This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/containerd/containerd	`v1.6.20` -> `v1.6.26`

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

GHSA-7ww5-4wqc-m92c

/sys/devices/virtual/powercap accessible by default to containers

Intel's RAPL (Running Average Power Limit) feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs (model specific registers) and provides unprivileged userspace access via sysfs. As RAPL is an interface to access a hardware feature, it is only available when running on bare metal with the module compiled into the kernel.

By 2019, it was realized that in some cases unprivileged access to RAPL readings could be exploited as a power-based side-channel against security features including AES-NI (potentially inside a SGX enclave) and KASLR (kernel address space layout randomization). Also known as the PLATYPUS attack, Intel assigned CVE-2020-8694 and CVE-2020-8695, and AMD assigned CVE-2020-12912.

Several mitigations were applied; Intel reduced the sampling resolution via a microcode update, and the Linux kernel prevents access by non-root users since 5.10. However, this kernel-based mitigation does not apply to many container-based scenarios:

Unless using user namespaces, root inside a container has the same level of privilege as root outside the container, but with a slightly more narrow view of the system
sysfs is mounted inside containers read-only; however only read access is needed to carry out this attack on an unpatched CPU

While this is not a direct vulnerability in container runtimes, defense in depth and safe defaults are valuable and preferred, especially as this poses a risk to multi-tenant container environments. This is provided by masking /sys/devices/virtual/powercap in the default mount configuration, and adding an additional set of rules to deny it in the default AppArmor profile.

While sysfs is not the only way to read from the RAPL subsystem, other ways of accessing it require additional capabilities such as CAP_SYS_RAWIO which is not available to containers by default, or perf paranoia level less than 1, which is a non-default kernel tunable.

References

Release Notes

containerd/containerd (github.com/containerd/containerd)

### [`v1.6.26`](https://togithub.com/containerd/containerd/releases/tag/v1.6.26): containerd 1.6.26 [Compare Source](https://togithub.com/containerd/containerd/compare/v1.6.25...v1.6.26) Welcome to the v1.6.26 release of containerd! The twenty-sixth patch release for containerd 1.6 contains various fixes and updates. ##### Notable Updates - **Fix windows default path overwrite issue** ([#9441](https://togithub.com/containerd/containerd/pull/9441)) - **Update push to inherit distribution sources from parent** ([#9453](https://togithub.com/containerd/containerd/pull/9453)) - **Mask `/sys/devices/virtual/powercap` path in runtime spec and deny in default apparmor profile** ([GHSA-7ww5-4wqc-m92c](https://togithub.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c)) ##### Deprecation Warnings - **Emit deprecation warning for AUFS snapshotter usage** ([#9448](https://togithub.com/containerd/containerd/pull/9448)) - **Emit deprecation warning for v1 runtime usage** ([#9468](https://togithub.com/containerd/containerd/pull/9468)) - **Emit deprecation warning for CRI v1alpha1 usage** ([#9468](https://togithub.com/containerd/containerd/pull/9468)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ##### Contributors - Samuel Karp - Derek McGowan - Kohei Tokunaga - Phil Estes - Bjorn Neergaard - Sebastiaan van Stijn - Brian Goff - Charity Kathure - Kazuyoshi Kato - Milas Bowman - Wei Fu - ruiwen-zhao ##### Changes

30 commits

- \[release/1.6] Prepare release notes for v1.6.26 ([#9490](https://togithub.com/containerd/containerd/pull/9490)) - [`ac5c5d3e0`](https://togithub.com/containerd/containerd/commit/ac5c5d3e03ab3c5b8103a1c0bd9931389f7a8fcf) Prepare release notes for v1.6.26 - Github Security Advisory [GHSA-7ww5-4wqc-m92c](https://togithub.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c) - [`02f07fe19`](https://togithub.com/containerd/containerd/commit/02f07fe1994a3ddda3626c1ede2e32bc82b8e426) contrib/apparmor: deny /sys/devices/virtual/powercap - [`c94577e78`](https://togithub.com/containerd/containerd/commit/c94577e78d2924ddeb90d1601e31b50ee3acac48) oci/spec: deny /sys/devices/virtual/powercap - \[release/1.6] update to go1.20.12, test go1.21.5 ([#9472](https://togithub.com/containerd/containerd/pull/9472)) - [`7cbdfc92e`](https://togithub.com/containerd/containerd/commit/7cbdfc92ef38f789f1a2773fa6fac405d361a6cc) update to go1.20.12, test go1.21.5 - [`024b1cce6`](https://togithub.com/containerd/containerd/commit/024b1cce6b27f10e00bb9bde33a5fe9563545f8d) update to go1.20.11, test go1.21.4 - \[release/1.6] Add cri-api v1alpha2 usage warning to all api calls ([#9484](https://togithub.com/containerd/containerd/pull/9484)) - [`64e56bfde`](https://togithub.com/containerd/containerd/commit/64e56bfde95828660971673d20952f275cc2c0ba) Add cri-api v1alpha2 usage warning to all api calls - \[release/1.6] tasks: emit warning for v1 runtime and runc v1 runtime ([#9468](https://togithub.com/containerd/containerd/pull/9468)) - [`efefd3bf3`](https://togithub.com/containerd/containerd/commit/efefd3bf334b5df0e97bff0be61ba906a9b3b528) tasks: emit warning for runc v1 runtime - [`7825689b4`](https://togithub.com/containerd/containerd/commit/7825689b4c4d68cc1cc3c6dd072c2c2ec7b2d88e) tasks: emit warning for v1 runtime - \[release/1.6] snapshots: emit deprecation warning for aufs ([#9448](https://togithub.com/containerd/containerd/pull/9448)) - [`7cfe7052f`](https://togithub.com/containerd/containerd/commit/7cfe7052f4a2ad97e4e8032469aef588d2f0858c) snapshots: emit deprecation warning for aufs - \[release/1.6] cherry-pick/backport: Update golangci lint ([#9455](https://togithub.com/containerd/containerd/pull/9455)) - [`a1ae572a2`](https://togithub.com/containerd/containerd/commit/a1ae572a2778bf599e93929f5145f707b667f508) Fix linter error with updated linter - [`b638791d6`](https://togithub.com/containerd/containerd/commit/b638791d66b2e34f044f04736632995446b79314) ci: bump up golangci-lint to v1.55.0 - [`2370a2842`](https://togithub.com/containerd/containerd/commit/2370a2842318833b16a8274835374d0811c2ed28) Fix linter issues for golangci-lint 1.54.2 - [`8a65e2e31`](https://togithub.com/containerd/containerd/commit/8a65e2e31b6710f94be64c7fada727bd2569d16f) Bump up golangci-lint to v1.54.2 - [`969f8feb2`](https://togithub.com/containerd/containerd/commit/969f8feb2e0932a9f9c69f1696e552fcdcd2b31b) Bump up golangci-lint to v1.52.2 - \[release/1.6] push: inherit distribution sources from parent ([#9453](https://togithub.com/containerd/containerd/pull/9453)) - [`66959fdf5`](https://togithub.com/containerd/containerd/commit/66959fdf50d16520a84fb14c9467c0d87b7f0274) push: inherit distribution sources from parent - [`b4dcffcfb`](https://togithub.com/containerd/containerd/commit/b4dcffcfbff2694796a04243728700b37dc78d8e) content: add InfoProvider interface - [`bef4145c1`](https://togithub.com/containerd/containerd/commit/bef4145c141ad2c37e7797b4dc53b8e429b368ae) Change PushContent to require only Provider - \[release/1.6] Bump google.golang.org/grpc to v1.58.3 ([#9408](https://togithub.com/containerd/containerd/pull/9408)) - [`a5fc21060`](https://togithub.com/containerd/containerd/commit/a5fc21060b5254be9ca28e63c1c5a7364b551ca5) vendor: google.golang.org/grpc v1.58.3 - [`4fa05b3d8`](https://togithub.com/containerd/containerd/commit/4fa05b3d83488e4bc81241db1a65ca00fedec45d) Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 - \[release/1.6] Windows default path overwrite fix ([#9441](https://togithub.com/containerd/containerd/pull/9441)) - [`ede0ad5e1`](https://togithub.com/containerd/containerd/commit/ede0ad5e12826d574623a79b71bb1fbc49e75172) Fix windows default path overwrite issue

##### Dependency Changes - **cloud.google.com/go/compute/metadata** v0.2.3 ***new*** - **github.com/cespare/xxhash/v2** v2.1.2 -> v2.2.0 - **github.com/golang/protobuf** v1.5.2 -> v1.5.3 - **github.com/klauspost/compress** v1.11.13 -> v1.15.9 - **go.opencensus.io** v0.23.0 -> v0.24.0 - **golang.org/x/oauth2** [`2bc19b1`](https://togithub.com/containerd/containerd/commit/2bc19b11175f) -> v0.10.0 - **golang.org/x/sync** v0.1.0 -> v0.3.0 - **google.golang.org/grpc** v1.50.1 -> v1.58.3 - **google.golang.org/protobuf** v1.28.1 -> v1.31.0 Previous release can be found at [v1.6.25](https://togithub.com/containerd/containerd/releases/tag/v1.6.25) ### [`v1.6.25`](https://togithub.com/containerd/containerd/releases/tag/v1.6.25): containerd 1.6.25 [Compare Source](https://togithub.com/containerd/containerd/compare/v1.6.24...v1.6.25) Welcome to the v1.6.25 release of containerd! The twenty-fifth patch release for containerd 1.6 contains various fixes and updates. ##### Notable Updates - **Check whether content did not needs to be pushed to remote registry and cross-repo mounted or already existed** ([#9111](https://togithub.com/containerd/containerd/pull/9111)) - **Soft deprecate log package** ([#9105](https://togithub.com/containerd/containerd/pull/9105)) - **Always try to establish tls connection when tls configured** ([#9189](https://togithub.com/containerd/containerd/pull/9189)) - **CRI: stop recommending disable_cgroup** ([#9169](https://togithub.com/containerd/containerd/pull/9169)) - **Allow for images with artifacts layers to pull** ([#9150](https://togithub.com/containerd/containerd/pull/9150)) - **Require plugins to succeed after registering readiness** ([#9166](https://togithub.com/containerd/containerd/pull/9166)) - **Avoid potential deadlock in create handler in containerd-shim-runc-v2** ([#9210](https://togithub.com/containerd/containerd/pull/9210)) - **Add handling for missing basic auth credentials** ([#9236](https://togithub.com/containerd/containerd/pull/9236)) - **Add a new image label if it is docker schema 1** ([#9267](https://togithub.com/containerd/containerd/pull/9267)) - **Fix ambiguous tls fallback** ([#9300](https://togithub.com/containerd/containerd/pull/9300)) - **Expose usage of deprecated features** ([#9329](https://togithub.com/containerd/containerd/pull/9329)) - **Fix shimv1 leak issue** ([#9345](https://togithub.com/containerd/containerd/pull/9345)) - **Go version update to 1.20.10**([#9264](https://togithub.com/containerd/containerd/pull/9264)) - **Update runc to v1.1.10** ([#9360](https://togithub.com/containerd/containerd/pull/9360)) - **CRI: fix using the pinned label to pin image** ([#9382](https://togithub.com/containerd/containerd/pull/9382)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ##### Contributors - Samuel Karp - Derek McGowan - Sebastiaan van Stijn - Phil Estes - Wei Fu - Kazuyoshi Kato - Akhil Mohan - Akihiro Suda - Chen Yiyang - Fabian Hoffmann - Iceber Gu - Mike Brown - Paweł Gronowski - Austin Vazquez - Fahed Dorgaa - James Sturtevant - Kern Walster - Marat Radchenko - Qiutong Song - Tony Fouchard - ruiwen-zhao ##### Changes

82 commits

- \[release/1.6] Prepare release notes for v1.6.25 ([#9394](https://togithub.com/containerd/containerd/pull/9394)) - [`723d26ab2`](https://togithub.com/containerd/containerd/commit/723d26ab2efbaa81ce5e617a7fc3729c40f7f98d) Prepare release notes for v1.6.25 - [`1f865eba1`](https://togithub.com/containerd/containerd/commit/1f865eba1f424b0bd53087819d7697f0c6639bca) update mailmap - \[release/1.6] cri: fix using the pinned label to pin image ([#9382](https://togithub.com/containerd/containerd/pull/9382)) - [`b49815300`](https://togithub.com/containerd/containerd/commit/b4981530050c4b8efb8cab8d41b28d81eb21462d) cri: fix update of pinned label for images - [`751b0c186`](https://togithub.com/containerd/containerd/commit/751b0c1867b2fd52dccae7bafe5f453c99c65076) cri: fix using the pinned label to pin image - \[Release/1.6] vendor: golang.org/x/net v0.17.0 ([#9387](https://togithub.com/containerd/containerd/pull/9387)) - [`fb5568608`](https://togithub.com/containerd/containerd/commit/fb5568608079ed772381c52297e474c9f951d285) vendor: golang.org/x/net v0.17.0 - [`61ad86f6f`](https://togithub.com/containerd/containerd/commit/61ad86f6f9ce78c67a4ece671e1b91be080dcf61) vendor: golang.org/x/text v0.13.0 - [`4b431c844`](https://togithub.com/containerd/containerd/commit/4b431c8441f38049d266a69da7e2a7045af5f2dc) vendor: golang.org/x/sys v0.13.0 - \[Release/1.6] CVE-2022-1996 fix for go-restful ([#9385](https://togithub.com/containerd/containerd/pull/9385)) - [`62d402275`](https://togithub.com/containerd/containerd/commit/62d402275cdee9748c08690156f9ccb724d7c061) Remove CVE-2022-1996 from containerd binary upgrading go-restful to 2.16.0 - \[release/1.6] Enhance container image unpack client logs ([#9380](https://togithub.com/containerd/containerd/pull/9380)) - [`3e68bf65a`](https://togithub.com/containerd/containerd/commit/3e68bf65af4405c517b4292a24781dc4e1419ac8) Enhance container image unpack client logs - \[release/1.6] update github.com/containerd/nri v0.1.1 ([#9107](https://togithub.com/containerd/containerd/pull/9107)) - [`0dd65c826`](https://togithub.com/containerd/containerd/commit/0dd65c826ebcaf2376c4d38d3bbe99345bf64b86) \[release/1.6] update github.com/containerd/nri v0.1.1 - \[release/1.6 backport] update runc binary to v1.1.10 ([#9360](https://togithub.com/containerd/containerd/pull/9360)) - [`c73be2446`](https://togithub.com/containerd/containerd/commit/c73be2446e4414c701e7fce7b8f391c3dd113e8b) update runc binary to v1.1.10 - \[release/1.6] Expose usage of cri-api v1alpha2 ([#9357](https://togithub.com/containerd/containerd/pull/9357)) - [`746bcf2eb`](https://togithub.com/containerd/containerd/commit/746bcf2ebb7950dafe89a0dcf8db48b428fdd2d1) Expose usage of cri-api v1alpha2 - \[release/1.6] fix: shimv1 leak issue ([#9345](https://togithub.com/containerd/containerd/pull/9345)) - [`8b51a95fb`](https://togithub.com/containerd/containerd/commit/8b51a95fb2b05dd3a2c00f16606656300cc8a1cf) fix: shimv1 leak issue - \[release/1.6] update to go1.20.10, test go1.21.3 ([#9264](https://togithub.com/containerd/containerd/pull/9264)) - [`6741f819b`](https://togithub.com/containerd/containerd/commit/6741f819bfe4e8da485af2d0e1c7b134b40543b2) \[release/1.6] update to go1.20.10, test go1.21.3 - [`49615a0e9`](https://togithub.com/containerd/containerd/commit/49615a0e9e6f10fc0c13d509d2fc86f3bed63adc) \[release/1.6] update to go1.20.9, test go1.21.2 - \[release/1.6] cri: add deprecation warnings for mirrors, auths, and configs ([#9355](https://togithub.com/containerd/containerd/pull/9355)) - [`b68204e53`](https://togithub.com/containerd/containerd/commit/b68204e53b39cb705e85283a8f4f2f6082ac484c) cri: add deprecation warning for configs - [`ae8c58319`](https://togithub.com/containerd/containerd/commit/ae8c58319d8144e583f7f3796a074b9090ae16e8) cri: add deprecation warning for auths - [`455edcad2`](https://togithub.com/containerd/containerd/commit/455edcad2cb5f414ef67001f0bdae9f9440cfad8) cri: add deprecation warning for mirrors - [`878823f4d`](https://togithub.com/containerd/containerd/commit/878823f4d26c4b1c823e6d194521b3e9d1309add) cri: add ability to emit deprecation warnings - \[release/1.6] deprecation: new package for deprecations ([#9329](https://togithub.com/containerd/containerd/pull/9329)) - [`477b7d6a1`](https://togithub.com/containerd/containerd/commit/477b7d6a1a8a4c8731605316e7f67b6bdb742bd8) ctr: new deprecations command - [`24068b813`](https://togithub.com/containerd/containerd/commit/24068b813360602d59bc31b766fe79c5d3e82fb6) dynamic: record deprecation for dynamic plugins - [`218c7a1df`](https://togithub.com/containerd/containerd/commit/218c7a1df9ba3d2b28bbde72b772ccb3c3c061ed) server: add ability to record config deprecations - [`dfb9e1deb`](https://togithub.com/containerd/containerd/commit/dfb9e1deb9e749380518fdc6c732c55e5e2230a4) pull: record deprecation warning for schema 1 - [`90b42da6f`](https://togithub.com/containerd/containerd/commit/90b42da6f4496d2be76d462a5300cac92f0a07ef) introspection: add support for deprecations - [`0b6766b37`](https://togithub.com/containerd/containerd/commit/0b6766b3741274e0a2c73eb96378d9cb8381b97d) api/introspection: deprecation warnings in server - [`de3cb4c18`](https://togithub.com/containerd/containerd/commit/de3cb4c18660abcb3d2e4b1d8dec0085e3d51077) warning: new service for deprecations - [`da1b4419b`](https://togithub.com/containerd/containerd/commit/da1b4419b25f35315ca297d2b058d2655f9d25fd) deprecation: new package for deprecations - \[release/1.6] integration: deflake TestIssue9103 ([#9353](https://togithub.com/containerd/containerd/pull/9353)) - [`bca8a3f65`](https://togithub.com/containerd/containerd/commit/bca8a3f653d234e5356ab445eca9f6da0316ab77) integration: deflake TestIssue9103 - \[release/1.6] ci: Use Vagrant on ubuntu-latest-4-cores ([#9332](https://togithub.com/containerd/containerd/pull/9332)) - [`0985f7a43`](https://togithub.com/containerd/containerd/commit/0985f7a43db3e69a0c6d67d39b9397e5af71deca) ci: Use Vagrant on ubuntu-latest-4-cores - \[release/1.6] Fix ambiguous tls fallback ([#9300](https://togithub.com/containerd/containerd/pull/9300)) - [`5dd64301c`](https://togithub.com/containerd/containerd/commit/5dd64301c89ad1e428a746f0e90d9d72b45fe1b8) Check scheme and host of request on push redirect - [`51df21d09`](https://togithub.com/containerd/containerd/commit/51df21d09ebfac3e3470529fe1372ca22496e606) Avoid TLS fallback when protocol is not ambiguous - \[release/1.6] Add a new image label if it is docker schema 1 ([#9267](https://togithub.com/containerd/containerd/pull/9267)) - [`8108f0d03`](https://togithub.com/containerd/containerd/commit/8108f0d036be2c36f7fc69dd85286d299ee0bf7b) Add a new image label if it is docker schema 1 - \[release/1.6 backport] fix protobuf aarch64 ([#9284](https://togithub.com/containerd/containerd/pull/9284)) - [`5376afb3d`](https://togithub.com/containerd/containerd/commit/5376afb3dbec05541b018e361f1343f20dec3ada) fix protobuf aarch64 - \[release/1.6] remotes: add handling for missing basic auth credentials ([#9236](https://togithub.com/containerd/containerd/pull/9236)) - [`e529741d3`](https://togithub.com/containerd/containerd/commit/e529741d3f102c7b558255d0e8b053c4e0858bc1) remotes: add handling for missing basic auth credentials - [`ca45b92f4`](https://togithub.com/containerd/containerd/commit/ca45b92f4388ec7d0aa023f305891ec527b64484) Add ErrUnexpectedStatus to resolver - [`77c0175b4`](https://togithub.com/containerd/containerd/commit/77c0175b4269da0b409e1434576c1f86bf9a869c) Improve ErrUnexpectedStatus default string - \[release/1.6] Update x/net to 0.13 ([#9130](https://togithub.com/containerd/containerd/pull/9130)) - [`275fc594d`](https://togithub.com/containerd/containerd/commit/275fc594d8cf462d647b7c2f4dbfd2c8812d87ed) Bump x/net to 0.13 - \[release/1.6] Require plugins to succeed after registering readiness ([#9166](https://togithub.com/containerd/containerd/pull/9166)) - [`5223bf39a`](https://togithub.com/containerd/containerd/commit/5223bf39a636be1d347f9d73be2131e102922695) Require plugins to succeed after registering readiness - [`8f5eba314`](https://togithub.com/containerd/containerd/commit/8f5eba3148d91023df4277c705debb199fa85c57) cri: call RegisterReadiness after NewCRIService - \[release/1.6 backport] containerd-shim-runc-v2: avoid potential deadlock in create handler ([#9210](https://togithub.com/containerd/containerd/pull/9210)) - [`7b61862e7`](https://togithub.com/containerd/containerd/commit/7b61862e7c3e3410318bb723671954b101acec33) \*: add runc-fp as runc wrapper to inject failpoint - [`5238a6470`](https://togithub.com/containerd/containerd/commit/5238a6470ca921fe7e47f25b022ea815a1d6f9b4) containerd-shim-runc-v2: avoid potential deadlock in create handler - [`65e908ee1`](https://togithub.com/containerd/containerd/commit/65e908ee1370432a09c81d8f7bc7568ff3d7e784) containerd-shim-runc-v2: remove unnecessary `s.getContainer()` - [`1dd9acecb`](https://togithub.com/containerd/containerd/commit/1dd9acecb85860e374b750d908b33c44e4f75564) Uncopypaste parsing of OCI Bundle spec file - [`71c89ddf2`](https://togithub.com/containerd/containerd/commit/71c89ddf24b05743d9be6b12907dc22719ef769d) \[release/1.6]: Vagrantfile: install failpoint binaries - \[release/1.6] cri: stop recommending disable_cgroup ([#9169](https://togithub.com/containerd/containerd/pull/9169)) - [`7a0c8b6b7`](https://togithub.com/containerd/containerd/commit/7a0c8b6b750cbd2bf2377f1d4961609ea1ec6667) cri: stop recommending disable_cgroup - \[release/1.6] Allow for images with artifacts to pull ([#9150](https://togithub.com/containerd/containerd/pull/9150)) - [`8066dd81c`](https://togithub.com/containerd/containerd/commit/8066dd81ca673fcf4c8887069769592ba9fd694d) Allow for images with artifacts to pull - \[release 1.6] remotes/docker: Fix MountedFrom prefixed with target repository ([#9192](https://togithub.com/containerd/containerd/pull/9192)) - [`2fffc344a`](https://togithub.com/containerd/containerd/commit/2fffc344ad661b37a3dae6102b47f887c946f105) remotes/docker: Fix MountedFrom prefixed with target repository - \[release/1.6] remotes: always try to establish tls connection when tls configured ([#9189](https://togithub.com/containerd/containerd/pull/9189)) - [`6b5912220`](https://togithub.com/containerd/containerd/commit/6b591222096f12902ca8269668b36093edcc1899) remotes: always try to establish tls connection when tls configured - \[release/1.6] Build binaries with 1.21.1 ([#9180](https://togithub.com/containerd/containerd/pull/9180)) - [`37c758de1`](https://togithub.com/containerd/containerd/commit/37c758de159bce9544e65fefc81019af9fb0be69) Build binaries with 1.21.1 - \[release/1.6 backport] alias log package to github.com/containerd/log v0.1.0 ([#9105](https://togithub.com/containerd/containerd/pull/9105)) - [`f1591cc9b`](https://togithub.com/containerd/containerd/commit/f1591cc9b9d7f1b73f1c50cdca0ca577959eed48) alias log package to github.com/containerd/log v0.1.0 - [`f68d2d93b`](https://togithub.com/containerd/containerd/commit/f68d2d93b8c815b8687b85c932a8de2960ad2db7) vendor: golang.org/x/sys v0.7.0 - [`f305fb233`](https://togithub.com/containerd/containerd/commit/f305fb233db9764fcd9e83e9078fee213202c3ff) vendor: github.com/stretchr/testify v1.8.4 - [`4e24a30af`](https://togithub.com/containerd/containerd/commit/4e24a30af397b0d4dd6a417467eede3386381516) vendor: github.com/sirupsen/logrus v1.9.3 - \[release/1.6] remotes/docker: Add MountedFrom and Exists push status ([#9111](https://togithub.com/containerd/containerd/pull/9111)) - [`b66c818ba`](https://togithub.com/containerd/containerd/commit/b66c818ba6bd9e4fe139a6f9d988b3724c7a54ec) remotes/docker: Add MountedFrom and Exists push status

##### Changes from containerd/log

9 commits

- Update golangci to 1.49 ([#1](https://togithub.com/containerd/log/pull/1)) - [`89c9a54`](https://togithub.com/containerd/log/commit/89c9a54561e8736fddc519cf033d936de65ebe67) Update golangci to 1.49 - [`cf26711`](https://togithub.com/containerd/log/commit/cf267115d825238992448dbe1cd6cd440c934d8a) Update description in README - [`f9f250c`](https://togithub.com/containerd/log/commit/f9f250cc3a5d033c759b715aa09ff7cdbfc19500) Add project details - [`fb7fe3d`](https://togithub.com/containerd/log/commit/fb7fe3d663dee55b38f2ab094d9ac794dcacba40) Add github CI flow - [`7e13034`](https://togithub.com/containerd/log/commit/7e13034365475c99956f31770c43e296fc6d1a98) Add go module - [`16a3c76`](https://togithub.com/containerd/log/commit/16a3c768269b03fe62fff34d3a76528335a35064) Rename log import from logtest - [`698c398`](https://togithub.com/containerd/log/commit/698c39829fd9372465cb2537db16a7346afb9f31) Add README - [`87c83c4`](https://togithub.com/containerd/log/commit/87c83c42bbd22c5f1d3725fc5006b35217b4629a) Add license file

##### Changes from containerd/nri

3 commits

- \[release/0.1 backport] remove containerd as dependency ([#58](https://togithub.com/containerd/nri/pull/58)) - [`4275101`](https://togithub.com/containerd/nri/commit/42751010c8e875a07117c74bfe57c011ae491594) Task: fix typo in godoc - [`f6acbf1`](https://togithub.com/containerd/nri/commit/f6acbf1dc5b357d216af8ffca9d26dd0db3e4ef1) remove containerd as dependency

##### Dependency Changes - **github.com/containerd/log** v0.1.0 ***new*** - **github.com/containerd/nri** v0.1.0 -> v0.1.1 - **github.com/emicklei/go-restful** v2.9.5 -> v2.16.0 - **github.com/sirupsen/logrus** v1.9.0 -> v1.9.3 - **github.com/stretchr/testify** v1.8.1 -> v1.8.4 - **golang.org/x/crypto** [`3147a52`](https://togithub.com/containerd/containerd/commit/3147a52a75dd) -> v0.14.0 - **golang.org/x/net** v0.8.0 -> v0.17.0 - **golang.org/x/sys** v0.6.0 -> v0.13.0 - **golang.org/x/term** v0.6.0 -> v0.13.0 - **golang.org/x/text** v0.8.0 -> v0.13.0 Previous release can be found at [v1.6.24](https://togithub.com/containerd/containerd/releases/tag/v1.6.24) ### [`v1.6.24`](https://togithub.com/containerd/containerd/releases/tag/v1.6.24): containerd 1.6.24 [Compare Source](https://togithub.com/containerd/containerd/compare/v1.6.23...v1.6.24) Welcome to the v1.6.24 release of containerd! The twenty-fourth patch release for containerd 1.6 contains various fixes and updates. ##### Notable Updates - **CRI: fix leaked shim caused by high IO pressure** ([#9004](https://togithub.com/containerd/containerd/pull/9004)) - **Update to go1.20.8** ([#9073](https://togithub.com/containerd/containerd/pull/9073)) - **Update runc to v1.1.9** ([#8966](https://togithub.com/containerd/containerd/pull/8966)) - **Backport: add configurable mount options to overlay snapshotter** ([#8961](https://togithub.com/containerd/containerd/pull/8961)) - **log: cleanups and improvements to decouple more from logrus** ([#9002](https://togithub.com/containerd/containerd/pull/9002)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ##### Contributors - Sebastiaan van Stijn - Akihiro Suda - Wei Fu - Derek McGowan - Akhil Mohan - Cardy.Tang - Danny Canter - Kazuyoshi Kato - Mike Brown - Phil Estes - Samuel Karp ##### Changes

45 commits

- \[release/1.6] Prepare release notes for v1.6.24 ([#9087](https://togithub.com/containerd/containerd/pull/9087)) - [`cdd59290d`](https://togithub.com/containerd/containerd/commit/cdd59290d051ffd8b5e730f96930c42cad65beac) Prepare release notes for v1.6.24 - \[release/1.6 backport] log: cleanups and improvements to decouple more from logrus ([#9002](https://togithub.com/containerd/containerd/pull/9002)) - [`33c2d88e7`](https://togithub.com/containerd/containerd/commit/33c2d88e7809eb42b0e9711c29a35c25a12dc18c) Revert "log: define G() as a function instead of a variable" - [`0a7f2975e`](https://togithub.com/containerd/containerd/commit/0a7f2975efbad7baddb31c36fb142db2a793534c) log: swap logrus functions with their equivalent on default logger - [`9d175a19b`](https://togithub.com/containerd/containerd/commit/9d175a19b7cbe165cb6285c891b384d518e2686b) log: add package documentation and summary of package's purpose - [`96fb65529`](https://togithub.com/containerd/containerd/commit/96fb655290f286eb818bf70f08555cd64ba8e780) log: make Fields type a generic map\[string]any - [`bace17e2e`](https://togithub.com/containerd/containerd/commit/bace17e2ead161c06fdd670be532f0c042071bd7) log: add log.Entry type - [`dd127885f`](https://togithub.com/containerd/containerd/commit/dd127885feacdeefc554d7042c49e01002809864) log: define OutputFormat type - [`5b4cf2329`](https://togithub.com/containerd/containerd/commit/5b4cf23295581c70b92db1dc7c30114bc1a8f3c8) log: define G() as a function instead of a variable - [`ee1b4a1e2`](https://togithub.com/containerd/containerd/commit/ee1b4a1e2f844a45c0ba784273501bc490e77aa2) log: add all log-levels that are accepted - [`d563a411f`](https://togithub.com/containerd/containerd/commit/d563a411facc32c8287136d53ca0a744f991f3b4) log: group "enum" consts and touch-up docs - [`6e8f4555b`](https://togithub.com/containerd/containerd/commit/6e8f4555b3f3f155ee9ffe5f3e7cf8e8c2ee10a6) log: WithLogger: remove redundant intermediate var - [`c19325559`](https://togithub.com/containerd/containerd/commit/c193255597662b8a7f16479dd454ba3dd728a3c4) log: SetFormat: include returns in switch - [`c3c22f8cb`](https://togithub.com/containerd/containerd/commit/c3c22f8cbc5b3687bdee79266602bff51e61c84a) log: remove gotest.tools dependency - \[release/1.6] update to go1.20.8 ([#9073](https://togithub.com/containerd/containerd/pull/9073)) - [`a2c294800`](https://togithub.com/containerd/containerd/commit/a2c294800ec11447b497bf7452bbbfba06c0168d) \[release/1.6] update to go1.20.8 - \[release/1.6 backport] make repositories of install dependencies configurable ([#9024](https://togithub.com/containerd/containerd/pull/9024)) - [`0da8dcaa7`](https://togithub.com/containerd/containerd/commit/0da8dcaa7c93c0b708c375a32328a7b85fd668d8) make repositories of install dependencies configurable - \[release/1.6 backport] update Golang to go1.20.7, minimum version go1.19 ([#9020](https://togithub.com/containerd/containerd/pull/9020)) - [`8e6a9de5b`](https://togithub.com/containerd/containerd/commit/8e6a9de5b5291b97684e948be096317611b37930) update to go1.20.7, go1.19.12 - [`8b2eb371f`](https://togithub.com/containerd/containerd/commit/8b2eb371f958f1bfc5bcab5ee70bcad18b2e5efc) Update Go to 1.20.6,1.19.11 - [`cff669c7a`](https://togithub.com/containerd/containerd/commit/cff669c7aab055d6b46bbb27fd044aba5e1453d8) update go to go1.20.5, go1.19.10 - [`f34a22de9`](https://togithub.com/containerd/containerd/commit/f34a22de99b57e30cd33d3769e3765950475ba07) update go to go1.20.4, go1.19.9 - [`e8e73065e`](https://togithub.com/containerd/containerd/commit/e8e73065ec668097067d37381399a80c8107fae1) update go to go1.20.3, go1.19.8 - [`9b3f950d6`](https://togithub.com/containerd/containerd/commit/9b3f950d607c3a6c2a3c1b8740c87338a986e203) Go 1.20.2 - [`17d03ac68`](https://togithub.com/containerd/containerd/commit/17d03ac681f61cd83c2bc7239956504c25ceb2f4) Go 1.20.1 - [`861f65447`](https://togithub.com/containerd/containerd/commit/861f65447c4cc59b2b91e441b24f1c80a730ce2b) go.mod: go 1.19 - [`81fa93784`](https://togithub.com/containerd/containerd/commit/81fa937842ac2501f777e23cddab8c7a573bd318) Stop using math/rand.Read and rand.Seed (deprecated in Go 1.20) - [`70dc11a6c`](https://togithub.com/containerd/containerd/commit/70dc11a6c1258891aa281815bb94d4bdc1194fe7) lint: remove `//nolint:dupword` that are no longer needed - [`fec784a06`](https://togithub.com/containerd/containerd/commit/fec784a06ad4276574dfb16ff631f9839f3b676c) lint: silence "SA1019: tar.TypeRegA has been deprecated... (staticheck)" - [`6648df1ad`](https://togithub.com/containerd/containerd/commit/6648df1ada2575df6adcaf295b611d966d3308d7) lint: silence "type `HostFileConfig` is unused (unused)" - [`e6b268bc7`](https://togithub.com/containerd/containerd/commit/e6b268bc703b5903de719533a8fbe0307767342c) golangci-lint v1.51.1 - [`c552ccf67`](https://togithub.com/containerd/containerd/commit/c552ccf6769245e1531212505fa75e89f6f6ff1c) go.mod: golang.org/x/sync v0.1.0 - \[releases/1.6] \*: fix leaked shim caused by high IO pressure ([#9004](https://togithub.com/containerd/containerd/pull/9004)) - [`d00af5c3e`](https://togithub.com/containerd/containerd/commit/d00af5c3ea1a290112b3a56bee31023ef1d2019d) integration: issue7496 case should work for runc.v2 only - [`583696e4e`](https://togithub.com/containerd/containerd/commit/583696e4e0b055b8a0f860b9ed7f31f0f3127ff4) Vagrantfile: add strace tool - [`ab21d60d2`](https://togithub.com/containerd/containerd/commit/ab21d60d27d1d7c87423e9b4ecb076358762e89b) pkg/cri/server: add criService as argument when handle exit event - [`a229883cb`](https://togithub.com/containerd/containerd/commit/a229883cb1bffecbd8bd4d41ab19c99110bbd189) pkg/cri/server: fix leaked shim issue - [`d8f824200`](https://togithub.com/containerd/containerd/commit/d8f824200cdc39410bf9a4d110073186d6864f64) integration: add case to reproduce [#7496](https://togithub.com/containerd/containerd/issues/7496) - \[release/1.6] Cherry-pick: \[overlay] add configurable mount options to overlay snapshotter ([#8961](https://togithub.com/containerd/containerd/pull/8961)) - [`8cd40e1d0`](https://togithub.com/containerd/containerd/commit/8cd40e1d0f13e5ddfef13833b265f6dfa298ec69) Add configurable mount options to overlay - [`453fa397a`](https://togithub.com/containerd/containerd/commit/453fa397a1f0f00871ff1ca4314b65e898e33661) feat: make overlay sync removal configurable - \[release/1.6 backport] update runc binary to v1.1.9 ([#8966](https://togithub.com/containerd/containerd/pull/8966)) - [`4cb7764df`](https://togithub.com/containerd/containerd/commit/4cb7764df8025d0a6edb34f6b69daf6c2abe6ad0) update runc binary to v1.1.9

##### Dependency Changes - **golang.org/x/sync** [`036812b`](https://togithub.com/containerd/containerd/commit/036812b2e83c) -> v0.1.0 Previous release can be found at [v1.6.23](https://togithub.com/containerd/containerd/releases/tag/v1.6.23) ### [`v1.6.23`](https://togithub.com/containerd/containerd/releases/tag/v1.6.23): containerd 1.6.23 [Compare Source](https://togithub.com/containerd/containerd/compare/v1.6.22...v1.6.23) Welcome to the v1.6.23 release of containerd! The twenty-third patch release for containerd 1.6 contains various fixes and updates. ##### Notable Updates - \*\*Add stable ABI support in windows platform matcher + update hcsshim tag ([#8854](https://togithub.com/containerd/containerd/pull/8854)) - \*\*cri: Don't use rel path for image volumes ([#8927](https://togithub.com/containerd/containerd/pull/8927)) - \*\*Upgrade GitHub actions packages in release workflow ([#8908](https://togithub.com/containerd/containerd/pull/8908)) - \*\*update to go1.19.12 ([#8905](https://togithub.com/containerd/containerd/pull/8905)) - \*\*backport: ro option for userxattr mount check + cherry-pick: Fix ro mount option being passed ([#8888](https://togithub.com/containerd/containerd/pull/8888)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ##### Contributors - Kirtana Ashok - Maksym Pavlenko - Austin Vazquez - Ben Foster - Derek McGowan - Mike Brown - Phil Estes - Rodrigo Campos - Sebastiaan van Stijn - Wei Fu ##### Changes

13 commits

- \[release/1.6] Add release notes for v1.6.23 ([#8939](https://togithub.com/containerd/containerd/pull/8939)) - [`e297a668f`](https://togithub.com/containerd/containerd/commit/e297a668fa432fddcf1ea718be697a452968847f) Add release notes for v1.6.23 - \[release/1.6] Add stable ABI support in windows platform matcher + update hcsshim tag ([#8854](https://togithub.com/containerd/containerd/pull/8854)) - [`f51bf1960`](https://togithub.com/containerd/containerd/commit/f51bf19608714bc052a38fc2dc0920b30244aec7) Add support for stable ABI windows versions - [`43a02c0b2`](https://togithub.com/containerd/containerd/commit/43a02c0b286d77d9455055b2453cbab57c55811b) Update hcsshim tag to v0.9.10 - \[release/1.6] cri: Don't use rel path for image volumes ([#8927](https://togithub.com/containerd/containerd/pull/8927)) - [`cc5b0a21b`](https://togithub.com/containerd/containerd/commit/cc5b0a21b438acd750f9779d3b3c4e68879bed50) cri: Don't use rel path for image volumes - \[release/1.6 backport] Upgrade GitHub actions packages in release workflow ([#8908](https://togithub.com/containerd/containerd/pull/8908)) - [`4238cff1c`](https://togithub.com/containerd/containerd/commit/4238cff1cfd43711c71f769b7129c6f8832ef507) Upgrade GitHub actions packages in release workflow - \[release/1.6] update to go1.19.12 ([#8905](https://togithub.com/containerd/containerd/pull/8905)) - [`00d1092b7`](https://togithub.com/containerd/containerd/commit/00d1092b78c3405daf3cc4ced8075ca5ca2903a8) update to go1.19.12 - \[release/1.6] backport: ro option for userxattr mount check + cherry-pick: Fix ro mount option being passed ([#8888](https://togithub.com/containerd/containerd/pull/8888)) - [`47d73b2de`](https://togithub.com/containerd/containerd/commit/47d73b2de65c806d93e19879ae86787b6f3735d6) Fix ro mount option being passed

##### Dependency Changes - **github.com/Microsoft/hcsshim** v0.9.8 -> v0.9.10 Previous release can be found at [v1.6.22](https://togithub.com/containerd/containerd/releases/tag/v1.6.22) ### [`v1.6.22`](https://togithub.com/containerd/containerd/releases/tag/v1.6.22): containerd 1.6.22 [Compare Source](https://togithub.com/containerd/containerd/compare/v1.6.21...v1.6.22) Welcome to the v1.6.22 release of containerd! The twenty-second patch release for containerd 1.6 contains various fixes and updates. ##### Notable Updates - **RunC: Update runc binary to v1.1.8** ([#8842](https://togithub.com/containerd/containerd/pull/8842)) - **CRI: Fix additionalGids: it should fallback to imageConfig.User when securityContext.RunAsUser,RunAsUsername are empty** ([#8823](https://togithub.com/containerd/containerd/pull/8823)) - **CRI: Write generated CNI config atomically** ([#8826](https://togithub.com/containerd/containerd/pull/8826)) - **Fix concurrent writes for `UpdateContainerStats`** ([#8819](https://togithub.com/containerd/containerd/pull/8819)) - **Make checkContainerTimestamps less strict on Windows** ([#8827](https://togithub.com/containerd/containerd/pull/8827)) - **Port-Forward: Correctly handle known errors** ([#8805](https://togithub.com/containerd/containerd/pull/8805)) - **Resolve docker.NewResolver race condition** ([#8800](https://togithub.com/containerd/containerd/pull/8800)) - **SecComp: Always allow `name_to_handle_at`** ([#8754](https://togithub.com/containerd/containerd/pull/8754)) - **Adding support to run hcsshim from local clone** ([#8713](https://togithub.com/containerd/containerd/pull/8713)) - **Pinned image support** ([#8720](https://togithub.com/containerd/containerd/pull/8720)) - **Runtime/V2/RunC: Handle early exits w/o big locks** ([#8695](https://togithub.com/containerd/containerd/pull/8695)) - **CRITool: Move up to CRI-TOOLS v1.27.0** ([#7997](https://togithub.com/containerd/containerd/pull/7997)) - **Fix cpu architecture detection issue on emulated ARM platform** ([#8533](https://togithub.com/containerd/containerd/pull/8533)) - **Task: Don't `close()` io before `cancel()`** ([#8659](https://togithub.com/containerd/containerd/pull/8659)) - **Fix panic when remote differ returns empty result** ([#8640](https://togithub.com/containerd/containerd/pull/8640)) - **Plugins: Notify readiness when registered plugins are ready** ([#8583](https://togithub.com/containerd/containerd/pull/8583)) - **Unwrap io errors in server connection receive error handling** ([ttrpc#143](https://togithub.com/containerd/ttrpc/pull/143)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ##### Contributors - Akihiro Suda - Phil Estes - Sebastiaan van Stijn - Derek McGowan - Wei Fu - Kazuyoshi Kato - Austin Vazquez - Samuel Karp - dependabot\[bot] - Jin Dong - Maksym Pavlenko - Mike Brown - Shingo Omura - Akhil Mohan - Bjorn Neergaard - Laura Brehm - Tony Fang - Aditi Sharma - Andrey Epifanov - Benjamin Wang - Brian Goff - Cory Snider - Daniel Canter - Daniel Lenar - Henry Wang - Luca Comellini - Madhav Jivrajani - Mahamed Ali - Mohit Sharma - Oliver Radwell - Priyanka Saggu - Qasim Sarfraz - Takumasa Sakao - wangxiang - zounengren ##### Changes

95 commits

- \[release/1.6] Prepare release notes for v1.6.22 ([#8863](https://togithub.com/containerd/containerd/pull/8863)) - [`0770a4601`](https://togithub.com/containerd/containerd/commit/0770a4601c8d1dfc7699ae35d6be239ecc18025a) \[release/1.6] Add release notes for v1.6.22 - \[release/1.6] migrate to community owned bucket for node e2e tests ([#8876](https://togithub.com/containerd/containerd/pull/8876)) - [`512a672af`](https://togithub.com/containerd/containerd/commit/512a672afc8ffe9ec9b3a53289c7c6ffc20d0b7a) migrate to community owned bucket - \[release/1.6] cri: memory.memsw.limit_in_bytes: no such file or directory ([#8870](https://togithub.com/containerd/containerd/pull/8870)) - [`b585ff155`](https://togithub.com/containerd/containerd/commit/b585ff155a9dd6254e08b23a09a0bb7e0aac8d3f) cri: memory.memsw.limit_in_bytes: no such file or directory - \[release/1.6] Update go-restful to v3.10.1 ([#8412](https://togithub.com/containerd/containerd/pull/8412)) - [`a322077bf`](https://togithub.com/containerd/containerd/commit/a322077bfb97c5946b187ec7859960870e2962cc) go.mod: github.com/emicklei/go-restful/v3 v3.10.1 - \[release/1.6 backport] update runc binary to v1.1.8 ([#8842](https://togithub.com/containerd/containerd/pull/8842)) - [`b3ac068eb`](https://togithub.com/containerd/containerd/commit/b3ac068ebc8526589af4a8b09eab597f501f6f0f) update runc binary to v1.1.8 - \[release/1.6 backport] ci: remove libseccomp-dev installation for nightly ([#8773](https://togithub.com/containerd/containerd/pull/8773)) - [`6e2bcb6dd`](https://togithub.com/containerd/containerd/commit/6e2bcb6ddb7629f3c7f4ba62d5d74cf7179bb204) ci: remove libseccomp-dev installation for nightly - \[release/1.6 backport] \[CRI] fix additionalGids: it should fallback to imageConfig.User when securityContext.RunAsUser,RunAsUsername are empty ([#8823](https://togithub.com/containerd/containerd/pull/8823)) - [`cd06f23af`](https://togithub.com/containerd/containerd/commit/cd06f23af6bcf8c87cda625a0e78168c032a0637) capture desc variable in range variable just in case that it run in parallel mode - [`30f5c6a1f`](https://togithub.com/containerd/containerd/commit/30f5c6a1f26bf34bbe5eaf21acc7d5b86b14e027) Use t.TempDir instead of os.MkdirTemp - [`59d8363ef`](https://togithub.com/containerd/containerd/commit/59d8363ef33caa1a8261f472d3081f7f9d39e75e) fix userstr for dditionalGids on Linux - \[release/1.6 backport] cri: write generated CNI config atomically ([#8826](https://togithub.com/containerd/containerd/pull/8826)) - [`d75bf78c2`](https://togithub.com/containerd/containerd/commit/d75bf78c2f4af6c773056cdd096d3e3b9536348e) ctr: update WritePidFile to use atomicfile - [`5f70b23c1`](https://togithub.com/containerd/containerd/commit/5f70b23c11dc0ff5b4602fc202ffcae30013bb41) shim: WritePidFile & WriteAddress use atomicfile - [`505d444b0`](https://togithub.com/containerd/containerd/commit/505d444b0f339f2daa631ef6ea7f1a9cc22ba6f7) cri: write generated CNI config atomically on Unix - [`b2d2d3829`](https://togithub.com/containerd/containerd/commit/b2d2d3829912a87be519840e45307e0e74bf7693) atomicfile: new package for atomic file writes - \[release/1.6 backport] Fix concurrent writes for UpdateContainerStats ([#8819](https://togithub.com/containerd/containerd/pull/8819)) - [`9f650143f`](https://togithub.com/containerd/containerd/commit/9f650143fafb5927479ea3b5bf2b8e309c2d8265) Fix concurrent writes for UpdateContainerStats - \[release/1.6 backport] Make checkContainerTimestamps less strict on Windows ([#8827](https://togithub.com/containerd/containerd/pull/8827)) - [`568ce91ca`](https://togithub.com/containerd/containerd/commit/568ce91ca590bd37346df0550f25e7ef7eef3cff) Make checkContainerTimestamps less strict on Windows - \[release/1.6 backport] dependency: bump go.etcd.io/bbolt to v1.3.7 ([#8817](https://togithub.com/containerd/containerd/pull/8817)) - [`d2f47192a`](https://togithub.com/containerd/containerd/commit/d2f47192a54e7b58c037788a0f9b7e4f9047e849) dependency: bump go.etcd.io/bbolt to v1.3.7 - [`fb56dc245`](https://togithub.com/containerd/containerd/commit/fb56dc24522855a33ec795eaeebbb57bb15e49f0) \[release/1.6] vendor: github.com/stretchr/testify v1.8.1 - \[release/1.6 backport] Move logrus setup code to log package ([#8832](https://togithub.com/containerd/containerd/pull/8832)) - [`7fbd5dc89`](https://togithub.com/containerd/containerd/commit/7fbd5dc893007631794984c26c3a72320a34ae92) Move logrus setup code to log package - \[release/1.6 backport] release: Add "cri-containerd.DEPRECATED.txt" in the deprecated cri-containerd-\* bundles ([#8820](https://togithub.com/containerd/containerd/pull/8820)) - [`59a143670`](https://togithub.com/containerd/containerd/commit/59a1436706a23746f45ec111a0ffbcf887fb42de) release: Add "cri-containerd.DEPRECATED.txt" in the deprecated cri-containerd-\* bundles - \[release/1.6 backport] Use version 2 configuration format in docs ([#8821](https://togithub.com/containerd/containerd/pull/8821)) - [`5b51b79e2`](https://togithub.com/containerd/containerd/commit/5b51b79e2c7baf8dad53e48dfddadabff08b711d) \[release/1.6] fix remaining "v1 config" plugin IDs - [`b7cf26d8d`](https://togithub.com/containerd/containerd/commit/b7cf26d8dc72f0f79946c289ac68c0f2a581c6c5) docs: Fix sample config.toml syntax - [`fcdaf0966`](https://togithub.com/containerd/containerd/commit/fcdaf09664c006abf711ee88e26f18019643ffd9) docs: migrate config v1 to v2 - [`728d5c5f0`](https://togithub.com/containerd/containerd/commit/728d5c5f0be709e415f72f44c52fe78233ddd97d) Use version 2 config and mention containerd config command - \[release/1.6] update go to go1.19.11 ([#8816](https://togithub.com/containerd/containerd/pull/8816)) - [`81aa14718`](https://togithub.com/containerd/containerd/commit/81aa147181ca24987be3036d8487b54125256fc3) \[release/1.6] update go to go1.19.11 - \[release/1.6] update go to go1.19.10 ([#8715](https://togithub.com/containerd/containerd/pull/8715)) - [`17cd86629`](https://togithub.com/containerd/containerd/commit/17cd86629acab42dd7708720b386e88cd4be1535) \[release/1.6] update go to go1.19.10 - \[release/1.6 backport] bugfix(port-forward): Correctly handle known errors ([#8805](https://togithub.com/containerd/containerd/pull/8805)) - [`fdb65f214`](https://togithub.com/containerd/containerd/commit/fdb65f21488bd7a2d8dfca9beac95e0dfbc4259c) bugfix(port-forward): Correctly handle known errors - \[release/1.6] Resolve docker.NewResolver race condition ([#8800](https://togithub.com/containerd/containerd/pull/8800)) - [`b5784af66`](https://togithub.com/containerd/containerd/commit/b5784af662f7fc409eebbd655c42b7b0f462d8ed) Change http.Header copy to builtin Clone - [`31c466f82`](https://togithub.com/containerd/containerd/commit/31c466f822906dfbbf57be1cfec253179455f429) Resolve docker.NewResolver race condition - \[release/1.6 backport] vendor: github.com/containerd/zfs v1.1.0 ([#8781](https://togithub.com/containerd/containerd/pull/8781)) - [`be6406ca6`](https://togithub.com/containerd/containerd/commit/be6406ca67234c0a89320272557bb5ac5b0b60cc) vendor: github.com/containerd/zfs v1.1.0 - [`9f1260074`](https://togithub.com/containerd/containerd/commit/9f12600747060b5ba68d0d27d1666e7b25e00afb) \[release/1.6] vendor gotest.tools/v3 v3.5.0 - [`526e9e0ce`](https://togithub.com/containerd/containerd/commit/526e9e0ce4e2338afa0eca0f1c0969f24f9819dd) Bump grpc to v1.50.1 - [`0e7d2d121`](https://togithub.com/containerd/containerd/commit/0e7d2d1217d6399607cf8c8abb89662cebd9a30a) go.mod: github.com/sirupsen/logrus v1.9.0 - [`5b153c621`](https://togithub.com/containerd/containerd/commit/5b153c6214a9ae14e75be6a6e15b6bdf9c2b60f0) go.mod: github.com/moby/sys/mountinfo v0.6.2 - [`9dee60960`](https://togithub.com/containerd/containerd/commit/9dee60960792b9e6d8d80ddc16011191e7a660c6) go.mod: github.com/moby/sys/mountinfo v0.6.0 - \[release/1.6 backport] seccomp: always allow name_to_handle_at ([#8754](https://togithub.com/containerd/containerd/pull/8754)) - [`07ea7b9e7`](https://togithub.com/containerd/containerd/commit/07ea7b9e789ec116d9002a3ab0cfb35dc61ef8df) seccomp: always allow name_to_handle_at - \[release/1.6 backport] Update ginkgo to match cri-tools' version ([#8759](https://togithub.com/containerd/containerd/pull/8759)) - [`1dae51fed`](https://togithub.com/containerd/containerd/commit/1dae51fed807a56b5e135fb5a3b0455713450e25) Update ginkgo to match cri-tools' version - \[release/1.6 backport] integration/client: add timeout to `TestShimOOMScore` ([#8749](https://togithub.com/containerd/containerd/pull/8749)) - [`bd76ab978`](https://togithub.com/containerd/containerd/commit/bd76ab978ba760affd9fe2be2901b4ff76d5a3c0) integration/client: add timeout to `TestShimOOMScore` - \[release/1.6 backport] Adding support to run hcsshim from local clone ([#8713](https://togithub.com/containerd/containerd/pull/8713)) - [`8e14eccb2`](https://togithub.com/containerd/containerd/commit/8e14eccb29c6a43f75779e9cdd08dc5f75825166) Adding support to run hcsshim from local clone - \[1.6] Add Fields type alias to log package ([#8739](https://togithub.com/containerd/containerd/pull/8739)) - [`9f2cdd589`](https://togithub.com/containerd/containerd/commit/9f2cdd5894ba0010e602a120e0c625ac96585711) Add Fields type alias to log package - \[release/1.6] Pinned image support ([#8720](https://togithub.com/containerd/containerd/pull/8720)) - [`f4713aad0`](https://togithub.com/containerd/containerd/commit/f4713aad0e3b9f51d02e288b94e4d2c524373284) Pinned image support - \[release/1.6 backport] runtime/v2/runc: handle early exits w/o big locks ([#8695](https://togithub.com/containerd/containerd/pull/8695)) - [`dbeec47b4`](https://togithub.com/containerd/containerd/commit/dbeec47b4663422225ffc517ab9d696777c2c6f1) runtime/v2/runc: handle early exits w/o big locks - \[release/1.6 backport] move up to CRI-TOOLS v1.27.0 ([#7997](https://togithub.com/containerd/containerd/pull/7997)) - [`a8e01e40a`](https://togithub.com/containerd/containerd/commit/a8e01e40a0f63aac0249d514de1dc2708d40d7f7) move to CRI-TOOLS v1.27.0 - [`755f80698`](https://togithub.com/containerd/containerd/commit/755f80698aeb5f1ca856f487cd2d261464c6d705) move up to CRI-TOOLS v1.26.0 - [`b29cc035f`](https://togithub.com/containerd/containerd/commit/b29cc035fbe6ad06d67e4b42fed2f47b57ef0a48) bump critools into [`ca1571e`](https://togithub.com/containerd/containerd/commit/ca1571e6edd116b2c95f52e3dfa0b4779b74223a) - [`9138999f5`](https://togithub.com/containerd/containerd/commit/9138999f5dea770598b4a67da6682cab4c3f5713) Upgrade critools from 1.24.1 to 1.25.0 - \[release/1.6] cherry-pick: No more nondistributable layers in MS registry ([#8691](https://togithub.com/containerd/containerd/pull/8691)) - [`712ff8eb3`](https://togithub.com/containerd/containerd/commit/712ff8eb389d49531207e34479e065406effb902) No more nondistributable layers in MS registry - \[release/1.6] Fix cpu architecture detection issue on emulated ARM platform ([#8533](https://togithub.com/containerd/containerd/pull/8533)) - [`2b16e4bfa`](https://togithub.com/containerd/containerd/commit/2b16e4bfa135e3242b41ae43cf2bb6f3cd3fe9b1) Add unit test to function GetCPUVariantFromArch - [`106e36ec3`](https://togithub.com/containerd/containerd/commit/106e36ec3e7c72036b498b4ac73000d5c1a79d9d) Use uname machine field to get CPU variant if fails at /proc/cpuinfo - \[release/1.6] Update lint timeout ([#8679](https://togithub.com/containerd/containerd/pull/8679)) - [`287fdfea6`](https://togithub.com/containerd/containerd/commit/287fdfea63fea94952885f0807fc11c2612e5828) Update linter timeout to match main branch - \[release/1.6 backport] task: don't `close()` io before `cancel()` ([#8659](https://togithub.com/containerd/containerd/pull/8659)) - [`b27f7daa5`](https://togithub.com/containerd/containerd/commit/b27f7daa582f149f985a56313711c8c4a4353376) task: don't `close()` io before `cancel()` - \[release/1.6] update test box to fedora 37 ([#8660](https://togithub.com/containerd/containerd/pull/8660)) - [`8b4c69248`](https://togithub.com/containerd/containerd/commit/8b4c6924856fddaece9ed58700cb8473c6a7bdeb) update test box to fedora 37 - \[release/1.6] Revert "Downgrade MinGW to version 10.2.0" ([#8668](https://togithub.com/containerd/containerd/pull/8668)) - [`81d6085af`](https://togithub.com/containerd/containerd/commit/81d6085af5a20fbc728ccffad4b91ee6ef08ef36) Revert "Downgrade MinGW to version 10.2.0" - \[release/1.6 backport] Fix panic when remote differ returns empty result ([#8640](https://togithub.com/containerd/containerd/pull/8640)) - [`f98122378`](https://togithub.com/containerd/containerd/commit/f98122378197fb5199bab1d7574288fe276293ee) Fix panic when remote differ returns empty result - \[1.6] Bump x/net to 0.8 ([#8642](https://togithub.com/containerd/containerd/pull/8642)) - [`aa53f272d`](https://togithub.com/containerd/containerd/commit/aa53f272dd748ef57bb22a9f9aaa86fb9ad2f4d4) Bump x/net to 0.8 - \[release/1.6 backport] remotes/docker: ResolverOptions: fix deprecation comments ([#8620](https://togithub.com/containerd/containerd/pull/8620)) - [`56ff20839`](https://togithub.com/containerd/containerd/commit/56ff2083957e0ca58168f50e89120bb5d0067362) remotes/docker: ResolverOptions: fix deprecation comments - \[release/1.6] notify readiness when registered plugins are ready ([#8583](https://togithub.com/containerd/containerd/pull/8583)) - [`bccaf68b7`](https://togithub.com/containerd/containerd/commit/bccaf68b7749b62d821b80c8a845417113f44310) notify readiness when registered plugins are ready - \[release/1.6] Update ttrpc to 1.1.2 ([#8528](https://togithub.com/containerd/containerd/pull/8528)) - [`1cdbbe76b`](https://togithub.com/containerd/containerd/commit/1cdbbe76bc6d86d50d9338d3605af7ed8a33559c) Update ttrpc to 1.1.2

##### Changes from containerd/ttrpc

2 commits

- \[release/1.1] Unwrap io errors in server connection receive error handling ([#143](https://togithub.com/containerd/ttrpc/pull/143)) - [`d5f7eed`](https://togithub.com/containerd/ttrpc/commit/d5f7eeddb5e09b035c0683a2ffc9d19bda284b59) Unwrap io errors in server connection receive error handling

##### Changes from containerd/zfs

49 commits

- gofumpt and update status badges

--- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/acorn-io/runtime).

Latest commit:	`007df92`
Status:	✅ Deploy successful!
Preview URL:	https://11d1e840.acorn.pages.dev
Branch Preview URL:	https://renovate-go-github-com-conta.acorn.pages.dev

acorn-io / runtime

fix(deps): update module github.com/containerd/containerd to v1.6.26 [security] #2385

GitHub Vulnerability Alerts

GHSA-7ww5-4wqc-m92c

/sys/devices/virtual/powercap accessible by default to containers

References

Release Notes

Deploying with Cloudflare Pages