003e\u003ccode\u003ec052ba6\u003c/code\u003e\u003c/a\u003e Scan text in 64KB chunks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/e59b167d75f32c4d0db65a2dc6d5f0c4dd548653\"\u003e\u003ccode\u003ee59b167\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1372\"\u003e#1372\u003c/a\u003e from tommyblue/syslog_different_loglevels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/766cfece3701d0b1737681ffb5e6e40b628b664d\"\u003e\u003ccode\u003e766cfec\u003c/code\u003e\u003c/a\u003e This commit fixes a potential denial of service vulnerability in logrus.Write...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/70234da9c319016474284324265b694b2471c903\"\u003e\u003ccode\u003e70234da\u003c/code\u003e\u003c/a\u003e Add instructions to use different log levels for local and syslog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/a448f8228b920021d792e0767626068db5f0e38d\"\u003e\u003ccode\u003ea448f82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1362\"\u003e#1362\u003c/a\u003e from FrancoisWagner/fix-data-race-in-hooks-test-pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/ff07b25fdf830fffcf67b64674799b11941542ac\"\u003e\u003ccode\u003eff07b25\u003c/code\u003e\u003c/a\u003e Fix data race in hooks.test package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/f8bf7650dccb756cea26edaf9217aab85500fe07\"\u003e\u003ccode\u003ef8bf765\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1343\"\u003e#1343\u003c/a\u003e from sirupsen/dbd-upd-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20220722155217-630584e8d5aa to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20220412020605-290c469a71a5 to 0.47.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.31.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e7ff6b3572e1a83c072ef150c985f86603986e1b\"\u003e\u003ccode\u003ee7ff6b3\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fbf012b8c1140cde0210e241356553d0000332e8\"\u003e\u003ccode\u003efbf012b\u003c/code\u003e\u003c/a\u003e all: use reflect.TypeFor instead of reflect.TypeOf\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/c6abd0305e90ada9293824462268d0ec20d02e5e\"\u003e\u003ccode\u003ec6abd03\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/42f038dad6d204bacd83c23ca0f312d8866039ce\"\u003e\u003ccode\u003e42f038d\u003c/code\u003e\u003c/a\u003e x/text: fix nil dereference in gotext extract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/a42f0e2da638996f313ef6dbbe3a4435533fbd97\"\u003e\u003ccode\u003ea42f0e2\u003c/code\u003e\u003c/a\u003e all: use built-in max/min to simplify the code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e69f31bf9cf2f46bd3325bc9bad37fe9001731c2\"\u003e\u003ccode\u003ee69f31b\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/60c9786d9e6cc83e1900ce976fdba2e1c327d220\"\u003e\u003ccode\u003e60c9786\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.24.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/425d715b4a85c7698cedf621412bb53794cbda53\"\u003e\u003ccode\u003e425d715\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/b6d26456dd3ff554a56f10b1e388db0f8ca862d1\"\u003e\u003ccode\u003eb6d2645\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/80721808805f9d846d907c85d73ca6b5b6ecb870\"\u003e\u003ccode\u003e8072180\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.31.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.6.1 to 1.7.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.29\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.29 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe twenty-ninth patch release for containerd 1.7 contains various fixes\nand updates including security patches.\u003c/p\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w\"\u003e\u003cstrong\u003eGHSA-pwhc-rpq9-4c8w\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2\"\u003e\u003cstrong\u003eGHSA-m6hq-p25p-ffr2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003erunc\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\"\u003e\u003cstrong\u003eGHSA-qw9x-cqr3-wc7r\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003e\u003cstrong\u003eGHSA-cgrx-mc8f-2prm\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\"\u003e\u003cstrong\u003eGHSA-9493-h29p-rfm2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate differ to handle zstd media types\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12018\"\u003e#12018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.3\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFix lost container logs from quickly closing io\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12375\"\u003e#12375\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003cli\u003eningmingxiao\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eStepSecurity Bot\u003c/li\u003e\n\u003cli\u003ewheat2018\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34bd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0450f046e6942e513d0ebf1ef5c2aff13daa187f\"\u003e\u003ccode\u003e0450f046e\u003c/code\u003e\u003c/a\u003e Fix directory permissions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6ddb7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6dd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9772966401ad3c33a6cd824632f0c61e5049f3a5\"\u003e\u003ccode\u003e9772966\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12486\"\u003e#12486\u003c/a\u003e from dmcgowan/prepare-v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1fc2daaf3ed53f4c9e76fbc5786a6f1ae3bb885f\"\u003e\u003ccode\u003e1fc2daa\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/93f710a528958474f95a95e54516624ef832d80f\"\u003e\u003ccode\u003e93f710a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12480\"\u003e#12480\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-12475-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/68d04befab3284f1dfe2a9f5691ea5da76daace7\"\u003e\u003ccode\u003e68d04be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12471\"\u003e#12471\u003c/a\u003e from austinvazquez/1_7_update_ci_go_and_images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3f5f9f872707a743563d316e85e530193a2e30ac\"\u003e\u003ccode\u003e3f5f9f8\u003c/code\u003e\u003c/a\u003e runc: Update runc binary to v1.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/667409fb63098cb80280940ab06038114e7712da\"\u003e\u003ccode\u003e667409f\u003c/code\u003e\u003c/a\u003e ci: bump Go 1.24.9, 1.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/294f8c027b607c4450b3e52f44280581a737a73f\"\u003e\u003ccode\u003e294f8c0\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest images for basic binaries build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf66b4141defb757dee0fc5653bfd0a7ba1e8fed\"\u003e\u003ccode\u003ecf66b41\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest image for most jobs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.6.1...v1.7.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.2.3 to 0.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.4\u003c/h2\u003e\n\u003cp\u003eThis release fixes a potential security issue in filepath-securejoin\nwhen used on Windows (GHSA-6xv5-86q9-7xr8, which could be used to\ngenerate paths outside of the provided rootfs in certain cases), as well\nas improving the overall behaviour of filepath-securejoin when dealing\nwith Windows paths that contain volume names. Thanks to Paulo Gomes for\ndiscovering and fixing these issues.\u003c/p\u003e\n\u003cp\u003eIn addition, we've switched (at long last) to GitHub Actions and have\ncontinuous integration testing on Linux, MacOS, and Windows.\u003c/p\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePaulo Gomes \u003ca href=\"mailto:pjbgf@linux.com\"\u003epjbgf@linux.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Aleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.2.4] - 2023-09-06\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThis release fixes a potential security issue in filepath-securejoin when\nused on Windows (\u003ca href=\"https://github.com/advisories/GHSA-6xv5-86q9-7xr8\"\u003eGHSA-6xv5-86q9-7xr8\u003c/a\u003e, which could be used to generate\npaths outside of the provided rootfs in certain cases), as well as improving\nthe overall behaviour of filepath-securejoin when dealing with Windows paths\nthat contain volume names. Thanks to Paulo Gomes for discovering and fixing\nthese issues.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to GitHub Actions for CI so we can test on Windows as well as Linux\nand MacOS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/2710d06c5b4ba3168beffa0689798d2db12e8ac4\"\u003e\u003ccode\u003e2710d06\u003c/code\u003e\u003c/a\u003e VERSION: release v0.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/68943415e950190ee33bddfa205e42186da87802\"\u003e\u003ccode\u003e6894341\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/9\"\u003e#9\u003c/a\u003e into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c121231e1276e11049547bee5ce68d5a2cfe2d9b\"\u003e\u003ccode\u003ec121231\u003c/code\u003e\u003c/a\u003e Fix support for Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/05b64230154f962d518a3a44fcfd7b9b63bab031\"\u003e\u003ccode\u003e05b6423\u003c/code\u003e\u003c/a\u003e ci: switch to GHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/64536a8a66ae59588c981e2199f1dcf410508e07\"\u003e\u003ccode\u003e64536a8\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/cli` from 20.10.11+incompatible to 23.0.3+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/3e7cbfdee1eb5be2ac23ed3668c654362dcd29b5\"\u003e\u003ccode\u003e3e7cbfd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/4139\"\u003e#4139\u003c/a\u003e from thaJeztah/23.0_backport_fix_go_version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/8e38271f238954ad9e61588f71356047e7df3181\"\u003e\u003ccode\u003e8e38271\u003c/code\u003e\u003c/a\u003e gha: align stray go 1.19.4 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/569dd73db13099a7c3104d73aa15117b359045bc\"\u003e\u003ccode\u003e569dd73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/4126\"\u003e#4126\u003c/a\u003e from thaJeztah/23.0_backport_align_go_ver\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/f6643207a24c264049aebe5fa5bdf9b987e04cb1\"\u003e\u003ccode\u003ef664320\u003c/code\u003e\u003c/a\u003e don't use null values in the bake definition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/f381e08425dcc232e9e548d3ff2df243e3324565\"\u003e\u003ccode\u003ef381e08\u003c/code\u003e\u003c/a\u003e Dockerfile: align go version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/18f20a553780d9511ec81792f5a820cbc4b54d37\"\u003e\u003ccode\u003e18f20a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/4124\"\u003e#4124\u003c/a\u003e from thaJeztah/23.0_e2e_fix_certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/d3a36fc38cbb58148065bb6b3534af86c974f948\"\u003e\u003ccode\u003ed3a36fc\u003c/code\u003e\u003c/a\u003e e2e: update notary certificates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/59bb07f2e4abc7aa9816b46f307607084af49150\"\u003e\u003ccode\u003e59bb07f\u003c/code\u003e\u003c/a\u003e e2e: increase tests certificates duration (10 years)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/80f27987f4896582f5eb54587961e3205e7662ce\"\u003e\u003ccode\u003e80f2798\u003c/code\u003e\u003c/a\u003e bake target to generate certs for e2e tets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/6a8406e60243db64a3212a418ad3e23627ed3b9f\"\u003e\u003ccode\u003e6a8406e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/4092\"\u003e#4092\u003c/a\u003e from crazy-max/23.0_backport_buildx-completion\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/cli/compare/v20.10.11...v23.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.1+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003cp\u003eThere have been no changes made in the released binaries other than the bump of the Go runtime.\u003c/p\u003e\n\u003cp\u003eSee the changelog below for a full list of changes.\u003c/p\u003e\n\u003ch3\u003eCI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eci: use proper git ref for versioning \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGo: make Go version explicit and pin it to the latest 1.16 release \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3604\"\u003e#3604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eMilos Gajdos\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/96cc1fdb3cab99df352d6cea3d87e104f0ad8520\"\u003e\u003ccode\u003e96cc1fdb\u003c/code\u003e\u003c/a\u003e FIx typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e744906f090d3fd828984253a3dda07db307e7ca\"\u003e\u003ccode\u003ee744906f\u003c/code\u003e\u003c/a\u003e Update 2.8.1. release notes\u003c/li\u003e\n\u003cli\u003ePrepare for v2.8.1 release (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3596\"\u003e#3596\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/6736d1881aefeea97d0ed7330721821c7cae37a8\"\u003e\u003ccode\u003e6736d188\u003c/code\u003e\u003c/a\u003e Prepare for v2.8.1 release\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[2.8 backport] ci: use proper git ref for versioning (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/80acbdf0a2e282750c608e452ce4ceb5dfe0b5b6\"\u003e\u003ccode\u003e80acbdf0\u003c/code\u003e\u003c/a\u003e ci: use proper git ref for versioning\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003eThe previous release can be found at \u003ca href=\"https://github.com/distribution/distribution/releases/tag/v2.8.0\"\u003ev2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.0\u003c/h2\u003e\n\u003cp\u003eregistry 2.8.0\u003c/p\u003e\n\u003cp\u003eWelcome to the v2.8.0 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.0 registry release has been a long time overdue.\nThis is the first step towards the last 2.x release.\nNo further active development will continue on 2.x branch.\nSecurity vulnerability patches to 2.x might be considered, but\nall active development will be focussed on v3 release due in 2022.\nThis release includes a security vulnerability fix along\nwith a few minor bug fixes and improvemnts in documentation and CI.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/b5ca020cfbe998e5af3457fda087444cf5116496\"\u003e\u003ccode\u003eb5ca020\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3605\"\u003e#3605\u003c/a\u003e from milosgajdos/update-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1b5f094086fcc2306be9bc75ad59b2ccd4b174e6\"\u003e\u003ccode\u003e1b5f094\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3604\"\u003e#3604\u003c/a\u003e from crazy-max/2.8-go-1.16.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/96cc1fdb3cab99df352d6cea3d87e104f0ad8520\"\u003e\u003ccode\u003e96cc1fd\u003c/code\u003e\u003c/a\u003e FIx typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e744906f090d3fd828984253a3dda07db307e7ca\"\u003e\u003ccode\u003ee744906\u003c/code\u003e\u003c/a\u003e Update 2.8.1. release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3df9fce2beb5ee01e2174c0dbb9294c191bfd0a8\"\u003e\u003ccode\u003e3df9fce\u003c/code\u003e\u003c/a\u003e go 1.16.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/9a0196b801ba8b9eb4ae5ad388c8f95de719fcdf\"\u003e\u003ccode\u003e9a0196b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3596\"\u003e#3596\u003c/a\u003e from milosgajdos/fix-go-mod-v2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/6736d1881aefeea97d0ed7330721821c7cae37a8\"\u003e\u003ccode\u003e6736d18\u003c/code\u003e\u003c/a\u003e Prepare for v2.8.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e4a447d0d75f3370dce98690f5f2bb0bb4cb669f\"\u003e\u003ccode\u003ee4a447d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3595\"\u003e#3595\u003c/a\u003e from crazy-max/2.8-ci-gitref\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/80acbdf0a2e282750c608e452ce4ceb5dfe0b5b6\"\u003e\u003ccode\u003e80acbdf\u003c/code\u003e\u003c/a\u003e ci: use proper git ref for versioning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/dcf66392d606f50bf3a9286dcb4bdcdfb7c0e83a\"\u003e\u003ccode\u003edcf6639\u003c/code\u003e\u003c/a\u003e Update README so the release pipeline works properly.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.12+incompatible to 23.0.3+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/59118bff500fc0d95d0560a9788735a8d89568ce\"\u003e\u003ccode\u003e59118bf\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-232p-vwff-86mp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/219f21bf07502b447095649b5a2764661737f164\"\u003e\u003ccode\u003e219f21b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/45196\"\u003e#45196\u003c/a\u003e from vvoland/integration-restart-race-23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b87f7f18b82fbb647b5142c6e5459a88a7652d02\"\u003e\u003ccode\u003eb87f7f1\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: insert the input-drop rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c6bf3071fee48b79c2d48faf8855b8afe0a1e951\"\u003e\u003ccode\u003ec6bf307\u003c/code\u003e\u003c/a\u003e StartWithLogFile: Fix d.cmd race\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/7f49ca259bfea1c08bb3019d0db3aa894ff157a6\"\u003e\u003ccode\u003e7f49ca2\u003c/code\u003e\u003c/a\u003e TestDaemonRestartKillContainers: Fix loop capture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/98cbcb8003b7cf8da35fb5d05f5babbe142ab7c8\"\u003e\u003ccode\u003e98cbcb8\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: add BPF-powered VNI matcher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/5c5fac237425c4bf79d2f048c1850f855f0182aa\"\u003e\u003ccode\u003e5c5fac2\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: extract VNI match rule builder\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c492a22287557860831a7c4f523b8e53692bb822\"\u003e\u003ccode\u003ec492a22\u003c/code\u003e\u003c/a\u003e libn/d/overlay: enforce encryption on sandbox init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/018edb02849100de701d6ab6fb932ffb68843e4b\"\u003e\u003ccode\u003e018edb0\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: document some encryption code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/a1fd2f22f6ee07ab5bf241e7b33c75e395bfa9e5\"\u003e\u003ccode\u003ea1fd2f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/45157\"\u003e#45157\u003c/a\u003e from thaJeztah/23.0_backport_update_shfmt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.12...v23.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v4` from 4.17.2 to 4.18.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.18.2 (March 4, 2024)\u003c/h1\u003e\n\u003cp\u003eFix CVE-2024-27289\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when all of the following conditions are met:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA placeholder for a numeric value must be immediately preceded by a minus.\u003c/li\u003e\n\u003cli\u003eThere must be a second placeholder for a string value after the first placeholder; both must be on the same line.\u003c/li\u003e\n\u003cli\u003eBoth parameter values must be user-controlled.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cp\u003eFix CVE-2024-27304\u003c/p\u003e\n\u003cp\u003eSQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer\noverflow in the calculated message size can cause the one large message to be sent as multiple messages under the\nattacker's control.\u003c/p\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.1 (February 27, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.0 (February 11, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade pgconn to v1.14.0\u003c/li\u003e\n\u003cli\u003eUpgrade pgproto3 to v2.3.2\u003c/li\u003e\n\u003cli\u003eUpgrade pgtype to v1.14.0\u003c/li\u003e\n\u003cli\u003eFix query sanitizer when query text contains Unicode replacement character\u003c/li\u003e\n\u003cli\u003eFix context with value in BeforeConnect (David Harju)\u003c/li\u003e\n\u003cli\u003eSupport pgx v4 and v5 stdlib in same program (Vitalii Solodilov)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/14690df4c533758df97f7cc561cb9062155045c6\"\u003e\u003ccode\u003e14690df\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/779548e1f725060db4f4fc528325d7304aa34f93\"\u003e\u003ccode\u003e779548e\u003c/code\u003e\u003c/a\u003e Update required Go version to 1.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/80e96622d64b9c4dcc7d78a2200c8eade1713118\"\u003e\u003ccode\u003e80e9662\u003c/code\u003e\u003c/a\u003e Update github.com/jackc/pgconn to v1.14.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0bf9ac391c87b05d3c44cf0bbc43b9556761bc64\"\u003e\u003ccode\u003e0bf9ac3\u003c/code\u003e\u003c/a\u003e Fix erroneous test case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df\"\u003e\u003ccode\u003ef94eb0e\u003c/code\u003e\u003c/a\u003e Always wrap arguments in parentheses in the SQL sanitizer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c\"\u003e\u003ccode\u003e826a892\u003c/code\u003e\u003c/a\u003e Fix SQL injection via line comment creation in simple protocol\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7d882f9aa7b33f88fcf9da6b795685c5821950fd\"\u003e\u003ccode\u003e7d882f9\u003c/code\u003e\u003c/a\u003e Fix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1d07b8b939810f2417b6c2010acac08d64be6e7d\"\u003e\u003ccode\u003e1d07b8b\u003c/code\u003e\u003c/a\u003e go mod tidy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/13468eb321a0bacbb0cbdfddb1ea1d62e68e0652\"\u003e\u003ccode\u003e13468eb\u003c/code\u003e\u003c/a\u003e Release v4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7fed69b9540b7725f38abae5759a0cc98c541048\"\u003e\u003ccode\u003e7fed69b\u003c/code\u003e\u003c/a\u003e simplify duplicate \u003ccode\u003epgx\u003c/code\u003e registration guard\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v4.17.2...v4.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus/client_golang` from 1.11.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/releases\"\u003egithub.com/prometheus/client_golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1252\"\u003e#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] api: Fix undefined execution order in return statements. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1260\"\u003e#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] native histograms: Fix bug in bucket key calculation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Reduce constrainLabels allocations for all metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promhttp: Add process start time header for scrape efficiency. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1278\"\u003e#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promlint: Improve metricUnits runtime. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eMerge v1.15 to main by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1250\"\u003eprometheus/client_golang#1250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to POST for LabelNames, Series, and QueryExemplars to DoGetFallback by \u003ca href=\"https://github.com/jacksontj\"\u003e\u003ccode\u003e@​jacksontj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1252\"\u003eprometheus/client_golang#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✏️ [collectors]: fix typo in test assertion by \u003ca href=\"https://github.com/vegerot\"\u003e\u003ccode\u003e@​vegerot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1153\"\u003eprometheus/client_golang#1153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded interactive tutorial [kubeCon] by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1255\"\u003eprometheus/client_golang#1255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed tutorial. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1256\"\u003eprometheus/client_golang#1256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/sys from 0.6.0 to 0.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1265\"\u003eprometheus/client_golang#1265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup proto use in tests by \u003ca href=\"https://github.com/SuperQ\"\u003e\u003ccode\u003e@​SuperQ\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1264\"\u003eprometheus/client_golang#1264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tutorial on WSL-based systems by \u003ca href=\"https://github.com/marevers\"\u003e\u003ccode\u003e@​marevers\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1257\"\u003eprometheus/client_golang#1257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix undefined execution order in return statements by \u003ca href=\"https://github.com/PiotrLewandowski323\"\u003e\u003ccode\u003e@​PiotrLewandowski323\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1260\"\u003eprometheus/client_golang#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge release 1.15.1 to main by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1267\"\u003eprometheus/client_golang#1267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGitHub Workflows security hardening by \u003ca href=\"https://github.com/sashashura\"\u003e\u003ccode\u003e@​sashashura\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1180\"\u003eprometheus/client_golang#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd process start time header to client_golang prometheus by \u003ca href=\"https://github.com/logicalhan\"\u003e\u003ccode\u003e@​logicalhan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1278\"\u003eprometheus/client_golang#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix bug in bucket key calculation by \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1279\"\u003eprometheus/client_golang#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/prometheus/procfs from 0.9.0 to 0.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1283\"\u003eprometheus/client_golang#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce constrainLabels allocations by \u003ca href=\"https://github.com/khasanovbi\"\u003e\u003ccode\u003e@​khasanovbi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1272\"\u003eprometheus/client_golang#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadded circleci as gh action YAML by \u003ca href=\"https://github.com/krishnaduttPanchagnula\"\u003e\u003ccode\u003e@​krishnaduttPanchagnula\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1281\"\u003eprometheus/client_golang#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove metricUnits runtime by \u003ca href=\"https://github.com/avlitman\"\u003e\u003ccode\u003e@​avlitman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1286\"\u003eprometheus/client_golang#1286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMoving fully to GH actions. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1288\"\u003eprometheus/client_golang#1288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix docstring references to renamed native histogram fields / functions. by \u003ca href=\"https://github.com/juliusv\"\u003e\u003ccode\u003e@​juliusv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1290\"\u003eprometheus/client_golang#1290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed README \u0026amp; CHANGELOG; Added fmt makefile command (+bingo) for easier contributions. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1289\"\u003eprometheus/client_golang#1289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vegerot\"\u003e\u003ccode\u003e@​vegerot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1153\"\u003eprometheus/client_golang#1153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marevers\"\u003e\u003ccode\u003e@​marevers\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1257\"\u003eprometheus/client_golang#1257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PiotrLewandowski323\"\u003e\u003ccode\u003e@​PiotrLewandowski323\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1260\"\u003eprometheus/client_golang#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sashashura\"\u003e\u003ccode\u003e@​sashashura\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1180\"\u003eprometheus/client_golang#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/logicalhan\"\u003e\u003ccode\u003e@​logicalhan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1278\"\u003eprometheus/client_golang#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/khasanovbi\"\u003e\u003ccode\u003e@​khasanovbi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1272\"\u003eprometheus/client_golang#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/krishnaduttPanchagnula\"\u003e\u003ccode\u003e@​krishnaduttPanchagnula\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1281\"\u003eprometheus/client_golang#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avlitman\"\u003e\u003ccode\u003e@​avlitman\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1286\"\u003eprometheus/client_golang#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus/client_golang's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.16.0 / 2023-06-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1252\"\u003e#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] api: Fix undefined execution order in return statements. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1260\"\u003e#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] native histograms: Fix bug in bucket key calculation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Reduce constrainLabels allocations for all metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promhttp: Add process start time header for scrape efficiency. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1278\"\u003e#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promlint: Improve metricUnits runtime. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.1 / 2023-05-3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fixed promhttp.Instrument* handlers wrongly trying to attach exemplar to unsupported metrics (e.g. summary), \u003cbr /\u003e\ncausing panics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.0 / 2023-04-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fix issue with atomic variables on ppc64le. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1171\"\u003e#1171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Support for multiple samples within same metric. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1181\"\u003e#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Bump golang.org/x/text to v0.3.8 to mitigate CVE-2022-32149. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1187\"\u003e#1187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add exemplars and middleware examples. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1173\"\u003e#1173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add more context to \u0026quot;duplicate label names\u0026quot; error to enable debugging. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1177\"\u003e#1177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add constrained labels and constrained variant for all MetricVecs. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1151\"\u003e#1151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Moved away from deprecated github.com/golang/protobuf package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1183\"\u003e#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add possibility to dynamically get label values for http instrumentation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1066\"\u003e#1066\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add ability to Pusher to add custom headers. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1218\"\u003e#1218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] api: Extend and improve efficiency of json-iterator usage. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1225\"\u003e#1225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added (official) support for go 1.20. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1234\"\u003e#1234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] timer: Added support for exemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1233\"\u003e#1233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Filter expected metrics as well in CollectAndCompare. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1143\"\u003e#1143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] :warning: Only set start/end if time is not Zero. This breaks compatibility in experimental api package. If you strictly depend on empty time.Time as actual value, the behavior is now changed. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1238\"\u003e#1238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.14.0 / 2022-11-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[FEATURE] Add Support for Native Histograms. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1150\"\u003e#1150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Extend \u003ccode\u003eprometheus.Registry\u003c/code\u003e to implement \u003ccode\u003eprometheus.Collector\u003c/code\u003e interface. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1103\"\u003e#1103\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.1 / 2022-11-01\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fix race condition with Exemplar in Counter. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1146\"\u003e#1146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Fix \u003ccode\u003eCumulativeCount\u003c/code\u003e value of \u003ccode\u003e+Inf\u003c/code\u003e bucket created from exemplar. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1148\"\u003e#1148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Fix double-counting bug in \u003ccode\u003epromhttp.InstrumentRoundTripperCounter\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1118\"\u003e#1118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.0 / 2022-08-05\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added \u003ccode\u003eprometheus.TransactionalGatherer\u003c/code\u003e interface for \u003ccode\u003epromhttp.Handler\u003c/code\u003e use which allows using low allocation update techniques for custom collectors. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/989\"\u003e#989\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added exemplar support to \u003ccode\u003eprometheus.NewConstHistogram\u003c/code\u003e. See \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/prometheus/examples_test.go#L602\"\u003e\u003ccode\u003eExampleNewConstHistogram_WithExemplar\u003c/code\u003e\u003c/a\u003e example on how to use it. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/986\"\u003e#986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003eprometheus/push.Pusher\u003c/code\u003e has now context aware methods that pass context to HTTP request. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1028\"\u003e#1028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003eprometheus/push.Pusher\u003c/code\u003e has now \u003ccode\u003eError\u003c/code\u003e method that retrieve last error. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1075\"\u003e#1075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003etestutil.GatherAndCompare\u003c/code\u003e provides now readable diff on failed comparisons. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/998\"\u003e#998\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/3583c1e1d085b75cab406c78b015562d45552b39\"\u003e\u003ccode\u003e3583c1e\u003c/code\u003e\u003c/a\u003e Cut v1.16.0 (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1292\"\u003e#1292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/2feda42e447efac5bfe39bb226d7025af73c0947\"\u003e\u003ccode\u003e2feda42\u003c/code\u003e\u003c/a\u003e Fixed README \u0026amp; CHANGELOG; Added fmt makefile command (+bingo) for easier cont...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/5b9cf9c6a891de0e7b5ec26d9f4326570a658d17\"\u003e\u003ccode\u003e5b9cf9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1290\"\u003e#1290\u003c/a\u003e from prometheus/fix-nh-docstring-refs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/1b19d5f4589629067111815d0734a1ccbc245268\"\u003e\u003ccode\u003e1b19d5f\u003c/code\u003e\u003c/a\u003e Fix docstring references to renamed native histogram fields / functions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/7352ab7f805ab3bf4d2144f3e8cac92d5caec263\"\u003e\u003ccode\u003e7352ab7\u003c/code\u003e\u003c/a\u003e Moving fully to GH actions. (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1288\"\u003e#1288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/e4ff34d23eacb385c1a9d3d67c4d06aed042ebec\"\u003e\u003ccode\u003ee4ff34d\u003c/code\u003e\u003c/a\u003e Improve metricUnits runtime (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/781ea2802473fd7aff2a92cb16244be57472a085\"\u003e\u003ccode\u003e781ea28\u003c/code\u003e\u003c/a\u003e added circleci as gh action YAML (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1281\"\u003e#1281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/a09a1d34cbc74daa8ed70234b99467a30b020a40\"\u003e\u003ccode\u003ea09a1d3\u003c/code\u003e\u003c/a\u003e Reduce constrainLabels allocations (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/8840afcfc2c3ff3d40357552dbc1d9d43c4bae67\"\u003e\u003ccode\u003e8840afc\u003c/code\u003e\u003c/a\u003e Bump github.com/prometheus/procfs from 0.9.0 to 0.10.1 (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/5e78d5f66b851fef874b783814b2e884df2798d0\"\u003e\u003ccode\u003e5e78d5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e from prometheus/beorn7/histogram\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.0.0-20220411215720-9780585627b5 to 0.30.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/commits/v0.30.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.46.0 to 1.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.59.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer: grpc will switch to case-sensitive balancer names soon; log a warning if a capital letter is encountered in an LB policy name (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6647\"\u003e#6647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eserver: allow applications to send arbitrary data in the \u003ccode\u003egrpc-status-details-bin\u003c/code\u003e trailer (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: validate \u003ccode\u003egrpc-status-details-bin\u003c/code\u003e trailer and pass through the trailer to the application directly (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003etap (experimental): Add Header metadata to tap handler (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6652\"\u003e#6652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/pstibrany\"\u003e\u003ccode\u003e@​pstibrany\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003egrpc: channel idleness enabled by default with an \u003ccode\u003eidle_timeout\u003c/code\u003e of \u003ccode\u003e30m\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6585\"\u003e#6585\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDocumentation\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexamples: add an example of flow control behavior (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6648\"\u003e#6648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: fix hash policy header to skip \u0026quot;-bin\u0026quot; headers and read content-type header as expected (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6609\"\u003e#6609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eserver: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)\u003c/p\u003e\n\u003cp\u003eIn addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebalancer/weighted_round_robin: fix ticker leak on update\u003c/p\u003e\n\u003cp\u003eA new ticker is created every time there is an update of addresses or configuration, but was not properly stopped.  This change stops the ticker when it is no longer needed.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: fix a bug that was decrementing active RPC count too early for streaming RPCs; leading to channel moving to IDLE even though it had open streams\u003c/li\u003e\n\u003cli\u003egrpc: fix a bug where transports were not being closed upon channel entering IDLE\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cp\u003eSee \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6472\"\u003e#6472\u003c/a\u003e for details about these changes.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer: add \u003ccode\u003eStateListener\u003c/code\u003e to \u003ccode\u003eNewSubConnOptions\u003c/code\u003e for \u003ccode\u003eSubConn\u003c/code\u003e state updates and deprecate \u003ccode\u003eBalancer.Upda...\n\n_Description has been truncated_","html_url":"https://github.com/hardihardi/meshery/pull/40","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hardihardi%2Fmeshery/issues/40","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40/packages"}},{"old_version":"0.5.1","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-02-13T05:53:58.000Z","version_change":"0.5.1 → 0.6.1","issue":{"uuid":"3935505450","node_id":"PR_kwDOGZIwWs7DeGEQ","number":483,"state":"open","title":"chore(deps): Bump the production-dependencies group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T05:53:58.000Z","updated_at":"2026-02-13T05:54:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":3,"packages":[{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/sylabs/sif/v2","old_version":"2.22.0","new_version":"2.23.0","repository_url":"https://github.com/sylabs/sif"},{"name":"google.golang.org/grpc","old_version":"1.78.0","new_version":"1.79.0","repository_url":"https://github.com/grpc/grpc-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 3 updates in the / directory: [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin), [github.com/sylabs/sif/v2](https://github.com/sylabs/sif) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sylabs/sif/v2` from 2.22.0 to 2.23.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sylabs/sif/releases\"\u003egithub.com/sylabs/sif/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.23.0\u003c/h2\u003e\n\u003cp\u003eThis release drops support for Go 1.24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/430\"\u003esylabs/sif#430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/431\"\u003esylabs/sif#431\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/sebdah/goldie/v2 from 2.7.1 to 2.8.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/432\"\u003esylabs/sif#432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/434\"\u003esylabs/sif#434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/google/go-containerregistry from 0.20.6 to 0.20.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/435\"\u003esylabs/sif#435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/436\"\u003esylabs/sif#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump golangci-lint to v2.8 by \u003ca href=\"https://github.com/tri-adam\"\u003e\u003ccode\u003e@​tri-adam\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/440\"\u003esylabs/sif#440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump module to Go 1.25 by \u003ca href=\"https://github.com/tri-adam\"\u003e\u003ccode\u003e@​tri-adam\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/443\"\u003esylabs/sif#443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/sigstore/sigstore from 1.9.5 to 1.10.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/sylabs/sif/pull/441\"\u003esylabs/sif#441\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sylabs/sif/compare/v2.22.0...v2.23.0\"\u003ehttps://github.com/sylabs/sif/compare/v2.22.0...v2.23.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/a9bf1a9ef9ea9be59d392b0508dc5ad45e3bb385\"\u003e\u003ccode\u003ea9bf1a9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sylabs/sif/issues/441\"\u003e#441\u003c/a\u003e from sylabs/dependabot/go_modules/github.com/sigstore...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/35bb6a15662869f9661950ae4f1b64efcf2df6ea\"\u003e\u003ccode\u003e35bb6a1\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/sigstore/sigstore from 1.9.5 to 1.10.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/e83475c058a880f689ba197bfe3c696906c9ad96\"\u003e\u003ccode\u003ee83475c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sylabs/sif/issues/443\"\u003e#443\u003c/a\u003e from tri-adam/go-1.26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/58a1f73f820f03fba5bc33120f11a9e451c694e4\"\u003e\u003ccode\u003e58a1f73\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003enode\u003c/code\u003e to latest LTS release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/365c0c836cbbb5b9caaf8ea9da5ce3a2a5db58f4\"\u003e\u003ccode\u003e365c0c8\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003egolangci-lint\u003c/code\u003e to v2.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/e3414ace011cde0d2107510d35b0111b30a5eb08\"\u003e\u003ccode\u003ee3414ac\u003c/code\u003e\u003c/a\u003e chore: bump module to Go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/45c672d238953a49a20040459a83990435f6fd8d\"\u003e\u003ccode\u003e45c672d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sylabs/sif/issues/440\"\u003e#440\u003c/a\u003e from tri-adam/golangci-lint-2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/dac0e143958aab917eda9b752d017ed3b901d85c\"\u003e\u003ccode\u003edac0e14\u003c/code\u003e\u003c/a\u003e chore: bump golangci-lint to v2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/5e80e73f08491c8403ee67f8a5fb7fbe000585d1\"\u003e\u003ccode\u003e5e80e73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sylabs/sif/issues/436\"\u003e#436\u003c/a\u003e from sylabs/dependabot/go_modules/main/github.com/spf...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sylabs/sif/commit/82250fc7e96f754556a51b80201aa09f445b3cc2\"\u003e\u003ccode\u003e82250fc\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sylabs/sif/compare/v2.22.0...v2.23.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.78.0 to 1.79.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Include status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0381eb650acdae8e423473e64eef07693fe36305\"\u003e\u003ccode\u003e0381eb6\u003c/code\u003e\u003c/a\u003e xds: Support \u003ccode\u003e:authority\u003c/code\u003e header rewriting for LOGICAL_DNS clusters (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8822\"\u003e#8822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/90f571db95a0ec223ec45187f7399a06ccdc10cf\"\u003e\u003ccode\u003e90f571d\u003c/code\u003e\u003c/a\u003e xds: remove references to ResolverState.Addresses (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/679565f9ae655079807f5ab10e07f41acd2af943\"\u003e\u003ccode\u003e679565f\u003c/code\u003e\u003c/a\u003e xds: remove \u003ccode\u003eHashKey\u003c/code\u003e field from \u003ccode\u003exdsresource.Endpoint\u003c/code\u003e struct (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8844\"\u003e#8844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/bb2073d1e5551b900763979e08e1c11a47a8f150\"\u003e\u003ccode\u003ebb2073d\u003c/code\u003e\u003c/a\u003e mem: Allow overriding the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/bd4444a0a2fdd66245f9e0f0d140aafb5b49044c\"\u003e\u003ccode\u003ebd4444a\u003c/code\u003e\u003c/a\u003e Fix flaky \u003ccode\u003eTestServer_RedundantUpdateSuppression\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8839\"\u003e#8839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/623b3f000b3625aa4a1413f90add1ea367db17c2\"\u003e\u003ccode\u003e623b3f0\u003c/code\u003e\u003c/a\u003e test: add regression test for RecvMsg() error shadowing \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7510\"\u003e#7510\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8820\"\u003e#8820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/58624572f3714825a9690a156123a2aaf4baf5bd\"\u003e\u003ccode\u003e5862457\u003c/code\u003e\u003c/a\u003e encoding: remove unused \u003ccode\u003eDecompressedSize\u003c/code\u003e API (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8830\"\u003e#8830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e15b86731782f816de8c802a56bdb29099ec23d3\"\u003e\u003ccode\u003ee15b867\u003c/code\u003e\u003c/a\u003e dns: set Endpoints in resolver updates (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8812\"\u003e#8812\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/95825a36da908c4ac792814ee79251de96f2fd1e\"\u003e\u003ccode\u003e95825a3\u003c/code\u003e\u003c/a\u003e cdsbalancer: Remove UpdateAddresses handling (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8811\"\u003e#8811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/483","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/483","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/483/packages"}},{"old_version":"0.5.1","new_version":"0.6.1","update_type":"minor","path":"the production-dependencies group","pr_created_at":"2026-02-11T05:53:54.000Z","version_change":"0.5.1 → 0.6.1","issue":{"uuid":"3924858456","node_id":"PR_kwDOGZIwWs7C6pjE","number":482,"state":"open","title":"chore(deps): Bump github.com/cyphar/filepath-securejoin from 0.5.1 to 0.6.1 in the production-dependencies group","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-11T05:53:54.000Z","updated_at":"2026-02-11T09:09:55.192Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"}],"path":"the production-dependencies group","ecosystem":"go"},"body":"Bumps the production-dependencies group with 1 update: [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin).\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cyphar/filepath-securejoin\u0026package-manager=go_modules\u0026previous-version=0.5.1\u0026new-version=0.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/482","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/482","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/482/packages"}},{"old_version":"0.2.3","new_version":"0.2.4","update_type":"patch","path":null,"pr_created_at":"2026-02-10T00:38:49.000Z","version_change":"0.2.3 → 0.2.4","issue":{"uuid":"3918843844","node_id":"PR_kwDOQq4YHM7CnEGc","number":18,"state":"open","title":"Bump the go_modules group across 3 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","issue/stale","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-10T00:38:49.000Z","updated_at":"2026-03-22T01:27:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":16,"packages":[{"name":"github.com/jackc/pgproto3/v2","old_version":"2.3.1","new_version":"2.3.3","repository_url":"https://github.com/jackc/pgproto3"},{"name":"github.com/jackc/pgx/v4","old_version":"4.17.2","new_version":"4.18.2","repository_url":"https://github.com/jackc/pgx"},{"name":"github.com/sirupsen/logrus","old_version":"1.8.1","new_version":"1.8.3","repository_url":"https://github.com/sirupsen/logrus"},{"name":"github.com/containerd/containerd","old_version":"1.6.1","new_version":"1.7.29","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.2.3","new_version":"0.2.4","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"helm.sh/helm/v3","old_version":"3.8.2","new_version":"3.18.5","repository_url":"https://github.com/helm/helm"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the /scripts/component_updation directory: [github.com/jackc/pgproto3/v2](https://github.com/jackc/pgproto3), [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) and [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus).\nBumps the go_modules group with 6 updates in the /scripts/component_generation directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/jackc/pgproto3/v2](https://github.com/jackc/pgproto3) | `2.3.1` | `2.3.3` |\n| [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) | `4.17.2` | `4.18.2` |\n| [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) | `1.8.1` | `1.8.3` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.6.1` | `1.7.29` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.2.3` | `0.2.4` |\n| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.8.2` | `3.18.5` |\n\nBumps the go_modules group with 1 update in the /install/docker-extension directory: [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus).\n\nUpdates `github.com/jackc/pgproto3/v2` from 2.3.1 to 2.3.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007\"\u003e\u003ccode\u003e945c212\u003c/code\u003e\u003c/a\u003e Backport fixes from pgx v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/0c0f7b03fb4967dfff8de06d07a9fe20baf83449\"\u003e\u003ccode\u003e0c0f7b0\u003c/code\u003e\u003c/a\u003e Add pgx v5 note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/f59ff94cbed817a4c9f755696894e1f919756cfc\"\u003e\u003ccode\u003ef59ff94\u003c/code\u003e\u003c/a\u003e UnmarshalJSON: removing hex decode\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jackc/pgproto3/compare/v2.3.1...v2.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v4` from 4.17.2 to 4.18.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.18.2 (March 4, 2024)\u003c/h1\u003e\n\u003cp\u003eFix CVE-2024-27289\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when all of the following conditions are met:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA placeholder for a numeric value must be immediately preceded by a minus.\u003c/li\u003e\n\u003cli\u003eThere must be a second placeholder for a string value after the first placeholder; both must be on the same line.\u003c/li\u003e\n\u003cli\u003eBoth parameter values must be user-controlled.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cp\u003eFix CVE-2024-27304\u003c/p\u003e\n\u003cp\u003eSQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer\noverflow in the calculated message size can cause the one large message to be sent as multiple messages under the\nattacker's control.\u003c/p\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.1 (February 27, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.0 (February 11, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade pgconn to v1.14.0\u003c/li\u003e\n\u003cli\u003eUpgrade pgproto3 to v2.3.2\u003c/li\u003e\n\u003cli\u003eUpgrade pgtype to v1.14.0\u003c/li\u003e\n\u003cli\u003eFix query sanitizer when query text contains Unicode replacement character\u003c/li\u003e\n\u003cli\u003eFix context with value in BeforeConnect (David Harju)\u003c/li\u003e\n\u003cli\u003eSupport pgx v4 and v5 stdlib in same program (Vitalii Solodilov)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/14690df4c533758df97f7cc561cb9062155045c6\"\u003e\u003ccode\u003e14690df\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/779548e1f725060db4f4fc528325d7304aa34f93\"\u003e\u003ccode\u003e779548e\u003c/code\u003e\u003c/a\u003e Update required Go version to 1.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/80e96622d64b9c4dcc7d78a2200c8eade1713118\"\u003e\u003ccode\u003e80e9662\u003c/code\u003e\u003c/a\u003e Update github.com/jackc/pgconn to v1.14.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0bf9ac391c87b05d3c44cf0bbc43b9556761bc64\"\u003e\u003ccode\u003e0bf9ac3\u003c/code\u003e\u003c/a\u003e Fix erroneous test case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df\"\u003e\u003ccode\u003ef94eb0e\u003c/code\u003e\u003c/a\u003e Always wrap arguments in parentheses in the SQL sanitizer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c\"\u003e\u003ccode\u003e826a892\u003c/code\u003e\u003c/a\u003e Fix SQL injection via line comment creation in simple protocol\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7d882f9aa7b33f88fcf9da6b795685c5821950fd\"\u003e\u003ccode\u003e7d882f9\u003c/code\u003e\u003c/a\u003e Fix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1d07b8b939810f2417b6c2010acac08d64be6e7d\"\u003e\u003ccode\u003e1d07b8b\u003c/code\u003e\u003c/a\u003e go mod tidy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/13468eb321a0bacbb0cbdfddb1ea1d62e68e0652\"\u003e\u003ccode\u003e13468eb\u003c/code\u003e\u003c/a\u003e Release v4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7fed69b9540b7725f38abae5759a0cc98c541048\"\u003e\u003ccode\u003e7fed69b\u003c/code\u003e\u003c/a\u003e simplify duplicate \u003ccode\u003epgx\u003c/code\u003e registration guard\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v4.17.2...v4.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sirupsen/logrus` from 1.8.1 to 1.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd instructions to use different log levels for local and syslog by \u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by \u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse text when shows the logrus output by \u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCI: use GitHub Actions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1239\"\u003esirupsen/logrus#1239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: github.com/stretchr/testify v1.7.0 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1246\"\u003esirupsen/logrus#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange godoc badge to pkg.go.dev badge by \u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the logger private buffer pool. by \u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump golang.org/x/sys depency version by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1280\"\u003esirupsen/logrus#1280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eindicates issues as stale automatically by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1281\"\u003esirupsen/logrus#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add go 1.17 to test matrix by \u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ereduce the list of cross build target by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1282\"\u003esirupsen/logrus#1282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove Log methods documentation by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1283\"\u003esirupsen/logrus#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix race condition for SetFormatter and SetReportCaller by \u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version of golang.org/x/sys dependency by \u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate gopkg.in/yaml.v3 to v3.0.1 by \u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate dependencies by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1343\"\u003esirupsen/logrus#1343\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix data race in hooks.test package by \u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b30aa27cf4df89e9b96c68c063486c3162f71aef\"\u003e\u003ccode\u003eb30aa27\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1339\"\u003e#1339\u003c/a\u003e from xieyuschen/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7\"\u003e\u003ccode\u003e6acd903\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e from ozfive/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/105e63f86c7de9d7aab379fdd6721a3476009eaf\"\u003e\u003ccode\u003e105e63f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1\"\u003e#1\u003c/a\u003e from ashmckenzie/ashmckenzie/fix-writer-scanner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/c052ba6a076b368de89029949f68b3b8ccd8e058\"\u003e\u003ccode\u003ec052ba6\u003c/code\u003e\u003c/a\u003e Scan text in 64KB chunks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/e59b167d75f32c4d0db65a2dc6d5f0c4dd548653\"\u003e\u003ccode\u003ee59b167\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1372\"\u003e#1372\u003c/a\u003e from tommyblue/syslog_different_loglevels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/766cfece3701d0b1737681ffb5e6e40b628b664d\"\u003e\u003ccode\u003e766cfec\u003c/code\u003e\u003c/a\u003e This commit fixes a potential denial of service vulnerability in logrus.Write...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/70234da9c319016474284324265b694b2471c903\"\u003e\u003ccode\u003e70234da\u003c/code\u003e\u003c/a\u003e Add instructions to use different log levels for local and syslog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/a448f8228b920021d792e0767626068db5f0e38d\"\u003e\u003ccode\u003ea448f82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1362\"\u003e#1362\u003c/a\u003e from FrancoisWagner/fix-data-race-in-hooks-test-pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/ff07b25fdf830fffcf67b64674799b11941542ac\"\u003e\u003ccode\u003eff07b25\u003c/code\u003e\u003c/a\u003e Fix data race in hooks.test package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/f8bf7650dccb756cea26edaf9217aab85500fe07\"\u003e\u003ccode\u003ef8bf765\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1343\"\u003e#1343\u003c/a\u003e from sirupsen/dbd-upd-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20220722155217-630584e8d5aa to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/6c97a165dd661335ff7bce6104a008558123c353\"\u003e\u003ccode\u003e6c97a16\u003c/code\u003e\u003c/a\u003e all: update go directive to 1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f488e191e67ed95a5b9b7b39024e5a5f5f1ffd02\"\u003e\u003ccode\u003ef488e19\u003c/code\u003e\u003c/a\u003e unicode/norm: fix function name on comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fb697c0580b4b6ab0a21ca17e64788b981fb6018\"\u003e\u003ccode\u003efb697c0\u003c/code\u003e\u003c/a\u003e cmd/gotext: actually use -dir flag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f3e69ed4a8ab60c16ae76f4ddb08f2726b0a9428\"\u003e\u003ccode\u003ef3e69ed\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix misbehaviors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ab07ad1b65bc4cdc738e747f7569a3795d2e60ec\"\u003e\u003ccode\u003eab07ad1\u003c/code\u003e\u003c/a\u003e all: remove repetitive words\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e50348080f29449bcd6808c11400b3d45f08b09d\"\u003e\u003ccode\u003ee503480\u003c/code\u003e\u003c/a\u003e encoding/japanese, language: shorten very long sub-test names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/2df65d769a9e24cb1e11b714ec1918ed5d7657cb\"\u003e\u003ccode\u003e2df65d7\u003c/code\u003e\u003c/a\u003e all: regenerate for Unicode 15.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e3c038a67ff8a7b728cf9a527ca4d14ff7540536\"\u003e\u003ccode\u003ee3c038a\u003c/code\u003e\u003c/a\u003e all: prepare for Unicode 15.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/3a7a2557e7386e7e39d8b31290c3e8962c39e0fc\"\u003e\u003ccode\u003e3a7a255\u003c/code\u003e\u003c/a\u003e internal/export/idna: make more space for mapping index\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/d61dd50441c6e2d3595be435b162ca96c58848f9\"\u003e\u003ccode\u003ed61dd50\u003c/code\u003e\u003c/a\u003e go.mod: delete repeated \u0026quot;indirect\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgproto3/v2` from 2.3.1 to 2.3.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007\"\u003e\u003ccode\u003e945c212\u003c/code\u003e\u003c/a\u003e Backport fixes from pgx v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/0c0f7b03fb4967dfff8de06d07a9fe20baf83449\"\u003e\u003ccode\u003e0c0f7b0\u003c/code\u003e\u003c/a\u003e Add pgx v5 note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/f59ff94cbed817a4c9f755696894e1f919756cfc\"\u003e\u003ccode\u003ef59ff94\u003c/code\u003e\u003c/a\u003e UnmarshalJSON: removing hex decode\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jackc/pgproto3/compare/v2.3.1...v2.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v4` from 4.17.2 to 4.18.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.18.2 (March 4, 2024)\u003c/h1\u003e\n\u003cp\u003eFix CVE-2024-27289\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when all of the following conditions are met:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA placeholder for a numeric value must be immediately preceded by a minus.\u003c/li\u003e\n\u003cli\u003eThere must be a second placeholder for a string value after the first placeholder; both must be on the same line.\u003c/li\u003e\n\u003cli\u003eBoth parameter values must be user-controlled.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cp\u003eFix CVE-2024-27304\u003c/p\u003e\n\u003cp\u003eSQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer\noverflow in the calculated message size can cause the one large message to be sent as multiple messages under the\nattacker's control.\u003c/p\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.1 (February 27, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.0 (February 11, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade pgconn to v1.14.0\u003c/li\u003e\n\u003cli\u003eUpgrade pgproto3 to v2.3.2\u003c/li\u003e\n\u003cli\u003eUpgrade pgtype to v1.14.0\u003c/li\u003e\n\u003cli\u003eFix query sanitizer when query text contains Unicode replacement character\u003c/li\u003e\n\u003cli\u003eFix context with value in BeforeConnect (David Harju)\u003c/li\u003e\n\u003cli\u003eSupport pgx v4 and v5 stdlib in same program (Vitalii Solodilov)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/14690df4c533758df97f7cc561cb9062155045c6\"\u003e\u003ccode\u003e14690df\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/779548e1f725060db4f4fc528325d7304aa34f93\"\u003e\u003ccode\u003e779548e\u003c/code\u003e\u003c/a\u003e Update required Go version to 1.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/80e96622d64b9c4dcc7d78a2200c8eade1713118\"\u003e\u003ccode\u003e80e9662\u003c/code\u003e\u003c/a\u003e Update github.com/jackc/pgconn to v1.14.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0bf9ac391c87b05d3c44cf0bbc43b9556761bc64\"\u003e\u003ccode\u003e0bf9ac3\u003c/code\u003e\u003c/a\u003e Fix erroneous test case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df\"\u003e\u003ccode\u003ef94eb0e\u003c/code\u003e\u003c/a\u003e Always wrap arguments in parentheses in the SQL sanitizer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c\"\u003e\u003ccode\u003e826a892\u003c/code\u003e\u003c/a\u003e Fix SQL injection via line comment creation in simple protocol\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7d882f9aa7b33f88fcf9da6b795685c5821950fd\"\u003e\u003ccode\u003e7d882f9\u003c/code\u003e\u003c/a\u003e Fix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1d07b8b939810f2417b6c2010acac08d64be6e7d\"\u003e\u003ccode\u003e1d07b8b\u003c/code\u003e\u003c/a\u003e go mod tidy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/13468eb321a0bacbb0cbdfddb1ea1d62e68e0652\"\u003e\u003ccode\u003e13468eb\u003c/code\u003e\u003c/a\u003e Release v4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7fed69b9540b7725f38abae5759a0cc98c541048\"\u003e\u003ccode\u003e7fed69b\u003c/code\u003e\u003c/a\u003e simplify duplicate \u003ccode\u003epgx\u003c/code\u003e registration guard\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v4.17.2...v4.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sirupsen/logrus` from 1.8.1 to 1.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd instructions to use different log levels for local and syslog by \u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThis commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by \u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse text when shows the logrus output by \u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommyblue\"\u003e\u003ccode\u003e@​tommyblue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1372\"\u003esirupsen/logrus#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ozfive\"\u003e\u003ccode\u003e@​ozfive\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1376\"\u003esirupsen/logrus#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xieyuschen\"\u003e\u003ccode\u003e@​xieyuschen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1339\"\u003esirupsen/logrus#1339\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.2...v1.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCI: use GitHub Actions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1239\"\u003esirupsen/logrus#1239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: github.com/stretchr/testify v1.7.0 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1246\"\u003esirupsen/logrus#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange godoc badge to pkg.go.dev badge by \u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the logger private buffer pool. by \u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump golang.org/x/sys depency version by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1280\"\u003esirupsen/logrus#1280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eindicates issues as stale automatically by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1281\"\u003esirupsen/logrus#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add go 1.17 to test matrix by \u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ereduce the list of cross build target by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1282\"\u003esirupsen/logrus#1282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove Log methods documentation by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1283\"\u003esirupsen/logrus#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix race condition for SetFormatter and SetReportCaller by \u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version of golang.org/x/sys dependency by \u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate gopkg.in/yaml.v3 to v3.0.1 by \u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate dependencies by \u003ca href=\"https://github.com/dgsb\"\u003e\u003ccode\u003e@​dgsb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1343\"\u003esirupsen/logrus#1343\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix data race in hooks.test package by \u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minizilla\"\u003e\u003ccode\u003e@​minizilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1249\"\u003esirupsen/logrus#1249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/edoger\"\u003e\u003ccode\u003e@​edoger\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1253\"\u003esirupsen/logrus#1253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/runphp\"\u003e\u003ccode\u003e@​runphp\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1266\"\u003esirupsen/logrus#1266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anajavi\"\u003e\u003ccode\u003e@​anajavi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1277\"\u003esirupsen/logrus#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubensayshi\"\u003e\u003ccode\u003e@​rubensayshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1263\"\u003esirupsen/logrus#1263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nathanejohnson\"\u003e\u003ccode\u003e@​nathanejohnson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1333\"\u003esirupsen/logrus#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/izhakmo\"\u003e\u003ccode\u003e@​izhakmo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1337\"\u003esirupsen/logrus#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FrancoisWagner\"\u003e\u003ccode\u003e@​FrancoisWagner\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1362\"\u003esirupsen/logrus#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b30aa27cf4df89e9b96c68c063486c3162f71aef\"\u003e\u003ccode\u003eb30aa27\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1339\"\u003e#1339\u003c/a\u003e from xieyuschen/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7\"\u003e\u003ccode\u003e6acd903\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1376\"\u003e#1376\u003c/a\u003e from ozfive/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/105e63f86c7de9d7aab379fdd6721a3476009eaf\"\u003e\u003ccode\u003e105e63f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1\"\u003e#1\u003c/a\u003e from ashmckenzie/ashmckenzie/fix-writer-scanner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/c052ba6a076b368de89029949f68b3b8ccd8e058\"\u003e\u003ccode\u003ec052ba6\u003c/code\u003e\u003c/a\u003e Scan text in 64KB chunks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/e59b167d75f32c4d0db65a2dc6d5f0c4dd548653\"\u003e\u003ccode\u003ee59b167\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1372\"\u003e#1372\u003c/a\u003e from tommyblue/syslog_different_loglevels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/766cfece3701d0b1737681ffb5e6e40b628b664d\"\u003e\u003ccode\u003e766cfec\u003c/code\u003e\u003c/a\u003e This commit fixes a potential denial of service vulnerability in logrus.Write...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/70234da9c319016474284324265b694b2471c903\"\u003e\u003ccode\u003e70234da\u003c/code\u003e\u003c/a\u003e Add instructions to use different log levels for local and syslog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/a448f8228b920021d792e0767626068db5f0e38d\"\u003e\u003ccode\u003ea448f82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1362\"\u003e#1362\u003c/a\u003e from FrancoisWagner/fix-data-race-in-hooks-test-pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/ff07b25fdf830fffcf67b64674799b11941542ac\"\u003e\u003ccode\u003eff07b25\u003c/code\u003e\u003c/a\u003e Fix data race in hooks.test package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/f8bf7650dccb756cea26edaf9217aab85500fe07\"\u003e\u003ccode\u003ef8bf765\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1343\"\u003e#1343\u003c/a\u003e from sirupsen/dbd-upd-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20220722155217-630584e8d5aa to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/6c97a165dd661335ff7bce6104a008558123c353\"\u003e\u003ccode\u003e6c97a16\u003c/code\u003e\u003c/a\u003e all: update go directive to 1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f488e191e67ed95a5b9b7b39024e5a5f5f1ffd02\"\u003e\u003ccode\u003ef488e19\u003c/code\u003e\u003c/a\u003e unicode/norm: fix function name on comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fb697c0580b4b6ab0a21ca17e64788b981fb6018\"\u003e\u003ccode\u003efb697c0\u003c/code\u003e\u003c/a\u003e cmd/gotext: actually use -dir flag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f3e69ed4a8ab60c16ae76f4ddb08f2726b0a9428\"\u003e\u003ccode\u003ef3e69ed\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix misbehaviors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ab07ad1b65bc4cdc738e747f7569a3795d2e60ec\"\u003e\u003ccode\u003eab07ad1\u003c/code\u003e\u003c/a\u003e all: remove repetitive words\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e50348080f29449bcd6808c11400b3d45f08b09d\"\u003e\u003ccode\u003ee503480\u003c/code\u003e\u003c/a\u003e encoding/japanese, language: shorten very long sub-test names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/2df65d769a9e24cb1e11b714ec1918ed5d7657cb\"\u003e\u003ccode\u003e2df65d7\u003c/code\u003e\u003c/a\u003e all: regenerate for Unicode 15.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e3c038a67ff8a7b728cf9a527ca4d14ff7540536\"\u003e\u003ccode\u003ee3c038a\u003c/code\u003e\u003c/a\u003e all: prepare for Unicode 15.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/3a7a2557e7386e7e39d8b31290c3e8962c39e0fc\"\u003e\u003ccode\u003e3a7a255\u003c/code\u003e\u003c/a\u003e internal/export/idna: make more space for mapping index\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/d61dd50441c6e2d3595be435b162ca96c58848f9\"\u003e\u003ccode\u003ed61dd50\u003c/code\u003e\u003c/a\u003e go.mod: delete repeated \u0026quot;indirect\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.6.1 to 1.7.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.29\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.29 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe twenty-ninth patch release for containerd 1.7 contains various fixes\nand updates including security patches.\u003c/p\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w\"\u003e\u003cstrong\u003eGHSA-pwhc-rpq9-4c8w\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2\"\u003e\u003cstrong\u003eGHSA-m6hq-p25p-ffr2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003erunc\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\"\u003e\u003cstrong\u003eGHSA-qw9x-cqr3-wc7r\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003e\u003cstrong\u003eGHSA-cgrx-mc8f-2prm\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\"\u003e\u003cstrong\u003eGHSA-9493-h29p-rfm2\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate differ to handle zstd media types\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12018\"\u003e#12018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.3\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFix lost container logs from quickly closing io\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12375\"\u003e#12375\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003cli\u003eningmingxiao\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eStepSecurity Bot\u003c/li\u003e\n\u003cli\u003ewheat2018\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34bd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0450f046e6942e513d0ebf1ef5c2aff13daa187f\"\u003e\u003ccode\u003e0450f046e\u003c/code\u003e\u003c/a\u003e Fix directory permissions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6ddb7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/442cb34bda9a6a0fed82a2ca7cade05c5c749582\"\u003e\u003ccode\u003e442cb34\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e5cb6ddb7a7730c24253a94d7fdb6bbe13dba6f7\"\u003e\u003ccode\u003ee5cb6dd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9772966401ad3c33a6cd824632f0c61e5049f3a5\"\u003e\u003ccode\u003e9772966\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12486\"\u003e#12486\u003c/a\u003e from dmcgowan/prepare-v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1fc2daaf3ed53f4c9e76fbc5786a6f1ae3bb885f\"\u003e\u003ccode\u003e1fc2daa\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/93f710a528958474f95a95e54516624ef832d80f\"\u003e\u003ccode\u003e93f710a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12480\"\u003e#12480\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-12475-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/68d04befab3284f1dfe2a9f5691ea5da76daace7\"\u003e\u003ccode\u003e68d04be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12471\"\u003e#12471\u003c/a\u003e from austinvazquez/1_7_update_ci_go_and_images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3f5f9f872707a743563d316e85e530193a2e30ac\"\u003e\u003ccode\u003e3f5f9f8\u003c/code\u003e\u003c/a\u003e runc: Update runc binary to v1.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/667409fb63098cb80280940ab06038114e7712da\"\u003e\u003ccode\u003e667409f\u003c/code\u003e\u003c/a\u003e ci: bump Go 1.24.9, 1.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/294f8c027b607c4450b3e52f44280581a737a73f\"\u003e\u003ccode\u003e294f8c0\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest images for basic binaries build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf66b4141defb757dee0fc5653bfd0a7ba1e8fed\"\u003e\u003ccode\u003ecf66b41\u003c/code\u003e\u003c/a\u003e Update GHA runners to use latest image for most jobs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.6.1...v1.7.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.2.3 to 0.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.4\u003c/h2\u003e\n\u003cp\u003eThis release fixes a potential security issue in filepath-securejoin\nwhen used on Windows (GHSA-6xv5-86q9-7xr8, which could be used to\ngenerate paths outside of the provided rootfs in certain cases), as well\nas improving the overall behaviour of filepath-securejoin when dealing\nwith Windows paths that contain volume names. Thanks to Paulo Gomes for\ndiscovering and fixing these issues.\u003c/p\u003e\n\u003cp\u003eIn addition, we've switched (at long last) to GitHub Actions and have\ncontinuous integration testing on Linux, MacOS, and Windows.\u003c/p\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePaulo Gomes \u003ca href=\"mailto:pjbgf@linux.com\"\u003epjbgf@linux.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Aleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.2.4] - 2023-09-06\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThis release fixes a potential security issue in filepath-securejoin when\nused on Windows (\u003ca href=\"https://github.com/advisories/GHSA-6xv5-86q9-7xr8\"\u003eGHSA-6xv5-86q9-7xr8\u003c/a\u003e, which could be used to generate\npaths outside of the provided rootfs in certain cases), as well as improving\nthe overall behaviour of filepath-securejoin when dealing with Windows paths\nthat contain volume names. Thanks to Paulo Gomes for discovering and fixing\nthese issues.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to GitHub Actions for CI so we can test on Windows as well as Linux\nand MacOS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/2710d06c5b4ba3168beffa0689798d2db12e8ac4\"\u003e\u003ccode\u003e2710d06\u003c/code\u003e\u003c/a\u003e VERSION: release v0.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/68943415e950190ee33bddfa205e42186da87802\"\u003e\u003ccode\u003e6894341\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/9\"\u003e#9\u003c/a\u003e into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c121231e1276e11049547bee5ce68d5a2cfe2d9b\"\u003e\u003ccode\u003ec121231\u003c/code\u003e\u003c/a\u003e Fix support for Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/05b64230154f962d518a3a44fcfd7b9b63bab031\"\u003e\u003ccode\u003e05b6423\u003c/code\u003e\u003c/a\u003e ci: switch to GHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/64536a8a66ae59588c981e2199f1dcf410508e07\"\u003e\u003ccode\u003e64536a8\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.1+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003cp\u003eThere have been no changes made in the released binaries other than the bump of the Go runtime.\u003c/p\u003e\n\u003cp\u003eSee the changelog below for a full list of changes.\u003c/p\u003e\n\u003ch3\u003eCI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eci: use proper git ref for versioning \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGo: make Go version explicit and pin it to the latest 1.16 release \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3604\"\u003e#3604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eMilos Gajdos\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/96cc1fdb3cab99df352d6cea3d87e104f0ad8520\"\u003e\u003ccode\u003e96cc1fdb\u003c/code\u003e\u003c/a\u003e FIx typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e744906f090d3fd828984253a3dda07db307e7ca\"\u003e\u003ccode\u003ee744906f\u003c/code\u003e\u003c/a\u003e Update 2.8.1. release notes\u003c/li\u003e\n\u003cli\u003ePrepare for v2.8.1 release (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3596\"\u003e#3596\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/6736d1881aefeea97d0ed7330721821c7cae37a8\"\u003e\u003ccode\u003e6736d188\u003c/code\u003e\u003c/a\u003e Prepare for v2.8.1 release\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[2.8 backport] ci: use proper git ref for versioning (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/80acbdf0a2e282750c608e452ce4ceb5dfe0b5b6\"\u003e\u003ccode\u003e80acbdf0\u003c/code\u003e\u003c/a\u003e ci: use proper git ref for versioning\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003eThe previous release can be found at \u003ca href=\"https://github.com/distribution/distribution/releases/tag/v2.8.0\"\u003ev2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.0\u003c/h2\u003e\n\u003cp\u003eregistry 2.8.0\u003c/p\u003e\n\u003cp\u003eWelcome to the v2.8.0 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.0 registry release has been a long time overdue.\nThis is the first step towards the last 2.x release.\nNo further active development will continue on 2.x branch.\nSecurity vulnerability patches to 2.x might be considered, but\nall active development will be focussed on v3 release due in 2022.\nThis release includes a security vulnerability fix along\nwith a few minor bug fixes and improvemnts in documentation and CI.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/b5ca020cfbe998e5af3457fda087444cf5116496\"\u003e\u003ccode\u003eb5ca020\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3605\"\u003e#3605\u003c/a\u003e from milosgajdos/update-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1b5f094086fcc2306be9bc75ad59b2ccd4b174e6\"\u003e\u003ccode\u003e1b5f094\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3604\"\u003e#3604\u003c/a\u003e from crazy-max/2.8-go-1.16.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/96cc1fdb3cab99df352d6cea3d87e104f0ad8520\"\u003e\u003ccode\u003e96cc1fd\u003c/code\u003e\u003c/a\u003e FIx typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e744906f090d3fd828984253a3dda07db307e7ca\"\u003e\u003ccode\u003ee744906\u003c/code\u003e\u003c/a\u003e Update 2.8.1. release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3df9fce2beb5ee01e2174c0dbb9294c191bfd0a8\"\u003e\u003ccode\u003e3df9fce\u003c/code\u003e\u003c/a\u003e go 1.16.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/9a0196b801ba8b9eb4ae5ad388c8f95de719fcdf\"\u003e\u003ccode\u003e9a0196b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3596\"\u003e#3596\u003c/a\u003e from milosgajdos/fix-go-mod-v2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/6736d1881aefeea97d0ed7330721821c7cae37a8\"\u003e\u003ccode\u003e6736d18\u003c/code\u003e\u003c/a\u003e Prepare for v2.8.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e4a447d0d75f3370dce98690f5f2bb0bb4cb669f\"\u003e\u003ccode\u003ee4a447d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3595\"\u003e#3595\u003c/a\u003e from crazy-max/2.8-ci-gitref\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/80acbdf0a2e282750c608e452ce4ceb5dfe0b5b6\"\u003e\u003ccode\u003e80acbdf\u003c/code\u003e\u003c/a\u003e ci: use proper git ref for versioning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/dcf66392d606f50bf3a9286dcb4bdcdfb7c0e83a\"\u003e\u003ccode\u003edcf6639\u003c/code\u003e\u003c/a\u003e Update README so the release pipeline works properly.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.12+incompatible to 23.0.3+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/59118bff500fc0d95d0560a9788735a8d89568ce\"\u003e\u003ccode\u003e59118bf\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-232p-vwff-86mp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/219f21bf07502b447095649b5a2764661737f164\"\u003e\u003ccode\u003e219f21b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/45196\"\u003e#45196\u003c/a\u003e from vvoland/integration-restart-race-23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b87f7f18b82fbb647b5142c6e5459a88a7652d02\"\u003e\u003ccode\u003eb87f7f1\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: insert the input-drop rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c6bf3071fee48b79c2d48faf8855b8afe0a1e951\"\u003e\u003ccode\u003ec6bf307\u003c/code\u003e\u003c/a\u003e StartWithLogFile: Fix d.cmd race\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/7f49ca259bfea1c08bb3019d0db3aa894ff157a6\"\u003e\u003ccode\u003e7f49ca2\u003c/code\u003e\u003c/a\u003e TestDaemonRestartKillContainers: Fix loop capture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/98cbcb8003b7cf8da35fb5d05f5babbe142ab7c8\"\u003e\u003ccode\u003e98cbcb8\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: add BPF-powered VNI matcher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/5c5fac237425c4bf79d2f048c1850f855f0182aa\"\u003e\u003ccode\u003e5c5fac2\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: extract VNI match rule builder\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c492a22287557860831a7c4f523b8e53692bb822\"\u003e\u003ccode\u003ec492a22\u003c/code\u003e\u003c/a\u003e libn/d/overlay: enforce encryption on sandbox init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/018edb02849100de701d6ab6fb932ffb68843e4b\"\u003e\u003ccode\u003e018edb0\u003c/code\u003e\u003c/a\u003e libnet/d/overlay: document some encryption code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/a1fd2f22f6ee07ab5bf241e7b33c75e395bfa9e5\"\u003e\u003ccode\u003ea1fd2f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/45157\"\u003e#45157\u003c/a\u003e from thaJeztah/23.0_backport_update_shfmt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.12...v23.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus/client_golang` from 1.11.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/releases\"\u003egithub.com/prometheus/client_golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1252\"\u003e#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] api: Fix undefined execution order in return statements. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1260\"\u003e#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] native histograms: Fix bug in bucket key calculation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Reduce constrainLabels allocations for all metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promhttp: Add process start time header for scrape efficiency. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1278\"\u003e#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promlint: Improve metricUnits runtime. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eMerge v1.15 to main by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1250\"\u003eprometheus/client_golang#1250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to POST for LabelNames, Series, and QueryExemplars to DoGetFallback by \u003ca href=\"https://github.com/jacksontj\"\u003e\u003ccode\u003e@​jacksontj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1252\"\u003eprometheus/client_golang#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✏️ [collectors]: fix typo in test assertion by \u003ca href=\"https://github.com/vegerot\"\u003e\u003ccode\u003e@​vegerot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1153\"\u003eprometheus/client_golang#1153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded interactive tutorial [kubeCon] by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1255\"\u003eprometheus/client_golang#1255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed tutorial. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1256\"\u003eprometheus/client_golang#1256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/sys from 0.6.0 to 0.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1265\"\u003eprometheus/client_golang#1265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup proto use in tests by \u003ca href=\"https://github.com/SuperQ\"\u003e\u003ccode\u003e@​SuperQ\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1264\"\u003eprometheus/client_golang#1264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tutorial on WSL-based systems by \u003ca href=\"https://github.com/marevers\"\u003e\u003ccode\u003e@​marevers\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1257\"\u003eprometheus/client_golang#1257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix undefined execution order in return statements by \u003ca href=\"https://github.com/PiotrLewandowski323\"\u003e\u003ccode\u003e@​PiotrLewandowski323\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1260\"\u003eprometheus/client_golang#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge release 1.15.1 to main by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1267\"\u003eprometheus/client_golang#1267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGitHub Workflows security hardening by \u003ca href=\"https://github.com/sashashura\"\u003e\u003ccode\u003e@​sashashura\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1180\"\u003eprometheus/client_golang#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd process start time header to client_golang prometheus by \u003ca href=\"https://github.com/logicalhan\"\u003e\u003ccode\u003e@​logicalhan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1278\"\u003eprometheus/client_golang#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix bug in bucket key calculation by \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1279\"\u003eprometheus/client_golang#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/prometheus/procfs from 0.9.0 to 0.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1283\"\u003eprometheus/client_golang#1283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce constrainLabels allocations by \u003ca href=\"https://github.com/khasanovbi\"\u003e\u003ccode\u003e@​khasanovbi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1272\"\u003eprometheus/client_golang#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadded circleci as gh action YAML by \u003ca href=\"https://github.com/krishnaduttPanchagnula\"\u003e\u003ccode\u003e@​krishnaduttPanchagnula\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1281\"\u003eprometheus/client_golang#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove metricUnits runtime by \u003ca href=\"https://github.com/avlitman\"\u003e\u003ccode\u003e@​avlitman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1286\"\u003eprometheus/client_golang#1286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMoving fully to GH actions. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1288\"\u003eprometheus/client_golang#1288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix docstring references to renamed native histogram fields / functions. by \u003ca href=\"https://github.com/juliusv\"\u003e\u003ccode\u003e@​juliusv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1290\"\u003eprometheus/client_golang#1290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed README \u0026amp; CHANGELOG; Added fmt makefile command (+bingo) for easier contributions. by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1289\"\u003eprometheus/client_golang#1289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vegerot\"\u003e\u003ccode\u003e@​vegerot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1153\"\u003eprometheus/client_golang#1153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marevers\"\u003e\u003ccode\u003e@​marevers\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1257\"\u003eprometheus/client_golang#1257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PiotrLewandowski323\"\u003e\u003ccode\u003e@​PiotrLewandowski323\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1260\"\u003eprometheus/client_golang#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sashashura\"\u003e\u003ccode\u003e@​sashashura\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1180\"\u003eprometheus/client_golang#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/logicalhan\"\u003e\u003ccode\u003e@​logicalhan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1278\"\u003eprometheus/client_golang#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/khasanovbi\"\u003e\u003ccode\u003e@​khasanovbi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1272\"\u003eprometheus/client_golang#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/krishnaduttPanchagnula\"\u003e\u003ccode\u003e@​krishnaduttPanchagnula\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1281\"\u003eprometheus/client_golang#1281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avlitman\"\u003e\u003ccode\u003e@​avlitman\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/1286\"\u003eprometheus/client_golang#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus/client_golang's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.16.0 / 2023-06-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1252\"\u003e#1252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] api: Fix undefined execution order in return statements. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1260\"\u003e#1260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] native histograms: Fix bug in bucket key calculation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Reduce constrainLabels allocations for all metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promhttp: Add process start time header for scrape efficiency. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1278\"\u003e#1278\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] promlint: Improve metricUnits runtime. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.1 / 2023-05-3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fixed promhttp.Instrument* handlers wrongly trying to attach exemplar to unsupported metrics (e.g. summary), \u003cbr /\u003e\ncausing panics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.0 / 2023-04-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fix issue with atomic variables on ppc64le. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1171\"\u003e#1171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Support for multiple samples within same metric. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1181\"\u003e#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Bump golang.org/x/text to v0.3.8 to mitigate CVE-2022-32149. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1187\"\u003e#1187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add exemplars and middleware examples. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1173\"\u003e#1173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add more context to \u0026quot;duplicate label names\u0026quot; error to enable debugging. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1177\"\u003e#1177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add constrained labels and constrained variant for all MetricVecs. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1151\"\u003e#1151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Moved away from deprecated github.com/golang/protobuf package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1183\"\u003e#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add possibility to dynamically get label values for http instrumentation. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1066\"\u003e#1066\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add ability to Pusher to add custom headers. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1218\"\u003e#1218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] api: Extend and improve efficiency of json-iterator usage. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1225\"\u003e#1225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added (official) support for go 1.20. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1234\"\u003e#1234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] timer: Added support for exemplars. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1233\"\u003e#1233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Filter expected metrics as well in CollectAndCompare. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1143\"\u003e#1143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] :warning: Only set start/end if time is not Zero. This breaks compatibility in experimental api package. If you strictly depend on empty time.Time as actual value, the behavior is now changed. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1238\"\u003e#1238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.14.0 / 2022-11-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[FEATURE] Add Support for Native Histograms. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1150\"\u003e#1150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Extend \u003ccode\u003eprometheus.Registry\u003c/code\u003e to implement \u003ccode\u003eprometheus.Collector\u003c/code\u003e interface. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1103\"\u003e#1103\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.1 / 2022-11-01\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] Fix race condition with Exemplar in Counter. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1146\"\u003e#1146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Fix \u003ccode\u003eCumulativeCount\u003c/code\u003e value of \u003ccode\u003e+Inf\u003c/code\u003e bucket created from exemplar. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1148\"\u003e#1148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] Fix double-counting bug in \u003ccode\u003epromhttp.InstrumentRoundTripperCounter\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1118\"\u003e#1118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.0 / 2022-08-05\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added \u003ccode\u003eprometheus.TransactionalGatherer\u003c/code\u003e interface for \u003ccode\u003epromhttp.Handler\u003c/code\u003e use which allows using low allocation update techniques for custom collectors. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/989\"\u003e#989\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Added exemplar support to \u003ccode\u003eprometheus.NewConstHistogram\u003c/code\u003e. See \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/prometheus/examples_test.go#L602\"\u003e\u003ccode\u003eExampleNewConstHistogram_WithExemplar\u003c/code\u003e\u003c/a\u003e example on how to use it. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/986\"\u003e#986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003eprometheus/push.Pusher\u003c/code\u003e has now context aware methods that pass context to HTTP request. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1028\"\u003e#1028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003eprometheus/push.Pusher\u003c/code\u003e has now \u003ccode\u003eError\u003c/code\u003e method that retrieve last error. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1075\"\u003e#1075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] \u003ccode\u003etestutil.GatherAndCompare\u003c/code\u003e provides now readable diff on failed comparisons. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/998\"\u003e#998\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/3583c1e1d085b75cab406c78b015562d45552b39\"\u003e\u003ccode\u003e3583c1e\u003c/code\u003e\u003c/a\u003e Cut v1.16.0 (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1292\"\u003e#1292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/2feda42e447efac5bfe39bb226d7025af73c0947\"\u003e\u003ccode\u003e2feda42\u003c/code\u003e\u003c/a\u003e Fixed README \u0026amp; CHANGELOG; Added fmt makefile command (+bingo) for easier cont...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/5b9cf9c6a891de0e7b5ec26d9f4326570a658d17\"\u003e\u003ccode\u003e5b9cf9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1290\"\u003e#1290\u003c/a\u003e from prometheus/fix-nh-docstring-refs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/1b19d5f4589629067111815d0734a1ccbc245268\"\u003e\u003ccode\u003e1b19d5f\u003c/code\u003e\u003c/a\u003e Fix docstring references to renamed native histogram fields / functions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/7352ab7f805ab3bf4d2144f3e8cac92d5caec263\"\u003e\u003ccode\u003e7352ab7\u003c/code\u003e\u003c/a\u003e Moving fully to GH actions. (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1288\"\u003e#1288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/e4ff34d23eacb385c1a9d3d67c4d06aed042ebec\"\u003e\u003ccode\u003ee4ff34d\u003c/code\u003e\u003c/a\u003e Improve metricUnits runtime (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1286\"\u003e#1286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/781ea2802473fd7aff2a92cb16244be57472a085\"\u003e\u003ccode\u003e781ea28\u003c/code\u003e\u003c/a\u003e added circleci as gh action YAML (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1281\"\u003e#1281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/a09a1d34cbc74daa8ed70234b99467a30b020a40\"\u003e\u003ccode\u003ea09a1d3\u003c/code\u003e\u003c/a\u003e Reduce constrainLabels allocations (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1272\"\u003e#1272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/8840afcfc2c3ff3d40357552dbc1d9d43c4bae67\"\u003e\u003ccode\u003e8840afc\u003c/code\u003e\u003c/a\u003e Bump github.com/prometheus/procfs from 0.9.0 to 0.10.1 (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/5e78d5f66b851fef874b783814b2e884df2798d0\"\u003e\u003ccode\u003e5e78d5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1279\"\u003e#1279\u003c/a\u003e from prometheus/beorn7/histogram\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20220412020605-290c469a71a5 to 0.42.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.42.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.0.0-20220411215720-9780585627b5 to 0.30.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/commits/v0.30.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.46.0 to 1.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/...\n\n_Description has been truncated_","html_url":"https://github.com/hardihardi/meshery/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hardihardi%2Fmeshery/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"}},{"old_version":"0.5.2","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-02-03T07:02:24.000Z","version_change":"0.5.2 → 0.6.1","issue":{"uuid":"3889574370","node_id":"PR_kwDOEOmcd87BGrhW","number":962,"state":"closed","title":"build(deps): bump the gomod group across 1 directory with 26 updates","user":"dependabot[bot]","labels":["lifecycle/stale","release-note-none"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-01T10:44:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-03T07:02:24.000Z","updated_at":"2026-04-01T10:44:25.000Z","time_to_close":4938118,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":26,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/checkpoint-restore/checkpointctl","old_version":"1.4.0","new_version":"1.5.0","repository_url":"https://github.com/checkpoint-restore/checkpointctl"},{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/coreos/go-systemd/v22","old_version":"22.6.0","new_version":"22.7.0","repository_url":"https://github.com/coreos/go-systemd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.2","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/godbus/dbus/v5","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/godbus/dbus"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.27.3","new_version":"2.28.1","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/opencontainers/runc","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc","old_version":"0.64.0","new_version":"0.65.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go-contrib"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc","old_version":"1.39.0","new_version":"1.40.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"k8s.io/api","old_version":"0.35.0-rc.0","new_version":"0.36.0-alpha.0","repository_url":"https://github.com/kubernetes/api"},{"name":"k8s.io/client-go","old_version":"0.35.0-rc.0","new_version":"0.36.0-alpha.0","repository_url":"https://github.com/kubernetes/client-go"},{"name":"k8s.io/cri-api","old_version":"0.35.0-rc.0","new_version":"0.36.0-alpha.0","repository_url":"https://github.com/kubernetes/cri-api"},{"name":"k8s.io/cri-client","old_version":"0.35.0-rc.0","new_version":"0.36.0-alpha.0","repository_url":"https://github.com/kubernetes/cri-client"},{"name":"k8s.io/kubelet","old_version":"0.35.0-rc.0","new_version":"0.36.0-alpha.0","repository_url":"https://github.com/kubernetes/kubelet"},{"name":"sigs.k8s.io/release-utils","old_version":"0.12.2","new_version":"0.12.3","repository_url":"https://github.com/kubernetes-sigs/release-utils"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/checkpoint-restore/checkpointctl](https://github.com/checkpoint-restore/checkpointctl) | `1.4.0` | `1.5.0` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.29` | `1.7.30` |\n| [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) | `22.6.0` | `22.7.0` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.2` | `0.6.1` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.3` | `5.2.4` |\n| [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) | `5.2.0` | `5.2.2` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.27.3` | `2.28.1` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.3.2` | `1.4.0` |\n| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.64.0` | `0.65.0` |\n| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.39.0` | `1.40.0` |\n| [k8s.io/api](https://github.com/kubernetes/api) | `0.35.0-rc.0` | `0.36.0-alpha.0` |\n| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.35.0-rc.0` | `0.36.0-alpha.0` |\n| [k8s.io/cri-api](https://github.com/kubernetes/cri-api) | `0.35.0-rc.0` | `0.36.0-alpha.0` |\n| [k8s.io/cri-client](https://github.com/kubernetes/cri-client) | `0.35.0-rc.0` | `0.36.0-alpha.0` |\n| [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.35.0-rc.0` | `0.36.0-alpha.0` |\n| [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) | `0.12.2` | `0.12.3` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/checkpoint-restore/checkpointctl` from 1.4.0 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/releases\"\u003egithub.com/checkpoint-restore/checkpointctl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eworkflows: add PR comment on binary size check failure by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/180\"\u003echeckpoint-restore/checkpointctl#180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: update go-criu from v7 to v8 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/179\"\u003echeckpoint-restore/checkpointctl#179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate version number by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/182\"\u003echeckpoint-restore/checkpointctl#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: document asciidoctor and Go version requirements and ignore install artifacts by \u003ca href=\"https://github.com/Lorygold\"\u003e\u003ccode\u003e@​Lorygold\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/183\"\u003echeckpoint-restore/checkpointctl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: update go-criu from v8 to v8.1.0 by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/188\"\u003echeckpoint-restore/checkpointctl#188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for parsing of TaskState by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/187\"\u003echeckpoint-restore/checkpointctl#187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeckpointctl: Version 1.5.0 by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/191\"\u003echeckpoint-restore/checkpointctl#191\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lorygold\"\u003e\u003ccode\u003e@​Lorygold\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/183\"\u003echeckpoint-restore/checkpointctl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TusharMohapatra07\"\u003e\u003ccode\u003e@​TusharMohapatra07\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/187\"\u003echeckpoint-restore/checkpointctl#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.1...v1.5.0\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.1...v1.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in the all group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/172\"\u003echeckpoint-restore/checkpointctl#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/176\"\u003echeckpoint-restore/checkpointctl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eworkflows: add explicit permissions to fix CodeQL warnings by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/177\"\u003echeckpoint-restore/checkpointctl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump minimum Go version to 1.24.6 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/178\"\u003echeckpoint-restore/checkpointctl#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/891978fb0574c92308fd2f94aaa497c705b194bb\"\u003e\u003ccode\u003e891978f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/191\"\u003e#191\u003c/a\u003e from rst0git/version-1.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/16da5b31962b6bcde738a6c5bc4c742d84c2d491\"\u003e\u003ccode\u003e16da5b3\u003c/code\u003e\u003c/a\u003e checkpointctl: Version 1.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/19e162bfe7bcd44a8375619017a5f7deb9346e03\"\u003e\u003ccode\u003e19e162b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/187\"\u003e#187\u003c/a\u003e from rst0git/task-state-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/11d87dac03cd0d247d820e841817984a582b0eeb\"\u003e\u003ccode\u003e11d87da\u003c/code\u003e\u003c/a\u003e test/piggie: add tests for zombie/dead processes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/9817147c1a21c8c10d98b0c5a876725ddbbd00e2\"\u003e\u003ccode\u003e9817147\u003c/code\u003e\u003c/a\u003e test/piggie: use enable variable in setsockopt()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/c80219ebd2f8c3cbce3ecfa4d4739f5347e63a3b\"\u003e\u003ccode\u003ec80219e\u003c/code\u003e\u003c/a\u003e test/piggie: fix log file redirect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/21eb9f9703d9f8a2071d0d72fd0783697b7c6d6c\"\u003e\u003ccode\u003e21eb9f9\u003c/code\u003e\u003c/a\u003e test/piggie: fix pointer arithmetic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/152be2f3beb27e753611fb4b7a48a2d09d42ff78\"\u003e\u003ccode\u003e152be2f\u003c/code\u003e\u003c/a\u003e test/piggie: send correct payload length for ping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/3feab27d671bf945d1da3f038b6a202955cb4429\"\u003e\u003ccode\u003e3feab27\u003c/code\u003e\u003c/a\u003e test/piggie: break loop on client disconnect or error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/d90aad006e6ff1a279c0a21a4320361a7d31c75b\"\u003e\u003ccode\u003ed90aad0\u003c/code\u003e\u003c/a\u003e test/piggie: initialize sockaddr_in structures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.29 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/coreos/go-systemd/v22` from 22.6.0 to 22.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coreos/go-systemd/releases\"\u003egithub.com/coreos/go-systemd/v22's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev22.7.0\u003c/h2\u003e\n\u003cp\u003eThis release fixes an issue with multiple calls to (e.g.) StopUnit, simplifies and improves code and documentation, and adds a few new methods.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/473\"\u003ecoreos/go-systemd#473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixing error on negative value of LISTEN_FDS by \u003ca href=\"https://github.com/vporoshok\"\u003e\u003ccode\u003e@​vporoshok\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/472\"\u003ecoreos/go-systemd#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMisc error reporting improvements by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/475\"\u003ecoreos/go-systemd#475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edaemon: add \u003ccode\u003eSdNotifyMonotonicUsec\u003c/code\u003e helper function by \u003ca href=\"https://github.com/corhere\"\u003e\u003ccode\u003e@​corhere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/435\"\u003ecoreos/go-systemd#435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/481\"\u003ecoreos/go-systemd#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/483\"\u003ecoreos/go-systemd#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edbus: fix TestSetUnitProperties wrt systemd \u0026gt;= 252 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/489\"\u003ecoreos/go-systemd#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSync repo templates ⚙ by \u003ca href=\"https://github.com/coreosbot-releng\"\u003e\u003ccode\u003e@​coreosbot-releng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/486\"\u003ecoreos/go-systemd#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eunit: simplify escape character by \u003ca href=\"https://github.com/huww98\"\u003e\u003ccode\u003e@​huww98\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/485\"\u003ecoreos/go-systemd#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emachine1: add missing close method to conn. by \u003ca href=\"https://github.com/maartensson\"\u003e\u003ccode\u003e@​maartensson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/487\"\u003ecoreos/go-systemd#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esubscription: Added context cancellation and sync to subscription set by \u003ca href=\"https://github.com/NotSoFancyName\"\u003e\u003ccode\u003e@​NotSoFancyName\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/480\"\u003ecoreos/go-systemd#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: improvements by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/490\"\u003ecoreos/go-systemd#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimport1: add missing close method to conn by \u003ca href=\"https://github.com/maartensson\"\u003e\u003ccode\u003e@​maartensson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/492\"\u003ecoreos/go-systemd#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esdjournal: fix copyrights by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/499\"\u003ecoreos/go-systemd#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eactivation: simplify ListenersWithNames by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/498\"\u003ecoreos/go-systemd#498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edbus: allow multiple calls for the same unit to *Unit by \u003ca href=\"https://github.com/haircommander\"\u003e\u003ccode\u003e@​haircommander\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/496\"\u003ecoreos/go-systemd#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation nits by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/500\"\u003ecoreos/go-systemd#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edbus: dedup result conversion code by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/493\"\u003ecoreos/go-systemd#493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd FilesWithNames() to activation by \u003ca href=\"https://github.com/MayCXC\"\u003e\u003ccode\u003e@​MayCXC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/497\"\u003ecoreos/go-systemd#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for transient units with auxiliary units by \u003ca href=\"https://github.com/gwenya\"\u003e\u003ccode\u003e@​gwenya\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/495\"\u003ecoreos/go-systemd#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eactivation: stub out for plan9 by \u003ca href=\"https://github.com/flokli\"\u003e\u003ccode\u003e@​flokli\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/440\"\u003ecoreos/go-systemd#440\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vporoshok\"\u003e\u003ccode\u003e@​vporoshok\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/472\"\u003ecoreos/go-systemd#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corhere\"\u003e\u003ccode\u003e@​corhere\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/435\"\u003ecoreos/go-systemd#435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huww98\"\u003e\u003ccode\u003e@​huww98\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/485\"\u003ecoreos/go-systemd#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/maartensson\"\u003e\u003ccode\u003e@​maartensson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/487\"\u003ecoreos/go-systemd#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haircommander\"\u003e\u003ccode\u003e@​haircommander\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/496\"\u003ecoreos/go-systemd#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MayCXC\"\u003e\u003ccode\u003e@​MayCXC\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/497\"\u003ecoreos/go-systemd#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gwenya\"\u003e\u003ccode\u003e@​gwenya\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/495\"\u003ecoreos/go-systemd#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flokli\"\u003e\u003ccode\u003e@​flokli\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/coreos/go-systemd/pull/440\"\u003ecoreos/go-systemd#440\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ehttps://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/4dc4ee60b8394d431f19a3c599040ef758884a27\"\u003e\u003ccode\u003e4dc4ee6\u003c/code\u003e\u003c/a\u003e activation: stub out for plan9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/8f5a75c278158e2cf18b413f02c25f5628a5feda\"\u003e\u003ccode\u003e8f5a75c\u003c/code\u003e\u003c/a\u003e dbus: add StartTransientUnitAux for starting transient units with auxiliary u...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/9211a7bb9050c57bf853f71a184803c71b9effe7\"\u003e\u003ccode\u003e9211a7b\u003c/code\u003e\u003c/a\u003e activation: add FilesWithNames()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/2c3ebed22d7a23765394bade71e7c0451e1b1efd\"\u003e\u003ccode\u003e2c3ebed\u003c/code\u003e\u003c/a\u003e dbus: dedup result conversion code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/aac8e000ad77a1a12ca5493f127dd72d72b387e2\"\u003e\u003ccode\u003eaac8e00\u003c/code\u003e\u003c/a\u003e unit: fix Deserialize deprecation notice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/d4795ceb4873780fd6d601700ea44fecd6f8d4a0\"\u003e\u003ccode\u003ed4795ce\u003c/code\u003e\u003c/a\u003e Fix doc references\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/abb50b3ef702fd889c2806ac0a79eeed7dee6a17\"\u003e\u003ccode\u003eabb50b3\u003c/code\u003e\u003c/a\u003e dbus: allow multiple calls for the same unit to *Unit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/27f6beaf75ffc911bbeff76dc3dbf8ee4bf86d86\"\u003e\u003ccode\u003e27f6bea\u003c/code\u003e\u003c/a\u003e activation: simplify ListenersWithNames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/e615438da4253e7970d9647cc6916fcc91e644af\"\u003e\u003ccode\u003ee615438\u003c/code\u003e\u003c/a\u003e sdjournal: fix copyrights\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coreos/go-systemd/commit/d25876d629af5d60f8d6681719509721c2ab4a25\"\u003e\u003ccode\u003ed25876d\u003c/code\u003e\u003c/a\u003e import1: add missing close method to conn\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.2 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f466aa3630920b694b2d32b037375e55520bdf5b\"\u003e\u003ccode\u003ef466aa3\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/83\"\u003e#83\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/67db5d4c764ad99bc947581f1973b24bc62ffc20\"\u003e\u003ccode\u003e67db5d4\u003c/code\u003e\u003c/a\u003e tests: hard-fail openat2 in openat2-disabled tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f51984fd0a9093abd4047041537c7dfcb79fbd8b\"\u003e\u003ccode\u003ef51984f\u003c/code\u003e\u003c/a\u003e gha: run tests on vX.Y.Z branches\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.2...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.3 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/6eb35881c0e438ffb663ddbad3a61babaa5e5d8a\"\u003e\u003ccode\u003e6eb3588\u003c/code\u003e\u003c/a\u003e middleware: harden RedirectSlashes handler (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1044\"\u003e#1044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/de0d16e6d23092aeef0b6e78f146799369160651\"\u003e\u003ccode\u003ede0d16e\u003c/code\u003e\u003c/a\u003e Update comment about min Go version (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1023\"\u003e#1023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/9fb4a15daa6d4ccd5e7286c1227d58872f89f4cb\"\u003e\u003ccode\u003e9fb4a15\u003c/code\u003e\u003c/a\u003e update reverseMethodMap in RegisterMethod (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1022\"\u003e#1022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/51c977c2da872d16d05531d5bc49ccd027599ce2\"\u003e\u003ccode\u003e51c977c\u003c/code\u003e\u003c/a\u003e Refactor to use atomic type (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1019\"\u003e#1019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/563ab118626b47810852303c3a60c2106a6bc23c\"\u003e\u003ccode\u003e563ab11\u003c/code\u003e\u003c/a\u003e Refactor graceful shutdown example (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/994\"\u003e#994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a52c582b532cd261dbedc4c811d809d6e024c1ff\"\u003e\u003ccode\u003ea52c582\u003c/code\u003e\u003c/a\u003e Bump minimum Go and use new features (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1017\"\u003e#1017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.3...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/godbus/dbus/v5` from 5.2.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/godbus/dbus/releases\"\u003egithub.com/godbus/dbus/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ununsed import in windows specific code by \u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump freebsd to 14.3 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/421\"\u003egodbus/dbus#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow more than 32 containers / struct fields in a signature by \u003ca href=\"https://github.com/guelfey\"\u003e\u003ccode\u003e@​guelfey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/426\"\u003egodbus/dbus#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci-lint to v2, fix some issues found by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/419\"\u003egodbus/dbus#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and simplify getHomeDir by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/422\"\u003egodbus/dbus#422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/a8ac15ba63645f02ffd57f4b443203279ab40b30\"\u003e\u003ccode\u003ea8ac15b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/427\"\u003e#427\u003c/a\u003e from dims/drop-unused-import-in-windows-specific-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/e638c721d984eab99e7a5d674ece2e17ea913aca\"\u003e\u003ccode\u003ee638c72\u003c/code\u003e\u003c/a\u003e Drop ununsed import in windows specific code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/20d95a3d9a57a5cb72cbdafb3fd9ecb6d2ccd038\"\u003e\u003ccode\u003e20d95a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/422\"\u003e#422\u003c/a\u003e from kolyshkin/homedir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d3fc3b583895e27c3337f77ea7134b0a81159955\"\u003e\u003ccode\u003ed3fc3b5\u003c/code\u003e\u003c/a\u003e Fix and simplify getHomeDir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/88ce46364db66b69f70017265a312b26ad7feba8\"\u003e\u003ccode\u003e88ce463\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/419\"\u003e#419\u003c/a\u003e from kolyshkin/golangci-v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/feb892a0347fb361350229d969a2666a4791504e\"\u003e\u003ccode\u003efeb892a\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/c5ff039e5883a86f848ad6fbb820e471818c0bde\"\u003e\u003ccode\u003ec5ff039\u003c/code\u003e\u003c/a\u003e Ignore ST1008 warning for validSingle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/135663e52698feb5ad4b0733d7e457c82227214a\"\u003e\u003ccode\u003e135663e\u003c/code\u003e\u003c/a\u003e Omit embedded fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/1b92cdcc136567c781bcc0ad1ccb4bd78b11e151\"\u003e\u003ccode\u003e1b92cdc\u003c/code\u003e\u003c/a\u003e variant_parser: simplify switch statement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d03c0bea70755580de832141a43f544950e76fc7\"\u003e\u003ccode\u003ed03c0be\u003c/code\u003e\u003c/a\u003e Use switch where it makes sense\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.27.3 to 2.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.28.1\u003c/h2\u003e\n\u003ch2\u003e2.28.1\u003c/h2\u003e\n\u003cp\u003eUpdate all dependencies.  This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.\u003c/p\u003e\n\u003ch2\u003ev2.28.0\u003c/h2\u003e\n\u003ch2\u003e2.28.0\u003c/h2\u003e\n\u003cp\u003eGinkgo's SemVer filter now supports filtering multiple components by SemVer version:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eIt(\u0026quot;should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)\u0026quot;, SemVerConstraint(\u0026quot;\u0026gt;= 3.2.0\u0026quot;), ComponentSemVerConstraint(\u0026quot;redis\u0026quot;, \u0026quot;\u0026gt;= 8.0.0\u0026quot;) func() {\n    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is \u0026gt;= 8.0.0\n})\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ecan be filtered in or out with an invocation like:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eginkgo --sem-ver-filter=\u0026quot;2.1.1, redis=8.2.0\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/Icarus9913\"\u003e\u003ccode\u003e@​Icarus9913\u003c/code\u003e\u003c/a\u003e for working on this!\u003c/p\u003e\n\u003ch2\u003ev2.27.5\u003c/h2\u003e\n\u003ch2\u003e2.27.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eDon't make a new formatter for each GinkgoT(); that's just silly and uses precious memory\u003c/p\u003e\n\u003ch2\u003ev2.27.4\u003c/h2\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.28.1\u003c/h2\u003e\n\u003cp\u003eUpdate all dependencies.  This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.\u003c/p\u003e\n\u003ch2\u003e2.28.0\u003c/h2\u003e\n\u003cp\u003eGinkgo's SemVer filter now supports filtering multiple components by SemVer version:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eIt(\u0026quot;should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)\u0026quot;, SemVerConstraint(\u0026quot;\u0026gt;= 3.2.0\u0026quot;), ComponentSemVerConstraint(\u0026quot;redis\u0026quot;, \u0026quot;\u0026gt;= 8.0.0\u0026quot;) func() {\n    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is \u0026gt;= 8.0.0\n})\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ecan be filtered in or out with an invocation like:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eginkgo --sem-ver-filter=\u0026quot;2.1.1, redis=8.2.0\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/Icarus9913\"\u003e\u003ccode\u003e@​Icarus9913\u003c/code\u003e\u003c/a\u003e for working on this!\u003c/p\u003e\n\u003ch2\u003e2.27.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eDon't make a new formatter for each GinkgoT(); that's just silly and uses precious memory\u003c/p\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/5d1d628ac86668c8f944c8c491c3d1ab86b3bed4\"\u003e\u003ccode\u003e5d1d628\u003c/code\u003e\u003c/a\u003e v2.28.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/676f985d26d9b5d02f73086760883f7086bb5386\"\u003e\u003ccode\u003e676f985\u003c/code\u003e\u003c/a\u003e update test mu language\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/8032100d256f25df9be61f2623fc244c9ea0cafb\"\u003e\u003ccode\u003e8032100\u003c/code\u003e\u003c/a\u003e appease go vet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/41ca8077223910d4d20e099204a8520057ab8b82\"\u003e\u003ccode\u003e41ca807\u003c/code\u003e\u003c/a\u003e bump dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/2b2305b02aad8f5316b0bfcaabe5b9789d988db6\"\u003e\u003ccode\u003e2b2305b\u003c/code\u003e\u003c/a\u003e v2.28.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/71d2d89adc9387d4f4fc579438b5631d9180d687\"\u003e\u003ccode\u003e71d2d89\u003c/code\u003e\u003c/a\u003e feat: support component semantic version filtering\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/8cbbcb4709d306183de94f0699dd92affeb6f5b0\"\u003e\u003ccode\u003e8cbbcb4\u003c/code\u003e\u003c/a\u003e Fix doclink for ginkgo run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/a92830749ce9b1271ffac08abce793ae937fe9d4\"\u003e\u003ccode\u003ea928307\u003c/code\u003e\u003c/a\u003e v2.27.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/0d0e96db305b01ce8642008053b857363ca87ecb\"\u003e\u003ccode\u003e0d0e96d\u003c/code\u003e\u003c/a\u003e don't make a new formatter for each GinkgoT(); that's just silly and uses pre...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/867ce95f5142649695406f751f883c99ea45c0d5\"\u003e\u003ccode\u003e867ce95\u003c/code\u003e\u003c/a\u003e v2.27.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.3...v2.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.38.3 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.39.0\u003c/h2\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/49561ad293853e660030f8397b07607127e3ebb7\"\u003e\u003ccode\u003e49561ad\u003c/code\u003e\u003c/a\u003e v1.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8f7f42585ccc794dcb3a4979ac7d67e00fb070ae\"\u003e\u003ccode\u003e8f7f425\u003c/code\u003e\u003c/a\u003e document MatchErrorStrictly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/bae643da0469185d9502e8d7528da137f4c62320\"\u003e\u003ccode\u003ebae643d\u003c/code\u003e\u003c/a\u003e add matcher relecting errors.Is behavior\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.3...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.0 -- \u0026quot;路漫漫其修远兮，吾将上下而求索！\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the first release of the 1.4.z release branch of runc. It\ncontains a few fixes for issues found in 1.4.0-rc.3. This version of\nrunc supports runtime-spec v1.3 (see [\u003ccode\u003edocs/spec-conformance.md\u003c/code\u003e][] for the\nfew features that are still missing).\u003c/p\u003e\n\u003cp\u003eThis is the second release of runc following our new release and support\npolicy (see [\u003ccode\u003eRELEASES.md\u003c/code\u003e][] for more details). This means that, as of this\nrelease:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe runc 1.2.z release branch will now only receive \u003cem\u003ehigh severity\u003c/em\u003e\nCVE fixes, and will no longer be supported in less than 6 months (end\nof April 2026).\u003c/li\u003e\n\u003cli\u003eThe runc 1.3.z release branch will now only receive security and\n\u0026quot;significant\u0026quot; bugfixes.\u003c/li\u003e\n\u003cli\u003eUsers are encouraged to plan migrating to runc 1.4.0 as soon as\npossible.\u003c/li\u003e\n\u003cli\u003eDespite this release being delayed by a month, users should still\nexpect a runc 1.5.0 release in late April 2026.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n[CVE-2025-52881][] mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the [CVE-2025-52881][]\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.0] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e路漫漫其修远兮，吾将上下而求索！\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\nusers. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: switch to \u003ccode\u003e(*CPUSet).Fill\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4927\"\u003e#4927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs/spec-conformance.md: update for spec v1.3.0. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4948\"\u003e#4948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.3.4] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTake me to your heart, take me to your soul.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4966\"\u003e#4966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the\ntarget path already existed. This fixes a regression introduced in our\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bd78a9977e604c4d5f67a7415d7b8b8c109cdc4\"\u003e\u003ccode\u003e8bd78a9\u003c/code\u003e\u003c/a\u003e VERSION: release 1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7d84a1282aaab9f106b19511de011df1a4510752\"\u003e\u003ccode\u003e7d84a12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5005\"\u003e#5005\u003c/a\u003e from cyphar/1.4-hallucinated-paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c362d6bd2107bc8ae25f88e93b31fe85c8222b81\"\u003e\u003ccode\u003ec362d6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5040\"\u003e#5040\u003c/a\u003e from cyphar/1.4-better-init-errors-4928\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/f1d0dd8fb36abf4ad5e8502bca7f18d921560790\"\u003e\u003ccode\u003ef1d0dd8\u003c/code\u003e\u003c/a\u003e runc create/run/exec: show fatal errors from init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/46156624b77fd995e6fc45df097aa94a6b8be5c2\"\u003e\u003ccode\u003e4615662\u003c/code\u003e\u003c/a\u003e libct/nsenter: better read/write errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c4a61c0227580d730b887788f6a9c5d09238ed64\"\u003e\u003ccode\u003ec4a61c0\u003c/code\u003e\u003c/a\u003e libct/nsenter: sprinkle missing sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/493f1b10fea838dc01ab5f99e4fc3ca6a236c8b6\"\u003e\u003ccode\u003e493f1b1\u003c/code\u003e\u003c/a\u003e libct/nsenter: add and use bailx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7f9fc53c34ead1880c839da432130a3d0bb96d25\"\u003e\u003ccode\u003e7f9fc53\u003c/code\u003e\u003c/a\u003e libct/nsenter: save errno in sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e18c06bf8ee87ac6472d03ed2e28d8a9077f978f\"\u003e\u003ccode\u003ee18c06b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5041\"\u003e#5041\u003c/a\u003e from lifubang/backport-5014-fd-leaks-flake-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5bb89872f8d3cb6e58268e16644f8ca2d8ade2cf\"\u003e\u003ccode\u003e5bb8987\u003c/code\u003e\u003c/a\u003e libct/int: TestFdLeaks: deflake\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.12.0 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003cp\u003eThis release includes a minor update to reduce the minimum version\nrequirement of the \u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e package from\nv0.6.0 to v0.5.1. We did not use any of the newer features, so\ndowngrading is a no-op but will help with downstreams that need to\nbackport \u003ccode\u003egithub.com/opencontainers/selinux\u003c/code\u003e updates.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/240\"\u003eopencontainers/selinux#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edowngrade github.com/cyphar/filepath-securejoin to v0.5.1 by \u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to golangci-lint v2 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/230\"\u003eopencontainers/selinux#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/233\"\u003eopencontainers/selinux#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/234\"\u003eopencontainers/selinux#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekeyring: fix typo in EACCES check by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/235\"\u003eopencontainers/selinux#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Go 1.25, drop go 1.23, bump golangci-lint by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/236\"\u003eopencontainers/selinux#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eselinux: migrate to pathrs-lite procfs API by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/237\"\u003eopencontainers/selinux#237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/5647f06491288afa5ea45747896b359f51f7c509\"\u003e\u003ccode\u003e5647f06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/242\"\u003e#242\u003c/a\u003e from Luap99/securejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/69a52b85c9831ced6f3f512822063bff5eb41dac\"\u003e\u003ccode\u003e69a52b8\u003c/code\u003e\u003c/a\u003e downgrade github.com/cyphar/filepath-securejoin to v0.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/6950c322825bbede8032e70fbac550c497a49943\"\u003e\u003ccode\u003e6950c32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/240\"\u003e#240\u003c/a\u003e from opencontainers/dependabot/github_actions/golangc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9a88c886b3ca4f6e016057eab6f2770aff9c2024\"\u003e\u003ccode\u003e9a88c88\u003c/code\u003e\u003c/a\u003e build(deps): bump golangci/golangci-lint-action from 8 to 9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/4be9937fb76c0c49a30469135a4077fcc33712b8\"\u003e\u003ccode\u003e4be9937\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/237\"\u003e#237\u003c/a\u003e from cyphar/selinux-safe-procfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8cfa6fd2d285a96022203163c2075eda85bff54\"\u003e\u003ccode\u003ec8cfa6f\u003c/code\u003e\u003c/a\u003e selinux: migrate to pathrs-lite procfs API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/f2424d8145e2ac45a0ec457e39758cd58e573285\"\u003e\u003ccode\u003ef2424d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/236\"\u003e#236\u003c/a\u003e from kolyshkin/modernize-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/648ce7f0f85f4a310d1cd7317986fc1d6c8ff41c\"\u003e\u003ccode\u003e648ce7f\u003c/code\u003e\u003c/a\u003e ci: add go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/916cab932c940e0fc55f0c8404d503665160dd9c\"\u003e\u003ccode\u003e916cab9\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/b42e5c8eff8eab7ee590cc61d78fd3e2d38e3309\"\u003e\u003ccode\u003eb42e5c8\u003c/code\u003e\u003c/a\u003e all: format sources with latest gofumpt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.9.4\u003c/h2\u003e\n\u003ch2\u003eNotable changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ego.mod: update minimum supported go version to v1.17 \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump up dependencies  \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTouch-up godoc and add \u0026quot;doc\u0026quot; links.\u003c/li\u003e\n\u003cli\u003eREADME: fix links, grammar, and update examples.\u003c/li\u003e\n\u003cli\u003eAdd GNU/Hurd support \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1364\"\u003esirupsen/logrus#1364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd WASI wasip1 support \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1388\"\u003esirupsen/logrus#1388\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove uses of deprecated \u003ccode\u003eioutil\u003c/code\u003e package \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1472\"\u003esirupsen/logrus#1472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: update actions and golangci-lint \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1459\"\u003esirupsen/logrus#1459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: remove appveyor, add macOS  \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b61f268f75b6ff134a62cd62aee1095fa12e8d2e\"\u003e\u003ccode\u003eb61f268\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1472\"\u003e#1472\u003c/a\u003e from goldlinker/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/15c29db7129cc15331e9c52493d5aaab217146c7\"\u003e\u003ccode\u003e15c29db\u003c/code\u003e\u003c/a\u003e refactor: replace the deprecated function in the ioutil package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/cb253f3080f18ec7e55b4c8f15b62fe0a806f130\"\u003e\u003ccode\u003ecb253f3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1464\"\u003e#1464\u003c/a\u003e from thaJeztah/touchup_godoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/29b233793060a07fb76eda791f604d87e08d23d1\"\u003e\u003ccode\u003e29b2337\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1468\"\u003e#1468\u003c/a\u003e from thaJeztah/touchup_readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/d9168199e06807d8959126bc8c823ad8b96e3969\"\u003e\u003ccode\u003ed916819\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1427\"\u003e#1427\u003c/a\u003e from dolmen/fix-testify-usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/135e4820b2140747fb868073e4dca1619996417a\"\u003e\u003ccode\u003e135e482\u003c/code\u003e\u003c/a\u003e README: small touch-ups\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/2c5fa36b73abb8b007474417571e268685d0d84e\"\u003e\u003ccode\u003e2c5fa36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1467\"\u003e#1467\u003c/a\u003e from thaJeztah/rm_old_badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/877ecec10d61675855189ece38d70d8804302fa4\"\u003e\u003ccode\u003e877ecec\u003c/code\u003e\u003c/a\u003e README: remove travis badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/55cf2560b5e5fd3f0e6ff59e6ce766eb12db4522\"\u003e\u003ccode\u003e55cf256\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1393\"\u003e#1393\u003c/a\u003e from jsoref/grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/21bae50b76794e93449c3f0f845ea0ac903847db\"\u003e\u003ccode\u003e21bae50\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1426\"\u003e#1426\u003c/a\u003e from dolmen/testing-fix-use-of-math-rand\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.64.0 to 0.65.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go-contrib/releases\"\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.40.0/v2.2.0/v0.65.0/v0.34.0/v0.20.0/v0.15.0/v0.13.0/v0.12.0\u003c/h2\u003e\n\u003ch2\u003eOverview\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eWithMetricAttributesFn\u003c/code\u003e option in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\u003c/code\u003e to define dynamic attributes on auto-instrumented metrics. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8191\"\u003e#8191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for configuring propagators in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8281\"\u003e#8281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003econst Version\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/prometheus\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8401\"\u003e#8401\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003econst Version\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8461\"\u003e#8461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003econst Version\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otellogr\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8477\"\u003e#8477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003econst Version\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/brid...\n\n_Description has been truncated_","html_url":"https://github.com/saschagrunert/cri-o/pull/962","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/saschagrunert%2Fcri-o/issues/962","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/962/packages"}},{"old_version":"0.2.3","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-01-30T08:25:33.000Z","version_change":"0.2.3 → 0.6.1","issue":{"uuid":"3874602175","node_id":"PR_kwDOEBQoV87AVkr9","number":412,"state":"open","title":"build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.6.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-30T08:25:33.000Z","updated_at":"2026-01-30T08:25:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.2.3","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.6.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.1] - 2025-10-31\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eSpooky scary skeletons send shivers down your spine!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cyphar/filepath-securejoin\u0026package-manager=go_modules\u0026previous-version=0.2.3\u0026new-version=0.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wgahnagl/cri-o/pull/412","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wgahnagl%2Fcri-o/issues/412","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/412/packages"}},{"old_version":"0.2.3","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-01-30T02:46:16.000Z","version_change":"0.2.3 → 0.6.1","issue":{"uuid":"3873566555","node_id":"PR_kwDOEX2eOc7ASGxG","number":263,"state":"open","title":"build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.6.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-30T02:46:16.000Z","updated_at":"2026-01-30T02:46:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.2.3","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.6.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.1] - 2025-10-31\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eSpooky scary skeletons send shivers down your spine!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cyphar/filepath-securejoin\u0026package-manager=go_modules\u0026previous-version=0.2.3\u0026new-version=0.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/maolin-sen/cri-o/pull/263","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/maolin-sen%2Fcri-o/issues/263","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/263/packages"}},{"old_version":"0.5.2","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-01-20T16:43:15.000Z","version_change":"0.5.2 → 0.6.1","issue":{"uuid":"3834530756","node_id":"PR_kwDOBAr5ps6-Qbf3","number":9720,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 14 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-20T16:43:15.000Z","updated_at":"2026-01-20T17:08:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":14,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/checkpoint-restore/checkpointctl","old_version":"1.4.0","new_version":"1.5.0","repository_url":"https://github.com/checkpoint-restore/checkpointctl"},{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.2","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.3","new_version":"5.2.4","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/godbus/dbus/v5","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/godbus/dbus"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.27.3","new_version":"2.27.5","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.38.3","new_version":"1.39.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"golang.org/x/net","old_version":"0.48.0","new_version":"0.49.0","repository_url":"https://github.com/golang/net"},{"name":"sigs.k8s.io/release-utils","old_version":"0.12.2","new_version":"0.12.3","repository_url":"https://github.com/kubernetes-sigs/release-utils"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/checkpoint-restore/checkpointctl](https://github.com/checkpoint-restore/checkpointctl) | `1.4.0` | `1.5.0` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.29` | `1.7.30` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.2` | `0.6.1` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.3` | `5.2.4` |\n| [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) | `5.2.0` | `5.2.2` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.27.3` | `2.27.5` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.3` | `1.39.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.3.2` | `1.4.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.48.0` | `0.49.0` |\n| [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) | `0.12.2` | `0.12.3` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/checkpoint-restore/checkpointctl` from 1.4.0 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/releases\"\u003egithub.com/checkpoint-restore/checkpointctl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eworkflows: add PR comment on binary size check failure by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/180\"\u003echeckpoint-restore/checkpointctl#180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: update go-criu from v7 to v8 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/179\"\u003echeckpoint-restore/checkpointctl#179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate version number by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/182\"\u003echeckpoint-restore/checkpointctl#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: document asciidoctor and Go version requirements and ignore install artifacts by \u003ca href=\"https://github.com/Lorygold\"\u003e\u003ccode\u003e@​Lorygold\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/183\"\u003echeckpoint-restore/checkpointctl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: update go-criu from v8 to v8.1.0 by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/188\"\u003echeckpoint-restore/checkpointctl#188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for parsing of TaskState by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/187\"\u003echeckpoint-restore/checkpointctl#187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeckpointctl: Version 1.5.0 by \u003ca href=\"https://github.com/rst0git\"\u003e\u003ccode\u003e@​rst0git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/191\"\u003echeckpoint-restore/checkpointctl#191\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lorygold\"\u003e\u003ccode\u003e@​Lorygold\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/183\"\u003echeckpoint-restore/checkpointctl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TusharMohapatra07\"\u003e\u003ccode\u003e@​TusharMohapatra07\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/187\"\u003echeckpoint-restore/checkpointctl#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.1...v1.5.0\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.1...v1.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in the all group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/172\"\u003echeckpoint-restore/checkpointctl#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/176\"\u003echeckpoint-restore/checkpointctl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eworkflows: add explicit permissions to fix CodeQL warnings by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/177\"\u003echeckpoint-restore/checkpointctl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump minimum Go version to 1.24.6 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/178\"\u003echeckpoint-restore/checkpointctl#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/891978fb0574c92308fd2f94aaa497c705b194bb\"\u003e\u003ccode\u003e891978f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/191\"\u003e#191\u003c/a\u003e from rst0git/version-1.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/16da5b31962b6bcde738a6c5bc4c742d84c2d491\"\u003e\u003ccode\u003e16da5b3\u003c/code\u003e\u003c/a\u003e checkpointctl: Version 1.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/19e162bfe7bcd44a8375619017a5f7deb9346e03\"\u003e\u003ccode\u003e19e162b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/187\"\u003e#187\u003c/a\u003e from rst0git/task-state-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/11d87dac03cd0d247d820e841817984a582b0eeb\"\u003e\u003ccode\u003e11d87da\u003c/code\u003e\u003c/a\u003e test/piggie: add tests for zombie/dead processes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/9817147c1a21c8c10d98b0c5a876725ddbbd00e2\"\u003e\u003ccode\u003e9817147\u003c/code\u003e\u003c/a\u003e test/piggie: use enable variable in setsockopt()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/c80219ebd2f8c3cbce3ecfa4d4739f5347e63a3b\"\u003e\u003ccode\u003ec80219e\u003c/code\u003e\u003c/a\u003e test/piggie: fix log file redirect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/21eb9f9703d9f8a2071d0d72fd0783697b7c6d6c\"\u003e\u003ccode\u003e21eb9f9\u003c/code\u003e\u003c/a\u003e test/piggie: fix pointer arithmetic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/152be2f3beb27e753611fb4b7a48a2d09d42ff78\"\u003e\u003ccode\u003e152be2f\u003c/code\u003e\u003c/a\u003e test/piggie: send correct payload length for ping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/3feab27d671bf945d1da3f038b6a202955cb4429\"\u003e\u003ccode\u003e3feab27\u003c/code\u003e\u003c/a\u003e test/piggie: break loop on client disconnect or error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/d90aad006e6ff1a279c0a21a4320361a7d31c75b\"\u003e\u003ccode\u003ed90aad0\u003c/code\u003e\u003c/a\u003e test/piggie: initialize sockaddr_in structures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.29 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.2 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f466aa3630920b694b2d32b037375e55520bdf5b\"\u003e\u003ccode\u003ef466aa3\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/83\"\u003e#83\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/67db5d4c764ad99bc947581f1973b24bc62ffc20\"\u003e\u003ccode\u003e67db5d4\u003c/code\u003e\u003c/a\u003e tests: hard-fail openat2 in openat2-disabled tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f51984fd0a9093abd4047041537c7dfcb79fbd8b\"\u003e\u003ccode\u003ef51984f\u003c/code\u003e\u003c/a\u003e gha: run tests on vX.Y.Z branches\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.2...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.3 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/6eb35881c0e438ffb663ddbad3a61babaa5e5d8a\"\u003e\u003ccode\u003e6eb3588\u003c/code\u003e\u003c/a\u003e middleware: harden RedirectSlashes handler (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1044\"\u003e#1044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/de0d16e6d23092aeef0b6e78f146799369160651\"\u003e\u003ccode\u003ede0d16e\u003c/code\u003e\u003c/a\u003e Update comment about min Go version (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1023\"\u003e#1023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/9fb4a15daa6d4ccd5e7286c1227d58872f89f4cb\"\u003e\u003ccode\u003e9fb4a15\u003c/code\u003e\u003c/a\u003e update reverseMethodMap in RegisterMethod (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1022\"\u003e#1022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/51c977c2da872d16d05531d5bc49ccd027599ce2\"\u003e\u003ccode\u003e51c977c\u003c/code\u003e\u003c/a\u003e Refactor to use atomic type (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1019\"\u003e#1019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/563ab118626b47810852303c3a60c2106a6bc23c\"\u003e\u003ccode\u003e563ab11\u003c/code\u003e\u003c/a\u003e Refactor graceful shutdown example (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/994\"\u003e#994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a52c582b532cd261dbedc4c811d809d6e024c1ff\"\u003e\u003ccode\u003ea52c582\u003c/code\u003e\u003c/a\u003e Bump minimum Go and use new features (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1017\"\u003e#1017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.3...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/godbus/dbus/v5` from 5.2.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/godbus/dbus/releases\"\u003egithub.com/godbus/dbus/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ununsed import in windows specific code by \u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump freebsd to 14.3 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/421\"\u003egodbus/dbus#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow more than 32 containers / struct fields in a signature by \u003ca href=\"https://github.com/guelfey\"\u003e\u003ccode\u003e@​guelfey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/426\"\u003egodbus/dbus#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci-lint to v2, fix some issues found by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/419\"\u003egodbus/dbus#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and simplify getHomeDir by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/422\"\u003egodbus/dbus#422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/a8ac15ba63645f02ffd57f4b443203279ab40b30\"\u003e\u003ccode\u003ea8ac15b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/427\"\u003e#427\u003c/a\u003e from dims/drop-unused-import-in-windows-specific-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/e638c721d984eab99e7a5d674ece2e17ea913aca\"\u003e\u003ccode\u003ee638c72\u003c/code\u003e\u003c/a\u003e Drop ununsed import in windows specific code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/20d95a3d9a57a5cb72cbdafb3fd9ecb6d2ccd038\"\u003e\u003ccode\u003e20d95a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/422\"\u003e#422\u003c/a\u003e from kolyshkin/homedir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d3fc3b583895e27c3337f77ea7134b0a81159955\"\u003e\u003ccode\u003ed3fc3b5\u003c/code\u003e\u003c/a\u003e Fix and simplify getHomeDir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/88ce46364db66b69f70017265a312b26ad7feba8\"\u003e\u003ccode\u003e88ce463\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/419\"\u003e#419\u003c/a\u003e from kolyshkin/golangci-v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/feb892a0347fb361350229d969a2666a4791504e\"\u003e\u003ccode\u003efeb892a\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/c5ff039e5883a86f848ad6fbb820e471818c0bde\"\u003e\u003ccode\u003ec5ff039\u003c/code\u003e\u003c/a\u003e Ignore ST1008 warning for validSingle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/135663e52698feb5ad4b0733d7e457c82227214a\"\u003e\u003ccode\u003e135663e\u003c/code\u003e\u003c/a\u003e Omit embedded fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/1b92cdcc136567c781bcc0ad1ccb4bd78b11e151\"\u003e\u003ccode\u003e1b92cdc\u003c/code\u003e\u003c/a\u003e variant_parser: simplify switch statement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d03c0bea70755580de832141a43f544950e76fc7\"\u003e\u003ccode\u003ed03c0be\u003c/code\u003e\u003c/a\u003e Use switch where it makes sense\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.27.3 to 2.27.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.27.5\u003c/h2\u003e\n\u003ch2\u003e2.27.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eDon't make a new formatter for each GinkgoT(); that's just silly and uses precious memory\u003c/p\u003e\n\u003ch2\u003ev2.27.4\u003c/h2\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.27.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eDon't make a new formatter for each GinkgoT(); that's just silly and uses precious memory\u003c/p\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/a92830749ce9b1271ffac08abce793ae937fe9d4\"\u003e\u003ccode\u003ea928307\u003c/code\u003e\u003c/a\u003e v2.27.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/0d0e96db305b01ce8642008053b857363ca87ecb\"\u003e\u003ccode\u003e0d0e96d\u003c/code\u003e\u003c/a\u003e don't make a new formatter for each GinkgoT(); that's just silly and uses pre...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/867ce95f5142649695406f751f883c99ea45c0d5\"\u003e\u003ccode\u003e867ce95\u003c/code\u003e\u003c/a\u003e v2.27.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/59bc751e3d44779e1e92c30035924590f917d6b8\"\u003e\u003ccode\u003e59bc751\u003c/code\u003e\u003c/a\u003e CurrentTreeConstructionNodeReport: fix for nested container nodes\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.3...v2.27.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.38.3 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.39.0\u003c/h2\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/49561ad293853e660030f8397b07607127e3ebb7\"\u003e\u003ccode\u003e49561ad\u003c/code\u003e\u003c/a\u003e v1.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8f7f42585ccc794dcb3a4979ac7d67e00fb070ae\"\u003e\u003ccode\u003e8f7f425\u003c/code\u003e\u003c/a\u003e document MatchErrorStrictly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/bae643da0469185d9502e8d7528da137f4c62320\"\u003e\u003ccode\u003ebae643d\u003c/code\u003e\u003c/a\u003e add matcher relecting errors.Is behavior\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.3...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.0 -- \u0026quot;路漫漫其修远兮，吾将上下而求索！\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the first release of the 1.4.z release branch of runc. It\ncontains a few fixes for issues found in 1.4.0-rc.3. This version of\nrunc supports runtime-spec v1.3 (see [\u003ccode\u003edocs/spec-conformance.md\u003c/code\u003e][] for the\nfew features that are still missing).\u003c/p\u003e\n\u003cp\u003eThis is the second release of runc following our new release and support\npolicy (see [\u003ccode\u003eRELEASES.md\u003c/code\u003e][] for more details). This means that, as of this\nrelease:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe runc 1.2.z release branch will now only receive \u003cem\u003ehigh severity\u003c/em\u003e\nCVE fixes, and will no longer be supported in less than 6 months (end\nof April 2026).\u003c/li\u003e\n\u003cli\u003eThe runc 1.3.z release branch will now only receive security and\n\u0026quot;significant\u0026quot; bugfixes.\u003c/li\u003e\n\u003cli\u003eUsers are encouraged to plan migrating to runc 1.4.0 as soon as\npossible.\u003c/li\u003e\n\u003cli\u003eDespite this release being delayed by a month, users should still\nexpect a runc 1.5.0 release in late April 2026.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n[CVE-2025-52881][] mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the [CVE-2025-52881][]\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.0] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e路漫漫其修远兮，吾将上下而求索！\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\nusers. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: switch to \u003ccode\u003e(*CPUSet).Fill\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4927\"\u003e#4927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs/spec-conformance.md: update for spec v1.3.0. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4948\"\u003e#4948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.3.4] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTake me to your heart, take me to your soul.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4966\"\u003e#4966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the\ntarget path already existed. This fixes a regression introduced in our\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bd78a9977e604c4d5f67a7415d7b8b8c109cdc4\"\u003e\u003ccode\u003e8bd78a9\u003c/code\u003e\u003c/a\u003e VERSION: release 1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7d84a1282aaab9f106b19511de011df1a4510752\"\u003e\u003ccode\u003e7d84a12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5005\"\u003e#5005\u003c/a\u003e from cyphar/1.4-hallucinated-paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c362d6bd2107bc8ae25f88e93b31fe85c8222b81\"\u003e\u003ccode\u003ec362d6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5040\"\u003e#5040\u003c/a\u003e from cyphar/1.4-better-init-errors-4928\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/f1d0dd8fb36abf4ad5e8502bca7f18d921560790\"\u003e\u003ccode\u003ef1d0dd8\u003c/code\u003e\u003c/a\u003e runc create/run/exec: show fatal errors from init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/46156624b77fd995e6fc45df097aa94a6b8be5c2\"\u003e\u003ccode\u003e4615662\u003c/code\u003e\u003c/a\u003e libct/nsenter: better read/write errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c4a61c0227580d730b887788f6a9c5d09238ed64\"\u003e\u003ccode\u003ec4a61c0\u003c/code\u003e\u003c/a\u003e libct/nsenter: sprinkle missing sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/493f1b10fea838dc01ab5f99e4fc3ca6a236c8b6\"\u003e\u003ccode\u003e493f1b1\u003c/code\u003e\u003c/a\u003e libct/nsenter: add and use bailx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7f9fc53c34ead1880c839da432130a3d0bb96d25\"\u003e\u003ccode\u003e7f9fc53\u003c/code\u003e\u003c/a\u003e libct/nsenter: save errno in sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e18c06bf8ee87ac6472d03ed2e28d8a9077f978f\"\u003e\u003ccode\u003ee18c06b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5041\"\u003e#5041\u003c/a\u003e from lifubang/backport-5014-fd-leaks-flake-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5bb89872f8d3cb6e58268e16644f8ca2d8ade2cf\"\u003e\u003ccode\u003e5bb8987\u003c/code\u003e\u003c/a\u003e libct/int: TestFdLeaks: deflake\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.12.0 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003cp\u003eThis release includes a minor update to reduce the minimum version\nrequirement of the \u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e package from\nv0.6.0 to v0.5.1. We did not use any of the newer features, so\ndowngrading is a no-op but will help with downstreams that need to\nbackport \u003ccode\u003egithub.com/opencontainers/selinux\u003c/code\u003e updates.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/240\"\u003eopencontainers/selinux#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edowngrade github.com/cyphar/filepath-securejoin to v0.5.1 by \u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to golangci-lint v2 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/230\"\u003eopencontainers/selinux#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/233\"\u003eopencontainers/selinux#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/234\"\u003eopencontainers/selinux#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekeyring: fix typo in EACCES check by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/235\"\u003eopencontainers/selinux#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Go 1.25, drop go 1.23, bump golangci-lint by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/236\"\u003eopencontainers/selinux#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eselinux: migrate to pathrs-lite procfs API by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/237\"\u003eopencontainers/selinux#237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/5647f06491288afa5ea45747896b359f51f7c509\"\u003e\u003ccode\u003e5647f06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/242\"\u003e#242\u003c/a\u003e from Luap99/securejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/69a52b85c9831ced6f3f512822063bff5eb41dac\"\u003e\u003ccode\u003e69a52b8\u003c/code\u003e\u003c/a\u003e downgrade github.com/cyphar/filepath-securejoin to v0.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/6950c322825bbede8032e70fbac550c497a49943\"\u003e\u003ccode\u003e6950c32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/240\"\u003e#240\u003c/a\u003e from opencontainers/dependabot/github_actions/golangc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9a88c886b3ca4f6e016057eab6f2770aff9c2024\"\u003e\u003ccode\u003e9a88c88\u003c/code\u003e\u003c/a\u003e build(deps): bump golangci/golangci-lint-action from 8 to 9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/4be9937fb76c0c49a30469135a4077fcc33712b8\"\u003e\u003ccode\u003e4be9937\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/237\"\u003e#237\u003c/a\u003e from cyphar/selinux-safe-procfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8cfa6fd2d285a96022203163c2075eda85bff54\"\u003e\u003ccode\u003ec8cfa6f\u003c/code\u003e\u003c/a\u003e selinux: migrate to pathrs-lite procfs API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/f2424d8145e2ac45a0ec457e39758cd58e573285\"\u003e\u003ccode\u003ef2424d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/236\"\u003e#236\u003c/a\u003e from kolyshkin/modernize-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/648ce7f0f85f4a310d1cd7317986fc1d6c8ff41c\"\u003e\u003ccode\u003e648ce7f\u003c/code\u003e\u003c/a\u003e ci: add go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/916cab932c940e0fc55f0c8404d503665160dd9c\"\u003e\u003ccode\u003e916cab9\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/b42e5c8eff8eab7ee590cc61d78fd3e2d38e3309\"\u003e\u003ccode\u003eb42e5c8\u003c/code\u003e\u003c/a\u003e all: format sources with latest gofumpt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sirupsen/logrus/releases\"\u003egithub.com/sirupsen/logrus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.9.4\u003c/h2\u003e\n\u003ch2\u003eNotable changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ego.mod: update minimum supported go version to v1.17 \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump up dependencies  \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTouch-up godoc and add \u0026quot;doc\u0026quot; links.\u003c/li\u003e\n\u003cli\u003eREADME: fix links, grammar, and update examples.\u003c/li\u003e\n\u003cli\u003eAdd GNU/Hurd support \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1364\"\u003esirupsen/logrus#1364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd WASI wasip1 support \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1388\"\u003esirupsen/logrus#1388\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove uses of deprecated \u003ccode\u003eioutil\u003c/code\u003e package \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1472\"\u003esirupsen/logrus#1472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: update actions and golangci-lint \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1459\"\u003esirupsen/logrus#1459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: remove appveyor, add macOS  \u003ca href=\"https://redirect.github.com/sirupsen/logrus/pull/1460\"\u003esirupsen/logrus#1460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ehttps://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/b61f268f75b6ff134a62cd62aee1095fa12e8d2e\"\u003e\u003ccode\u003eb61f268\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1472\"\u003e#1472\u003c/a\u003e from goldlinker/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/15c29db7129cc15331e9c52493d5aaab217146c7\"\u003e\u003ccode\u003e15c29db\u003c/code\u003e\u003c/a\u003e refactor: replace the deprecated function in the ioutil package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/cb253f3080f18ec7e55b4c8f15b62fe0a806f130\"\u003e\u003ccode\u003ecb253f3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1464\"\u003e#1464\u003c/a\u003e from thaJeztah/touchup_godoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/29b233793060a07fb76eda791f604d87e08d23d1\"\u003e\u003ccode\u003e29b2337\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1468\"\u003e#1468\u003c/a\u003e from thaJeztah/touchup_readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/d9168199e06807d8959126bc8c823ad8b96e3969\"\u003e\u003ccode\u003ed916819\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1427\"\u003e#1427\u003c/a\u003e from dolmen/fix-testify-usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/135e4820b2140747fb868073e4dca1619996417a\"\u003e\u003ccode\u003e135e482\u003c/code\u003e\u003c/a\u003e README: small touch-ups\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/2c5fa36b73abb8b007474417571e268685d0d84e\"\u003e\u003ccode\u003e2c5fa36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1467\"\u003e#1467\u003c/a\u003e from thaJeztah/rm_old_badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/877ecec10d61675855189ece38d70d8804302fa4\"\u003e\u003ccode\u003e877ecec\u003c/code\u003e\u003c/a\u003e README: remove travis badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/55cf2560b5e5fd3f0e6ff59e6ce766eb12db4522\"\u003e\u003ccode\u003e55cf256\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1393\"\u003e#1393\u003c/a\u003e from jsoref/grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sirupsen/logrus/commit/21bae50b76794e93449c3f0f845ea0ac903847db\"\u003e\u003ccode\u003e21bae50\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sirupsen/logrus/issues/1426\"\u003e#1426\u003c/a\u003e from dolmen/testing-fix-use-of-math-rand\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.48.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/d977772e17ccaa1903b2af736f6405ab3a9f05cc\"\u003e\u003ccode\u003ed977772\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/eea413e2942fbb59b323a2af0b1740da4d8aa93e\"\u003e\u003ccode\u003eeea413e\u003c/code\u003e\u003c/a\u003e internal/http3: use go1.25 synctest.Test instead of go1.24 synctest.Run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/9ace223794aa203b4c877d08a1f7bf2f595f6242\"\u003e\u003ccode\u003e9ace223\u003c/code\u003e\u003c/a\u003e websocket: add missing call to resp.Body.Close\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7d3dbb06ceb45c3180f4f446cd635e6b59a0b9c2\"\u003e\u003ccode\u003e7d3dbb0\u003c/code\u003e\u003c/a\u003e http2: buffer the most recently received PRIORITY_UPDATE frame\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/compare/v0.48.0...v0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.39.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2f442297556c884f9b52fc6ef7280083f4d65023\"\u003e\u003ccode\u003e2f44229\u003c/code\u003e\u003c/a\u003e sys/cpu: add symbolic constants for remaining cpuid bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e5770d27b7f2fca0e959b31bdb18fad4afba8565\"\u003e\u003ccode\u003ee5770d2\u003c/code\u003e\u003c/a\u003e sys/cpu: use symbolic names for masks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/714a44c845225bf4314182db4c910ef151c32d2f\"\u003e\u003ccode\u003e714a44c\u003c/code\u003e\u003c/a\u003e sys/cpu: modify x86 port to match what internal/cpu does\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/compare/v0.39.0...v0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigs.k8s.io/release-utils` from 0.12.2 to 0.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kubernetes-sigs/release-utils/releases\"\u003esigs.k8s.io/release-utils's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.12.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/97fe5349f9f25345806673d85cf9c6058e4246c3\"\u003e\u003ccode\u003e97fe534\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kubernetes-sigs/release-utils/issues/167\"\u003e#167\u003c/a\u003e from puerco/bump-ko\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/11254e870e0e730df0a933ce2284ea04d874d8ed\"\u003e\u003ccode\u003e11254e8\u003c/code\u003e\u003c/a\u003e Bump ko to 0.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/4399ec1bd096143e4c8b0cc8cc2b1598546fd002\"\u003e\u003ccode\u003e4399ec1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kubernetes-sigs/release-utils/issues/166\"\u003e#166\u003c/a\u003e from kubernetes-sigs/dependabot/go_modules/all-a2c59b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/1fca68c7fcb039409d3680c0ae5057773d0687be\"\u003e\u003ccode\u003e1fca68c\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/sirupsen/logrus in the all group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/7e56f68b4681a834e646b46139105193641aa433\"\u003e\u003ccode\u003e7e56f68\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kubernetes-sigs/release-utils/issues/164\"\u003e#164\u003c/a\u003e from kubernetes-sigs/dependabot/docker/all-711e1845b7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/be48f19f00ca41efd0cfa4d4cb3d34d3a656261b\"\u003e\u003ccode\u003ebe48f19\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kubernetes-sigs/release-utils/issues/163\"\u003e#163\u003c/a\u003e from kubernetes-sigs/dependabot/github_actions/action...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/f7341a32ce9df2bd89e065d53ca5c607b42edbe2\"\u003e\u003ccode\u003ef7341a3\u003c/code\u003e\u003c/a\u003e build(deps): bump golang from 1.25.4 to 1.25.5 in the all group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/f74c412f972e44b3fdea2174902928c816d57fd0\"\u003e\u003ccode\u003ef74c412\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/7ecd4409a98bb3d553f5145feb66cf8e958d90e6\"\u003e\u003ccode\u003e7ecd440\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kubernetes-sigs/release-utils/issues/162\"\u003e#162\u003c/a\u003e from kubernetes-sigs/dependabot/go_modules/all-f0625c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes-sigs/release-utils/commit/f83884235012d94ed3bcad5fb1740c9e3ef2408b\"\u003e\u003ccode\u003ef838842\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/spf13/cobra in the all group\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kubernetes-sigs/release-utils/compare/v0.12.2...v0.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cri-o/cri-o/pull/9720","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9720","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9720/packages"}},{"old_version":"0.5.1","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-01-13T07:24:18.000Z","version_change":"0.5.1 → 0.6.1","issue":{"uuid":"3807508374","node_id":"PR_kwDOGZIwWs683F9N","number":464,"state":"open","title":"chore(deps): Bump the production-dependencies group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-13T07:24:18.000Z","updated_at":"2026-01-13T12:03:30.588Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":9,"packages":[{"name":"golang.org/x/crypto","old_version":"0.46.0","new_version":"0.47.0","repository_url":"https://github.com/golang/crypto"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/docker/cli","old_version":"29.1.3+incompatible","new_version":"29.1.4+incompatible","repository_url":"https://github.com/docker/cli"},{"name":"github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring","old_version":"0.87.1","new_version":"0.88.0","repository_url":"https://github.com/prometheus-operator/prometheus-operator"},{"name":"golang.org/x/mod","old_version":"0.31.0","new_version":"0.32.0","repository_url":"https://github.com/golang/mod"},{"name":"golang.org/x/net","old_version":"0.48.0","new_version":"0.49.0","repository_url":"https://github.com/golang/net"},{"name":"golang.org/x/tools","old_version":"0.40.0","new_version":"0.41.0","repository_url":"https://github.com/golang/tools"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.46.0` | `0.47.0` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.1` | `0.6.1` |\n| [github.com/docker/cli](https://github.com/docker/cli) | `29.1.3+incompatible` | `29.1.4+incompatible` |\n| [github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring](https://github.com/prometheus-operator/prometheus-operator) | `0.87.1` | `0.88.0` |\n| [golang.org/x/mod](https://github.com/golang/mod) | `0.31.0` | `0.32.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.48.0` | `0.49.0` |\n| [golang.org/x/tools](https://github.com/golang/tools) | `0.40.0` | `0.41.0` |\n\n\nUpdates `golang.org/x/crypto` from 0.46.0 to 0.47.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/506e022208b864bc3c9c4a416fe56be75d10ad24\"\u003e\u003ccode\u003e506e022\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7dacc380ba001e8fe7c3c7a46bf3cbdaa5064df9\"\u003e\u003ccode\u003e7dacc38\u003c/code\u003e\u003c/a\u003e chacha20poly1305: error out in fips140=only mode\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/compare/v0.46.0...v0.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.32.0 to 0.33.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/536231a9abc69feaab8d726b5ec75ee8d3620829\"\u003e\u003ccode\u003e536231a\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/text/compare/v0.32.0...v0.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/cli` from 29.1.3+incompatible to 29.1.4+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/0e6fee6c52f761dc79dc4bf712ea9fe4095c9bd2\"\u003e\u003ccode\u003e0e6fee6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6698\"\u003e#6698\u003c/a\u003e from thaJeztah/inline_parseWindowsDevice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/88be58884ca7f7f0ddcd0cd236a59ac42c16f242\"\u003e\u003ccode\u003e88be588\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6709\"\u003e#6709\u003c/a\u003e from vvoland/img-list-all-doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/f7ddc8a7d173970fcb5e64f7502e15293f949fc4\"\u003e\u003ccode\u003ef7ddc8a\u003c/code\u003e\u003c/a\u003e docs: Update --all flag description to clarify it shows dangling images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/00e23cfdb7096069f030db63d61f077069a53ce1\"\u003e\u003ccode\u003e00e23cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6706\"\u003e#6706\u003c/a\u003e from docker/dependabot/github_actions/actions/upload...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/4d7a8b0fd5767b6833ae485f56e74abfded2e73e\"\u003e\u003ccode\u003e4d7a8b0\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/2e3425fbd4fb52cba345d8fb24b3dca858d62dfb\"\u003e\u003ccode\u003e2e3425f\u003c/code\u003e\u003c/a\u003e cli/command/container: use consistent casing for dockerCLI arg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/de098367d0a19683241d41ab4a426a064cba0052\"\u003e\u003ccode\u003ede09836\u003c/code\u003e\u003c/a\u003e cli/command/container: inline parseWindowsDevice\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/docker/cli/compare/v29.1.3...v29.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring` from 0.87.1 to 0.88.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/releases\"\u003egithub.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.88.0 / 2026-01-09\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Use narrower selectors for StatefulSet informers in \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e controllers. It is recommended to upgrade from \u003ccode\u003ev0.85.0\u003c/code\u003e (at least). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8246\"\u003e#8246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Reject \u003ccode\u003eEC2/Lightsail\u003c/code\u003e SD for Prometheus \u0026gt;= 3.8.0 in \u003ccode\u003eScrapeConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8175\"\u003e#8175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003epodManagementPolicy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8119\"\u003e#8119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eupdateStrategy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8202\"\u003e#8202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escrapeNativeHistograms\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eServiceMonitor\u003c/code\u003e, \u003ccode\u003ePodMonitor\u003c/code\u003e, \u003ccode\u003eProbe\u003c/code\u003e and \u003ccode\u003eScrapeConfig\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8102\"\u003e#8102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escope\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8240\"\u003e#8240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eworkloadIdentity\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7998\"\u003e#7998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add support for PrometheusRule fields \u003ccode\u003egroupLabels\u003c/code\u003e and \u003ccode\u003equeryOffset\u003c/code\u003e in \u003ccode\u003eThanosRuler\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8137\"\u003e#8137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eslackAppToken\u003c/code\u003e and \u003ccode\u003eslackAppUrl\u003c/code\u003e fields to Alertmanager global config for Slack App support. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8238\"\u003e#8238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eincident.io\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8190\"\u003e#8190\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8245\"\u003e#8245\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8228\"\u003e#8228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eMattermost\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8188\"\u003e#8188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eapiType\u003c/code\u003e field to \u003ccode\u003eJira\u003c/code\u003e receiver in \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8218\"\u003e#8218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003ePagerDuty\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8162\"\u003e#8162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003eSlack\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8161\"\u003e#8161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Use \u003ccode\u003eminReadySeconds\u003c/code\u003e to set \u003ccode\u003e--dispatch.start-delay\u003c/code\u003e in \u003ccode\u003eAlertmanager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8177\"\u003e#8177\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8201\"\u003e#8201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Expose native histograms in operator metrics. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8194\"\u003e#8194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eNoSelectedResources\u003c/code\u003e reason to status conditions. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8124\"\u003e#8124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eenableHttp2\u003c/code\u003e and \u003ccode\u003efollowRedirects\u003c/code\u003e fields to HTTP configuration for \u003ccode\u003eProbe\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8112\"\u003e#8112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add CEL validations for \u003ccode\u003eDaemonSet\u003c/code\u003e mode in \u003ccode\u003ePrometheusAgent\u003c/code\u003e CRD (requires the \u003ccode\u003ePrometheusAgentDaemonSetFeature\u003c/code\u003e featuregate). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7881\"\u003e#7881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Improve validation for \u003ccode\u003ePushover\u003c/code\u003e, \u003ccode\u003ePagerDuty\u003c/code\u003e and \u003ccode\u003eVictorOps\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8239\"\u003e#8239\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8113\"\u003e#8113\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8220\"\u003e#8220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eapiURL\u003c/code\u003e validation for \u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eOpsGenie\u003c/code\u003e and \u003ccode\u003eTelegram\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8196\"\u003e#8196\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8206\"\u003e#8206\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8199\"\u003e#8199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e receivers (\u003ccode\u003eMSTeams\u003c/code\u003e, \u003ccode\u003eWebhook\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8125\"\u003e#8125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanager\u003c/code\u003e configuration secret (\u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eTelegram\u003c/code\u003e, \u003ccode\u003ePushover\u003c/code\u003e receivers). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8233\"\u003e#8233\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8232\"\u003e#8232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichalTomczakSE\"\u003e\u003ccode\u003e@​MichalTomczakSE\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8144\"\u003eprometheus-operator/prometheus-operator#8144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kartikangiras\"\u003e\u003ccode\u003e@​kartikangiras\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8098\"\u003eprometheus-operator/prometheus-operator#8098\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/varundeepsaini\"\u003e\u003ccode\u003e@​varundeepsaini\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8207\"\u003eprometheus-operator/prometheus-operator#8207\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tomlin7\"\u003e\u003ccode\u003e@​tomlin7\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8209\"\u003eprometheus-operator/prometheus-operator#8209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluktuid\"\u003e\u003ccode\u003e@​fluktuid\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8248\"\u003eprometheus-operator/prometheus-operator#8248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.88.0 / 2026-01-09\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Use narrower selectors for StatefulSet informers in \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e controllers. It is recommended to upgrade from \u003ccode\u003ev0.85.0\u003c/code\u003e (at least). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8246\"\u003e#8246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Reject \u003ccode\u003eEC2/Lightsail\u003c/code\u003e SD for Prometheus \u0026gt;= 3.8.0 in \u003ccode\u003eScrapeConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8175\"\u003e#8175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003epodManagementPolicy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8119\"\u003e#8119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eupdateStrategy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8202\"\u003e#8202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escrapeNativeHistograms\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eServiceMonitor\u003c/code\u003e, \u003ccode\u003ePodMonitor\u003c/code\u003e, \u003ccode\u003eProbe\u003c/code\u003e and \u003ccode\u003eScrapeConfig\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8102\"\u003e#8102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escope\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8240\"\u003e#8240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eworkloadIdentity\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7998\"\u003e#7998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add support for PrometheusRule fields \u003ccode\u003egroupLabels\u003c/code\u003e and \u003ccode\u003equeryOffset\u003c/code\u003e in \u003ccode\u003eThanosRuler\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8137\"\u003e#8137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eslackAppToken\u003c/code\u003e and \u003ccode\u003eslackAppUrl\u003c/code\u003e fields to Alertmanager global config for Slack App support. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8238\"\u003e#8238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eincident.io\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8190\"\u003e#8190\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8245\"\u003e#8245\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8228\"\u003e#8228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eMattermost\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8188\"\u003e#8188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eapiType\u003c/code\u003e field to \u003ccode\u003eJira\u003c/code\u003e receiver in \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8218\"\u003e#8218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003ePagerDuty\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8162\"\u003e#8162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003eSlack\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8161\"\u003e#8161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Use \u003ccode\u003eminReadySeconds\u003c/code\u003e to set \u003ccode\u003e--dispatch.start-delay\u003c/code\u003e in \u003ccode\u003eAlertmanager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8177\"\u003e#8177\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8201\"\u003e#8201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Expose native histograms in operator metrics. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8194\"\u003e#8194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eNoSelectedResources\u003c/code\u003e reason to status conditions. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8124\"\u003e#8124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eenableHttp2\u003c/code\u003e and \u003ccode\u003efollowRedirects\u003c/code\u003e fields to HTTP configuration for \u003ccode\u003eProbe\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8112\"\u003e#8112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add CEL validations for \u003ccode\u003eDaemonSet\u003c/code\u003e mode in \u003ccode\u003ePrometheusAgent\u003c/code\u003e CRD (requires the \u003ccode\u003ePrometheusAgentDaemonSetFeature\u003c/code\u003e featuregate). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7881\"\u003e#7881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Improve validation for \u003ccode\u003ePushover\u003c/code\u003e, \u003ccode\u003ePagerDuty\u003c/code\u003e and \u003ccode\u003eVictorOps\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8239\"\u003e#8239\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8113\"\u003e#8113\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8220\"\u003e#8220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eapiURL\u003c/code\u003e validation for \u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eOpsGenie\u003c/code\u003e and \u003ccode\u003eTelegram\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8196\"\u003e#8196\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8206\"\u003e#8206\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8199\"\u003e#8199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e receivers (\u003ccode\u003eMSTeams\u003c/code\u003e, \u003ccode\u003eWebhook\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8125\"\u003e#8125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanager\u003c/code\u003e configuration secret (\u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eTelegram\u003c/code\u003e, \u003ccode\u003ePushover\u003c/code\u003e receivers). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8233\"\u003e#8233\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8232\"\u003e#8232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/21974db4687ad80a6ea79af66d410db54510e35e\"\u003e\u003ccode\u003e21974db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8263\"\u003e#8263\u003c/a\u003e from slashpai/cut-v0.88\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/7d1d99052daa6b10f65a3901bf050c501ec8f131\"\u003e\u003ccode\u003e7d1d990\u003c/code\u003e\u003c/a\u003e chore: cut v0.88.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/1746a839980861cc3dcbcf7f27e8ee965f4c8fb3\"\u003e\u003ccode\u003e1746a83\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8252\"\u003e#8252\u003c/a\u003e from heliapb/fix/bump_prom_3_9_1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/fd282ba2f23b10249049c9a4297982dde4026dfe\"\u003e\u003ccode\u003efd282ba\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8253\"\u003e#8253\u003c/a\u003e from prometheus-operator/dependabot/go_modules/githu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/14b8ed2eaf429afd802d5f5278875e331fb53d7d\"\u003e\u003ccode\u003e14b8ed2\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/prometheus/prometheus\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/e0d02b23ece75731dfbea93201baca23d9e9536a\"\u003e\u003ccode\u003ee0d02b2\u003c/code\u003e\u003c/a\u003e chore: bump prometheus 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/a4fbeedbced6ad0cacbb04043b82403efac15f76\"\u003e\u003ccode\u003ea4fbeed\u003c/code\u003e\u003c/a\u003e pkg/alertmanager: add URL validation for MSTeams receiver (\u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/4a393db953bf90261208dedb10f9e25f8eb4093a\"\u003e\u003ccode\u003e4a393db\u003c/code\u003e\u003c/a\u003e Chore: add WeChat global config secret validation in Alertmanager (\u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/37ac74f4023c3006ab6288540a6b066e01bd3497\"\u003e\u003ccode\u003e37ac74f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8235\"\u003e#8235\u003c/a\u003e from nutmos/feat/add-slack-validations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/c2a010fd57f5ef562f000d50763f34e6894122e4\"\u003e\u003ccode\u003ec2a010f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8250\"\u003e#8250\u003c/a\u003e from prometheus-operator/dependabot/go_modules/githu...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/compare/v0.87.1...v0.88.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/mod` from 0.31.0 to 0.32.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/mod/commit/4c04067938546e62fc0572259a68a6912726bcdd\"\u003e\u003ccode\u003e4c04067\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/mod/compare/v0.31.0...v0.32.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.48.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/d977772e17ccaa1903b2af736f6405ab3a9f05cc\"\u003e\u003ccode\u003ed977772\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/eea413e2942fbb59b323a2af0b1740da4d8aa93e\"\u003e\u003ccode\u003eeea413e\u003c/code\u003e\u003c/a\u003e internal/http3: use go1.25 synctest.Test instead of go1.24 synctest.Run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/9ace223794aa203b4c877d08a1f7bf2f595f6242\"\u003e\u003ccode\u003e9ace223\u003c/code\u003e\u003c/a\u003e websocket: add missing call to resp.Body.Close\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7d3dbb06ceb45c3180f4f446cd635e6b59a0b9c2\"\u003e\u003ccode\u003e7d3dbb0\u003c/code\u003e\u003c/a\u003e http2: buffer the most recently received PRIORITY_UPDATE frame\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/compare/v0.48.0...v0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/term` from 0.38.0 to 0.39.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/a7e5b0437ffa3159709172efbe396bc546550e23\"\u003e\u003ccode\u003ea7e5b04\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/943f25d3595f79ce29c4175d889758d38b375688\"\u003e\u003ccode\u003e943f25d\u003c/code\u003e\u003c/a\u003e x/term: handle transpose\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/9b991dd831b8a478f9fc99a0b39b492b4e25a3c0\"\u003e\u003ccode\u003e9b991dd\u003c/code\u003e\u003c/a\u003e x/term: handle delete key\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/term/compare/v0.38.0...v0.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/tools` from 0.40.0 to 0.41.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/2ad2b30edf98d0e3b67a7b3e8f6d1d6e41c963c3\"\u003e\u003ccode\u003e2ad2b30\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/5832cce571d5c6583d80a58f5c0ff69664056e6c\"\u003e\u003ccode\u003e5832cce\u003c/code\u003e\u003c/a\u003e internal/diff/lcs: introduce line diffs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/67c42573e2e2b0a6b9c421a2bd2ef4c95adb93d5\"\u003e\u003ccode\u003e67c4257\u003c/code\u003e\u003c/a\u003e gopls/internal/golang: Definition: fix Windows bug wrt //go:embed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/12c1f0453e55dae26e5fa2206e34a059380e6191\"\u003e\u003ccode\u003e12c1f04\u003c/code\u003e\u003c/a\u003e gopls/completion: check Selection invariant\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/6d871857886c38ce4fbc25c25c4da1619271051e\"\u003e\u003ccode\u003e6d87185\u003c/code\u003e\u003c/a\u003e internal/server: add vulncheck scanning after vulncheck prompt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/0c3a1fec5617ed70197ee010406883919ede02d7\"\u003e\u003ccode\u003e0c3a1fe\u003c/code\u003e\u003c/a\u003e go/ast/inspector: FindByPos returns the first innermost node\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/ca281cf9505443eb482db8a3e806721c29dfa7f2\"\u003e\u003ccode\u003eca281cf\u003c/code\u003e\u003c/a\u003e go/analysis/passes/ctrlflow: add noreturn funcs from popular pkgs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/09c21a934282b0bcf790d54982ff24b869f832c9\"\u003e\u003ccode\u003e09c21a9\u003c/code\u003e\u003c/a\u003e gopls/internal/analysis/unusedfunc: remove warnings for unused enum consts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/03cb4551c662c0e078502fe5f317ca4114b89cd8\"\u003e\u003ccode\u003e03cb455\u003c/code\u003e\u003c/a\u003e internal/modindex: suppress missing modcacheindex message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/tools/commit/15d13e8a95dd0247dec2960fb57e85252984509d\"\u003e\u003ccode\u003e15d13e8\u003c/code\u003e\u003c/a\u003e gopls/internal/util/typesutil: refine EnclosingSignature bug.Report\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/tools/compare/v0.40.0...v0.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/464","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/464","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/464/packages"}},{"old_version":"0.5.2","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-01-12T18:10:46.000Z","version_change":"0.5.2 → 0.6.1","issue":{"uuid":"3805413578","node_id":"PR_kwDOBAr5ps68wd9j","number":9709,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-12T18:10:46.000Z","updated_at":"2026-01-12T18:10:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":13,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/checkpoint-restore/checkpointctl","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/checkpoint-restore/checkpointctl"},{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.2","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/godbus/dbus/v5","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/godbus/dbus"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.27.3","new_version":"2.27.4","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.38.3","new_version":"1.39.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"golang.org/x/net","old_version":"0.48.0","new_version":"0.49.0","repository_url":"https://github.com/golang/net"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"},{"name":"google.golang.org/protobuf","old_version":"1.36.10","new_version":"1.36.11"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/checkpoint-restore/checkpointctl](https://github.com/checkpoint-restore/checkpointctl) | `1.4.0` | `1.4.1` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.29` | `1.7.30` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.2` | `0.6.1` |\n| [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) | `5.2.0` | `5.2.2` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.27.3` | `2.27.4` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.3` | `1.39.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.3.2` | `1.4.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.48.0` | `0.49.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.77.0` | `1.78.0` |\n| google.golang.org/protobuf | `1.36.10` | `1.36.11` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/checkpoint-restore/checkpointctl` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/releases\"\u003egithub.com/checkpoint-restore/checkpointctl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in the all group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/172\"\u003echeckpoint-restore/checkpointctl#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/176\"\u003echeckpoint-restore/checkpointctl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eworkflows: add explicit permissions to fix CodeQL warnings by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/177\"\u003echeckpoint-restore/checkpointctl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump minimum Go version to 1.24.6 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/178\"\u003echeckpoint-restore/checkpointctl#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/e9889f5c195f05f00137c9a77ad32d7d6ee53f7f\"\u003e\u003ccode\u003ee9889f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/178\"\u003e#178\u003c/a\u003e from adrianreber/2025-12-10-1-24-6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/b336c8e4a34e8cb3ccc9e64ec6e338f807b10c90\"\u003e\u003ccode\u003eb336c8e\u003c/code\u003e\u003c/a\u003e go.mod: bump minimum Go version to 1.24.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/251977630df3bd5ff051081d645d0acac73cd6de\"\u003e\u003ccode\u003e2519776\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/177\"\u003e#177\u003c/a\u003e from adrianreber/2025-12-10-codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/050500942d1d11281653a19a0a703992f1849258\"\u003e\u003ccode\u003e0505009\u003c/code\u003e\u003c/a\u003e workflows: add explicit permissions to fix CodeQL warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d6f6e40aabf8e837b6d85d3a5b59b9e7e58e478\"\u003e\u003ccode\u003e1d6f6e4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/176\"\u003e#176\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-737...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/969270bba8ab3778da1c3bace124416bfe114aa7\"\u003e\u003ccode\u003e969270b\u003c/code\u003e\u003c/a\u003e chore(deps): Bump the all group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/fd183169177789401ba7fcff355971ced22884bd\"\u003e\u003ccode\u003efd18316\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/172\"\u003e#172\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-ba2...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d82e5ac9f3e219cdbfc75334153fa651151a770\"\u003e\u003ccode\u003e1d82e5a\u003c/code\u003e\u003c/a\u003e chore(deps): Bump github.com/spf13/cobra in the all group\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.29 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.2 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f466aa3630920b694b2d32b037375e55520bdf5b\"\u003e\u003ccode\u003ef466aa3\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/83\"\u003e#83\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/67db5d4c764ad99bc947581f1973b24bc62ffc20\"\u003e\u003ccode\u003e67db5d4\u003c/code\u003e\u003c/a\u003e tests: hard-fail openat2 in openat2-disabled tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f51984fd0a9093abd4047041537c7dfcb79fbd8b\"\u003e\u003ccode\u003ef51984f\u003c/code\u003e\u003c/a\u003e gha: run tests on vX.Y.Z branches\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.2...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/godbus/dbus/v5` from 5.2.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/godbus/dbus/releases\"\u003egithub.com/godbus/dbus/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ununsed import in windows specific code by \u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump freebsd to 14.3 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/421\"\u003egodbus/dbus#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow more than 32 containers / struct fields in a signature by \u003ca href=\"https://github.com/guelfey\"\u003e\u003ccode\u003e@​guelfey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/426\"\u003egodbus/dbus#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci-lint to v2, fix some issues found by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/419\"\u003egodbus/dbus#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and simplify getHomeDir by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/422\"\u003egodbus/dbus#422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/a8ac15ba63645f02ffd57f4b443203279ab40b30\"\u003e\u003ccode\u003ea8ac15b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/427\"\u003e#427\u003c/a\u003e from dims/drop-unused-import-in-windows-specific-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/e638c721d984eab99e7a5d674ece2e17ea913aca\"\u003e\u003ccode\u003ee638c72\u003c/code\u003e\u003c/a\u003e Drop ununsed import in windows specific code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/20d95a3d9a57a5cb72cbdafb3fd9ecb6d2ccd038\"\u003e\u003ccode\u003e20d95a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/422\"\u003e#422\u003c/a\u003e from kolyshkin/homedir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d3fc3b583895e27c3337f77ea7134b0a81159955\"\u003e\u003ccode\u003ed3fc3b5\u003c/code\u003e\u003c/a\u003e Fix and simplify getHomeDir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/88ce46364db66b69f70017265a312b26ad7feba8\"\u003e\u003ccode\u003e88ce463\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/419\"\u003e#419\u003c/a\u003e from kolyshkin/golangci-v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/feb892a0347fb361350229d969a2666a4791504e\"\u003e\u003ccode\u003efeb892a\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/c5ff039e5883a86f848ad6fbb820e471818c0bde\"\u003e\u003ccode\u003ec5ff039\u003c/code\u003e\u003c/a\u003e Ignore ST1008 warning for validSingle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/135663e52698feb5ad4b0733d7e457c82227214a\"\u003e\u003ccode\u003e135663e\u003c/code\u003e\u003c/a\u003e Omit embedded fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/1b92cdcc136567c781bcc0ad1ccb4bd78b11e151\"\u003e\u003ccode\u003e1b92cdc\u003c/code\u003e\u003c/a\u003e variant_parser: simplify switch statement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d03c0bea70755580de832141a43f544950e76fc7\"\u003e\u003ccode\u003ed03c0be\u003c/code\u003e\u003c/a\u003e Use switch where it makes sense\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.27.3 to 2.27.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.27.4\u003c/h2\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.27.4\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/867ce95f5142649695406f751f883c99ea45c0d5\"\u003e\u003ccode\u003e867ce95\u003c/code\u003e\u003c/a\u003e v2.27.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/59bc751e3d44779e1e92c30035924590f917d6b8\"\u003e\u003ccode\u003e59bc751\u003c/code\u003e\u003c/a\u003e CurrentTreeConstructionNodeReport: fix for nested container nodes\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.3...v2.27.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.38.3 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.39.0\u003c/h2\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/49561ad293853e660030f8397b07607127e3ebb7\"\u003e\u003ccode\u003e49561ad\u003c/code\u003e\u003c/a\u003e v1.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8f7f42585ccc794dcb3a4979ac7d67e00fb070ae\"\u003e\u003ccode\u003e8f7f425\u003c/code\u003e\u003c/a\u003e document MatchErrorStrictly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/bae643da0469185d9502e8d7528da137f4c62320\"\u003e\u003ccode\u003ebae643d\u003c/code\u003e\u003c/a\u003e add matcher relecting errors.Is behavior\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.3...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.0 -- \u0026quot;路漫漫其修远兮，吾将上下而求索！\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the first release of the 1.4.z release branch of runc. It\ncontains a few fixes for issues found in 1.4.0-rc.3. This version of\nrunc supports runtime-spec v1.3 (see [\u003ccode\u003edocs/spec-conformance.md\u003c/code\u003e][] for the\nfew features that are still missing).\u003c/p\u003e\n\u003cp\u003eThis is the second release of runc following our new release and support\npolicy (see [\u003ccode\u003eRELEASES.md\u003c/code\u003e][] for more details). This means that, as of this\nrelease:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe runc 1.2.z release branch will now only receive \u003cem\u003ehigh severity\u003c/em\u003e\nCVE fixes, and will no longer be supported in less than 6 months (end\nof April 2026).\u003c/li\u003e\n\u003cli\u003eThe runc 1.3.z release branch will now only receive security and\n\u0026quot;significant\u0026quot; bugfixes.\u003c/li\u003e\n\u003cli\u003eUsers are encouraged to plan migrating to runc 1.4.0 as soon as\npossible.\u003c/li\u003e\n\u003cli\u003eDespite this release being delayed by a month, users should still\nexpect a runc 1.5.0 release in late April 2026.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n[CVE-2025-52881][] mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the [CVE-2025-52881][]\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.0] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e路漫漫其修远兮，吾将上下而求索！\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\nusers. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: switch to \u003ccode\u003e(*CPUSet).Fill\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4927\"\u003e#4927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs/spec-conformance.md: update for spec v1.3.0. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4948\"\u003e#4948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.3.4] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTake me to your heart, take me to your soul.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4966\"\u003e#4966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the\ntarget path already existed. This fixes a regression introduced in our\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bd78a9977e604c4d5f67a7415d7b8b8c109cdc4\"\u003e\u003ccode\u003e8bd78a9\u003c/code\u003e\u003c/a\u003e VERSION: release 1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7d84a1282aaab9f106b19511de011df1a4510752\"\u003e\u003ccode\u003e7d84a12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5005\"\u003e#5005\u003c/a\u003e from cyphar/1.4-hallucinated-paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c362d6bd2107bc8ae25f88e93b31fe85c8222b81\"\u003e\u003ccode\u003ec362d6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5040\"\u003e#5040\u003c/a\u003e from cyphar/1.4-better-init-errors-4928\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/f1d0dd8fb36abf4ad5e8502bca7f18d921560790\"\u003e\u003ccode\u003ef1d0dd8\u003c/code\u003e\u003c/a\u003e runc create/run/exec: show fatal errors from init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/46156624b77fd995e6fc45df097aa94a6b8be5c2\"\u003e\u003ccode\u003e4615662\u003c/code\u003e\u003c/a\u003e libct/nsenter: better read/write errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c4a61c0227580d730b887788f6a9c5d09238ed64\"\u003e\u003ccode\u003ec4a61c0\u003c/code\u003e\u003c/a\u003e libct/nsenter: sprinkle missing sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/493f1b10fea838dc01ab5f99e4fc3ca6a236c8b6\"\u003e\u003ccode\u003e493f1b1\u003c/code\u003e\u003c/a\u003e libct/nsenter: add and use bailx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7f9fc53c34ead1880c839da432130a3d0bb96d25\"\u003e\u003ccode\u003e7f9fc53\u003c/code\u003e\u003c/a\u003e libct/nsenter: save errno in sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e18c06bf8ee87ac6472d03ed2e28d8a9077f978f\"\u003e\u003ccode\u003ee18c06b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5041\"\u003e#5041\u003c/a\u003e from lifubang/backport-5014-fd-leaks-flake-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5bb89872f8d3cb6e58268e16644f8ca2d8ade2cf\"\u003e\u003ccode\u003e5bb8987\u003c/code\u003e\u003c/a\u003e libct/int: TestFdLeaks: deflake\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.12.0 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003cp\u003eThis release includes a minor update to reduce the minimum version\nrequirement of the \u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e package from\nv0.6.0 to v0.5.1. We did not use any of the newer features, so\ndowngrading is a no-op but will help with downstreams that need to\nbackport \u003ccode\u003egithub.com/opencontainers/selinux\u003c/code\u003e updates.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/240\"\u003eopencontainers/selinux#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edowngrade github.com/cyphar/filepath-securejoin to v0.5.1 by \u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to golangci-lint v2 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/230\"\u003eopencontainers/selinux#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/233\"\u003eopencontainers/selinux#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/234\"\u003eopencontainers/selinux#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekeyring: fix typo in EACCES check by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/235\"\u003eopencontainers/selinux#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Go 1.25, drop go 1.23, bump golangci-lint by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/236\"\u003eopencontainers/selinux#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eselinux: migrate to pathrs-lite procfs API by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/237\"\u003eopencontainers/selinux#237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/5647f06491288afa5ea45747896b359f51f7c509\"\u003e\u003ccode\u003e5647f06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/242\"\u003e#242\u003c/a\u003e from Luap99/securejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/69a52b85c9831ced6f3f512822063bff5eb41dac\"\u003e\u003ccode\u003e69a52b8\u003c/code\u003e\u003c/a\u003e downgrade github.com/cyphar/filepath-securejoin to v0.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/6950c322825bbede8032e70fbac550c497a49943\"\u003e\u003ccode\u003e6950c32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/240\"\u003e#240\u003c/a\u003e from opencontainers/dependabot/github_actions/golangc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9a88c886b3ca4f6e016057eab6f2770aff9c2024\"\u003e\u003ccode\u003e9a88c88\u003c/code\u003e\u003c/a\u003e build(deps): bump golangci/golangci-lint-action from 8 to 9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/4be9937fb76c0c49a30469135a4077fcc33712b8\"\u003e\u003ccode\u003e4be9937\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/237\"\u003e#237\u003c/a\u003e from cyphar/selinux-safe-procfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8cfa6fd2d285a96022203163c2075eda85bff54\"\u003e\u003ccode\u003ec8cfa6f\u003c/code\u003e\u003c/a\u003e selinux: migrate to pathrs-lite procfs API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/f2424d8145e2ac45a0ec457e39758cd58e573285\"\u003e\u003ccode\u003ef2424d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/236\"\u003e#236\u003c/a\u003e from kolyshkin/modernize-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/648ce7f0f85f4a310d1cd7317986fc1d6c8ff41c\"\u003e\u003ccode\u003e648ce7f\u003c/code\u003e\u003c/a\u003e ci: add go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/916cab932c940e0fc55f0c8404d503665160dd9c\"\u003e\u003ccode\u003e916cab9\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/b42e5c8eff8eab7ee590cc61d78fd3e2d38e3309\"\u003e\u003ccode\u003eb42e5c8\u003c/code\u003e\u003c/a\u003e all: format sources with latest gofumpt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.48.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/d977772e17ccaa1903b2af736f6405ab3a9f05cc\"\u003e\u003ccode\u003ed977772\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/eea413e2942fbb59b323a2af0b1740da4d8aa93e\"\u003e\u003ccode\u003eeea413e\u003c/code\u003e\u003c/a\u003e internal/http3: use go1.25 synctest.Test instead of go1.24 synctest.Run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/9ace223794aa203b4c877d08a1f7bf2f595f6242\"\u003e\u003ccode\u003e9ace223\u003c/code\u003e\u003c/a\u003e websocket: add missing call to resp.Body.Close\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7d3dbb06ceb45c3180f4f446cd635e6b59a0b9c2\"\u003e\u003ccode\u003e7d3dbb0\u003c/code\u003e\u003c/a\u003e http2: buffer the most recently received PRIORITY_UPDATE frame\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/compare/v0.48.0...v0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.39.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2f442297556c884f9b52fc6ef7280083f4d65023\"\u003e\u003ccode\u003e2f44229\u003c/code\u003e\u003c/a\u003e sys/cpu: add symbolic constants for remaining cpuid bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e5770d27b7f2fca0e959b31bdb18fad4afba8565\"\u003e\u003ccode\u003ee5770d2\u003c/code\u003e\u003c/a\u003e sys/cpu: use symbolic names for masks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/714a44c845225bf4314182db4c910ef151c32d2f\"\u003e\u003ccode\u003e714a44c\u003c/code\u003e\u003c/a\u003e sys/cpu: modify x86 port to match what internal/cpu does\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/compare/v0.39.0...v0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Align URL validation with Go 1.26+ to now reject target URLs with unbracketed colons in the hostname. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003exds/resolver:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to weighted round robin metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.36.10 to 1.36.11\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cri-o/cri-o/pull/9709","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9709","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9709/packages"}},{"old_version":"0.5.1","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-01-12T06:23:29.000Z","version_change":"0.5.1 → 0.6.1","issue":{"uuid":"3802936012","node_id":"PR_kwDOGZIwWs68oLlr","number":462,"state":"open","title":"chore(deps): Bump the production-dependencies group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-12T06:23:29.000Z","updated_at":"2026-01-12T06:23:45.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":11,"packages":[{"name":"github.com/onsi/gomega","old_version":"1.38.3","new_version":"1.39.0","repository_url":"https://github.com/onsi/gomega"},{"name":"golang.org/x/text","old_version":"0.32.0","new_version":"0.33.0","repository_url":"https://github.com/golang/text"},{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/docker/cli","old_version":"29.1.3+incompatible","new_version":"29.1.4+incompatible","repository_url":"https://github.com/docker/cli"},{"name":"github.com/docker/docker-credential-helpers","old_version":"0.9.4","new_version":"0.9.5","repository_url":"https://github.com/docker/docker-credential-helpers"},{"name":"github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring","old_version":"0.87.1","new_version":"0.88.0","repository_url":"https://github.com/prometheus-operator/prometheus-operator"},{"name":"golang.org/x/mod","old_version":"0.31.0","new_version":"0.32.0","repository_url":"https://github.com/golang/mod"},{"name":"golang.org/x/sys","old_version":"0.39.0","new_version":"0.40.0","repository_url":"https://github.com/golang/sys"},{"name":"golang.org/x/term","old_version":"0.38.0","new_version":"0.39.0","repository_url":"https://github.com/golang/term"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.3` | `1.39.0` |\n| [golang.org/x/text](https://github.com/golang/text) | `0.32.0` | `0.33.0` |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.1` | `0.6.1` |\n| [github.com/docker/cli](https://github.com/docker/cli) | `29.1.3+incompatible` | `29.1.4+incompatible` |\n| [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers) | `0.9.4` | `0.9.5` |\n| [github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring](https://github.com/prometheus-operator/prometheus-operator) | `0.87.1` | `0.88.0` |\n| [golang.org/x/mod](https://github.com/golang/mod) | `0.31.0` | `0.32.0` |\n| [golang.org/x/sys](https://github.com/golang/sys) | `0.39.0` | `0.40.0` |\n| [golang.org/x/term](https://github.com/golang/term) | `0.38.0` | `0.39.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.77.0` | `1.78.0` |\n\n\nUpdates `github.com/onsi/gomega` from 1.38.3 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.39.0\u003c/h2\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/49561ad293853e660030f8397b07607127e3ebb7\"\u003e\u003ccode\u003e49561ad\u003c/code\u003e\u003c/a\u003e v1.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8f7f42585ccc794dcb3a4979ac7d67e00fb070ae\"\u003e\u003ccode\u003e8f7f425\u003c/code\u003e\u003c/a\u003e document MatchErrorStrictly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/bae643da0469185d9502e8d7528da137f4c62320\"\u003e\u003ccode\u003ebae643d\u003c/code\u003e\u003c/a\u003e add matcher relecting errors.Is behavior\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.3...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.32.0 to 0.33.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/536231a9abc69feaab8d726b5ec75ee8d3620829\"\u003e\u003ccode\u003e536231a\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/text/compare/v0.32.0...v0.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/cli` from 29.1.3+incompatible to 29.1.4+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/0e6fee6c52f761dc79dc4bf712ea9fe4095c9bd2\"\u003e\u003ccode\u003e0e6fee6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6698\"\u003e#6698\u003c/a\u003e from thaJeztah/inline_parseWindowsDevice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/88be58884ca7f7f0ddcd0cd236a59ac42c16f242\"\u003e\u003ccode\u003e88be588\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6709\"\u003e#6709\u003c/a\u003e from vvoland/img-list-all-doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/f7ddc8a7d173970fcb5e64f7502e15293f949fc4\"\u003e\u003ccode\u003ef7ddc8a\u003c/code\u003e\u003c/a\u003e docs: Update --all flag description to clarify it shows dangling images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/00e23cfdb7096069f030db63d61f077069a53ce1\"\u003e\u003ccode\u003e00e23cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6706\"\u003e#6706\u003c/a\u003e from docker/dependabot/github_actions/actions/upload...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/4d7a8b0fd5767b6833ae485f56e74abfded2e73e\"\u003e\u003ccode\u003e4d7a8b0\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/2e3425fbd4fb52cba345d8fb24b3dca858d62dfb\"\u003e\u003ccode\u003e2e3425f\u003c/code\u003e\u003c/a\u003e cli/command/container: use consistent casing for dockerCLI arg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/de098367d0a19683241d41ab4a426a064cba0052\"\u003e\u003ccode\u003ede09836\u003c/code\u003e\u003c/a\u003e cli/command/container: inline parseWindowsDevice\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/docker/cli/compare/v29.1.3...v29.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker-credential-helpers` from 0.9.4 to 0.9.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker-credential-helpers/releases\"\u003egithub.com/docker/docker-credential-helpers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.9.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/395\"\u003edocker/docker-credential-helpers#395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4 to 6 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/398\"\u003edocker/docker-credential-helpers#398\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump softprops/action-gh-release from 2.3.3 to 2.4.1 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/391\"\u003edocker/docker-credential-helpers#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump softprops/action-gh-release from 2.4.1 to 2.5.0 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/397\"\u003edocker/docker-credential-helpers#397\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: remove redundant DEBIAN_FRONTEND=noninteractive \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/404\"\u003edocker/docker-credential-helpers#404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update golangci-lint to v2.8  \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/402\"\u003edocker/docker-credential-helpers#402\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: update some actions to ubuntu 24.04 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/401\"\u003edocker/docker-credential-helpers#401\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.25.2 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/392\"\u003edocker/docker-credential-helpers#392\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.25.5 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/399\"\u003edocker/docker-credential-helpers#399\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\"\u003ehttps://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/b871f765408aa5d1fa2aa490f05cab8c133937c3\"\u003e\u003ccode\u003eb871f76\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/404\"\u003e#404\u003c/a\u003e from thaJeztah/rm_noninteractive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/50c1460bf5b16ab491e0229585dfc3b9aa8d5afb\"\u003e\u003ccode\u003e50c1460\u003c/code\u003e\u003c/a\u003e Dockerfile: remove redundant DEBIAN_FRONTEND=noninteractive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/aecf6e5780107c399b55a84685340267424eb395\"\u003e\u003ccode\u003eaecf6e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/402\"\u003e#402\u003c/a\u003e from thaJeztah/bump_golangci_lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/ecf6c1ccc76ccce8b831feb3242d26f167c5f852\"\u003e\u003ccode\u003eecf6c1c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/399\"\u003e#399\u003c/a\u003e from ameya-keskar/bump_go_1.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/b844409a1263c5e16b7d0916c97feeb910587f2b\"\u003e\u003ccode\u003eb844409\u003c/code\u003e\u003c/a\u003e update to go1.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/9df2c7782a1ba4c349bf0e9150e9756a6e39f9b3\"\u003e\u003ccode\u003e9df2c77\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/401\"\u003e#401\u003c/a\u003e from thaJeztah/bump_ubuntu\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/7a15b77bcbc59e8e8d98bb771b71b27730b576de\"\u003e\u003ccode\u003e7a15b77\u003c/code\u003e\u003c/a\u003e Dockerfile: update golangci-lint to v2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/81f7ebebfd9ae664f965fbc6f14ce953774ec639\"\u003e\u003ccode\u003e81f7ebe\u003c/code\u003e\u003c/a\u003e gha: update some actions to ubuntu 24.04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/3f97cf3ce306a81eaaa50d4e0f0afc4a12e04aef\"\u003e\u003ccode\u003e3f97cf3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/398\"\u003e#398\u003c/a\u003e from docker/dependabot/github_actions/actions/upload-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/8b5e6dffc66a0fea386a7ec05539a4da3155562d\"\u003e\u003ccode\u003e8b5e6df\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/397\"\u003e#397\u003c/a\u003e from docker/dependabot/github_actions/softprops/actio...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring` from 0.87.1 to 0.88.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/releases\"\u003egithub.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.88.0 / 2026-01-09\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Use narrower selectors for StatefulSet informers in \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e controllers. It is recommended to upgrade from \u003ccode\u003ev0.85.0\u003c/code\u003e (at least). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8246\"\u003e#8246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Reject \u003ccode\u003eEC2/Lightsail\u003c/code\u003e SD for Prometheus \u0026gt;= 3.8.0 in \u003ccode\u003eScrapeConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8175\"\u003e#8175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003epodManagementPolicy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8119\"\u003e#8119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eupdateStrategy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8202\"\u003e#8202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escrapeNativeHistograms\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eServiceMonitor\u003c/code\u003e, \u003ccode\u003ePodMonitor\u003c/code\u003e, \u003ccode\u003eProbe\u003c/code\u003e and \u003ccode\u003eScrapeConfig\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8102\"\u003e#8102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escope\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8240\"\u003e#8240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eworkloadIdentity\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7998\"\u003e#7998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add support for PrometheusRule fields \u003ccode\u003egroupLabels\u003c/code\u003e and \u003ccode\u003equeryOffset\u003c/code\u003e in \u003ccode\u003eThanosRuler\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8137\"\u003e#8137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eslackAppToken\u003c/code\u003e and \u003ccode\u003eslackAppUrl\u003c/code\u003e fields to Alertmanager global config for Slack App support. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8238\"\u003e#8238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eincident.io\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8190\"\u003e#8190\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8245\"\u003e#8245\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8228\"\u003e#8228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eMattermost\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8188\"\u003e#8188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eapiType\u003c/code\u003e field to \u003ccode\u003eJira\u003c/code\u003e receiver in \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8218\"\u003e#8218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003ePagerDuty\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8162\"\u003e#8162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003eSlack\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8161\"\u003e#8161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Use \u003ccode\u003eminReadySeconds\u003c/code\u003e to set \u003ccode\u003e--dispatch.start-delay\u003c/code\u003e in \u003ccode\u003eAlertmanager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8177\"\u003e#8177\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8201\"\u003e#8201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Expose native histograms in operator metrics. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8194\"\u003e#8194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eNoSelectedResources\u003c/code\u003e reason to status conditions. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8124\"\u003e#8124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eenableHttp2\u003c/code\u003e and \u003ccode\u003efollowRedirects\u003c/code\u003e fields to HTTP configuration for \u003ccode\u003eProbe\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8112\"\u003e#8112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add CEL validations for \u003ccode\u003eDaemonSet\u003c/code\u003e mode in \u003ccode\u003ePrometheusAgent\u003c/code\u003e CRD (requires the \u003ccode\u003ePrometheusAgentDaemonSetFeature\u003c/code\u003e featuregate). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7881\"\u003e#7881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Improve validation for \u003ccode\u003ePushover\u003c/code\u003e, \u003ccode\u003ePagerDuty\u003c/code\u003e and \u003ccode\u003eVictorOps\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8239\"\u003e#8239\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8113\"\u003e#8113\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8220\"\u003e#8220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eapiURL\u003c/code\u003e validation for \u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eOpsGenie\u003c/code\u003e and \u003ccode\u003eTelegram\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8196\"\u003e#8196\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8206\"\u003e#8206\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8199\"\u003e#8199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e receivers (\u003ccode\u003eMSTeams\u003c/code\u003e, \u003ccode\u003eWebhook\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8125\"\u003e#8125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanager\u003c/code\u003e configuration secret (\u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eTelegram\u003c/code\u003e, \u003ccode\u003ePushover\u003c/code\u003e receivers). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8233\"\u003e#8233\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8232\"\u003e#8232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichalTomczakSE\"\u003e\u003ccode\u003e@​MichalTomczakSE\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8144\"\u003eprometheus-operator/prometheus-operator#8144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kartikangiras\"\u003e\u003ccode\u003e@​kartikangiras\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8098\"\u003eprometheus-operator/prometheus-operator#8098\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/varundeepsaini\"\u003e\u003ccode\u003e@​varundeepsaini\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8207\"\u003eprometheus-operator/prometheus-operator#8207\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tomlin7\"\u003e\u003ccode\u003e@​tomlin7\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8209\"\u003eprometheus-operator/prometheus-operator#8209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluktuid\"\u003e\u003ccode\u003e@​fluktuid\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/pull/8248\"\u003eprometheus-operator/prometheus-operator#8248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.88.0 / 2026-01-09\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Use narrower selectors for StatefulSet informers in \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e controllers. It is recommended to upgrade from \u003ccode\u003ev0.85.0\u003c/code\u003e (at least). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8246\"\u003e#8246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Reject \u003ccode\u003eEC2/Lightsail\u003c/code\u003e SD for Prometheus \u0026gt;= 3.8.0 in \u003ccode\u003eScrapeConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8175\"\u003e#8175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003epodManagementPolicy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8119\"\u003e#8119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eupdateStrategy\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eAlertmanager\u003c/code\u003e and \u003ccode\u003eThanosRuler\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8202\"\u003e#8202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escrapeNativeHistograms\u003c/code\u003e field to \u003ccode\u003ePrometheus\u003c/code\u003e, \u003ccode\u003ePrometheusAgent\u003c/code\u003e, \u003ccode\u003eServiceMonitor\u003c/code\u003e, \u003ccode\u003ePodMonitor\u003c/code\u003e, \u003ccode\u003eProbe\u003c/code\u003e and \u003ccode\u003eScrapeConfig\u003c/code\u003e CRDs. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8102\"\u003e#8102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003escope\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8240\"\u003e#8240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eworkloadIdentity\u003c/code\u003e field to \u003ccode\u003eAzureAD\u003c/code\u003e remote write configuration. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7998\"\u003e#7998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add support for PrometheusRule fields \u003ccode\u003egroupLabels\u003c/code\u003e and \u003ccode\u003equeryOffset\u003c/code\u003e in \u003ccode\u003eThanosRuler\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8137\"\u003e#8137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eslackAppToken\u003c/code\u003e and \u003ccode\u003eslackAppUrl\u003c/code\u003e fields to Alertmanager global config for Slack App support. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8238\"\u003e#8238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eincident.io\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8190\"\u003e#8190\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8245\"\u003e#8245\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8228\"\u003e#8228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eMattermost\u003c/code\u003e receiver support to \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8188\"\u003e#8188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003eapiType\u003c/code\u003e field to \u003ccode\u003eJira\u003c/code\u003e receiver in \u003ccode\u003eAlertmanager\u003c/code\u003e config secret. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8218\"\u003e#8218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003ePagerDuty\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8162\"\u003e#8162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add \u003ccode\u003etimeout\u003c/code\u003e field to \u003ccode\u003eSlack\u003c/code\u003e receiver in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8161\"\u003e#8161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Use \u003ccode\u003eminReadySeconds\u003c/code\u003e to set \u003ccode\u003e--dispatch.start-delay\u003c/code\u003e in \u003ccode\u003eAlertmanager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8177\"\u003e#8177\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8201\"\u003e#8201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Expose native histograms in operator metrics. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8194\"\u003e#8194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eNoSelectedResources\u003c/code\u003e reason to status conditions. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8124\"\u003e#8124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eenableHttp2\u003c/code\u003e and \u003ccode\u003efollowRedirects\u003c/code\u003e fields to HTTP configuration for \u003ccode\u003eProbe\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8112\"\u003e#8112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add CEL validations for \u003ccode\u003eDaemonSet\u003c/code\u003e mode in \u003ccode\u003ePrometheusAgent\u003c/code\u003e CRD (requires the \u003ccode\u003ePrometheusAgentDaemonSetFeature\u003c/code\u003e featuregate). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7881\"\u003e#7881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Improve validation for \u003ccode\u003ePushover\u003c/code\u003e, \u003ccode\u003ePagerDuty\u003c/code\u003e and \u003ccode\u003eVictorOps\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8239\"\u003e#8239\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8113\"\u003e#8113\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8220\"\u003e#8220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Add \u003ccode\u003eapiURL\u003c/code\u003e validation for \u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eOpsGenie\u003c/code\u003e and \u003ccode\u003eTelegram\u003c/code\u003e receivers in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e CRD. \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8196\"\u003e#8196\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8206\"\u003e#8206\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8199\"\u003e#8199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanagerConfig\u003c/code\u003e receivers (\u003ccode\u003eMSTeams\u003c/code\u003e, \u003ccode\u003eWebhook\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8125\"\u003e#8125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] Validate URL fields in \u003ccode\u003eAlertmanager\u003c/code\u003e configuration secret (\u003ccode\u003eWeChat\u003c/code\u003e, \u003ccode\u003eTelegram\u003c/code\u003e, \u003ccode\u003ePushover\u003c/code\u003e receivers). \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8233\"\u003e#8233\u003c/a\u003e \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8232\"\u003e#8232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/21974db4687ad80a6ea79af66d410db54510e35e\"\u003e\u003ccode\u003e21974db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8263\"\u003e#8263\u003c/a\u003e from slashpai/cut-v0.88\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/7d1d99052daa6b10f65a3901bf050c501ec8f131\"\u003e\u003ccode\u003e7d1d990\u003c/code\u003e\u003c/a\u003e chore: cut v0.88.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/1746a839980861cc3dcbcf7f27e8ee965f4c8fb3\"\u003e\u003ccode\u003e1746a83\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8252\"\u003e#8252\u003c/a\u003e from heliapb/fix/bump_prom_3_9_1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/fd282ba2f23b10249049c9a4297982dde4026dfe\"\u003e\u003ccode\u003efd282ba\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8253\"\u003e#8253\u003c/a\u003e from prometheus-operator/dependabot/go_modules/githu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/14b8ed2eaf429afd802d5f5278875e331fb53d7d\"\u003e\u003ccode\u003e14b8ed2\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/prometheus/prometheus\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/e0d02b23ece75731dfbea93201baca23d9e9536a\"\u003e\u003ccode\u003ee0d02b2\u003c/code\u003e\u003c/a\u003e chore: bump prometheus 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/a4fbeedbced6ad0cacbb04043b82403efac15f76\"\u003e\u003ccode\u003ea4fbeed\u003c/code\u003e\u003c/a\u003e pkg/alertmanager: add URL validation for MSTeams receiver (\u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8231\"\u003e#8231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/4a393db953bf90261208dedb10f9e25f8eb4093a\"\u003e\u003ccode\u003e4a393db\u003c/code\u003e\u003c/a\u003e Chore: add WeChat global config secret validation in Alertmanager (\u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/37ac74f4023c3006ab6288540a6b066e01bd3497\"\u003e\u003ccode\u003e37ac74f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8235\"\u003e#8235\u003c/a\u003e from nutmos/feat/add-slack-validations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/commit/c2a010fd57f5ef562f000d50763f34e6894122e4\"\u003e\u003ccode\u003ec2a010f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus-operator/prometheus-operator/issues/8250\"\u003e#8250\u003c/a\u003e from prometheus-operator/dependabot/go_modules/githu...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prometheus-operator/prometheus-operator/compare/v0.87.1...v0.88.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/mod` from 0.31.0 to 0.32.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/mod/commit/4c04067938546e62fc0572259a68a6912726bcdd\"\u003e\u003ccode\u003e4c04067\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/mod/compare/v0.31.0...v0.32.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.39.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2f442297556c884f9b52fc6ef7280083f4d65023\"\u003e\u003ccode\u003e2f44229\u003c/code\u003e\u003c/a\u003e sys/cpu: add symbolic constants for remaining cpuid bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e5770d27b7f2fca0e959b31bdb18fad4afba8565\"\u003e\u003ccode\u003ee5770d2\u003c/code\u003e\u003c/a\u003e sys/cpu: use symbolic names for masks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/714a44c845225bf4314182db4c910ef151c32d2f\"\u003e\u003ccode\u003e714a44c\u003c/code\u003e\u003c/a\u003e sys/cpu: modify x86 port to match what internal/cpu does\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/compare/v0.39.0...v0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/term` from 0.38.0 to 0.39.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/a7e5b0437ffa3159709172efbe396bc546550e23\"\u003e\u003ccode\u003ea7e5b04\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/943f25d3595f79ce29c4175d889758d38b375688\"\u003e\u003ccode\u003e943f25d\u003c/code\u003e\u003c/a\u003e x/term: handle transpose\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/term/commit/9b991dd831b8a478f9fc99a0b39b492b4e25a3c0\"\u003e\u003ccode\u003e9b991dd\u003c/code\u003e\u003c/a\u003e x/term: handle delete key\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/term/compare/v0.38.0...v0.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Align URL validation with Go 1.26+ to now reject target URLs with unbracketed colons in the hostname. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003exds/resolver:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to weighted round robin metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/462","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/462","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/462/packages"}},{"old_version":"0.5.1","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-01-09T05:53:43.000Z","version_change":"0.5.1 → 0.6.1","issue":{"uuid":"3795587502","node_id":"PR_kwDOGZIwWs68QuSN","number":460,"state":"open","title":"chore(deps): Bump the production-dependencies group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-09T05:53:43.000Z","updated_at":"2026-01-09T11:00:19.347Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":6,"packages":[{"name":"github.com/onsi/gomega","old_version":"1.38.3","new_version":"1.39.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/docker/docker-credential-helpers","old_version":"0.9.4","new_version":"0.9.5","repository_url":"https://github.com/docker/docker-credential-helpers"},{"name":"golang.org/x/sys","old_version":"0.39.0","new_version":"0.40.0","repository_url":"https://github.com/golang/sys"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.3` | `1.39.0` |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.1` | `0.6.1` |\n| [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers) | `0.9.4` | `0.9.5` |\n| [golang.org/x/sys](https://github.com/golang/sys) | `0.39.0` | `0.40.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.77.0` | `1.78.0` |\n\n\nUpdates `github.com/onsi/gomega` from 1.38.3 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.39.0\u003c/h2\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.39.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eMatchErrorStrictly\u003c/code\u003e which only passes if \u003ccode\u003eerrors.Is(actual, expected)\u003c/code\u003e returns true.  \u003ccode\u003eMatchError\u003c/code\u003e, by contrast, will fallback to string comparison.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/49561ad293853e660030f8397b07607127e3ebb7\"\u003e\u003ccode\u003e49561ad\u003c/code\u003e\u003c/a\u003e v1.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8f7f42585ccc794dcb3a4979ac7d67e00fb070ae\"\u003e\u003ccode\u003e8f7f425\u003c/code\u003e\u003c/a\u003e document MatchErrorStrictly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/bae643da0469185d9502e8d7528da137f4c62320\"\u003e\u003ccode\u003ebae643d\u003c/code\u003e\u003c/a\u003e add matcher relecting errors.Is behavior\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.3...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker-credential-helpers` from 0.9.4 to 0.9.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker-credential-helpers/releases\"\u003egithub.com/docker/docker-credential-helpers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.9.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/395\"\u003edocker/docker-credential-helpers#395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4 to 6 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/398\"\u003edocker/docker-credential-helpers#398\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump softprops/action-gh-release from 2.3.3 to 2.4.1 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/391\"\u003edocker/docker-credential-helpers#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump softprops/action-gh-release from 2.4.1 to 2.5.0 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/397\"\u003edocker/docker-credential-helpers#397\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: remove redundant DEBIAN_FRONTEND=noninteractive \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/404\"\u003edocker/docker-credential-helpers#404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update golangci-lint to v2.8  \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/402\"\u003edocker/docker-credential-helpers#402\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: update some actions to ubuntu 24.04 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/401\"\u003edocker/docker-credential-helpers#401\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.25.2 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/392\"\u003edocker/docker-credential-helpers#392\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.25.5 \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/pull/399\"\u003edocker/docker-credential-helpers#399\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\"\u003ehttps://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/b871f765408aa5d1fa2aa490f05cab8c133937c3\"\u003e\u003ccode\u003eb871f76\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/404\"\u003e#404\u003c/a\u003e from thaJeztah/rm_noninteractive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/50c1460bf5b16ab491e0229585dfc3b9aa8d5afb\"\u003e\u003ccode\u003e50c1460\u003c/code\u003e\u003c/a\u003e Dockerfile: remove redundant DEBIAN_FRONTEND=noninteractive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/aecf6e5780107c399b55a84685340267424eb395\"\u003e\u003ccode\u003eaecf6e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/402\"\u003e#402\u003c/a\u003e from thaJeztah/bump_golangci_lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/ecf6c1ccc76ccce8b831feb3242d26f167c5f852\"\u003e\u003ccode\u003eecf6c1c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/399\"\u003e#399\u003c/a\u003e from ameya-keskar/bump_go_1.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/b844409a1263c5e16b7d0916c97feeb910587f2b\"\u003e\u003ccode\u003eb844409\u003c/code\u003e\u003c/a\u003e update to go1.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/9df2c7782a1ba4c349bf0e9150e9756a6e39f9b3\"\u003e\u003ccode\u003e9df2c77\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/401\"\u003e#401\u003c/a\u003e from thaJeztah/bump_ubuntu\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/7a15b77bcbc59e8e8d98bb771b71b27730b576de\"\u003e\u003ccode\u003e7a15b77\u003c/code\u003e\u003c/a\u003e Dockerfile: update golangci-lint to v2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/81f7ebebfd9ae664f965fbc6f14ce953774ec639\"\u003e\u003ccode\u003e81f7ebe\u003c/code\u003e\u003c/a\u003e gha: update some actions to ubuntu 24.04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/3f97cf3ce306a81eaaa50d4e0f0afc4a12e04aef\"\u003e\u003ccode\u003e3f97cf3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/398\"\u003e#398\u003c/a\u003e from docker/dependabot/github_actions/actions/upload-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/docker-credential-helpers/commit/8b5e6dffc66a0fea386a7ec05539a4da3155562d\"\u003e\u003ccode\u003e8b5e6df\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker-credential-helpers/issues/397\"\u003e#397\u003c/a\u003e from docker/dependabot/github_actions/softprops/actio...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker-credential-helpers/compare/v0.9.4...v0.9.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.39.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2f442297556c884f9b52fc6ef7280083f4d65023\"\u003e\u003ccode\u003e2f44229\u003c/code\u003e\u003c/a\u003e sys/cpu: add symbolic constants for remaining cpuid bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e5770d27b7f2fca0e959b31bdb18fad4afba8565\"\u003e\u003ccode\u003ee5770d2\u003c/code\u003e\u003c/a\u003e sys/cpu: use symbolic names for masks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/714a44c845225bf4314182db4c910ef151c32d2f\"\u003e\u003ccode\u003e714a44c\u003c/code\u003e\u003c/a\u003e sys/cpu: modify x86 port to match what internal/cpu does\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/compare/v0.39.0...v0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Align URL validation with Go 1.26+ to now reject target URLs with unbracketed colons in the hostname. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003exds/resolver:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to weighted round robin metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/460","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/460","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/460/packages"}},{"old_version":"0.5.2","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-01-08T14:28:14.000Z","version_change":"0.5.2 → 0.6.1","issue":{"uuid":"3793121717","node_id":"PR_kwDOBAr5ps68IhJl","number":9701,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-08T14:28:14.000Z","updated_at":"2026-01-08T14:46:29.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":10,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/checkpoint-restore/checkpointctl","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/checkpoint-restore/checkpointctl"},{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.2","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/godbus/dbus/v5","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/godbus/dbus"},{"name":"github.com/opencontainers/runc","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"golang.org/x/sys","old_version":"0.39.0","new_version":"0.40.0","repository_url":"https://github.com/golang/sys"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"},{"name":"google.golang.org/protobuf","old_version":"1.36.10","new_version":"1.36.11"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/checkpoint-restore/checkpointctl](https://github.com/checkpoint-restore/checkpointctl) | `1.4.0` | `1.4.1` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.29` | `1.7.30` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.2` | `0.6.1` |\n| [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) | `5.2.0` | `5.2.2` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.3.2` | `1.4.0` |\n| [golang.org/x/sys](https://github.com/golang/sys) | `0.39.0` | `0.40.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.77.0` | `1.78.0` |\n| google.golang.org/protobuf | `1.36.10` | `1.36.11` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/checkpoint-restore/checkpointctl` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/releases\"\u003egithub.com/checkpoint-restore/checkpointctl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in the all group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/172\"\u003echeckpoint-restore/checkpointctl#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/176\"\u003echeckpoint-restore/checkpointctl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eworkflows: add explicit permissions to fix CodeQL warnings by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/177\"\u003echeckpoint-restore/checkpointctl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump minimum Go version to 1.24.6 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/178\"\u003echeckpoint-restore/checkpointctl#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/e9889f5c195f05f00137c9a77ad32d7d6ee53f7f\"\u003e\u003ccode\u003ee9889f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/178\"\u003e#178\u003c/a\u003e from adrianreber/2025-12-10-1-24-6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/b336c8e4a34e8cb3ccc9e64ec6e338f807b10c90\"\u003e\u003ccode\u003eb336c8e\u003c/code\u003e\u003c/a\u003e go.mod: bump minimum Go version to 1.24.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/251977630df3bd5ff051081d645d0acac73cd6de\"\u003e\u003ccode\u003e2519776\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/177\"\u003e#177\u003c/a\u003e from adrianreber/2025-12-10-codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/050500942d1d11281653a19a0a703992f1849258\"\u003e\u003ccode\u003e0505009\u003c/code\u003e\u003c/a\u003e workflows: add explicit permissions to fix CodeQL warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d6f6e40aabf8e837b6d85d3a5b59b9e7e58e478\"\u003e\u003ccode\u003e1d6f6e4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/176\"\u003e#176\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-737...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/969270bba8ab3778da1c3bace124416bfe114aa7\"\u003e\u003ccode\u003e969270b\u003c/code\u003e\u003c/a\u003e chore(deps): Bump the all group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/fd183169177789401ba7fcff355971ced22884bd\"\u003e\u003ccode\u003efd18316\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/172\"\u003e#172\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-ba2...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d82e5ac9f3e219cdbfc75334153fa651151a770\"\u003e\u003ccode\u003e1d82e5a\u003c/code\u003e\u003c/a\u003e chore(deps): Bump github.com/spf13/cobra in the all group\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.29 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.2 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f466aa3630920b694b2d32b037375e55520bdf5b\"\u003e\u003ccode\u003ef466aa3\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/83\"\u003e#83\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/67db5d4c764ad99bc947581f1973b24bc62ffc20\"\u003e\u003ccode\u003e67db5d4\u003c/code\u003e\u003c/a\u003e tests: hard-fail openat2 in openat2-disabled tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f51984fd0a9093abd4047041537c7dfcb79fbd8b\"\u003e\u003ccode\u003ef51984f\u003c/code\u003e\u003c/a\u003e gha: run tests on vX.Y.Z branches\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.2...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/godbus/dbus/v5` from 5.2.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/godbus/dbus/releases\"\u003egithub.com/godbus/dbus/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ununsed import in windows specific code by \u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump freebsd to 14.3 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/421\"\u003egodbus/dbus#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow more than 32 containers / struct fields in a signature by \u003ca href=\"https://github.com/guelfey\"\u003e\u003ccode\u003e@​guelfey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/426\"\u003egodbus/dbus#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci-lint to v2, fix some issues found by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/419\"\u003egodbus/dbus#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and simplify getHomeDir by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/422\"\u003egodbus/dbus#422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/a8ac15ba63645f02ffd57f4b443203279ab40b30\"\u003e\u003ccode\u003ea8ac15b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/427\"\u003e#427\u003c/a\u003e from dims/drop-unused-import-in-windows-specific-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/e638c721d984eab99e7a5d674ece2e17ea913aca\"\u003e\u003ccode\u003ee638c72\u003c/code\u003e\u003c/a\u003e Drop ununsed import in windows specific code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/20d95a3d9a57a5cb72cbdafb3fd9ecb6d2ccd038\"\u003e\u003ccode\u003e20d95a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/422\"\u003e#422\u003c/a\u003e from kolyshkin/homedir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d3fc3b583895e27c3337f77ea7134b0a81159955\"\u003e\u003ccode\u003ed3fc3b5\u003c/code\u003e\u003c/a\u003e Fix and simplify getHomeDir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/88ce46364db66b69f70017265a312b26ad7feba8\"\u003e\u003ccode\u003e88ce463\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/419\"\u003e#419\u003c/a\u003e from kolyshkin/golangci-v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/feb892a0347fb361350229d969a2666a4791504e\"\u003e\u003ccode\u003efeb892a\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/c5ff039e5883a86f848ad6fbb820e471818c0bde\"\u003e\u003ccode\u003ec5ff039\u003c/code\u003e\u003c/a\u003e Ignore ST1008 warning for validSingle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/135663e52698feb5ad4b0733d7e457c82227214a\"\u003e\u003ccode\u003e135663e\u003c/code\u003e\u003c/a\u003e Omit embedded fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/1b92cdcc136567c781bcc0ad1ccb4bd78b11e151\"\u003e\u003ccode\u003e1b92cdc\u003c/code\u003e\u003c/a\u003e variant_parser: simplify switch statement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d03c0bea70755580de832141a43f544950e76fc7\"\u003e\u003ccode\u003ed03c0be\u003c/code\u003e\u003c/a\u003e Use switch where it makes sense\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.0 -- \u0026quot;路漫漫其修远兮，吾将上下而求索！\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the first release of the 1.4.z release branch of runc. It\ncontains a few fixes for issues found in 1.4.0-rc.3. This version of\nrunc supports runtime-spec v1.3 (see [\u003ccode\u003edocs/spec-conformance.md\u003c/code\u003e][] for the\nfew features that are still missing).\u003c/p\u003e\n\u003cp\u003eThis is the second release of runc following our new release and support\npolicy (see [\u003ccode\u003eRELEASES.md\u003c/code\u003e][] for more details). This means that, as of this\nrelease:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe runc 1.2.z release branch will now only receive \u003cem\u003ehigh severity\u003c/em\u003e\nCVE fixes, and will no longer be supported in less than 6 months (end\nof April 2026).\u003c/li\u003e\n\u003cli\u003eThe runc 1.3.z release branch will now only receive security and\n\u0026quot;significant\u0026quot; bugfixes.\u003c/li\u003e\n\u003cli\u003eUsers are encouraged to plan migrating to runc 1.4.0 as soon as\npossible.\u003c/li\u003e\n\u003cli\u003eDespite this release being delayed by a month, users should still\nexpect a runc 1.5.0 release in late April 2026.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n[CVE-2025-52881][] mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the [CVE-2025-52881][]\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.0] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e路漫漫其修远兮，吾将上下而求索！\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\nusers. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: switch to \u003ccode\u003e(*CPUSet).Fill\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4927\"\u003e#4927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs/spec-conformance.md: update for spec v1.3.0. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4948\"\u003e#4948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.3.4] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTake me to your heart, take me to your soul.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4966\"\u003e#4966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the\ntarget path already existed. This fixes a regression introduced in our\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bd78a9977e604c4d5f67a7415d7b8b8c109cdc4\"\u003e\u003ccode\u003e8bd78a9\u003c/code\u003e\u003c/a\u003e VERSION: release 1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7d84a1282aaab9f106b19511de011df1a4510752\"\u003e\u003ccode\u003e7d84a12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5005\"\u003e#5005\u003c/a\u003e from cyphar/1.4-hallucinated-paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c362d6bd2107bc8ae25f88e93b31fe85c8222b81\"\u003e\u003ccode\u003ec362d6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5040\"\u003e#5040\u003c/a\u003e from cyphar/1.4-better-init-errors-4928\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/f1d0dd8fb36abf4ad5e8502bca7f18d921560790\"\u003e\u003ccode\u003ef1d0dd8\u003c/code\u003e\u003c/a\u003e runc create/run/exec: show fatal errors from init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/46156624b77fd995e6fc45df097aa94a6b8be5c2\"\u003e\u003ccode\u003e4615662\u003c/code\u003e\u003c/a\u003e libct/nsenter: better read/write errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c4a61c0227580d730b887788f6a9c5d09238ed64\"\u003e\u003ccode\u003ec4a61c0\u003c/code\u003e\u003c/a\u003e libct/nsenter: sprinkle missing sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/493f1b10fea838dc01ab5f99e4fc3ca6a236c8b6\"\u003e\u003ccode\u003e493f1b1\u003c/code\u003e\u003c/a\u003e libct/nsenter: add and use bailx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7f9fc53c34ead1880c839da432130a3d0bb96d25\"\u003e\u003ccode\u003e7f9fc53\u003c/code\u003e\u003c/a\u003e libct/nsenter: save errno in sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e18c06bf8ee87ac6472d03ed2e28d8a9077f978f\"\u003e\u003ccode\u003ee18c06b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5041\"\u003e#5041\u003c/a\u003e from lifubang/backport-5014-fd-leaks-flake-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5bb89872f8d3cb6e58268e16644f8ca2d8ade2cf\"\u003e\u003ccode\u003e5bb8987\u003c/code\u003e\u003c/a\u003e libct/int: TestFdLeaks: deflake\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.12.0 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003cp\u003eThis release includes a minor update to reduce the minimum version\nrequirement of the \u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e package from\nv0.6.0 to v0.5.1. We did not use any of the newer features, so\ndowngrading is a no-op but will help with downstreams that need to\nbackport \u003ccode\u003egithub.com/opencontainers/selinux\u003c/code\u003e updates.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/240\"\u003eopencontainers/selinux#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edowngrade github.com/cyphar/filepath-securejoin to v0.5.1 by \u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to golangci-lint v2 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/230\"\u003eopencontainers/selinux#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/233\"\u003eopencontainers/selinux#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/234\"\u003eopencontainers/selinux#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekeyring: fix typo in EACCES check by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/235\"\u003eopencontainers/selinux#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Go 1.25, drop go 1.23, bump golangci-lint by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/236\"\u003eopencontainers/selinux#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eselinux: migrate to pathrs-lite procfs API by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/237\"\u003eopencontainers/selinux#237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/5647f06491288afa5ea45747896b359f51f7c509\"\u003e\u003ccode\u003e5647f06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/242\"\u003e#242\u003c/a\u003e from Luap99/securejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/69a52b85c9831ced6f3f512822063bff5eb41dac\"\u003e\u003ccode\u003e69a52b8\u003c/code\u003e\u003c/a\u003e downgrade github.com/cyphar/filepath-securejoin to v0.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/6950c322825bbede8032e70fbac550c497a49943\"\u003e\u003ccode\u003e6950c32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/240\"\u003e#240\u003c/a\u003e from opencontainers/dependabot/github_actions/golangc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9a88c886b3ca4f6e016057eab6f2770aff9c2024\"\u003e\u003ccode\u003e9a88c88\u003c/code\u003e\u003c/a\u003e build(deps): bump golangci/golangci-lint-action from 8 to 9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/4be9937fb76c0c49a30469135a4077fcc33712b8\"\u003e\u003ccode\u003e4be9937\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/237\"\u003e#237\u003c/a\u003e from cyphar/selinux-safe-procfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8cfa6fd2d285a96022203163c2075eda85bff54\"\u003e\u003ccode\u003ec8cfa6f\u003c/code\u003e\u003c/a\u003e selinux: migrate to pathrs-lite procfs API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/f2424d8145e2ac45a0ec457e39758cd58e573285\"\u003e\u003ccode\u003ef2424d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/236\"\u003e#236\u003c/a\u003e from kolyshkin/modernize-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/648ce7f0f85f4a310d1cd7317986fc1d6c8ff41c\"\u003e\u003ccode\u003e648ce7f\u003c/code\u003e\u003c/a\u003e ci: add go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/916cab932c940e0fc55f0c8404d503665160dd9c\"\u003e\u003ccode\u003e916cab9\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/b42e5c8eff8eab7ee590cc61d78fd3e2d38e3309\"\u003e\u003ccode\u003eb42e5c8\u003c/code\u003e\u003c/a\u003e all: format sources with latest gofumpt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.39.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/2f442297556c884f9b52fc6ef7280083f4d65023\"\u003e\u003ccode\u003e2f44229\u003c/code\u003e\u003c/a\u003e sys/cpu: add symbolic constants for remaining cpuid bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e5770d27b7f2fca0e959b31bdb18fad4afba8565\"\u003e\u003ccode\u003ee5770d2\u003c/code\u003e\u003c/a\u003e sys/cpu: use symbolic names for masks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/714a44c845225bf4314182db4c910ef151c32d2f\"\u003e\u003ccode\u003e714a44c\u003c/code\u003e\u003c/a\u003e sys/cpu: modify x86 port to match what internal/cpu does\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/compare/v0.39.0...v0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Align URL validation with Go 1.26+ to now reject target URLs with unbracketed colons in the hostname. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003exds/resolver:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to weighted round robin metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.36.10 to 1.36.11\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cri-o/cri-o/pull/9701","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9701","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9701/packages"}},{"old_version":"0.5.2","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2026-01-06T14:03:19.000Z","version_change":"0.5.2 → 0.6.1","issue":{"uuid":"3785257048","node_id":"PR_kwDOBAr5ps67ukeN","number":9698,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-06T14:03:19.000Z","updated_at":"2026-01-06T14:03:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":9,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/checkpoint-restore/checkpointctl","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/checkpoint-restore/checkpointctl"},{"name":"github.com/containerd/containerd","old_version":"1.7.29","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.2","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/godbus/dbus/v5","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/godbus/dbus"},{"name":"github.com/opencontainers/runc","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"},{"name":"google.golang.org/protobuf","old_version":"1.36.10","new_version":"1.36.11"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/checkpoint-restore/checkpointctl](https://github.com/checkpoint-restore/checkpointctl) | `1.4.0` | `1.4.1` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.29` | `1.7.30` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.5.2` | `0.6.1` |\n| [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) | `5.2.0` | `5.2.2` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.3.2` | `1.4.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.77.0` | `1.78.0` |\n| google.golang.org/protobuf | `1.36.10` | `1.36.11` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/checkpoint-restore/checkpointctl` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/releases\"\u003egithub.com/checkpoint-restore/checkpointctl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in the all group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/172\"\u003echeckpoint-restore/checkpointctl#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/176\"\u003echeckpoint-restore/checkpointctl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eworkflows: add explicit permissions to fix CodeQL warnings by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/177\"\u003echeckpoint-restore/checkpointctl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump minimum Go version to 1.24.6 by \u003ca href=\"https://github.com/adrianreber\"\u003e\u003ccode\u003e@​adrianreber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/pull/178\"\u003echeckpoint-restore/checkpointctl#178\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ehttps://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/e9889f5c195f05f00137c9a77ad32d7d6ee53f7f\"\u003e\u003ccode\u003ee9889f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/178\"\u003e#178\u003c/a\u003e from adrianreber/2025-12-10-1-24-6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/b336c8e4a34e8cb3ccc9e64ec6e338f807b10c90\"\u003e\u003ccode\u003eb336c8e\u003c/code\u003e\u003c/a\u003e go.mod: bump minimum Go version to 1.24.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/251977630df3bd5ff051081d645d0acac73cd6de\"\u003e\u003ccode\u003e2519776\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/177\"\u003e#177\u003c/a\u003e from adrianreber/2025-12-10-codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/050500942d1d11281653a19a0a703992f1849258\"\u003e\u003ccode\u003e0505009\u003c/code\u003e\u003c/a\u003e workflows: add explicit permissions to fix CodeQL warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d6f6e40aabf8e837b6d85d3a5b59b9e7e58e478\"\u003e\u003ccode\u003e1d6f6e4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/176\"\u003e#176\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-737...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/969270bba8ab3778da1c3bace124416bfe114aa7\"\u003e\u003ccode\u003e969270b\u003c/code\u003e\u003c/a\u003e chore(deps): Bump the all group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/fd183169177789401ba7fcff355971ced22884bd\"\u003e\u003ccode\u003efd18316\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/checkpoint-restore/checkpointctl/issues/172\"\u003e#172\u003c/a\u003e from checkpoint-restore/dependabot/go_modules/all-ba2...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/commit/1d82e5ac9f3e219cdbfc75334153fa651151a770\"\u003e\u003ccode\u003e1d82e5a\u003c/code\u003e\u003c/a\u003e chore(deps): Bump github.com/spf13/cobra in the all group\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/checkpoint-restore/checkpointctl/compare/v1.4.0...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.29 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.29...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.2 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f466aa3630920b694b2d32b037375e55520bdf5b\"\u003e\u003ccode\u003ef466aa3\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/83\"\u003e#83\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/67db5d4c764ad99bc947581f1973b24bc62ffc20\"\u003e\u003ccode\u003e67db5d4\u003c/code\u003e\u003c/a\u003e tests: hard-fail openat2 in openat2-disabled tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/f51984fd0a9093abd4047041537c7dfcb79fbd8b\"\u003e\u003ccode\u003ef51984f\u003c/code\u003e\u003c/a\u003e gha: run tests on vX.Y.Z branches\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.2...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/godbus/dbus/v5` from 5.2.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/godbus/dbus/releases\"\u003egithub.com/godbus/dbus/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ununsed import in windows specific code by \u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dims\"\u003e\u003ccode\u003e@​dims\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/427\"\u003egodbus/dbus#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: bump freebsd to 14.3 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/421\"\u003egodbus/dbus#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow more than 32 containers / struct fields in a signature by \u003ca href=\"https://github.com/guelfey\"\u003e\u003ccode\u003e@​guelfey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/426\"\u003egodbus/dbus#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci-lint to v2, fix some issues found by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/419\"\u003egodbus/dbus#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and simplify getHomeDir by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/godbus/dbus/pull/422\"\u003egodbus/dbus#422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/godbus/dbus/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/a8ac15ba63645f02ffd57f4b443203279ab40b30\"\u003e\u003ccode\u003ea8ac15b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/427\"\u003e#427\u003c/a\u003e from dims/drop-unused-import-in-windows-specific-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/e638c721d984eab99e7a5d674ece2e17ea913aca\"\u003e\u003ccode\u003ee638c72\u003c/code\u003e\u003c/a\u003e Drop ununsed import in windows specific code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/20d95a3d9a57a5cb72cbdafb3fd9ecb6d2ccd038\"\u003e\u003ccode\u003e20d95a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/422\"\u003e#422\u003c/a\u003e from kolyshkin/homedir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d3fc3b583895e27c3337f77ea7134b0a81159955\"\u003e\u003ccode\u003ed3fc3b5\u003c/code\u003e\u003c/a\u003e Fix and simplify getHomeDir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/88ce46364db66b69f70017265a312b26ad7feba8\"\u003e\u003ccode\u003e88ce463\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/godbus/dbus/issues/419\"\u003e#419\u003c/a\u003e from kolyshkin/golangci-v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/feb892a0347fb361350229d969a2666a4791504e\"\u003e\u003ccode\u003efeb892a\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/c5ff039e5883a86f848ad6fbb820e471818c0bde\"\u003e\u003ccode\u003ec5ff039\u003c/code\u003e\u003c/a\u003e Ignore ST1008 warning for validSingle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/135663e52698feb5ad4b0733d7e457c82227214a\"\u003e\u003ccode\u003e135663e\u003c/code\u003e\u003c/a\u003e Omit embedded fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/1b92cdcc136567c781bcc0ad1ccb4bd78b11e151\"\u003e\u003ccode\u003e1b92cdc\u003c/code\u003e\u003c/a\u003e variant_parser: simplify switch statement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/godbus/dbus/commit/d03c0bea70755580de832141a43f544950e76fc7\"\u003e\u003ccode\u003ed03c0be\u003c/code\u003e\u003c/a\u003e Use switch where it makes sense\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.0 -- \u0026quot;路漫漫其修远兮，吾将上下而求索！\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the first release of the 1.4.z release branch of runc. It\ncontains a few fixes for issues found in 1.4.0-rc.3. This version of\nrunc supports runtime-spec v1.3 (see [\u003ccode\u003edocs/spec-conformance.md\u003c/code\u003e][] for the\nfew features that are still missing).\u003c/p\u003e\n\u003cp\u003eThis is the second release of runc following our new release and support\npolicy (see [\u003ccode\u003eRELEASES.md\u003c/code\u003e][] for more details). This means that, as of this\nrelease:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe runc 1.2.z release branch will now only receive \u003cem\u003ehigh severity\u003c/em\u003e\nCVE fixes, and will no longer be supported in less than 6 months (end\nof April 2026).\u003c/li\u003e\n\u003cli\u003eThe runc 1.3.z release branch will now only receive security and\n\u0026quot;significant\u0026quot; bugfixes.\u003c/li\u003e\n\u003cli\u003eUsers are encouraged to plan migrating to runc 1.4.0 as soon as\npossible.\u003c/li\u003e\n\u003cli\u003eDespite this release being delayed by a month, users should still\nexpect a runc 1.5.0 release in late April 2026.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n[CVE-2025-52881][] mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the [CVE-2025-52881][]\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.0] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e路漫漫其修远兮，吾将上下而求索！\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate cgroup v1. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4956\"\u003e#4956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eCleanPath\u003c/code\u003e, \u003ccode\u003eStripRoot\u003c/code\u003e, \u003ccode\u003eWithProcfd\u003c/code\u003e, and \u003ccode\u003eWithProcfdFile\u003c/code\u003e from\n\u003ccode\u003elibcontainer/utils\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe handling of \u003ccode\u003epids.limit\u003c/code\u003e has been updated to match the newer guidance\nfrom the OCI runtime specification. In particular, now a maximum limit value\nof \u003ccode\u003e0\u003c/code\u003e will be treated as an actual limit (due to limitations with systemd,\nit will be treated the same as a limit value of \u003ccode\u003e1\u003c/code\u003e). We only expect users\nthat explicitly set \u003ccode\u003epids.limit\u003c/code\u003e to \u003ccode\u003e0\u003c/code\u003e will see a behaviour change.\n\u003ccode\u003eopencontainers/cgroups#48\u003c/code\u003e\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4949\"\u003e#4949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopencontainers/cgroups#43\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: retry DBus connection when it fails with EAGAIN.\n\u003ccode\u003eopencontainers/cgroups#45\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ecgroups: improve \u003ccode\u003ecpuacct.usage_all\u003c/code\u003e resilience when parsing data from\n\u003ccode\u003eopencontainers/cgroups#46\u003c/code\u003e\n\u003ca href=\"https://redirect.github.com/opencontainers/cgroups/issues/50\"\u003eopencontainers/cgroups#50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: close child fds on \u003ccode\u003eprepareCgroupFD\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4936\"\u003e#4936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4967\"\u003e#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the target\npath already existed. This fixes a regression introduced in our\n\u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e mitigation patches. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4971\"\u003e#4971\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4976\"\u003e#4976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various file descriptor leaks and add additional tests to detect them as\ncomprehensively as possible. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5007\"\u003e#5007\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5021\"\u003e#5021\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u0026quot;hallucination\u0026quot; helpers added as part of the \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\"\u003eCVE-2025-52881\u003c/a\u003e\nmitigation have been made more generic and now apply to all of our \u003ccode\u003epathrs\u003c/code\u003e\nhelper functions, which should ensure we will not regress dangling symlink\nusers. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: switch to \u003ccode\u003e(*CPUSet).Fill\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4927\"\u003e#4927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs/spec-conformance.md: update for spec v1.3.0. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4948\"\u003e#4948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.3.4] - 2025-11-27\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eTake me to your heart, take me to your soul.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibct: fix mips compilation. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4962\"\u003e#4962\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4966\"\u003e#4966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen configuring a \u003ccode\u003etmpfs\u003c/code\u003e mount, only set the \u003ccode\u003emode=\u003c/code\u003e argument if the\ntarget path already existed. This fixes a regression introduced in our\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bd78a9977e604c4d5f67a7415d7b8b8c109cdc4\"\u003e\u003ccode\u003e8bd78a9\u003c/code\u003e\u003c/a\u003e VERSION: release 1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7d84a1282aaab9f106b19511de011df1a4510752\"\u003e\u003ccode\u003e7d84a12\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5005\"\u003e#5005\u003c/a\u003e from cyphar/1.4-hallucinated-paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c362d6bd2107bc8ae25f88e93b31fe85c8222b81\"\u003e\u003ccode\u003ec362d6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5040\"\u003e#5040\u003c/a\u003e from cyphar/1.4-better-init-errors-4928\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/f1d0dd8fb36abf4ad5e8502bca7f18d921560790\"\u003e\u003ccode\u003ef1d0dd8\u003c/code\u003e\u003c/a\u003e runc create/run/exec: show fatal errors from init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/46156624b77fd995e6fc45df097aa94a6b8be5c2\"\u003e\u003ccode\u003e4615662\u003c/code\u003e\u003c/a\u003e libct/nsenter: better read/write errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c4a61c0227580d730b887788f6a9c5d09238ed64\"\u003e\u003ccode\u003ec4a61c0\u003c/code\u003e\u003c/a\u003e libct/nsenter: sprinkle missing sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/493f1b10fea838dc01ab5f99e4fc3ca6a236c8b6\"\u003e\u003ccode\u003e493f1b1\u003c/code\u003e\u003c/a\u003e libct/nsenter: add and use bailx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/7f9fc53c34ead1880c839da432130a3d0bb96d25\"\u003e\u003ccode\u003e7f9fc53\u003c/code\u003e\u003c/a\u003e libct/nsenter: save errno in sane_kill\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e18c06bf8ee87ac6472d03ed2e28d8a9077f978f\"\u003e\u003ccode\u003ee18c06b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5041\"\u003e#5041\u003c/a\u003e from lifubang/backport-5014-fd-leaks-flake-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5bb89872f8d3cb6e58268e16644f8ca2d8ade2cf\"\u003e\u003ccode\u003e5bb8987\u003c/code\u003e\u003c/a\u003e libct/int: TestFdLeaks: deflake\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.12.0 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003cp\u003eThis release includes a minor update to reduce the minimum version\nrequirement of the \u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e package from\nv0.6.0 to v0.5.1. We did not use any of the newer features, so\ndowngrading is a no-op but will help with downstreams that need to\nbackport \u003ccode\u003egithub.com/opencontainers/selinux\u003c/code\u003e updates.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/240\"\u003eopencontainers/selinux#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edowngrade github.com/cyphar/filepath-securejoin to v0.5.1 by \u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Luap99\"\u003e\u003ccode\u003e@​Luap99\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/242\"\u003eopencontainers/selinux#242\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to golangci-lint v2 by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/230\"\u003eopencontainers/selinux#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/233\"\u003eopencontainers/selinux#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/234\"\u003eopencontainers/selinux#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekeyring: fix typo in EACCES check by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/235\"\u003eopencontainers/selinux#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Go 1.25, drop go 1.23, bump golangci-lint by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/236\"\u003eopencontainers/selinux#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eselinux: migrate to pathrs-lite procfs API by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/237\"\u003eopencontainers/selinux#237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/5647f06491288afa5ea45747896b359f51f7c509\"\u003e\u003ccode\u003e5647f06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/242\"\u003e#242\u003c/a\u003e from Luap99/securejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/69a52b85c9831ced6f3f512822063bff5eb41dac\"\u003e\u003ccode\u003e69a52b8\u003c/code\u003e\u003c/a\u003e downgrade github.com/cyphar/filepath-securejoin to v0.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/6950c322825bbede8032e70fbac550c497a49943\"\u003e\u003ccode\u003e6950c32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/240\"\u003e#240\u003c/a\u003e from opencontainers/dependabot/github_actions/golangc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9a88c886b3ca4f6e016057eab6f2770aff9c2024\"\u003e\u003ccode\u003e9a88c88\u003c/code\u003e\u003c/a\u003e build(deps): bump golangci/golangci-lint-action from 8 to 9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/4be9937fb76c0c49a30469135a4077fcc33712b8\"\u003e\u003ccode\u003e4be9937\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/237\"\u003e#237\u003c/a\u003e from cyphar/selinux-safe-procfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8cfa6fd2d285a96022203163c2075eda85bff54\"\u003e\u003ccode\u003ec8cfa6f\u003c/code\u003e\u003c/a\u003e selinux: migrate to pathrs-lite procfs API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/f2424d8145e2ac45a0ec457e39758cd58e573285\"\u003e\u003ccode\u003ef2424d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/236\"\u003e#236\u003c/a\u003e from kolyshkin/modernize-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/648ce7f0f85f4a310d1cd7317986fc1d6c8ff41c\"\u003e\u003ccode\u003e648ce7f\u003c/code\u003e\u003c/a\u003e ci: add go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/916cab932c940e0fc55f0c8404d503665160dd9c\"\u003e\u003ccode\u003e916cab9\u003c/code\u003e\u003c/a\u003e ci: bump golangci-lint to v2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/b42e5c8eff8eab7ee590cc61d78fd3e2d38e3309\"\u003e\u003ccode\u003eb42e5c8\u003c/code\u003e\u003c/a\u003e all: format sources with latest gofumpt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Align URL validation with Go 1.26+ to now reject target URLs with unbracketed colons in the hostname. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003exds/resolver:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to weighted round robin metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.36.10 to 1.36.11\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cri-o/cri-o/pull/9698","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9698","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9698/packages"}},{"old_version":"0.6.0","new_version":"0.6.1","update_type":"patch","path":null,"pr_created_at":"2026-01-06T14:01:49.000Z","version_change":"0.6.0 → 0.6.1","issue":{"uuid":"3785252635","node_id":"PR_kwDODz9-J867ujip","number":1564,"state":"closed","title":"Bump the go-deps group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-01-22T11:58:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-01-06T14:01:49.000Z","updated_at":"2026-01-22T11:58:23.000Z","time_to_close":1374993,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go-deps","update_count":7,"packages":[{"name":"filippo.io/age","old_version":"1.2.1","new_version":"1.3.1","repository_url":"https://github.com/FiloSottile/age"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.6.0","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/fluxcd/cli-utils","old_version":"0.36.0-flux.15","new_version":"0.37.0-flux.1","repository_url":"https://github.com/fluxcd/cli-utils"},{"name":"github.com/fluxcd/pkg/auth","old_version":"0.33.0","new_version":"0.34.0","repository_url":"https://github.com/fluxcd/pkg"},{"name":"github.com/onsi/gomega","old_version":"1.38.2","new_version":"1.38.3","repository_url":"https://github.com/onsi/gomega"},{"name":"golang.org/x/net","old_version":"0.47.0","new_version":"0.48.0","repository_url":"https://github.com/golang/net"},{"name":"golang.org/x/oauth2","old_version":"0.33.0","new_version":"0.34.0","repository_url":"https://github.com/golang/oauth2"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-deps group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [filippo.io/age](https://github.com/FiloSottile/age) | `1.2.1` | `1.3.1` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.6.0` | `0.6.1` |\n| [github.com/fluxcd/cli-utils](https://github.com/fluxcd/cli-utils) | `0.36.0-flux.15` | `0.37.0-flux.1` |\n| [github.com/fluxcd/pkg/auth](https://github.com/fluxcd/pkg) | `0.33.0` | `0.34.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.2` | `1.38.3` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.47.0` | `0.48.0` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.33.0` | `0.34.0` |\n\n\nUpdates `filippo.io/age` from 1.2.1 to 1.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/FiloSottile/age/releases\"\u003efilippo.io/age's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003ev1.3.1 is a minor release to restore version injection from downstream package build processes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/FiloSottile/age/releases/tag/v1.3.0\"\u003ethe v1.3.0 release notes\u003c/a\u003e for an overview of recent additions.\u003c/p\u003e\n\u003ch2\u003eage v1.3.0: post-quantum (and more)!\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eExactly six years after \u003ca href=\"https://github.com/FiloSottile/age/releases/tag/v1.0.0-beta1\"\u003ethe first age beta release\u003c/a\u003e, v1.3.0 brings post-quantum resistance to age, along with a couple long-requested features, built-in support for recipients compatible with hardware plugins, I/O API improvements, and many usability enhancements.\u003c/p\u003e\n\u003ch3\u003ePost-quantum recipients\u003c/h3\u003e\n\u003cp\u003eage now has native post-quantum recipients based on HPKE with a hybrid ML-KEM-768 KEM. The recipients start with \u003ccode\u003eage1pq1...\u003c/code\u003e, and the identities start with \u003ccode\u003eAGE-SECRET-KEY-PQ-1...\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eTo generate a post-quantum keypair:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e$ age-keygen -pq\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eIf you have your own age implementation, C2SP has \u003ca href=\"http://c2sp.org/age#the-mlkem768-x25519-ie-x-wing-hybrid-post-quantum-recipient-type\"\u003ethe specification\u003c/a\u003e, and CCTV has \u003ca href=\"https://github.com/C2SP/CCTV/tree/main/age\"\u003etest vectors\u003c/a\u003e for the new hybrid recipient types.\u003c/p\u003e\n\u003cp\u003e(If you are using an older age client, \u003ca href=\"https://github.com/FiloSottile/age/tree/main/extra/age-plugin-pq\"\u003ean optional plugin\u003c/a\u003e is available that provides out-of-the-box support for encryption to hybrid recipients. Hybrid identities can be converted to work with the plugin with \u003ccode\u003eage-plugin-pq -identity\u003c/code\u003e.)\u003c/p\u003e\n\u003ch3\u003eNew I/O APIs\u003c/h3\u003e\n\u003cp\u003eThe new \u003ca href=\"https://filippo.io/age#DecryptReaderAt\"\u003eDecryptReaderAt\u003c/a\u003e API implements seeking decryption, which can be used with \u003ca href=\"https://pkg.go.dev/archive/zip#NewReader\"\u003ezip.NewReader\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThe new \u003ca href=\"https://filippo.io/age#EncryptReader\"\u003eEncryptReader\u003c/a\u003e API implements pull-based encryption by wrapping an io.Reader, as opposed to wrapping an io.Writer like \u003ca href=\"https://filippo.io/age#Encrypt\"\u003eEncrypt\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eage-inspect\u003c/h3\u003e\n\u003cp\u003eThe new \u003ca href=\"https://htmlpreview.github.io/?https://github.com/FiloSottile/age/blob/main/doc/age-inspect.1.html\"\u003eage-inspect(1) tool\u003c/a\u003e presents the metadata of an age file without decrypting it.\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ehello.age is an age file, version \u0026quot;age-encryption.org/v1\u0026quot;.\n\u003cp\u003eThis file is ASCII-armored.\u003c/p\u003e\n\u003cp\u003eThis file is encrypted to the following recipient types:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;mlkem768x25519\u0026quot;\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis file uses post-quantum encryption.\u003c/p\u003e\n\u003cp\u003eSize breakdown (assuming it decrypts successfully):\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eHeader                      1627 bytes\nArmor overhead              1350 bytes\nEncryption overhead           32 bytes\nPayload                     1959 bytes\n                    -------------------\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/b8564adb6d58329b8a3e267360ca2b0abc4efe1d\"\u003e\u003ccode\u003eb8564ad\u003c/code\u003e\u003c/a\u003e .github/workflows: inject version into source release artifact\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/e4c611f7788591615ce7aaa3022aef970f8c80ca\"\u003e\u003ccode\u003ee4c611f\u003c/code\u003e\u003c/a\u003e cmd,extra: restore the Version link-time variable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/6a8065f2da1cc3e00a1b4cb39bef5fbdf4c48960\"\u003e\u003ccode\u003e6a8065f\u003c/code\u003e\u003c/a\u003e SIGSUM.md: update policy for v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/50a600eef58908b394750b5136fc825fb0650d0e\"\u003e\u003ccode\u003e50a600e\u003c/code\u003e\u003c/a\u003e .github/workflows: improve release reproducibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/13aab81842ab690a438a36307438fefcbc04d12d\"\u003e\u003ccode\u003e13aab81\u003c/code\u003e\u003c/a\u003e .github/workflows: build and release source tarball\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/52338c20dfda76394fc555026c609bdae4b2b02f\"\u003e\u003ccode\u003e52338c2\u003c/code\u003e\u003c/a\u003e .github/workflows: enable GitHub artifact attestation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/b70af412152535872ee5888c5eac4e8b516b188a\"\u003e\u003ccode\u003eb70af41\u003c/code\u003e\u003c/a\u003e cmd/age: don't output binary plaintext to terminal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/420273952ab2e5a321b984846411e973b8da867f\"\u003e\u003ccode\u003e4202739\u003c/code\u003e\u003c/a\u003e internal/stream: fix DecryptReaderAt concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/da2191789a4db9a68ed5f078aca2ac49d55e7740\"\u003e\u003ccode\u003eda21917\u003c/code\u003e\u003c/a\u003e age: add ExampleDecryptReaderAt with zip.NewReader\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/2ff5d341f60048df811511920737328b55bb54be\"\u003e\u003ccode\u003e2ff5d34\u003c/code\u003e\u003c/a\u003e age: add DecryptReaderAt\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FiloSottile/age/compare/v1.2.1...v1.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.6.0 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.6.0...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/fluxcd/cli-utils` from 0.36.0-flux.15 to 0.37.0-flux.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/aebccc70091575a3bd9aca3513698be58abcd281\"\u003e\u003ccode\u003eaebccc7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/cli-utils/issues/17\"\u003e#17\u003c/a\u003e from mattfarina/1.35-support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/52021630a467da52ed0f0d01e099666245b46ff5\"\u003e\u003ccode\u003e5202163\u003c/code\u003e\u003c/a\u003e Updating golangci-lint for Go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/86f17bb553b584812a236c63b668308fb56170ba\"\u003e\u003ccode\u003e86f17bb\u003c/code\u003e\u003c/a\u003e Upgrade golangci-lint and fix warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/244d65b69ed0020842448723cf9a94e100ca1521\"\u003e\u003ccode\u003e244d65b\u003c/code\u003e\u003c/a\u003e Add k8s 1.35 support\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/cli-utils/compare/v0.36.0-flux.15...v0.37.0-flux.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/fluxcd/pkg/auth` from 0.33.0 to 0.34.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/c866cff616bd964918fb5a00109d132c6f7d3ef6\"\u003e\u003ccode\u003ec866cff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/980\"\u003e#980\u003c/a\u003e from fluxcd/fix-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/72ea7ac97f37f7bf414a31442df9d1270519ca4e\"\u003e\u003ccode\u003e72ea7ac\u003c/code\u003e\u003c/a\u003e github: Remove redundant options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/66a0184e4d194649da36b6249da24f6f469a3773\"\u003e\u003ccode\u003e66a0184\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/979\"\u003e#979\u003c/a\u003e from fluxcd/preview-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/e9a43c60b3cc785248b3fbcd1e51dfa81d63bfdf\"\u003e\u003ccode\u003ee9a43c6\u003c/code\u003e\u003c/a\u003e Add Preview Release workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/6d798f435313c60b254c0361d60eabf86eada463\"\u003e\u003ccode\u003e6d798f4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/960\"\u003e#960\u003c/a\u003e from fluxcd/restconfig\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/8bef64b1663501bbd044205ec131ff6651f41be0\"\u003e\u003ccode\u003e8bef64b\u003c/code\u003e\u003c/a\u003e [RFC-0010] Introduce authentication for clusters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/97cc6ae9e4e1df680bf4b2039c7526773bbfc368\"\u003e\u003ccode\u003e97cc6ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/978\"\u003e#978\u003c/a\u003e from fluxcd/make-sops-secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/e4649aeb4cf821e815819a1a9bb80e47666f9f6a\"\u003e\u003ccode\u003ee4649ae\u003c/code\u003e\u003c/a\u003e runtime/secrets: Add \u003ccode\u003eMakeSOPSSecret\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/5d6f266ea7ce1ee52548fd62349cc4ba53a42d44\"\u003e\u003ccode\u003e5d6f266\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/977\"\u003e#977\u003c/a\u003e from fluxcd/set-secret-gvk\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/5aaefdfd833ffa40fffa5aaff5febd167d233cd5\"\u003e\u003ccode\u003e5aaefdf\u003c/code\u003e\u003c/a\u003e runtime/secrets: Set GVK on generated secrets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fluxcd/pkg/compare/git/v0.33.0...git/v0.34.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.38.2 to 1.38.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.38.3\u003c/h2\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/a3ca2ca026268dc6acfc60a2e8393b33b428c507\"\u003e\u003ccode\u003ea3ca2ca\u003c/code\u003e\u003c/a\u003e v1.38.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/4dada364c7635fffe6b8a6b45a7588dabd64cdf4\"\u003e\u003ccode\u003e4dada36\u003c/code\u003e\u003c/a\u003e fix failing have http tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/d40c6917ce1a2c9299bda4b900b59d80bdefc689\"\u003e\u003ccode\u003ed40c691\u003c/code\u003e\u003c/a\u003e make string formatitng more consistent for users who use format.Object directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/2a37b463cac790e945d16f52c1c13a4e835511a1\"\u003e\u003ccode\u003e2a37b46\u003c/code\u003e\u003c/a\u003e doc: fix typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/ee26170d3a0a21d5702f4164df42eb99c50221d7\"\u003e\u003ccode\u003eee26170\u003c/code\u003e\u003c/a\u003e docs: fix HaveValue example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/cc85c057ff99d6ed21998bd44f5983e42d20df81\"\u003e\u003ccode\u003ecc85c05\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 5 to 6 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/866\"\u003e#866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8905788e27ddae9e222ee6062e25fcf256fdb738\"\u003e\u003ccode\u003e8905788\u003c/code\u003e\u003c/a\u003e Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/865\"\u003e#865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/67552c5961c7c6ca98bfb5c28fedafe8a046b4e7\"\u003e\u003ccode\u003e67552c5\u003c/code\u003e\u003c/a\u003e chore: apply fixes from Go modernize command\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.38.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.47.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/35e1306bddd863f360fb94480c5fed84229953f0\"\u003e\u003ccode\u003e35e1306\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7c360367ab7e57c0cfb7aef368fc6acefaaac3b1\"\u003e\u003ccode\u003e7c36036\u003c/code\u003e\u003c/a\u003e http2, webdav, websocket: fix %q verb uses with wrong type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ec11eccf5a0f725281df0cdf40bb7ebef51d57ea\"\u003e\u003ccode\u003eec11ecc\u003c/code\u003e\u003c/a\u003e trace: fix data race in RenderEvents\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/bff14c52567061031b9761881907c39e24792736\"\u003e\u003ccode\u003ebff14c5\u003c/code\u003e\u003c/a\u003e http2: don't PING a responsive server when resetting a stream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/88a642172c174ab11f4c56f0ede777de3c8a21d4\"\u003e\u003ccode\u003e88a6421\u003c/code\u003e\u003c/a\u003e dns/dnsmessage: avoid use of \u0026quot;strings\u0026quot; and \u0026quot;math\u0026quot; in dns/dnsmessage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/123d099e1bd872b38247bbcf9856540b8420d18d\"\u003e\u003ccode\u003e123d099\u003c/code\u003e\u003c/a\u003e http2: support net/http.Transport.NewClientConn\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/346cc6157ee53301dea14e57a45c22368ab46e55\"\u003e\u003ccode\u003e346cc61\u003c/code\u003e\u003c/a\u003e webdav: relax test to check for any redirect status, not just 301\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/compare/v0.47.0...v0.48.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.33.0 to 0.34.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/acc38155b7f6f36aefcb58faff6f36d314dd915c\"\u003e\u003ccode\u003eacc3815\u003c/code\u003e\u003c/a\u003e endpoints: fix %q verb use with wrong type\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/compare/v0.33.0...v0.34.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/fluxcd/kustomize-controller/pull/1564","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fluxcd%2Fkustomize-controller/issues/1564","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1564/packages"}},{"old_version":"0.6.0","new_version":"0.6.1","update_type":"patch","path":null,"pr_created_at":"2026-01-01T02:04:21.000Z","version_change":"0.6.0 → 0.6.1","issue":{"uuid":"3774017192","node_id":"PR_kwDODxdq0c67K0DN","number":1952,"state":"closed","title":"build(deps): bump the go-deps group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-01-12T14:46:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-01-01T02:04:21.000Z","updated_at":"2026-01-12T14:46:50.000Z","time_to_close":996148,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go-deps","update_count":13,"packages":[{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.6.0","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/fluxcd/cli-utils","old_version":"0.36.0-flux.15","new_version":"0.37.0-flux.1","repository_url":"https://github.com/fluxcd/cli-utils"},{"name":"github.com/fluxcd/pkg/runtime","old_version":"0.90.0","new_version":"0.92.0","repository_url":"https://github.com/fluxcd/pkg"},{"name":"github.com/go-git/go-billy/v5","old_version":"5.6.2","new_version":"5.7.0","repository_url":"https://github.com/go-git/go-billy"},{"name":"github.com/go-git/go-git/v5","old_version":"5.16.3","new_version":"5.16.4","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/minio/minio-go/v7","old_version":"7.0.95","new_version":"7.0.97","repository_url":"https://github.com/minio/minio-go"},{"name":"github.com/onsi/gomega","old_version":"1.38.2","new_version":"1.38.3","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/sigstore/cosign/v2","old_version":"2.5.2","new_version":"2.6.1","repository_url":"https://github.com/sigstore/cosign"},{"name":"golang.org/x/oauth2","old_version":"0.33.0","new_version":"0.34.0","repository_url":"https://github.com/golang/oauth2"},{"name":"golang.org/x/sync","old_version":"0.18.0","new_version":"0.19.0","repository_url":"https://github.com/golang/sync"},{"name":"google.golang.org/api","old_version":"0.256.0","new_version":"0.258.0","repository_url":"https://github.com/googleapis/google-api-go-client"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-deps group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.6.0` | `0.6.1` |\n| [github.com/fluxcd/cli-utils](https://github.com/fluxcd/cli-utils) | `0.36.0-flux.15` | `0.37.0-flux.1` |\n| [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) | `0.90.0` | `0.92.0` |\n| [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.6.2` | `5.7.0` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.3` | `5.16.4` |\n| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.95` | `7.0.97` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.2` | `1.38.3` |\n| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.5.2` | `2.6.1` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.33.0` | `0.34.0` |\n| [golang.org/x/sync](https://github.com/golang/sync) | `0.18.0` | `0.19.0` |\n| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.256.0` | `0.258.0` |\n\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.6.0 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.6.0...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/fluxcd/cli-utils` from 0.36.0-flux.15 to 0.37.0-flux.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/aebccc70091575a3bd9aca3513698be58abcd281\"\u003e\u003ccode\u003eaebccc7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/cli-utils/issues/17\"\u003e#17\u003c/a\u003e from mattfarina/1.35-support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/52021630a467da52ed0f0d01e099666245b46ff5\"\u003e\u003ccode\u003e5202163\u003c/code\u003e\u003c/a\u003e Updating golangci-lint for Go 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/86f17bb553b584812a236c63b668308fb56170ba\"\u003e\u003ccode\u003e86f17bb\u003c/code\u003e\u003c/a\u003e Upgrade golangci-lint and fix warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/cli-utils/commit/244d65b69ed0020842448723cf9a94e100ca1521\"\u003e\u003ccode\u003e244d65b\u003c/code\u003e\u003c/a\u003e Add k8s 1.35 support\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/cli-utils/compare/v0.36.0-flux.15...v0.37.0-flux.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/fluxcd/pkg/runtime` from 0.90.0 to 0.92.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/cac55028ec9b367d40381b50f75d7bd26abc36cc\"\u003e\u003ccode\u003ecac5502\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/1054\"\u003e#1054\u003c/a\u003e from cappyzawa/proxy-url-validation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/e4755cafec3190a9c67fc5c98877766c6d966718\"\u003e\u003ccode\u003ee4755ca\u003c/code\u003e\u003c/a\u003e Prepare for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/8a1b9500e3e046bb329207c5814a2c92362ff106\"\u003e\u003ccode\u003e8a1b950\u003c/code\u003e\u003c/a\u003e runtime/secrets: validate proxy URL scheme and length\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/c346f722d59779ceacf5c23eebdc34e1f60bc385\"\u003e\u003ccode\u003ec346f72\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/1052\"\u003e#1052\u003c/a\u003e from fluxcd/dependabot/github_actions/ci-5da62fd8be\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/1f716aff7f99e157a866475e70dc1e2d3cc28544\"\u003e\u003ccode\u003e1f716af\u003c/code\u003e\u003c/a\u003e build(deps): bump the ci group across 1 directory with 6 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/6c31cd0161c345ed8f990596e3183417fc2152d7\"\u003e\u003ccode\u003e6c31cd0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/pkg/issues/1051\"\u003e#1051\u003c/a\u003e from fluxcd/gate-watch-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/42a3f1b17d6a8f020702902cf75906d6e922dc4a\"\u003e\u003ccode\u003e42a3f1b\u003c/code\u003e\u003c/a\u003e Prepare for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/pkg/commit/1449666797ba6754a146dc2fbd64a2bc8ddfb59c\"\u003e\u003ccode\u003e1449666\u003c/code\u003e\u003c/a\u003e runtime/controller: add feature gate for config watchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/pkg/compare/runtime/v0.90.0...runtime/v0.92.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-git/go-billy/v5` from 5.6.2 to 5.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-git/go-billy/releases\"\u003egithub.com/go-git/go-billy/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.7.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Chmod on billy.Filesystem by \u003ca href=\"https://github.com/bitfehler\"\u003e\u003ccode\u003e@​bitfehler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-billy/pull/171\"\u003ego-git/go-billy#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-billy/pull/177\"\u003ego-git/go-billy#177\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0\"\u003ehttps://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-billy/commit/cc50ee75c06c917f097a7ea5f1e3cbb21b7b8e0a\"\u003e\u003ccode\u003ecc50ee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-billy/issues/177\"\u003e#177\u003c/a\u003e from go-git/renovate/releases/v5.x-go-golang.org-x-ne...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-billy/commit/c3a90034ee126d2f28feaf9cd8e241a70e19a51b\"\u003e\u003ccode\u003ec3a9003\u003c/code\u003e\u003c/a\u003e build: Update module golang.org/x/net to v0.38.0 [SECURITY]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-billy/commit/9263834eec5f778f6991567928e9c4bcfab2c78f\"\u003e\u003ccode\u003e9263834\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-billy/issues/171\"\u003e#171\u003c/a\u003e from bitfehler/releases/v5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-billy/commit/94b84fc5c88ca2d2c1e07bd4e4260dee80575ec7\"\u003e\u003ccode\u003e94b84fc\u003c/code\u003e\u003c/a\u003e Add support for Chmod on billy.Filesystem\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-git/go-git/v5` from 5.16.3 to 5.16.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-git/go-git/releases\"\u003egithub.com/go-git/go-git/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.16.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebackport plumbing: format/idxfile, prevent panic by \u003ca href=\"https://github.com/swills\"\u003e\u003ccode\u003e@​swills\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1732\"\u003ego-git/go-git#1732\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[backport] build: test, Fix build on Windows. by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1734\"\u003ego-git/go-git#1734\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1742\"\u003ego-git/go-git#1742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1741\"\u003ego-git/go-git#1741\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1743\"\u003ego-git/go-git#1743\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.16.3...v5.16.4\"\u003ehttps://github.com/go-git/go-git/compare/v5.16.3...v5.16.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/de8ecc3b52e6a37b24a5a8ca362b54cafed2bc0b\"\u003e\u003ccode\u003ede8ecc3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1743\"\u003e#1743\u003c/a\u003e from go-git/renovate/releases/v5.x-go-github.com-go-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/3e752f043d07fd7f34edb6818b187c0267a5c762\"\u003e\u003ccode\u003e3e752f0\u003c/code\u003e\u003c/a\u003e build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/3a317549e0ca40927f062a3d53873ecc36a810c1\"\u003e\u003ccode\u003e3a31754\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1741\"\u003e#1741\u003c/a\u003e from go-git/renovate/releases/v5.x-go-github.com-clo...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/acc28f117fb304f9197601cf0230ef8d263258a6\"\u003e\u003ccode\u003eacc28f1\u003c/code\u003e\u003c/a\u003e build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/95f388043ec1dd955327cec8b3b4b566a6e356ee\"\u003e\u003ccode\u003e95f3880\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1742\"\u003e#1742\u003c/a\u003e from go-git/renovate/releases/v5.x-go-golang.org-x-n...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/329f9266ae5d8ca6cb58ce3206004165090bd3cc\"\u003e\u003ccode\u003e329f926\u003c/code\u003e\u003c/a\u003e build: Update module golang.org/x/net to v0.38.0 [SECURITY]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/399e04beb0b3284c5cb0d2bf684bb430c6612146\"\u003e\u003ccode\u003e399e04b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1734\"\u003e#1734\u003c/a\u003e from pjbgf/fix-ci\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/2025eae3aed7eeb0659893c069f918155c6b8b78\"\u003e\u003ccode\u003e2025eae\u003c/code\u003e\u003c/a\u003e build: test, Fix build on Windows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/fb6806f2711e17db162623faa01b1fb25c4dbfcc\"\u003e\u003ccode\u003efb6806f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1732\"\u003e#1732\u003c/a\u003e from swills/find-hash-panic-fix-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/382530f513390f06a5271148b3e133eaa8ebf725\"\u003e\u003ccode\u003e382530f\u003c/code\u003e\u003c/a\u003e plumbing: format/idxfile, prevent panic\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-git/go-git/compare/v5.16.3...v5.16.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/minio/minio-go/v7` from 7.0.95 to 7.0.97\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/83bf4e2234fb4166e94000b5e718919cec4c2059\"\u003e\u003ccode\u003e83bf4e2\u003c/code\u003e\u003c/a\u003e Wrap brackets only for  IPv6 address (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2176\"\u003e#2176\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/f14663fdc9cddaee5dad20b0f14aae7a37ca0a1e\"\u003e\u003ccode\u003ef14663f\u003c/code\u003e\u003c/a\u003e fix: putObjectMultipartStreamFromReadAt goroutine leak (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2170\"\u003e#2170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/6217ce28dccaffe70d7153678ab5b971f21b16ae\"\u003e\u003ccode\u003e6217ce2\u003c/code\u003e\u003c/a\u003e Add ConfigName option to LDAP STS request (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/9207380c711f31fb534e9f3b389e7f8ee3622fac\"\u003e\u003ccode\u003e9207380\u003c/code\u003e\u003c/a\u003e removed NodeHostname from InventoryJobStatus (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2172\"\u003e#2172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/785b638cc4afc979cb92a1358f172d05d32a18bf\"\u003e\u003ccode\u003e785b638\u003c/code\u003e\u003c/a\u003e update InventoryJobStatus field ExecutionTime from time.Duration to string (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/a5f6380cfb157b1f8550c15868544ce0be0b7540\"\u003e\u003ccode\u003ea5f6380\u003c/code\u003e\u003c/a\u003e Added fields to InventoryJobStatus (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2168\"\u003e#2168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/f4c4350a79636314092251ec5cdd22fff5a0934d\"\u003e\u003ccode\u003ef4c4350\u003c/code\u003e\u003c/a\u003e update all missing docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/af6dc51d5ed03b62d41989625d28fd9c9605f621\"\u003e\u003ccode\u003eaf6dc51\u003c/code\u003e\u003c/a\u003e feat: add error reporting fields to InventoryJobStatus (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2164\"\u003e#2164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/ec35de6b33f8d367cbf2b5274ea130bb63f488bf\"\u003e\u003ccode\u003eec35de6\u003c/code\u003e\u003c/a\u003e Add QOS API's (\u003ca href=\"https://redirect.github.com/minio/minio-go/issues/2148\"\u003e#2148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minio/minio-go/commit/ec103a716e57a991d030c5314b2a8b23becc5ee9\"\u003e\u003ccode\u003eec103a7\u003c/code\u003e\u003c/a\u003e add AGENTS.md and also updated API documentation\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/minio/minio-go/compare/v7.0.95...v7.0.97\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.38.2 to 1.38.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.38.3\u003c/h2\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/a3ca2ca026268dc6acfc60a2e8393b33b428c507\"\u003e\u003ccode\u003ea3ca2ca\u003c/code\u003e\u003c/a\u003e v1.38.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/4dada364c7635fffe6b8a6b45a7588dabd64cdf4\"\u003e\u003ccode\u003e4dada36\u003c/code\u003e\u003c/a\u003e fix failing have http tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/d40c6917ce1a2c9299bda4b900b59d80bdefc689\"\u003e\u003ccode\u003ed40c691\u003c/code\u003e\u003c/a\u003e make string formatitng more consistent for users who use format.Object directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/2a37b463cac790e945d16f52c1c13a4e835511a1\"\u003e\u003ccode\u003e2a37b46\u003c/code\u003e\u003c/a\u003e doc: fix typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/ee26170d3a0a21d5702f4164df42eb99c50221d7\"\u003e\u003ccode\u003eee26170\u003c/code\u003e\u003c/a\u003e docs: fix HaveValue example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/cc85c057ff99d6ed21998bd44f5983e42d20df81\"\u003e\u003ccode\u003ecc85c05\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 5 to 6 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/866\"\u003e#866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8905788e27ddae9e222ee6062e25fcf256fdb738\"\u003e\u003ccode\u003e8905788\u003c/code\u003e\u003c/a\u003e Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/865\"\u003e#865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/67552c5961c7c6ca98bfb5c28fedafe8a046b4e7\"\u003e\u003ccode\u003e67552c5\u003c/code\u003e\u003c/a\u003e chore: apply fixes from Go modernize command\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.38.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sigstore/cosign/v2` from 2.5.2 to 2.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign/releases\"\u003egithub.com/sigstore/cosign/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e634fabe54f9fbbab55d821a83ba93b2d25bdba5f Bump sigstore-go, move conformance back to tagged release\u003c/li\u003e\n\u003cli\u003ec5545eda23d770180880c245bf0d8f78c354ecc4 Partially populate the output of cosign verify when working with new bundles (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4416\"\u003e#4416\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee191024a636883b4e6b7de8db2f5cfb85a1fcd0c bump go builder to use 1.25.1 and cosign (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4417\"\u003e#4417\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eThanks to all contributors!\u003c/h3\u003e\n\u003cp\u003ev2.6.0 introduces a number of new features, including:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSigning an in-toto statement rather than Cosign constructing one from a predicate, along with verifying a statement's subject using a digest and digest algorithm rather than providing a file reference (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4306\"\u003e#4306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUploading a signature and its verification material (a \u003ca href=\"https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto\"\u003e\u0026quot;bundle\u0026quot;\u003c/a\u003e) as an OCI Image 1.1 referring artifact, completing \u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/3927\"\u003e#3927\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProviding service URLs for signing and attesting using a \u003ca href=\"https://github.com/sigstore/protobuf-specs/blob/4df5baadcdb582a70c2bc032e042c0a218eb3841/protos/sigstore_trustroot.proto#L185\"\u003eSigningConfig\u003c/a\u003e. Note that this is required when using a \u003ca href=\"https://github.com/sigstore/rekor-tiles\"\u003eRekor v2\u003c/a\u003e instance (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4319\"\u003e#4319\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eExample generation and verification of a signed in-toto statement:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign attest-blob --new-bundle-format=true --bundle=\u0026quot;digest-key-test.sigstore.json\u0026quot; --key=\u0026quot;cosign.key\u0026quot; --statement=\u0026quot;../sigstore-go/examples/sigstore-go-signing/intoto.txt\u0026quot;\ncosign verify-blob-attestation --bundle=\u0026quot;digest-key-test.sigstore.json\u0026quot; --key=cosign.pub --type=unused --digest=\u0026quot;b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9\u0026quot; --digestAlg=\u0026quot;sha256\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eExample container signing and verification using the new bundle format and referring artifacts:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign sign --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733\ncosign verify --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eExample usage of a signing config provided by the public good instance's TUF repository:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign sign-blob --use-signing-config --bundle sigstore.json README.md\ncosign verify-blob --new-bundle-format --bundle sigstore.json --certificate-identity $EMAIL --certificate-oidc-issuer $ISSUER --use-signed-timestamps README.md\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ev2.6.0 leverages sigstore-go's signing and verification APIs gated behind these new flags. In an upcoming major release, we will be\nupdating Cosign to default to producing and consuming bundles to align with all other Sigstore SDKs.\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd to \u003ccode\u003eattest-blob\u003c/code\u003e the ability to supply a complete in-toto statement, and add to \u003ccode\u003everify-blob-attestation\u003c/code\u003e the ability to verify with just a digest (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4306\"\u003e#4306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHave cosign sign support bundle format (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for SigningConfig for sign-blob/attest-blob, support Rekor v2 (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4319\"\u003e#4319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for SigningConfig in sign/attest (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4371\"\u003e#4371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport self-managed keys when signing with sigstore-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4368\"\u003e#4368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't require timestamps when verifying with a key (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4337\"\u003e#4337\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't load content from TUF if trusted root path is specified (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4347\"\u003e#4347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a terminal spinner while signing with sigstore-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4402\"\u003e#4402\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign/blob/main/CHANGELOG.md\"\u003egithub.com/sigstore/cosign/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev2.6.1\u003c/h1\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePartially populate the output of cosign verify when working with new bundles (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4416\"\u003e#4416\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump sigstore-go, move conformance back to tagged release (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4426\"\u003e#4426\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev2.6.0\u003c/h1\u003e\n\u003cp\u003ev2.6.0 introduces a number of new features, including:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSigning an in-toto statement rather than Cosign constructing one from a predicate, along with verifying a statement's subject using a digest and digest algorithm rather than providing a file reference (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4306\"\u003e#4306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUploading a signature and its verification material (a \u003ca href=\"https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto\"\u003e\u0026quot;bundle\u0026quot;\u003c/a\u003e) as an OCI Image 1.1 referring artifact, completing \u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/3927\"\u003e#3927\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProviding service URLs for signing and attesting using a \u003ca href=\"https://github.com/sigstore/protobuf-specs/blob/4df5baadcdb582a70c2bc032e042c0a218eb3841/protos/sigstore_trustroot.proto#L185\"\u003eSigningConfig\u003c/a\u003e. Note that this is required when using a \u003ca href=\"https://github.com/sigstore/rekor-tiles\"\u003eRekor v2\u003c/a\u003e instance (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4319\"\u003e#4319\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eExample generation and verification of a signed in-toto statement:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign attest-blob --new-bundle-format=true --bundle=\u0026quot;digest-key-test.sigstore.json\u0026quot; --key=\u0026quot;cosign.key\u0026quot; --statement=\u0026quot;../sigstore-go/examples/sigstore-go-signing/intoto.txt\u0026quot;\ncosign verify-blob-attestation --bundle=\u0026quot;digest-key-test.sigstore.json\u0026quot; --key=cosign.pub --type=unused --digest=\u0026quot;b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9\u0026quot; --digestAlg=\u0026quot;sha256\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eExample container signing and verification using the new bundle format and referring artifacts:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign sign --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733\ncosign verify --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eExample usage of a signing config provided by the public good instance's TUF repository:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecosign sign-blob --use-signing-config --bundle sigstore.json README.md\ncosign verify-blob --new-bundle-format --bundle sigstore.json --certificate-identity $EMAIL --certificate-oidc-issuer $ISSUER --use-signed-timestamps README.md\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ev2.6.0 leverages sigstore-go's signing and verification APIs gated behind these new flags. In an upcoming major release, we will be\nupdating Cosign to default to producing and consuming bundles to align with all other Sigstore SDKs.\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd to \u003ccode\u003eattest-blob\u003c/code\u003e the ability to supply a complete in-toto statement, and add to \u003ccode\u003everify-blob-attestation\u003c/code\u003e the ability to verify with just a digest (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4306\"\u003e#4306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHave cosign sign support bundle format (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for SigningConfig for sign-blob/attest-blob, support Rekor v2 (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4319\"\u003e#4319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for SigningConfig in sign/attest (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4371\"\u003e#4371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport self-managed keys when signing with sigstore-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4368\"\u003e#4368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't require timestamps when verifying with a key (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4337\"\u003e#4337\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't load content from TUF if trusted root path is specified (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4347\"\u003e#4347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a terminal spinner while signing with sigstore-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4402\"\u003e#4402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire exclusively a SigningConfig or service URLs when signing (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4403\"\u003e#4403\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/634fabe54f9fbbab55d821a83ba93b2d25bdba5f\"\u003e\u003ccode\u003e634fabe\u003c/code\u003e\u003c/a\u003e Bump sigstore-go, move conformance back to tagged release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/c5545eda23d770180880c245bf0d8f78c354ecc4\"\u003e\u003ccode\u003ec5545ed\u003c/code\u003e\u003c/a\u003e Partially populate the output of cosign verify when working with new bundles ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/e191024a636883b4e6b7de8db2f5cfb85a1fcd0c\"\u003e\u003ccode\u003ee191024\u003c/code\u003e\u003c/a\u003e bump go builder to use 1.25.1 and cosign (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4417\"\u003e#4417\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/37fbfc7018fb4d60a9a2c9175bd64c75dda5869a\"\u003e\u003ccode\u003e37fbfc7\u003c/code\u003e\u003c/a\u003e Require exclusively a SigningConfig or service URLs when signing (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4403\"\u003e#4403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/b1acaeb92cc9e6a2a35f8d1a8f0a58c482914025\"\u003e\u003ccode\u003eb1acaeb\u003c/code\u003e\u003c/a\u003e Add a terminal spinner while signing with sigstore-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4402\"\u003e#4402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/2581dfd2bf9572f9b662367c6180434de46b358a\"\u003e\u003ccode\u003e2581dfd\u003c/code\u003e\u003c/a\u003e chore(deps): bump the gomod group across 1 directory with 8 updates (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4401\"\u003e#4401\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/11163ae7d806cb13f2563ef837ce1c985ac788d3\"\u003e\u003ccode\u003e11163ae\u003c/code\u003e\u003c/a\u003e Bump sigstore-go, support alternative hash algorithms with keys (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4386\"\u003e#4386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/153df46c9ee93f73eba5a3b6379717d439ec2a37\"\u003e\u003ccode\u003e153df46\u003c/code\u003e\u003c/a\u003e chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.42.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4391\"\u003e#4391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/1a1ee13ce9edfb98dc50693f6f7efcc16dc35822\"\u003e\u003ccode\u003e1a1ee13\u003c/code\u003e\u003c/a\u003e chore(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4393\"\u003e#4393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign/commit/8c7c09d4b1c9af9326f7f73f5da34d144bdbe323\"\u003e\u003ccode\u003e8c7c09d\u003c/code\u003e\u003c/a\u003e chore(deps): bump gitlab.com/gitlab-org/api/client-go (\u003ca href=\"https://redirect.github.com/sigstore/cosign/issues/4394\"\u003e#4394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sigstore/cosign/compare/v2.5.2...v2.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sigstore/sigstore` from 1.9.5 to 1.9.6-0.20250729224751-181c5d3339b3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sigstore/sigstore/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.44.0 to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/compare/v0.44.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.33.0 to 0.34.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/acc38155b7f6f36aefcb58faff6f36d314dd915c\"\u003e\u003ccode\u003eacc3815\u003c/code\u003e\u003c/a\u003e endpoints: fix %q verb use with wrong type\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/compare/v0.33.0...v0.34.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sync` from 0.18.0 to 0.19.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sync/commit/2a180e22fddcc336475e72aa950be958c1b68d33\"\u003e\u003ccode\u003e2a180e2\u003c/code\u003e\u003c/a\u003e errgroup: use consistent read for SetLimit panic\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sync/compare/v0.18.0...v0.19.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/api` from 0.256.0 to 0.258.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-api-go-client/releases\"\u003egoogle.golang.org/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.258.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0\"\u003e0.258.0\u003c/a\u003e (2025-12-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3392\"\u003e#3392\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee\"\u003edb6e653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3394\"\u003e#3394\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b\"\u003e7a9ae94\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3395\"\u003e#3395\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18\"\u003edd93f67\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3396\"\u003e#3396\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041\"\u003e302ad5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3398\"\u003e#3398\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246\"\u003e5dfcd09\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3401\"\u003e#3401\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294\"\u003ecd3e656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3402\"\u003e#3402\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1\"\u003e9e6446a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3404\"\u003e#3404\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee\"\u003e453c04a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3406\"\u003e#3406\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918\"\u003eaf03509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3407\"\u003e#3407\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170\"\u003e41e2f8f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3408\"\u003e#3408\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c\"\u003eba64741\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3409\"\u003e#3409\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367\"\u003e5d17056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3410\"\u003e#3410\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a\"\u003e90b301b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoption:\u003c/strong\u003e Deprecate unsafe credentials JSON loading options (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3356\"\u003e#3356\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f\"\u003ea5426fa\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.257.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.256.0...v0.257.0\"\u003e0.257.0\u003c/a\u003e (2025-12-02)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3376\"\u003e#3376\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/b0c07d2f5cc4aa2cf974c2938508626f8430855e\"\u003eb0c07d2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3380\"\u003e#3380\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/47fcc39088f806c4202ca47159416ce99a0a0c72\"\u003e47fcc39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3381\"\u003e#3381\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/cf5cf20d07fac3acc66c1f9ade705bb99701519a\"\u003ecf5cf20\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3382\"\u003e#3382\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/2931d4b217c6934f85bdc378ebbbbe4fa54db96d\"\u003e2931d4b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3383\"\u003e#3383\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/446402e7d6aedbe169505c07aafcf45e96563a8e\"\u003e446402e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3384\"\u003e#3384\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/d82a5d02f83b3455f747cbb1fb14930703dad60e\"\u003ed82a5d0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3386\"\u003e#3386\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/6a0b46d49312d528dab4dce8daee48866f38ba25\"\u003e6a0b46d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3387\"\u003e#3387\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/f3dc8f4bd57ade8c6ffb37cda8d55289228ebcd1\"\u003ef3dc8f4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3388\"\u003e#3388\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e3ca7fd5738afd1a8aa046431ef005c48e701358\"\u003ee3ca7fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3389\"\u003e#3389\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/b78dd96b2c603926daca6c30baae9c4843bf5664\"\u003eb78dd96\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md\"\u003egoogle.golang.org/api's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0\"\u003e0.258.0\u003c/a\u003e (2025-12-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3392\"\u003e#3392\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee\"\u003edb6e653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3394\"\u003e#3394\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b\"\u003e7a9ae94\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3395\"\u003e#3395\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18\"\u003edd93f67\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3396\"\u003e#3396\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041\"\u003e302ad5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3398\"\u003e#3398\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246\"\u003e5dfcd09\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3401\"\u003e#3401\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294\"\u003ecd3e656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3402\"\u003e#3402\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1\"\u003e9e6446a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3404\"\u003e#3404\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee\"\u003e453c04a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3406\"\u003e#3406\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918\"\u003eaf03509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3407\"\u003e#3407\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170\"\u003e41e2f8f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3408\"\u003e#3408\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c\"\u003eba64741\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3409\"\u003e#3409\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367\"\u003e5d17056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3410\"\u003e#3410\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a\"\u003e90b301b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoption:\u003c/strong\u003e Deprecate unsafe credentials JSON loading options (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3356\"\u003e#3356\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f\"\u003ea5426fa\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.256.0...v0.257.0\"\u003e0.257.0\u003c/a\u003e (2025-12-02)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3376\"\u003e#3376\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/b0c07d2f5cc4aa2cf974c2938508626f8430855e\"\u003eb0c07d2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3380\"\u003e#3380\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/47fcc39088f806c4202ca47159416ce99a0a0c72\"\u003e47fcc39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3381\"\u003e#3381\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/cf5cf20d07fac3acc66c1f9ade705bb99701519a\"\u003ecf5cf20\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3382\"\u003e#3382\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/2931d4b217c6934f85bdc378ebbbbe4fa54db96d\"\u003e2931d4b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3383\"\u003e#3383\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/446402e7d6aedbe169505c07aafcf45e96563a8e\"\u003e446402e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3384\"\u003e#3384\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/d82a5d02f83b3455f747cbb1fb14930703dad60e\"\u003ed82a5d0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3386\"\u003e#3386\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/6a0b46d49312d528dab4dce8daee48866f38ba25\"\u003e6a0b46d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3387\"\u003e#3387\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/f3dc8f4bd57ade8c6ffb37cda8d55289228ebcd1\"\u003ef3dc8f4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3388\"\u003e#3388\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e3ca7fd5738afd1a8aa046431ef005c48e701358\"\u003ee3ca7fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3389\"\u003e#3389\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/b78dd96b2c603926daca6c30baae9c4843bf5664\"\u003eb78dd96\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8fbb157241ba8949d2072c101538aad33e56a596\"\u003e\u003ccode\u003e8fbb157\u003c/code\u003e\u003c/a\u003e chore(main): release 0.258.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3393\"\u003e#3393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a\"\u003e\u003ccode\u003e90b301b\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3410\"\u003e#3410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/046fc2c59a898d6012622d3a5e21918853f2914e\"\u003e\u003ccode\u003e046fc2c\u003c/code\u003e\u003c/a\u003e chore(all): update all (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3397\"\u003e#3397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367\"\u003e\u003ccode\u003e5d17056\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3409\"\u003e#3409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c\"\u003e\u003ccode\u003eba64741\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3408\"\u003e#3408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170\"\u003e\u003ccode\u003e41e2f8f\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3407\"\u003e#3407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918\"\u003e\u003ccode\u003eaf03509\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3406\"\u003e#3406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f\"\u003e\u003ccode\u003ea5426fa\u003c/code\u003e\u003c/a\u003e feat(option): Deprecate unsafe credentials JSON loading options (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3356\"\u003e#3356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee\"\u003e\u003ccode\u003e453c04a\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3404\"\u003e#3404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1\"\u003e\u003ccode\u003e9e6446a\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3402\"\u003e#3402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.256.0...v0.258.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/fluxcd/source-controller/pull/1952","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fluxcd%2Fsource-controller/issues/1952","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1952/packages"}},{"old_version":"0.5.1","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2025-12-24T05:15:44.000Z","version_change":"0.5.1 → 0.6.1","issue":{"uuid":"3759252615","node_id":"PR_kwDOGZIwWs66bNuj","number":459,"state":"open","title":"chore(deps): Bump the production-dependencies group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dco-signoff: yes","release-note-none","size/XXL"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2025-12-24T05:15:44.000Z","updated_at":"2025-12-24T05:15:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"production-dependencies","update_count":3,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.5.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"google.golang.org/grpc","old_version":"1.77.0","new_version":"1.78.0","repository_url":"https://github.com/grpc/grpc-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the production-dependencies group with 3 updates in the / directory: [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml), [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cyphar/filepath-securejoin` from 0.5.1 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/releases\"\u003egithub.com/cyphar/filepath-securejoin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.0 -- \u0026quot;By the Power of Greyskull!\u0026quot;\u003c/h2\u003e\n\u003cp\u003eWhile quite small code-wise, this release marks a very key point in the\ndevelopment of filepath-securejoin.\u003c/p\u003e\n\u003cp\u003efilepath-securejoin was originally intended (back in 2017) to simply be a\nsingle-purpose library that would take some common code used in container\nruntimes (specifically, Docker's \u003ccode\u003eFollowSymlinksInScope\u003c/code\u003e) and make it more\ngeneral-purpose (with the eventual goals of it ending up in the Go stdlib).\u003c/p\u003e\n\u003cp\u003eOf course, I quickly discovered that this problem was actually far more\ncomplicated to solve when dealing with racing attackers, which lead to me\ndeveloping \u003ccode\u003eopenat2(2)\u003c/code\u003e and \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e. I had originally planned for\nlibpathrs to completely replace filepath-securejoin \u0026quot;once it was ready\u0026quot; but in\nthe interim we needed to fix several race attacks in runc as part of security\nadvisories. Obviously we couldn't require the usage of a pre-0.1 Rust library\nin runc so it was necessary to port bits of libpathrs into filepath-securejoin.\n(Ironically the first prototypes of libpathrs were originally written in Go and\nthen rewritten to Rust, so the code in filepath-securejoin is actually Go code\nthat was rewritten to Rust then re-rewritten to Go.)\u003c/p\u003e\n\u003cp\u003eIt then became clear that pure-Go libraries will likely not be willing to\nrequire CGo for all of their builds, so it was necessary to accept that\nfilepath-securejoin will need to stay. As such, in v0.5.0 we provided more\npure-Go implementations of features from libpathrs but moved them into\n\u003ccode\u003epathrs-lite\u003c/code\u003e subpackage to clarify what purpose these helpers serve.\u003c/p\u003e\n\u003cp\u003eThis release finally closes the loop and makes it so that pathrs-lite can\ntransparently use libpathrs (via a \u003ccode\u003elibpathrs\u003c/code\u003e build-tag). This means that\nupstream libraries can use the pure Go version if they prefer, but downstreams\n(either downstream library users or even downstream distributions) are able to\nmigrate to libpathrs for all usages of pathrs-lite in an entire Go binary.\u003c/p\u003e\n\u003cp\u003eI should make it clear that I do not plan to port the rest of libpathrs to Go,\nas I do not wish to maintain two copies of the same codebase. pathrs-lite\nalready provides the core essentials necessary to operate on paths safely for\nmost modern systems. Users who want additional hardening or more ergonomic APIs\nare free to use \u003ca href=\"https://cyphar.com/go-pathrs\"\u003e\u003ccode\u003ecyphar.com/go-pathrs\u003c/code\u003e\u003c/a\u003e (libpathrs's Go bindings).\u003c/p\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using \u003ca href=\"https://github.com/cyphar/libpathrs\"\u003elibpathrs\u003c/a\u003e as a backend.\nThis is opt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build\ntag. The intention is to allow for downstream libraries and other projects to\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md\"\u003egithub.com/cyphar/filepath-securejoin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.6.1] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eAt last up jumped the cunning spider, and fiercely held her fast.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.5.2] - 2025-11-19\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u0026quot;Will you walk into my parlour?\u0026quot; said a spider to a fly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOur logic for deciding whether to use \u003ccode\u003eopenat2(2)\u003c/code\u003e or fallback to an \u003ccode\u003eO_PATH\u003c/code\u003e\nresolver would cache the result to avoid doing needless test runs of\n\u003ccode\u003eopenat2(2)\u003c/code\u003e. However, this causes issues when \u003ccode\u003epathrs-lite\u003c/code\u003e is being used by\na program that applies new seccomp-bpf filters onto itself -- if the filter\ndenies \u003ccode\u003eopenat2(2)\u003c/code\u003e then we would return that error rather than falling back\nto the \u003ccode\u003eO_PATH\u003c/code\u003e resolver. To resolve this issue, we no longer cache the\nresult if \u003ccode\u003eopenat2(2)\u003c/code\u003e was successful, only if there was an error.\u003c/li\u003e\n\u003cli\u003eA file descriptor leak in our \u003ccode\u003eopenat2\u003c/code\u003e wrapper (when doing the necessary\n\u003ccode\u003edup\u003c/code\u003e for \u003ccode\u003eRESOLVE_IN_ROOT\u003c/code\u003e) has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.6.0] - 2025-11-03\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eBy the Power of Greyskull!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe deprecated \u003ccode\u003eMkdirAll\u003c/code\u003e, \u003ccode\u003eMkdirAllHandle\u003c/code\u003e, \u003ccode\u003eOpenInRoot\u003c/code\u003e, \u003ccode\u003eOpenatInRoot\u003c/code\u003e and\n\u003ccode\u003eReopen\u003c/code\u003e wrappers have been removed. Please switch to using \u003ccode\u003epathrs-lite\u003c/code\u003e\ndirectly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epathrs-lite\u003c/code\u003e now has support for using libpathrs as a backend. This is\nopt-in and can be enabled at build time with the \u003ccode\u003elibpathrs\u003c/code\u003e build tag. The\nintention is to allow for downstream libraries and other projects to make use\nof the pure-Go \u003ccode\u003egithub.com/cyphar/filepath-securejoin/pathrs-lite\u003c/code\u003e package\nand distributors can then opt-in to using \u003ccode\u003elibpathrs\u003c/code\u003e for the entire binary\nif they wish.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/9c4135bad38a4e2cda5220216000130d25b2e190\"\u003e\u003ccode\u003e9c4135b\u003c/code\u003e\u003c/a\u003e VERSION: release 0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/d952bef93f1c4090a004702917447140be865496\"\u003e\u003ccode\u003ed952bef\u003c/code\u003e\u003c/a\u003e merge v0.5.x branch into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/deb72a4cc1a3a8a8a0833e868dfd5bd906e8e859\"\u003e\u003ccode\u003edeb72a4\u003c/code\u003e\u003c/a\u003e CHANGELOG: fix unreleased links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/336bf8f2d45b5bfc059e3530c18d0a8c2ba0022f\"\u003e\u003ccode\u003e336bf8f\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/87\"\u003e#87\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/23c6e211ca42a85f757c961e1e0f352942a15d2b\"\u003e\u003ccode\u003e23c6e21\u003c/code\u003e\u003c/a\u003e VERSION: back to development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/6311ca883bbb2958561c6fef4f3a8e10bcb9a418\"\u003e\u003ccode\u003e6311ca8\u003c/code\u003e\u003c/a\u003e VERSION: release v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/91da803696f3cb85b11073d3c7075e0c7e3e3745\"\u003e\u003ccode\u003e91da803\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/86\"\u003e#86\u003c/a\u003e into cyphar/filepath-securejoin:v0.5.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/4dbce7c85c563dcdae467b2427a85de12f707d41\"\u003e\u003ccode\u003e4dbce7c\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/1eaadd6f23dd2bb710b1030728d3475995df8fc1\"\u003e\u003ccode\u003e1eaadd6\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/cyphar/filepath-securejoin/issues/85\"\u003e#85\u003c/a\u003e into cyphar/filepath-securejoin:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar/filepath-securejoin/commit/c1c2a539afea30fcfdd8982c33c72e4f5dce2cbf\"\u003e\u003ccode\u003ec1c2a53\u003c/code\u003e\u003c/a\u003e gopathrs: close the fd after dup in openat2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.77.0 to 1.78.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.78.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: Reject target URLs containing unbracketed colons in the hostname in Go version 1.26+. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8716\"\u003e#8716\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/neild\"\u003e\u003ccode\u003e@​neild\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/otel: Add backend service label to wrr metrics as part of A89. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Wait for all pending goroutines to complete when closing a graceful switch balancer. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/twz123\"\u003e\u003ccode\u003e@​twz123\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003etransport/client : Return status code \u003ccode\u003eUnknown\u003c/code\u003e on malformed grpc-status. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8735\"\u003e#8735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: Add \u003ccode\u003eexperimental.AcceptCompressors\u003c/code\u003e so callers can restrict the \u003ccode\u003egrpc-accept-encoding\u003c/code\u003e header advertised for a call. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/iblancasa\"\u003e\u003ccode\u003e@​iblancasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Fix a bug in \u003ccode\u003eStringMatcher\u003c/code\u003e where regexes would match incorrectly when ignore_case is set to true. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8723\"\u003e#8723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/resolver:\n\u003cul\u003e\n\u003cli\u003eDrop previous route resources and report an error when no matching virtual host is found.\u003c/li\u003e\n\u003cli\u003eOnly log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8711\"\u003e#8711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient:\n\u003cul\u003e\n\u003cli\u003eChange connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).\u003c/li\u003e\n\u003cli\u003eChange connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.\u003c/li\u003e\n\u003cli\u003eFix a bug that resulted in \u003ccode\u003eOnFinish\u003c/code\u003e call option not being invoked for RPCs where stream creation failed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8710\"\u003e#8710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8627\"\u003e#8627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8705\"\u003e#8705\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/cjc25\"\u003e\u003ccode\u003e@​cjc25\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9df039ef2c921978514b600c9d5c6bf25cce54f6\"\u003e\u003ccode\u003e9df039e\u003c/code\u003e\u003c/a\u003e Change version to 1.78.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8761\"\u003e#8761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9b990b6355c443ecf9e71f118f7097b62bc3299a\"\u003e\u003ccode\u003e9b990b6\u003c/code\u003e\u003c/a\u003e gracefulswitch: Wait for all goroutines on close (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8746\"\u003e#8746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6677d9a9cf1dd8227673253015027de0addeeafb\"\u003e\u003ccode\u003e6677d9a\u003c/code\u003e\u003c/a\u003e xds: Fixing a typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8760\"\u003e#8760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d35cedde1ee806f3c578aba8c59bec7117ae0bc3\"\u003e\u003ccode\u003ed35cedd\u003c/code\u003e\u003c/a\u003e xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8740\"\u003e#8740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d931fdc379623f36d2050487887f5465a18b7912\"\u003e\u003ccode\u003ed931fdc\u003c/code\u003e\u003c/a\u003e client: allow overriding grpc-accept-encoding header (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8718\"\u003e#8718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/0800ec75223cd0995d599002581eafe2151c6df3\"\u003e\u003ccode\u003e0800ec7\u003c/code\u003e\u003c/a\u003e xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6553ea1a1d99ff4e3a516499330bf47607e7708f\"\u003e\u003ccode\u003e6553ea1\u003c/code\u003e\u003c/a\u003e stats/otel: Add subchannel metrics (A94) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8738\"\u003e#8738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/81a00cecc0abe8a7d7140967f96d9cc0729a3aa4\"\u003e\u003ccode\u003e81a00ce\u003c/code\u003e\u003c/a\u003e grpc: Fixing spelling typo (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8756\"\u003e#8756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e413838c3b7b8b3e94754cb3704751e49f917358\"\u003e\u003ccode\u003ee413838\u003c/code\u003e\u003c/a\u003e client: Change connectivity state to CONNECTING when creating the name resolv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/f9d2bdb34edcd95f0ca9e2cfaba692722cb85ee2\"\u003e\u003ccode\u003ef9d2bdb\u003c/code\u003e\u003c/a\u003e stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8737\"\u003e#8737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubevirt/containerdisks/pull/459","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubevirt%2Fcontainerdisks/issues/459","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/459/packages"}},{"old_version":"0.4.1","new_version":"0.6.1","update_type":"minor","path":null,"pr_created_at":"2025-12-22T14:26:54.000Z","version_change":"0.4.1 → 0.6.1","issue":{"uuid":"3753997066","node_id":"PR_kwDOPRPVL866JySY","number":69,"state":"closed","title":"build(deps): bump the go-modules group across 1 directory with 105 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-12-23T14:23:05.000Z","author_association":null,"state_reason":null,"created_at":"2025-12-22T14:26:54.000Z","updated_at":"2025-12-23T14:23:07.000Z","time_to_close":86171,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go-modules","update_count":105,"packages":[{"name":"github.com/BurntSushi/toml","old_version":"1.5.0","new_version":"1.6.0","repository_url":"https://github.com/BurntSushi/toml"},{"name":"github.com/onsi/gomega","old_version":"1.37.0","new_version":"1.38.3","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/paketo-buildpacks/occam","old_version":"0.28.0","new_version":"0.31.0","repository_url":"https://github.com/paketo-buildpacks/occam"},{"name":"cel.dev/expr","old_version":"0.24.0","new_version":"0.25.1","repository_url":"https://github.com/google/cel-spec"},{"name":"cloud.google.com/go","old_version":"0.121.4","new_version":"0.123.0","repository_url":"https://github.com/googleapis/google-cloud-go"},{"name":"cloud.google.com/go/iam","old_version":"1.5.2","new_version":"1.5.3","repository_url":"https://github.com/googleapis/google-cloud-go"},{"name":"cloud.google.com/go/monitoring","old_version":"1.24.2","new_version":"1.24.3","repository_url":"https://github.com/googleapis/google-cloud-go"},{"name":"github.com/CycloneDX/cyclonedx-go","old_version":"0.9.2","new_version":"0.9.3","repository_url":"https://github.com/CycloneDX/cyclonedx-go"},{"name":"github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp","old_version":"1.29.0","new_version":"1.30.0","repository_url":"https://github.com/GoogleCloudPlatform/opentelemetry-operations-go"},{"name":"github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric","old_version":"0.53.0","new_version":"0.54.0","repository_url":"https://github.com/GoogleCloudPlatform/opentelemetry-operations-go"},{"name":"github.com/anchore/go-struct-converter","old_version":"0.0.0-20221221214134-65614c61201e","new_version":"0.1.0","repository_url":"https://github.com/anchore/go-struct-converter"},{"name":"github.com/charmbracelet/colorprofile","old_version":"0.3.1","new_version":"0.4.1","repository_url":"https://github.com/charmbracelet/colorprofile"},{"name":"github.com/charmbracelet/x/cellbuf","old_version":"0.0.13","new_version":"0.0.14","repository_url":"https://github.com/charmbracelet/x"},{"name":"github.com/containerd/cgroups/v3","old_version":"3.0.5","new_version":"3.1.2","repository_url":"https://github.com/containerd/cgroups"},{"name":"github.com/containerd/containerd/api","old_version":"1.9.0","new_version":"1.10.0","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/stargz-snapshotter/estargz","old_version":"0.16.3","new_version":"0.18.1","repository_url":"https://github.com/containerd/stargz-snapshotter"},{"name":"github.com/cyphar/filepath-securejoin","old_version":"0.4.1","new_version":"0.6.1","repository_url":"https://github.com/cyphar/filepath-securejoin"},{"name":"github.com/docker/docker-credential-helpers","old_version":"0.9.3","new_version":"0.9.4","repository_url":"https://github.com/docker/docker-credential-helpers"},{"name":"github.com/ebitengine/purego","old_version":"0.8.4","new_version":"0.9.1","repository_url":"https://github.com/ebitengine/purego"},{"name":"github.com/envoyproxy/go-control-plane/envoy","old_version":"1.32.4","new_version":"1.36.0","repository_url":"https://github.com/envoyproxy/go-control-plane"},{"name":"github.com/envoyproxy/protoc-gen-validate","old_version":"1.2.1","new_version":"1.3.0","repository_url":"https://github.com/envoyproxy/protoc-gen-validate"},{"name":"github.com/gabriel-vasile/mimetype","old_version":"1.4.9","new_version":"1.4.12","repository_url":"https://github.com/gabriel-vasile/mimetype"},{"name":"github.com/github/go-spdx/v2","old_version":"2.3.3","new_version":"2.3.5","repository_url":"https://github.com/github/go-spdx"},{"name":"github.com/go-git/go-billy/v5","old_version":"5.6.2","new_version":"5.7.0","repository_url":"https://github.com/go-git/go-billy"},{"name":"github.com/go-git/go-git/v5","old_version":"5.16.2","new_version":"5.16.4","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.1","new_version":"4.1.3","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/goccy/go-yaml","old_version":"1.18.0","new_version":"1.19.1","repository_url":"https://github.com/goccy/go-yaml"},{"name":"github.com/gohugoio/hashstructure","old_version":"0.5.0","new_version":"0.6.0","repository_url":"https://github.com/gohugoio/hashstructure"},{"name":"github.com/google/go-containerregistry","old_version":"0.20.6","new_version":"0.20.7","repository_url":"https://github.com/google/go-containerregistry"},{"name":"github.com/googleapis/enterprise-certificate-proxy","old_version":"0.3.6","new_version":"0.3.7","repository_url":"https://github.com/googleapis/enterprise-certificate-proxy"},{"name":"github.com/googleapis/gax-go/v2","old_version":"2.15.0","new_version":"2.16.0","repository_url":"https://github.com/googleapis/gax-go"},{"name":"github.com/hashicorp/go-version","old_version":"1.7.0","new_version":"1.8.0","repository_url":"https://github.com/hashicorp/go-version"},{"name":"github.com/kevinburke/ssh_config","old_version":"1.2.0","new_version":"1.4.0","repository_url":"https://github.com/kevinburke/ssh_config"},{"name":"github.com/mholt/archives","old_version":"0.1.3","new_version":"0.1.5","repository_url":"https://github.com/mholt/archives"},{"name":"github.com/moby/go-archive","old_version":"0.1.0","new_version":"0.2.0","repository_url":"https://github.com/moby/go-archive"},{"name":"github.com/morikuni/aec","old_version":"1.0.0","new_version":"1.1.0","repository_url":"https://github.com/morikuni/aec"},{"name":"github.com/olekukonko/ll","old_version":"0.0.9","new_version":"0.1.3","repository_url":"https://github.com/olekukonko/ll"},{"name":"github.com/opencontainers/selinux","old_version":"1.12.0","new_version":"1.13.1","repository_url":"https://github.com/opencontainers/selinux"},{"name":"github.com/pierrec/lz4/v4","old_version":"4.1.22","new_version":"4.1.23","repository_url":"https://github.com/pierrec/lz4"},{"name":"github.com/pjbgf/sha1cd","old_version":"0.4.0","new_version":"0.5.0","repository_url":"https://github.com/pjbgf/sha1cd"},{"name":"github.com/sagikazarmark/locafero","old_version":"0.9.0","new_version":"0.12.0","repository_url":"https://github.com/sagikazarmark/locafero"},{"name":"github.com/shirou/gopsutil/v4","old_version":"4.25.6","new_version":"4.25.11","repository_url":"https://github.com/shirou/gopsutil"},{"name":"github.com/skeema/knownhosts","old_version":"1.3.1","new_version":"1.3.2","repository_url":"https://github.com/skeema/knownhosts"},{"name":"github.com/spf13/cast","old_version":"1.9.2","new_version":"1.10.0","repository_url":"https://github.com/spf13/cast"},{"name":"github.com/spf13/viper","old_version":"1.20.1","new_version":"1.21.0","repository_url":"https://github.com/spf13/viper"},{"name":"github.com/zclconf/go-cty","old_version":"1.16.3","new_version":"1.17.0","repository_url":"https://github.com/zclconf/go-cty"},{"name":"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp","old_version":"0.62.0","new_version":"0.64.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go-contrib"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-modules group with 47 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.5.0` | `1.6.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.37.0` | `1.38.3` |\n| [github.com/paketo-buildpacks/occam](https://github.com/paketo-buildpacks/occam) | `0.28.0` | `0.31.0` |\n| [cel.dev/expr](https://github.com/google/cel-spec) | `0.24.0` | `0.25.1` |\n| [cloud.google.com/go](https://github.com/googleapis/google-cloud-go) | `0.121.4` | `0.123.0` |\n| [cloud.google.com/go/iam](https://github.com/googleapis/google-cloud-go) | `1.5.2` | `1.5.3` |\n| [cloud.google.com/go/monitoring](https://github.com/googleapis/google-cloud-go) | `1.24.2` | `1.24.3` |\n| [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) | `0.9.2` | `0.9.3` |\n| [github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go) | `1.29.0` | `1.30.0` |\n| [github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go) | `0.53.0` | `0.54.0` |\n| [github.com/anchore/go-struct-converter](https://github.com/anchore/go-struct-converter) | `0.0.0-20221221214134-65614c61201e` | `0.1.0` |\n| [github.com/charmbracelet/colorprofile](https://github.com/charmbracelet/colorprofile) | `0.3.1` | `0.4.1` |\n| [github.com/charmbracelet/x/cellbuf](https://github.com/charmbracelet/x) | `0.0.13` | `0.0.14` |\n| [github.com/containerd/cgroups/v3](https://github.com/containerd/cgroups) | `3.0.5` | `3.1.2` |\n| [github.com/containerd/containerd/api](https://github.com/containerd/containerd) | `1.9.0` | `1.10.0` |\n| [github.com/containerd/stargz-snapshotter/estargz](https://github.com/containerd/stargz-snapshotter) | `0.16.3` | `0.18.1` |\n| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.4.1` | `0.6.1` |\n| [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers) | `0.9.3` | `0.9.4` |\n| [github.com/ebitengine/purego](https://github.com/ebitengine/purego) | `0.8.4` | `0.9.1` |\n| [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) | `1.32.4` | `1.36.0` |\n| [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) | `1.2.1` | `1.3.0` |\n| [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) | `1.4.9` | `1.4.12` |\n| [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) | `2.3.3` | `2.3.5` |\n| [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.6.2` | `5.7.0` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.2` | `5.16.4` |\n| [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) | `4.1.1` | `4.1.3` |\n| [github.com/goccy/go-yaml](https://github.com/goccy/go-yaml) | `1.18.0` | `1.19.1` |\n| [github.com/gohugoio/hashstructure](https://github.com/gohugoio/hashstructure) | `0.5.0` | `0.6.0` |\n| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.6` | `0.20.7` |\n| [github.com/googleapis/enterprise-certificate-proxy](https://github.com/googleapis/enterprise-certificate-proxy) | `0.3.6` | `0.3.7` |\n| [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) | `2.15.0` | `2.16.0` |\n| [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) | `1.7.0` | `1.8.0` |\n| [github.com/kevinburke/ssh_config](https://github.com/kevinburke/ssh_config) | `1.2.0` | `1.4.0` |\n| [github.com/mholt/archives](https://github.com/mholt/archives) | `0.1.3` | `0.1.5` |\n| [github.com/moby/go-archive](https://github.com/moby/go-archive) | `0.1.0` | `0.2.0` |\n| [github.com/morikuni/aec](https://github.com/morikuni/aec) | `1.0.0` | `1.1.0` |\n| [github.com/olekukonko/ll](https://github.com/olekukonko/ll) | `0.0.9` | `0.1.3` |\n| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.12.0` | `1.13.1` |\n| [github.com/pierrec/lz4/v4](https://github.com/pierrec/lz4) | `4.1.22` | `4.1.23` |\n| [github.com/pjbgf/sha1cd](https://github.com/pjbgf/sha1cd) | `0.4.0` | `0.5.0` |\n| [github.com/sagikazarmark/locafero](https://github.com/sagikazarmark/locafero) | `0.9.0` | `0.12.0` |\n| [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) | `4.25.6` | `4.25.11` |\n| [github.com/skeema/knownhosts](https://github.com/skeema/knownhosts) | `1.3.1` | `1.3.2` |\n| [github.com/spf13/cast](https://github.com/spf13/cast) | `1.9.2` | `1.10.0` |\n| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.20.1` | `1.21.0` |\n| [github.com/zclconf/go-cty](https://github.com/zclconf/go-cty) | `1.16.3` | `1.17.0` |\n| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.62.0` | `0.64.0` |\n\n\nUpdates `github.com/BurntSushi/toml` from 1.5.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BurntSushi/toml/releases\"\u003egithub.com/BurntSushi/toml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cp\u003eTOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: \u003ca href=\"https://github.com/toml-lang/toml/blob/main/CHANGELOG.md\"\u003ehttps://github.com/toml-lang/toml/blob/main/CHANGELOG.md\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAlso two small fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eEncode large floats as exponent syntax so that round-tripping things like \u003ccode\u003e5e+22\u003c/code\u003e is correct.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUsing duplicate array keys would not give an error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003earr = [1]\narr = [2]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis will now correctly give a \u0026quot;Key 'arr' has already been defined\u0026quot; error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/52534926c55b4cd85b05aee90569dd0668b8cf30\"\u003e\u003ccode\u003e5253492\u003c/code\u003e\u003c/a\u003e Enable TOML 1.1 by default (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/e954445330492727c18483838a15f88a4fc2d03a\"\u003e\u003ccode\u003ee954445\u003c/code\u003e\u003c/a\u003e Reject duplicate arrays (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6b16cbdb0f5a152aad1a6b89798a89655b84150d\"\u003e\u003ccode\u003e6b16cbd\u003c/code\u003e\u003c/a\u003e Update toml-test test cases from upstream (\u003ca href=\"https://redirect.github.com/BurntSushi/toml/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/011fa2bc64cec3bb4ec450d11984f5e87b8e158c\"\u003e\u003ccode\u003e011fa2b\u003c/code\u003e\u003c/a\u003e Ensure constant format strings in wf calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/4b439bf5c6ef125a94df7a136733df5ba37d4c16\"\u003e\u003ccode\u003e4b439bf\u003c/code\u003e\u003c/a\u003e Remove itemNil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/a473c125bce7078efea98a29698b7c1eb453ff0b\"\u003e\u003ccode\u003ea473c12\u003c/code\u003e\u003c/a\u003e Add test for out of range float64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/b535ff89e48996de98ace1301decf94a3a480aa8\"\u003e\u003ccode\u003eb535ff8\u003c/code\u003e\u003c/a\u003e Add some boring tests for lex.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/6011ef0c32b214ac134b8228af2a667e171dad6e\"\u003e\u003ccode\u003e6011ef0\u003c/code\u003e\u003c/a\u003e Remove unreachable condition in lexTableNameStart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/c8ca9e6c2d5987a6c23f89d13987ac335aad90c3\"\u003e\u003ccode\u003ec8ca9e6\u003c/code\u003e\u003c/a\u003e Remove unreachable condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BurntSushi/toml/commit/1121f81c60f5947e13057fa5efecbf21369c651e\"\u003e\u003ccode\u003e1121f81\u003c/code\u003e\u003c/a\u003e Make tomlv read from stdin\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BurntSushi/toml/compare/v1.5.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.37.0 to 1.38.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/releases\"\u003egithub.com/onsi/gomega's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.38.3\u003c/h2\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003ch2\u003ev1.38.2\u003c/h2\u003e\n\u003ch2\u003e1.38.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eroll back to go 1.23.0 [c404969]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.38.1\u003c/h2\u003e\n\u003ch2\u003e1.38.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eNumerous minor fixes and dependency bumps\u003c/p\u003e\n\u003ch2\u003ev1.38.0\u003c/h2\u003e\n\u003ch2\u003e1.38.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egstruct handles extra unexported fields [4ee7ed0]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esupport [] in IgnoringTopFunction function signatures (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/851\"\u003e#851\u003c/a\u003e) [36bbf72]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump golang.org/x/net from 0.40.0 to 0.41.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/846\"\u003e#846\u003c/a\u003e) [529d408]\u003c/li\u003e\n\u003cli\u003eFix typo [acd1f55]\u003c/li\u003e\n\u003cli\u003eBump google.golang.org/protobuf from 1.36.5 to 1.36.6 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/835\"\u003e#835\u003c/a\u003e) [bae65a0]\u003c/li\u003e\n\u003cli\u003eBump nokogiri from 1.18.4 to 1.18.8 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/842\"\u003e#842\u003c/a\u003e) [8dda91f]\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/net from 0.39.0 to 0.40.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/843\"\u003e#843\u003c/a\u003e) [212d812]\u003c/li\u003e\n\u003cli\u003eBump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/839\"\u003e#839\u003c/a\u003e) [59bd7f9]\u003c/li\u003e\n\u003cli\u003eBump nokogiri from 1.18.1 to 1.18.4 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/834\"\u003e#834\u003c/a\u003e) [328c729]\u003c/li\u003e\n\u003cli\u003eBump uri from 1.0.2 to 1.0.3 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/826\"\u003e#826\u003c/a\u003e) [9a798a1]\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/net from 0.37.0 to 0.39.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/841\"\u003e#841\u003c/a\u003e) [04a72c6]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.38.3\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003emake string formatitng more consistent for users who use format.Object directly\u003c/p\u003e\n\u003ch2\u003e1.38.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eroll back to go 1.23.0 [c404969]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.38.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eNumerous minor fixes and dependency bumps\u003c/p\u003e\n\u003ch2\u003e1.38.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egstruct handles extra unexported fields [4ee7ed0]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esupport [] in IgnoringTopFunction function signatures (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/851\"\u003e#851\u003c/a\u003e) [36bbf72]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump golang.org/x/net from 0.40.0 to 0.41.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/846\"\u003e#846\u003c/a\u003e) [529d408]\u003c/li\u003e\n\u003cli\u003eFix typo [acd1f55]\u003c/li\u003e\n\u003cli\u003eBump google.golang.org/protobuf from 1.36.5 to 1.36.6 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/835\"\u003e#835\u003c/a\u003e) [bae65a0]\u003c/li\u003e\n\u003cli\u003eBump nokogiri from 1.18.4 to 1.18.8 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/842\"\u003e#842\u003c/a\u003e) [8dda91f]\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/net from 0.39.0 to 0.40.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/843\"\u003e#843\u003c/a\u003e) [212d812]\u003c/li\u003e\n\u003cli\u003eBump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/839\"\u003e#839\u003c/a\u003e) [59bd7f9]\u003c/li\u003e\n\u003cli\u003eBump nokogiri from 1.18.1 to 1.18.4 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/834\"\u003e#834\u003c/a\u003e) [328c729]\u003c/li\u003e\n\u003cli\u003eBump uri from 1.0.2 to 1.0.3 in /docs (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/826\"\u003e#826\u003c/a\u003e) [9a798a1]\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/net from 0.37.0 to 0.39.0 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/841\"\u003e#841\u003c/a\u003e) [04a72c6]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/a3ca2ca026268dc6acfc60a2e8393b33b428c507\"\u003e\u003ccode\u003ea3ca2ca\u003c/code\u003e\u003c/a\u003e v1.38.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/4dada364c7635fffe6b8a6b45a7588dabd64cdf4\"\u003e\u003ccode\u003e4dada36\u003c/code\u003e\u003c/a\u003e fix failing have http tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/d40c6917ce1a2c9299bda4b900b59d80bdefc689\"\u003e\u003ccode\u003ed40c691\u003c/code\u003e\u003c/a\u003e make string formatitng more consistent for users who use format.Object directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/2a37b463cac790e945d16f52c1c13a4e835511a1\"\u003e\u003ccode\u003e2a37b46\u003c/code\u003e\u003c/a\u003e doc: fix typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/ee26170d3a0a21d5702f4164df42eb99c50221d7\"\u003e\u003ccode\u003eee26170\u003c/code\u003e\u003c/a\u003e docs: fix HaveValue example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/cc85c057ff99d6ed21998bd44f5983e42d20df81\"\u003e\u003ccode\u003ecc85c05\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 5 to 6 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/866\"\u003e#866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/8905788e27ddae9e222ee6062e25fcf256fdb738\"\u003e\u003ccode\u003e8905788\u003c/code\u003e\u003c/a\u003e Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (\u003ca href=\"https://redirect.github.com/onsi/gomega/issues/865\"\u003e#865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/67552c5961c7c6ca98bfb5c28fedafe8a046b4e7\"\u003e\u003ccode\u003e67552c5\u003c/code\u003e\u003c/a\u003e chore: apply fixes from Go modernize command\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/79b8a75a10e36ee598344c040317f5ab1c907f53\"\u003e\u003ccode\u003e79b8a75\u003c/code\u003e\u003c/a\u003e v1.38.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/c404969c07179a8533d5daa283cd6307add66620\"\u003e\u003ccode\u003ec404969\u003c/code\u003e\u003c/a\u003e roll back to go 1.23.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.37.0...v1.38.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/paketo-buildpacks/occam` from 0.28.0 to 0.31.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/paketo-buildpacks/occam/releases\"\u003egithub.com/paketo-buildpacks/occam's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd new WithAdditionalEnv helper function to pack build. by \u003ca href=\"https://github.com/robdimsdale\"\u003e\u003ccode\u003e@​robdimsdale\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/438\"\u003epaketo-buildpacks/occam#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.30.2...v0.31.0\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.30.2...v0.31.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.30.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdates github-config by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/436\"\u003epaketo-buildpacks/occam#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing pack CLI --cache flag to always specify the volumes by \u003ca href=\"https://github.com/pacostas\"\u003e\u003ccode\u003e@​pacostas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/437\"\u003epaketo-buildpacks/occam#437\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): updated module github.com/paketo-buildpacks/packit/v2 from v2.25.0 to v2.25.2 by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/434\"\u003epaketo-buildpacks/occam#434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): updated module github.com/docker/docker from v28.4.0+incompatible to v28.5.1+incompatible by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/435\"\u003epaketo-buildpacks/occam#435\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.30.1...v0.30.2\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.30.1...v0.30.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.30.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdates github-config by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/431\"\u003epaketo-buildpacks/occam#431\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): updated module github.com/testcontainers/testcontainers-go from v0.38.0 to v0.39.0 by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/432\"\u003epaketo-buildpacks/occam#432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for registry extension images by \u003ca href=\"https://github.com/jericop\"\u003e\u003ccode\u003e@​jericop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/433\"\u003epaketo-buildpacks/occam#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): updated module github.com/paketo-buildpacks/packit/v2 from v2.24.0 to v2.25.0 by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/430\"\u003epaketo-buildpacks/occam#430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): updated module github.com/docker/docker from v28.3.3+incompatible to v28.4.0+incompatible by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/429\"\u003epaketo-buildpacks/occam#429\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.30.0...v0.30.1\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.30.0...v0.30.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.30.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate packit to v2.24.0 by \u003ca href=\"https://github.com/modulo11\"\u003e\u003ccode\u003e@​modulo11\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/428\"\u003epaketo-buildpacks/occam#428\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.29.1...v0.30.0\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.29.1...v0.30.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.29.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReturn the correct value from GetBuildpackRootAndVersion func by \u003ca href=\"https://github.com/jericop\"\u003e\u003ccode\u003e@​jericop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/427\"\u003epaketo-buildpacks/occam#427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.29.0...v0.29.1\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.29.0...v0.29.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdates go mod version to 1.24.6 by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/423\"\u003epaketo-buildpacks/occam#423\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates github-config by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/424\"\u003epaketo-buildpacks/occam#424\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport registry buildpack URIs by \u003ca href=\"https://github.com/jericop\"\u003e\u003ccode\u003e@​jericop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/pull/426\"\u003epaketo-buildpacks/occam#426\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.28.1...v0.29.0\"\u003ehttps://github.com/paketo-buildpacks/occam/compare/v0.28.1...v0.29.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/f3f9dedb9a9c922ecec39fec38f7ecabf1d933b3\"\u003e\u003ccode\u003ef3f9ded\u003c/code\u003e\u003c/a\u003e Add new WithAdditionalEnv helper function to pack build. (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/issues/438\"\u003e#438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/4325ba8ccb050a0ea3e501fe4a629f4ef64fdc5d\"\u003e\u003ccode\u003e4325ba8\u003c/code\u003e\u003c/a\u003e chore(deps): updated module github.com/docker/docker from v28.4.0+incompatibl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/ca1870167867783927746e9f770b2f95884eb480\"\u003e\u003ccode\u003eca18701\u003c/code\u003e\u003c/a\u003e chore(deps): updated module github.com/paketo-buildpacks/packit/v2 from v2.25...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/9cb6d448f50ae1d4d2175114d605e288866f45eb\"\u003e\u003ccode\u003e9cb6d44\u003c/code\u003e\u003c/a\u003e fix: always setting the cache volumes (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/8a84072575f5c5e87e2defed9d9e2c50220fac2e\"\u003e\u003ccode\u003e8a84072\u003c/code\u003e\u003c/a\u003e Updating github-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/3b96b2432a591d5c12b7de4d3f2973d8cfa74258\"\u003e\u003ccode\u003e3b96b24\u003c/code\u003e\u003c/a\u003e chore(deps): updated module github.com/docker/docker from v28.3.3+incompatibl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/f005efeb6ef479d05c83220445be4fd46f70462a\"\u003e\u003ccode\u003ef005efe\u003c/code\u003e\u003c/a\u003e chore(deps): updated module github.com/paketo-buildpacks/packit/v2 from v2.24...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/e7da996494197d9406e27229a69a5dfcb36d004c\"\u003e\u003ccode\u003ee7da996\u003c/code\u003e\u003c/a\u003e Add support for registry extension images (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/occam/issues/433\"\u003e#433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/aa947da47eed74547b440855668f969d0b17f732\"\u003e\u003ccode\u003eaa947da\u003c/code\u003e\u003c/a\u003e chore(deps): updated module github.com/testcontainers/testcontainers-go from ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/occam/commit/b9a7a83f84406e3d83aca5811c90395fc05384fe\"\u003e\u003ccode\u003eb9a7a83\u003c/code\u003e\u003c/a\u003e Updating github-config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paketo-buildpacks/occam/compare/v0.28.0...v0.31.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/paketo-buildpacks/packit/v2` from 2.21.0 to 2.25.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/paketo-buildpacks/packit/releases\"\u003egithub.com/paketo-buildpacks/packit/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.25.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverting commit with additional logging data by \u003ca href=\"https://github.com/pacostas\"\u003e\u003ccode\u003e@​pacostas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/693\"\u003epaketo-buildpacks/packit#693\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.25.1...v2.25.2\"\u003ehttps://github.com/paketo-buildpacks/packit/compare/v2.25.1...v2.25.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.25.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump github.com/anchore/syft from 1.32.0 to 1.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/688\"\u003epaketo-buildpacks/packit#688\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates github-config by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/690\"\u003epaketo-buildpacks/packit#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport fetch the CNB_TARGET_* env variables by \u003ca href=\"https://github.com/pacostas\"\u003e\u003ccode\u003e@​pacostas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/691\"\u003epaketo-buildpacks/packit#691\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.25.0...v2.25.1\"\u003ehttps://github.com/paketo-buildpacks/packit/compare/v2.25.0...v2.25.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump github.com/ulikunitz/xz from 0.5.14 to 0.5.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/686\"\u003epaketo-buildpacks/packit#686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFetching dependencies based on the CNB_TARGET_ARCH and CNB_TARGET_OS by \u003ca href=\"https://github.com/pacostas\"\u003e\u003ccode\u003e@​pacostas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/687\"\u003epaketo-buildpacks/packit#687\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.24.0...v2.25.0\"\u003ehttps://github.com/paketo-buildpacks/packit/compare/v2.24.0...v2.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.24.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/672\"\u003epaketo-buildpacks/packit#672\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/anchore/syft from 1.29.0 to 1.29.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/673\"\u003epaketo-buildpacks/packit#673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/anchore/syft from 1.29.1 to 1.30.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/675\"\u003epaketo-buildpacks/packit#675\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates go mod version to 1.24.6 by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/674\"\u003epaketo-buildpacks/packit#674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates github-config by \u003ca href=\"https://github.com/paketo-bot\"\u003e\u003ccode\u003e@​paketo-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/677\"\u003epaketo-buildpacks/packit#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/678\"\u003epaketo-buildpacks/packit#678\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/ulikunitz/xz from 0.5.12 to 0.5.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/679\"\u003epaketo-buildpacks/packit#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/onsi/gomega from 1.38.0 to 1.38.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/680\"\u003epaketo-buildpacks/packit#680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/onsi/gomega from 1.38.1 to 1.38.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/683\"\u003epaketo-buildpacks/packit#683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump syft to v1.32.0 by \u003ca href=\"https://github.com/modulo11\"\u003e\u003ccode\u003e@​modulo11\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/682\"\u003epaketo-buildpacks/packit#682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/ulikunitz/xz from 0.5.13 to 0.5.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/685\"\u003epaketo-buildpacks/packit#685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.23.0...v2.24.0\"\u003ehttps://github.com/paketo-buildpacks/packit/compare/v2.23.0...v2.24.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump github.com/anchore/syft from 1.28.0 to 1.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/669\"\u003epaketo-buildpacks/packit#669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/onsi/gomega from 1.37.0 to 1.38.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/670\"\u003epaketo-buildpacks/packit#670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly enforce strict arch checking when dependency specifies arch by \u003ca href=\"https://github.com/jericop\"\u003e\u003ccode\u003e@​jericop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/pull/671\"\u003epaketo-buildpacks/packit#671\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.22.0...v2.23.0\"\u003ehttps://github.com/paketo-buildpacks/packit/compare/v2.22.0...v2.23.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/65b286992cde7663c32cbe4e5ee7759454548040\"\u003e\u003ccode\u003e65b2869\u003c/code\u003e\u003c/a\u003e fix: reverting loging with additional data (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/ebc8d8defadd65f70b859ffc85adbf8f4af43dce\"\u003e\u003ccode\u003eebc8d8d\u003c/code\u003e\u003c/a\u003e Support fetch the CNB_TARGET_* env variables (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/4a9b12890b6648f92eb1c1227b4786c67c3a82b8\"\u003e\u003ccode\u003e4a9b128\u003c/code\u003e\u003c/a\u003e Updating github-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/24c78cf200d4246d892553b55d853752b6558417\"\u003e\u003ccode\u003e24c78cf\u003c/code\u003e\u003c/a\u003e Bump github.com/anchore/syft from 1.32.0 to 1.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/331b7709092b568214190dbd0f96eacef4a2ea86\"\u003e\u003ccode\u003e331b770\u003c/code\u003e\u003c/a\u003e Fetching dependencies based on the CNB_TARGET_ARCH and CNB_TARGET_OS (\u003ca href=\"https://redirect.github.com/paketo-buildpacks/packit/issues/687\"\u003e#687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/42161c0ce281421a1c8a577cba294f9eab2152d0\"\u003e\u003ccode\u003e42161c0\u003c/code\u003e\u003c/a\u003e Bump github.com/ulikunitz/xz from 0.5.14 to 0.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/424acac9ae1897f9234773753eceddde372e1659\"\u003e\u003ccode\u003e424acac\u003c/code\u003e\u003c/a\u003e Bump github.com/ulikunitz/xz from 0.5.13 to 0.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/2340d7f842fd257efacd571b4e30dea988f98910\"\u003e\u003ccode\u003e2340d7f\u003c/code\u003e\u003c/a\u003e Bump syft to v1.32.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/2d14be6d6a49949c16e0f905798be32eb821124a\"\u003e\u003ccode\u003e2d14be6\u003c/code\u003e\u003c/a\u003e Bump github.com/onsi/gomega from 1.38.1 to 1.38.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paketo-buildpacks/packit/commit/5b3decf158be12ae15a4ba35ca9df9ec8f5cc122\"\u003e\u003ccode\u003e5b3decf\u003c/code\u003e\u003c/a\u003e Bump github.com/onsi/gomega from 1.38.0 to 1.38.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paketo-buildpacks/packit/compare/v2.21.0...v2.25.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cel.dev/expr` from 0.24.0 to 0.25.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/cel-spec/releases\"\u003ecel.dev/expr's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v0.25.1\u003c/h2\u003e\n\u003cp\u003eMinor additions to the v0.25.0 release\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove test/v1 directory and its protos by \u003ca href=\"https://github.com/l46kok\"\u003e\u003ccode\u003e@​l46kok\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/487\"\u003egoogle/cel-spec#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd parsing tests for string and bytes literals by \u003ca href=\"https://github.com/hudlow\"\u003e\u003ccode\u003e@​hudlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/489\"\u003egoogle/cel-spec#489\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/google/cel-spec/compare/v0.25.0...v0.25.1\"\u003ehttps://github.com/google/cel-spec/compare/v0.25.0...v0.25.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease v0.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInitial version of the policy specification by \u003ca href=\"https://github.com/jcking\"\u003e\u003ccode\u003e@​jcking\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/477\"\u003egoogle/cel-spec#477\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove orphaned ToC entry for enums as ints from the specification by \u003ca href=\"https://github.com/timostamm\"\u003e\u003ccode\u003e@​timostamm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/476\"\u003egoogle/cel-spec#476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests for selector, function, and field names formerly defined as reserved by \u003ca href=\"https://github.com/hudlow\"\u003e\u003ccode\u003e@​hudlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/480\"\u003egoogle/cel-spec#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a test case for lastIndexOf in string_ext against an empty string by \u003ca href=\"https://github.com/l46kok\"\u003e\u003ccode\u003e@​l46kok\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/468\"\u003egoogle/cel-spec#468\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove TOC from language definition by \u003ca href=\"https://github.com/hudlow\"\u003e\u003ccode\u003e@​hudlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/482\"\u003egoogle/cel-spec#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove int(enum) -\u0026gt; int signature by \u003ca href=\"https://github.com/hudlow\"\u003e\u003ccode\u003e@​hudlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/483\"\u003egoogle/cel-spec#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify formatting decimals, add %f formatting test cases around rounding by \u003ca href=\"https://github.com/l46kok\"\u003e\u003ccode\u003e@​l46kok\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/485\"\u003egoogle/cel-spec#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove remaining google.rpc.Status deps from cel-spec by \u003ca href=\"https://github.com/TristonianJones\"\u003e\u003ccode\u003e@​TristonianJones\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/486\"\u003egoogle/cel-spec#486\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timostamm\"\u003e\u003ccode\u003e@​timostamm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/cel-spec/pull/476\"\u003egoogle/cel-spec#476\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/google/cel-spec/compare/v0.24.0...v0.25.0\"\u003ehttps://github.com/google/cel-spec/compare/v0.24.0...v0.25.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/7f3c4c513b42d471d0be9439bf5bde38f45f8404\"\u003e\u003ccode\u003e7f3c4c5\u003c/code\u003e\u003c/a\u003e Add parsing tests for string and bytes literals (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/489\"\u003e#489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/d3430a81d403aa600083d041bcc729e6d97d31dd\"\u003e\u003ccode\u003ed3430a8\u003c/code\u003e\u003c/a\u003e Remove test/v1 directory and its protos (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/487\"\u003e#487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/3c96c7153bfb230150a84a34d4d7cc9bc670ca18\"\u003e\u003ccode\u003e3c96c71\u003c/code\u003e\u003c/a\u003e Remove remaining google.rpc.Status deps from cel-spec (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/486\"\u003e#486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/750024aed484c12d8837c4be612ddb8a5b65ecc4\"\u003e\u003ccode\u003e750024a\u003c/code\u003e\u003c/a\u003e Clarify formatting decimals, add %f formatting test cases around rounding (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/485\"\u003e#485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/9dd5f5ca72b3e8cbc890a3e13b6b218c9369cc4a\"\u003e\u003ccode\u003e9dd5f5c\u003c/code\u003e\u003c/a\u003e Remove int(enum) -\u0026gt; int signature (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/483\"\u003e#483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/808c918ee19b44613528838c994bdc3961148af2\"\u003e\u003ccode\u003e808c918\u003c/code\u003e\u003c/a\u003e Remove TOC from language definition (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/482\"\u003e#482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/bad3928b9c12d07c4d46c56b90534584480ba4fb\"\u003e\u003ccode\u003ebad3928\u003c/code\u003e\u003c/a\u003e Add a test case for lastIndexOf in string_ext against an empty string (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/468\"\u003e#468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/14cdd3f394daf7a14482e19deececb0f1b01bad4\"\u003e\u003ccode\u003e14cdd3f\u003c/code\u003e\u003c/a\u003e Tests for selector, function, and field names formerly defined as reserved (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/8a3339430fdf8f216d3e3a786d39c75f9e5c413c\"\u003e\u003ccode\u003e8a33394\u003c/code\u003e\u003c/a\u003e Remove orphaned ToC entry for enums as ints from the specification (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/476\"\u003e#476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/cel-spec/commit/a8f582aae6a65b5c417c0ab7d22aab68f41ec4b2\"\u003e\u003ccode\u003ea8f582a\u003c/code\u003e\u003c/a\u003e Initial version of the policy specification (\u003ca href=\"https://redirect.github.com/google/cel-spec/issues/477\"\u003e#477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/google/cel-spec/compare/v0.24.0...v0.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go` from 0.121.4 to 0.123.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md\"\u003ecloud.google.com/go's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.122.0...v0.123.0\"\u003e0.123.0\u003c/a\u003e (2025-09-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/stategen:\u003c/strong\u003e Populate the latest googleapis commit (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12880\"\u003e#12880\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/7b017a083ddd322b21faf413a329ba870a98db96\"\u003e7b017a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elibrariangen:\u003c/strong\u003e Implement the build command (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12817\"\u003e#12817\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/14734c875103f97748857b9b0472fd0b2658663f\"\u003e14734c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Add link to source commit in release notes (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12881\"\u003e#12881\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1c06cc6109a84941c367896575b187b79befc3af\"\u003e1c06cc6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Fix CHANGES.md headers (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12849\"\u003e#12849\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/baf515dfe0d94f36c9dc232f6b55e9828b268eb0\"\u003ebaf515d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Remove go mod init/tidy from postprocessor (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12832\"\u003e#12832\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1fe506a37e68497b6da4587d409b79e7b4d2a113\"\u003e1fe506a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Test for error path with flags (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12830\"\u003e#12830\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/f0da7b22488b4d9f6232d227d3e196d8d2b92858\"\u003ef0da7b2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/postprocessor:\u003c/strong\u003e Add dlp to skip-module-scan-paths (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12857\"\u003e#12857\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/45a7d9b4b9083d1bcaca89c3d86878ba77c230e3\"\u003e45a7d9b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elibrariangen:\u003c/strong\u003e Honor original container contract (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12846\"\u003e#12846\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/71c8fd368667f74426aa31b6c50def8151482480\"\u003e71c8fd3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elibrariangen:\u003c/strong\u003e Improvements to release-init (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12842\"\u003e#12842\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/0db677a93fe16b9a62bb69a3cea7bc45d5aaec36\"\u003e0db677a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003estategen:\u003c/strong\u003e Specify an appropriate tag format for google-cloud-go (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12835\"\u003e#12835\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/ffcff33a0c3fad720a31083672c4cf2498af719f\"\u003effcff33\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.121.6...v0.122.0\"\u003e0.122.0\u003c/a\u003e (2025-09-04)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Add release-init command (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12751\"\u003e#12751\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/52e84cc9a11077eb3c50a0b5fc9aa26361d63b47\"\u003e52e84cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/godocfx:\u003c/strong\u003e Better support for v2 modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12797\"\u003e#12797\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/4bc878597a5e6bd97cf3ee2174f6df7fbdd2d47b\"\u003e4bc8785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/godocfx:\u003c/strong\u003e Module detection when tidy errors (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12801\"\u003e#12801\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/83d46cdc5ed7cfbb94038e7fa1f787adfe532c74\"\u003e83d46cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Fix goimports errors (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12765\"\u003e#12765\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/83bdaa4ce4e42f8b4a29e2055fc4894d8c6b1e2c\"\u003e83bdaa4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.121.5...v0.121.6\"\u003e0.121.6\u003c/a\u003e (2025-08-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Fix Dockerfile permissions for go mod tidy (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12704\"\u003e#12704\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/0e70a0b6afccc016c67337f340e2755fe7a476ca\"\u003e0e70a0b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.121.4...v0.121.5\"\u003e0.121.5\u003c/a\u003e (2025-08-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Get README title from service config yaml (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12676\"\u003e#12676\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/b3b8f70a15ae477885f3ecc92e01ae37b7505de3\"\u003eb3b8f70\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/librariangen:\u003c/strong\u003e Update source_paths to source_roots in generate-request.json (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12691\"\u003e#12691\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/2adb6f9a67f21fba32371fb4b3dcfb7204309560\"\u003e2adb6f9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/4e8373586a5e48c18fbfd4bb0a3e259184e49a91\"\u003e\u003ccode\u003e4e83735\u003c/code\u003e\u003c/a\u003e chore(main): release 0.123.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12825\"\u003e#12825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/f557e308cb70fa4fde7104ebe9327892729a8d36\"\u003e\u003ccode\u003ef557e30\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12913\"\u003e#12913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/a10ecc9b3c22e320e9a32dedef7248b42465cd49\"\u003e\u003ccode\u003ea10ecc9\u003c/code\u003e\u003c/a\u003e chore: bump changed modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12915\"\u003e#12915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/3ae39f92307c14a6ac55e635e52d45969520fa9e\"\u003e\u003ccode\u003e3ae39f9\u003c/code\u003e\u003c/a\u003e chore: refactor request/response handling and metadata updates (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12875\"\u003e#12875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/30a42997bc488b3f8711a79d0e42f22e12db01ea\"\u003e\u003ccode\u003e30a4299\u003c/code\u003e\u003c/a\u003e fix: upgrade gRPC service registration func (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12914\"\u003e#12914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/061983381c66dbc6d4a0f2d2c285231e775ad8ff\"\u003e\u003ccode\u003e0619833\u003c/code\u003e\u003c/a\u003e test(spanner): increase context timeout to allow one executeSql to be execute...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9e2646b1821231183fd775bb107c062865eeaccd\"\u003e\u003ccode\u003e9e2646b\u003c/code\u003e\u003c/a\u003e fix(compute/metadata): set subClient for UseDefaultClient case (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12911\"\u003e#12911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/4b404fafe4cdb51d4485e7f6fed056eb47edb78b\"\u003e\u003ccode\u003e4b404fa\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12906\"\u003e#12906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/187a58a540494e1e8562b046325b8cad8cf7af4a\"\u003e\u003ccode\u003e187a58a\u003c/code\u003e\u003c/a\u003e fix(compute/metadata): disable Client timeouts for subscription client (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12910\"\u003e#12910\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/003abca9172082ad1f2fbcc9b37639f389ade8ee\"\u003e\u003ccode\u003e003abca\u003c/code\u003e\u003c/a\u003e feat(spanner): support \u0026quot;readOnly\u0026quot; column tag parsing for Go struct operations...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.121.4...v0.123.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go/auth` from 0.16.3 to 0.16.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/833f2f2bc08f21098ecb82f264d746e2baa92869\"\u003e\u003ccode\u003e833f2f2\u003c/code\u003e\u003c/a\u003e chore(main): release auth 0.16.4 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12667\"\u003e#12667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1482191e88236693efef68769752638281566766\"\u003e\u003ccode\u003e1482191\u003c/code\u003e\u003c/a\u003e fix(auth): add UseDefaultClient: true to metadata.Options (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12666\"\u003e#12666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/d24181fbd33e9ddb254279d001925b0765d985a6\"\u003e\u003ccode\u003ed24181f\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12636\"\u003e#12636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/a0a855cdbf1eaab1dcc2adc53ab0326b34bde665\"\u003e\u003ccode\u003ea0a855c\u003c/code\u003e\u003c/a\u003e chore(main): release spanner 1.84.1 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12664\"\u003e#12664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/a1ce8c26651e7a0ba4f1b20aba4c0fefbab0b972\"\u003e\u003ccode\u003ea1ce8c2\u003c/code\u003e\u003c/a\u003e chore(spanner): release 1.84.1 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12665\"\u003e#12665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/8b410ec689591a591aecb46831f2f50706cb973f\"\u003e\u003ccode\u003e8b410ec\u003c/code\u003e\u003c/a\u003e feat(spanner): release 1.84.1 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12663\"\u003e#12663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/7558990fffc196a58cecd2ac4289b7bb16290e22\"\u003e\u003ccode\u003e7558990\u003c/code\u003e\u003c/a\u003e fix: receive trailers to prevent buildup of pending goroutines (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12662\"\u003e#12662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1a8820900f20e038291c4bb2c5284a449196e81f\"\u003e\u003ccode\u003e1a88209\u003c/code\u003e\u003c/a\u003e feat(compute/metadata): add Options.UseDefaultClient (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12657\"\u003e#12657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/3edcbf3b5093322ca3f9a96cdc243c8043a01902\"\u003e\u003ccode\u003e3edcbf3\u003c/code\u003e\u003c/a\u003e chore(storage): update apiary dependency (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12654\"\u003e#12654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/c3574a2b4448330a9d46bdc810ebdc090f2d7246\"\u003e\u003ccode\u003ec3574a2\u003c/code\u003e\u003c/a\u003e feat(aiplatform): add FeatureViewDirectWrite API in v1 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/12645\"\u003e#12645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/auth/v0.16.3...auth/v0.16.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go/compute/metadata` from 0.7.0 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md\"\u003ecloud.google.com/go/compute/metadata's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eprofiler package added.\u003c/li\u003e\n\u003cli\u003estorage:\n\u003cul\u003e\n\u003cli\u003eRetry Objects.Insert call.\u003c/li\u003e\n\u003cli\u003eAdd ProgressFunc to WRiter.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003epubsub: breaking changes:\n\u003cul\u003e\n\u003cli\u003ePublish is now asynchronous (\u003ca href=\"https://groups.google.com/d/topic/google-api-go-announce/aaqRDIQ3rvU/discussion\"\u003eannouncement\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eSubscription.Pull replaced by Subscription.Receive, which takes a callback (\u003ca href=\"https://groups.google.com/d/topic/google-api-go-announce/8pt6oetAdKc/discussion\"\u003eannouncement\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eMessage.Done replaced with Message.Ack and Message.Nack.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e11d9d1a1722e191d3d017c08077f2c15189769a\"\u003e\u003ccode\u003ee11d9d1\u003c/code\u003e\u003c/a\u003e rpcreplay: file format and I/O\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/f5c3fe2352c8d679cfc47d2f102449571022c323\"\u003e\u003ccode\u003ef5c3fe2\u003c/code\u003e\u003c/a\u003e profiler: Add Cloud Profiler runtime agent for Go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/87cc1d286587530f709063127a1faef4ed8431c5\"\u003e\u003ccode\u003e87cc1d2\u003c/code\u003e\u003c/a\u003e rpcreplay: package doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/b4e9a381a01e953e880e6d2cf7fd02d412977cae\"\u003e\u003ccode\u003eb4e9a38\u003c/code\u003e\u003c/a\u003e storage: retry Objects.Insert call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9a04fc8dc5de830157ea2887ab5565f964c311a7\"\u003e\u003ccode\u003e9a04fc8\u003c/code\u003e\u003c/a\u003e trace: respond with trace context to report the sampling options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e8b5f2cc58266b603c1d7dc9f6ac0f254d1670df\"\u003e\u003ccode\u003ee8b5f2c\u003c/code\u003e\u003c/a\u003e spanner: Increased the maximum allowed sending and recieving msg size to 100 MB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/dd88571a2747f25e093c425b9a598db5bec04e57\"\u003e\u003ccode\u003edd88571\u003c/code\u003e\u003c/a\u003e bigtable: Fix documentation for timestamp range filters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/c60d02f3cdeb4bf91d4810e9e505800cad03ce9f\"\u003e\u003ccode\u003ec60d02f\u003c/code\u003e\u003c/a\u003e pubsub: clarify that Topic is goroutine-safe\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/69931d826ffbbcb4f8451b42d5cf7fc2ac6c7443\"\u003e\u003ccode\u003e69931d8\u003c/code\u003e\u003c/a\u003e bigquery: get streaming buffer info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/7d132fead24899d37a2aef0112d06b9d5b891d19\"\u003e\u003ccode\u003e7d132fe\u003c/code\u003e\u003c/a\u003e bigtable: Fix GCRuleToString when GcRule is nil\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/v0.7.0...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go/iam` from 1.5.2 to 1.5.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/bf00b9db931a52688d14eb44d4fdf4443338dc9a\"\u003e\u003ccode\u003ebf00b9d\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13076\"\u003e#13076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9dd3adf2bb0d57dff8d85f89a29e8cea03274c29\"\u003e\u003ccode\u003e9dd3adf\u003c/code\u003e\u003c/a\u003e chore: bump changed modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13075\"\u003e#13075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9f9d01f1ba68b8352c76ff582f6a5c6adc22663b\"\u003e\u003ccode\u003e9f9d01f\u003c/code\u003e\u003c/a\u003e fix: upgrade gRPC service registration func (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13063\"\u003e#13063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/f14260d44bcc559ad063e9e2d70ae10b081b2b66\"\u003e\u003ccode\u003ef14260d\u003c/code\u003e\u003c/a\u003e chore(.github): restore deep-remove-regex entries (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13073\"\u003e#13073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e127d945db690aeec0c8b470a3bf63a2a646418c\"\u003e\u003ccode\u003ee127d94\u003c/code\u003e\u003c/a\u003e test(bigtable): refactor TestRetryApply for clarity (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13052\"\u003e#13052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/2930b5c509e774a071de56d1610ad5510e55fc01\"\u003e\u003ccode\u003e2930b5c\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13065\"\u003e#13065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/bc93e83f566ff1ea7682d785f40f2422c3ad0ed6\"\u003e\u003ccode\u003ebc93e83\u003c/code\u003e\u003c/a\u003e chore: bump changed modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13064\"\u003e#13064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/0ce207f307dab7c6bc907bee285694dd696ae66c\"\u003e\u003ccode\u003e0ce207f\u003c/code\u003e\u003c/a\u003e test(firestore): correct TestIntegration_WatchQuery (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13053\"\u003e#13053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/04ac2d2c53053fbcefac7bbf2cc5c0c0063e0866\"\u003e\u003ccode\u003e04ac2d2\u003c/code\u003e\u003c/a\u003e chore(.librarian): special-case fixes in state.yaml (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13062\"\u003e#13062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/b94c3ba69994d9c56ae8f302449dd8df6f287296\"\u003e\u003ccode\u003eb94c3ba\u003c/code\u003e\u003c/a\u003e fix(storage): remove default timeout for gRPC operations (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13022\"\u003e#13022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/iam/v1.5.2...iam/v1.5.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go/monitoring` from 1.24.2 to 1.24.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/bf00b9db931a52688d14eb44d4fdf4443338dc9a\"\u003e\u003ccode\u003ebf00b9d\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13076\"\u003e#13076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9dd3adf2bb0d57dff8d85f89a29e8cea03274c29\"\u003e\u003ccode\u003e9dd3adf\u003c/code\u003e\u003c/a\u003e chore: bump changed modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13075\"\u003e#13075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/9f9d01f1ba68b8352c76ff582f6a5c6adc22663b\"\u003e\u003ccode\u003e9f9d01f\u003c/code\u003e\u003c/a\u003e fix: upgrade gRPC service registration func (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13063\"\u003e#13063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/f14260d44bcc559ad063e9e2d70ae10b081b2b66\"\u003e\u003ccode\u003ef14260d\u003c/code\u003e\u003c/a\u003e chore(.github): restore deep-remove-regex entries (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13073\"\u003e#13073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e127d945db690aeec0c8b470a3bf63a2a646418c\"\u003e\u003ccode\u003ee127d94\u003c/code\u003e\u003c/a\u003e test(bigtable): refactor TestRetryApply for clarity (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13052\"\u003e#13052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/2930b5c509e774a071de56d1610ad5510e55fc01\"\u003e\u003ccode\u003e2930b5c\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13065\"\u003e#13065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/bc93e83f566ff1ea7682d785f40f2422c3ad0ed6\"\u003e\u003ccode\u003ebc93e83\u003c/code\u003e\u003c/a\u003e chore: bump changed modules (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13064\"\u003e#13064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/0ce207f307dab7c6bc907bee285694dd696ae66c\"\u003e\u003ccode\u003e0ce207f\u003c/code\u003e\u003c/a\u003e test(firestore): correct TestIntegration_WatchQuery (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13053\"\u003e#13053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/04ac2d2c53053fbcefac7bbf2cc5c0c0063e0866\"\u003e\u003ccode\u003e04ac2d2\u003c/code\u003e\u003c/a\u003e chore(.librarian): special-case fixes in state.yaml (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13062\"\u003e#13062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/b94c3ba69994d9c56ae8f302449dd8df6f287296\"\u003e\u003ccode\u003eb94c3ba\u003c/code\u003e\u003c/a\u003e fix(storage): remove default timeout for gRPC operations (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/13022\"\u003e#13022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/monitoring/v1.24.2...monitoring/v1.24.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cloud.google.com/go/storage` from 1.55.0 to 1.56.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1782dc379aaa69a69c08df54adcc6b93af691f7b\"\u003e\u003ccode\u003e1782dc3\u003c/code\u003e\u003c/a\u003e chore(main): release spanner 1.56.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9271\"\u003e#9271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/5f156e8c88f4729f569ee5b4ac9378dda3907997\"\u003e\u003ccode\u003e5f156e8\u003c/code\u003e\u003c/a\u003e feat(spanner/spansql): add support for CREATE VIEW with SQL SECURITY DEFINER ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e577006768472799930f3f5d62fc619732c4c460\"\u003e\u003ccode\u003ee577006\u003c/code\u003e\u003c/a\u003e chore(internal/actions): add touch flag to changefinder (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9325\"\u003e#9325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/dce9db4edb82502af57dfa7ac08b8d6a4b41ce44\"\u003e\u003ccode\u003edce9db4\u003c/code\u003e\u003c/a\u003e deps(bigqueyry): bump google.golang.org/api to 0.160.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9323\"\u003e#9323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/4b4c56706469866e2faeaae59e36ca52e62ecf7b\"\u003e\u003ccode\u003e4b4c567\u003c/code\u003e\u003c/a\u003e chore(visionai): add config to generate apiv1 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9322\"\u003e#9322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/053ea29437dae1bbe4f3351f90e92db714e6cbe4\"\u003e\u003ccode\u003e053ea29\u003c/code\u003e\u003c/a\u003e chore: update Go gapic generator to v0.40.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9314\"\u003e#9314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/d39c8a89af5864b2e8280bfc4517269e18d00c96\"\u003e\u003ccode\u003ed39c8a8\u003c/code\u003e\u003c/a\u003e chore(main): release pubsub 1.36.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9313\"\u003e#9313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/2b6b0da48517fd0b682077b0fdf6f6a8f162910b\"\u003e\u003ccode\u003e2b6b0da\u003c/code\u003e\u003c/a\u003e fix(pubsub): move flow control release to callback completion (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9311\"\u003e#9311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/97d62c7a6a305c47670ea9c147edc444f4bf8620\"\u003e\u003ccode\u003e97d62c7\u003c/code\u003e\u003c/a\u003e docs(maps/fleetengine): update comment on Waypoint (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9291\"\u003e#9291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/10c82609951329526f164a7ec4dd766eb8293382\"\u003e\u003ccode\u003e10c8260\u003c/code\u003e\u003c/a\u003e chore(internal/gapicgen/git): run gofmt (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/9307\"\u003e#9307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/spanner/v1.55.0...spanner/v1.56.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/CycloneDX/cyclonedx-go` from 0.9.2 to 0.9.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/releases\"\u003egithub.com/CycloneDX/cyclonedx-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.9.3\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e6636ce32f8b15a5104fda6636937e91d62d647e7: fix: \u003ccode\u003e.component.data\u003c/code\u003e was not a slice as per CycloneDX schema \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/242\"\u003e#242\u003c/a\u003e (\u003ca href=\"https://github.com/madpah\"\u003e\u003ccode\u003e@​madpah\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e3e0f245f7b936eb38e16d0518a2a0020c0d69223: fix: add missing properties (\u003ca href=\"https://github.com/rdghe\"\u003e\u003ccode\u003e@​rdghe\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBuilding and Packaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e24c8c33dd36390754b63f9ab056b2bf62b1eb70f: build(deps): bump actions/setup-go from 5.2.0 to 5.4.0 (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e5fcf097fbdcedb6832989d0a74195f0698b48de8: build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003eedea8aedbc8467a478ac4b11d587c9bdff68f0dd: build(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003ef32eebc413c71327df4fd6f264aa9f22e6e8cce1: build(deps): bump gitpod/workspace-go from \u003ccode\u003e4702df2\u003c/code\u003e to \u003ccode\u003e8985eb7\u003c/code\u003e (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e7fdaa7fc2b0fe25ff5eb17d57bede84131415674: build(deps): bump gitpod/workspace-go from \u003ccode\u003e6932342\u003c/code\u003e to \u003ccode\u003e4702df2\u003c/code\u003e (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003ed62ea3cd450cbd3aebcbf9a50c8d12b2e4187b13: build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e4709461dea7961fbd824e433b3c68217ff856122: build(deps): bump goreleaser/goreleaser-action from 6.1.0 to 6.3.0 (\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/72e4629d580624c7d6bd815e2d209a0a62d08047\"\u003e\u003ccode\u003e72e4629\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/243\"\u003e#243\u003c/a\u003e from madpah/fix/component-data-schema\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/6636ce32f8b15a5104fda6636937e91d62d647e7\"\u003e\u003ccode\u003e6636ce3\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003e.component.data\u003c/code\u003e was not a slice as per CycloneDX schema \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/242\"\u003e#242\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/a39bf6be93d4ecca076f4379031dc24cddac4937\"\u003e\u003ccode\u003ea39bf6b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/232\"\u003e#232\u003c/a\u003e from CycloneDX/dependabot/github_actions/actions/setu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/cff8cd548a906d6a5534b60056f2ab4b3e9c522b\"\u003e\u003ccode\u003ecff8cd5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/233\"\u003e#233\u003c/a\u003e from CycloneDX/dependabot/docker/gitpod/workspace-go-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/6a93b76287597c06d2aa64e9281bb8e003bb8bbb\"\u003e\u003ccode\u003e6a93b76\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/234\"\u003e#234\u003c/a\u003e from rdghe/fix/add-missing-properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/3e0f245f7b936eb38e16d0518a2a0020c0d69223\"\u003e\u003ccode\u003e3e0f245\u003c/code\u003e\u003c/a\u003e fix: add missing properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/f32eebc413c71327df4fd6f264aa9f22e6e8cce1\"\u003e\u003ccode\u003ef32eebc\u003c/code\u003e\u003c/a\u003e build(deps): bump gitpod/workspace-go from \u003ccode\u003e4702df2\u003c/code\u003e to \u003ccode\u003e8985eb7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/5fcf097fbdcedb6832989d0a74195f0698b48de8\"\u003e\u003ccode\u003e5fcf097\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/setup-go from 5.4.0 to 5.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/75427c8613483b8939c4c5916d55f00fc1f458ef\"\u003e\u003ccode\u003e75427c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/222\"\u003e#222\u003c/a\u003e from CycloneDX/dependabot/docker/gitpod/workspace-go-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/commit/551624d8f7fd283bc4b8d25fde912659b3f9a18e\"\u003e\u003ccode\u003e551624d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-go/issues/217\"\u003e#217\u003c/a\u003e from CycloneDX/dependabot/github_actions/apache/skywa...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/CycloneDX/cyclonedx-go/compare/v0.9.2...v0.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp` from 1.29.0 to 1.30.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/releases\"\u003egithub.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.5.1 and v0.29.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle explicit reset points in the disabled normalizer by \u003ca href=\"https://github.com/dashpole\"\u003e\u003ccode\u003e@​dashpole\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/378\"\u003eGoogleCloudPlatform/opentelemetry-operations-go#378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd struct tag for sum of squared deviations estimate and factory test. by \u003ca href=\"https://github.com/dashpole\"\u003e\u003ccode\u003e@​dashpole\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/GoogleCloudPlatform/op...\n\n_Description has been truncated_","html_url":"https://github.com/cyrillesondag/paketo-buildpacks-pnpm/pull/69","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyrillesondag%2Fpaketo-buildpacks-pnpm/issues/69","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/69/packages"}}]}