ABRoot is a utility that provides full immutability and atomicity to a Linux system, by transacting between two root filesystems. Updates are performed using OCI images, to ensure that the system is always in a consistent state.
[release-1.35] CVE-2024-3727 updates
integration test: handle new labels in "bud and test --unsetlabel"
[release-1.35] Bump go-jose CVE-2024-28180
[release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
v1.35.3 (2024-03-28)
[release-1.35] Bump c/common to v0.58.1
v1.35.2 (2024-03-22)
[release-1.35] CVE-2024-24786 protobuf to 1.33
[release-1.35] Bump to v1.35.2-dev
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/containers/buildah from 1.35.1 to 1.35.4.
Release notes
Sourced from github.com/containers/buildah's releases.
Changelog
Sourced from github.com/containers/buildah's changelog.
Commits
c2926ea
[release-1.35] Bump to Buildah v1.35.4f905965
[release-1.35] CVE-2024-3727 updatesd1d1b54
Merge pull request #5503 from openshift-cherrypick-robot/cherry-pick-5487-to-...a676663
integration test: handle new labels in "bud and test --unsetlabel"e20b67d
Merge pull request #5481 from TomSweeneyRedHat/dev/tsweeney/cve-jose-1.35-pt2820caaf
[release-1.35] Bump go-jose CVE-2024-281800b93c87
Merge pull request #5467 from TomSweeneyRedHat/dev/tsweeney/cve-jose-1.35c7296dd
[release-1.35] Bump ocicrypt and go-jose CVE-2024-28180e7f6ef5
Merge pull request #5441 from TomSweeneyRedHat/dev/tsweeney/1.35_common_0.58.19f0251c
[release-1.35] Bump to Buildah v1.35.3Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show