Skip to content

Bump the go_modules group across 1 directory with 10 updates#56

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go_modules-9147a78dc9
Open

Bump the go_modules group across 1 directory with 10 updates#56
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go_modules-9147a78dc9

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 18, 2026

Bumps the go_modules group with 1 update in the / directory: github.com/containerd/containerd.

Updates github.com/containerd/containerd from 1.5.10 to 1.7.29

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.29

Welcome to the v1.7.29 release of containerd!

The twenty-ninth patch release for containerd 1.7 contains various fixes and updates including security patches.

Security Updates

Highlights

Image Distribution

  • Update differ to handle zstd media types (#12018)

Runtime

  • Update runc binary to v1.3.3 (#12480)
  • Fix lost container logs from quickly closing io (#12375)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Akihiro Suda
  • Phil Estes
  • Austin Vazquez
  • Sebastiaan van Stijn
  • ningmingxiao
  • Maksym Pavlenko
  • StepSecurity Bot
  • wheat2018

Changes

... (truncated)

Commits
  • 442cb34 Merge commit from fork
  • e5cb6dd Merge commit from fork
  • 9772966 Merge pull request #12486 from dmcgowan/prepare-v1.7.29
  • 1fc2daa Prepare release notes for v1.7.29
  • 93f710a Merge pull request #12480 from k8s-infra-cherrypick-robot/cherry-pick-12475-t...
  • 68d04be Merge pull request #12471 from austinvazquez/1_7_update_ci_go_and_images
  • 3f5f9f8 runc: Update runc binary to v1.3.3
  • 667409f ci: bump Go 1.24.9, 1.25.3
  • 294f8c0 Update GHA runners to use latest images for basic binaries build
  • cf66b41 Update GHA runners to use latest image for most jobs
  • Additional commits viewable in compare view

Updates github.com/docker/cli from 20.10.12+incompatible to 23.0.3+incompatible

Commits
  • 3e7cbfd Merge pull request #4139 from thaJeztah/23.0_backport_fix_go_version
  • 8e38271 gha: align stray go 1.19.4 version
  • 569dd73 Merge pull request #4126 from thaJeztah/23.0_backport_align_go_ver
  • f664320 don't use null values in the bake definition
  • f381e08 Dockerfile: align go version
  • 18f20a5 Merge pull request #4124 from thaJeztah/23.0_e2e_fix_certs
  • d3a36fc e2e: update notary certificates
  • 59bb07f e2e: increase tests certificates duration (10 years)
  • 80f2798 bake target to generate certs for e2e tets
  • 6a8406e Merge pull request #4092 from crazy-max/23.0_backport_buildx-completion
  • Additional commits viewable in compare view

Updates github.com/docker/docker from 20.10.12+incompatible to 23.0.3+incompatible

Commits
  • 59118bf Merge pull request from GHSA-232p-vwff-86mp
  • 219f21b Merge pull request #45196 from vvoland/integration-restart-race-23
  • b87f7f1 libnet/d/overlay: insert the input-drop rule
  • c6bf307 StartWithLogFile: Fix d.cmd race
  • 7f49ca2 TestDaemonRestartKillContainers: Fix loop capture
  • 98cbcb8 libnet/d/overlay: add BPF-powered VNI matcher
  • 5c5fac2 libnet/d/overlay: extract VNI match rule builder
  • c492a22 libn/d/overlay: enforce encryption on sandbox init
  • 018edb0 libnet/d/overlay: document some encryption code
  • a1fd2f2 Merge pull request #45157 from thaJeztah/23.0_backport_update_shfmt
  • Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.8.1 to 1.9.3

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.3

Full Changelog: sirupsen/logrus@v1.9.2...v1.9.3

v1.9.2

Full Changelog: sirupsen/logrus@v1.9.1...v1.9.2

v1.9.1

What's Changed

New Contributors

Full Changelog: sirupsen/logrus@v1.9.0...v1.9.1

v1.9.0

What's Changed

Full Changelog: sirupsen/logrus@v1.8.1...v1.9.0

v1.8.3

What's Changed

... (truncated)

Changelog

Sourced from github.com/sirupsen/logrus's changelog.

1.9.3

Fixes:

  • Re-apply fix for potential denial of service in logrus.Writer() when logging >64KB single-line payloads without newlines (#1376)
  • Fix panic in Writer

1.9.2

Fixes:

  • Revert Writer DoS fix (#1376) due to regression

1.9.1

Fixes:

  • Fix potential denial of service in logrus.Writer() when logging >64KB single-line payloads without newlines (#1376)

1.9.0

Fixes:

  • Multiple concurrency and race condition fixes
  • Improve Windows terminal and ANSI handling

Code quality:

  • Internal cleanups and modernization

1.8.3

Fixes:

  • Fix potential denial of service in logrus.Writer() when logging >64KB single-line payloads without newlines (#1376)

1.8.2

Features:

  • Add support for the logger private buffer pool (#1253)

Fixes:

  • Fix race condition for SetFormatter and SetReportCaller
  • Fix data race in hooks test package
Commits
  • d40e25c fix panic in Writer
  • f9291a5 Revert "Revert "Merge pull request #1376 from ozfive/master""
  • 352781d Revert "Merge pull request #1376 from ozfive/master"
  • b30aa27 Merge pull request #1339 from xieyuschen/patch-1
  • 6acd903 Merge pull request #1376 from ozfive/master
  • 105e63f Merge pull request #1 from ashmckenzie/ashmckenzie/fix-writer-scanner
  • c052ba6 Scan text in 64KB chunks
  • e59b167 Merge pull request #1372 from tommyblue/syslog_different_loglevels
  • 766cfec This commit fixes a potential denial of service vulnerability in logrus.Write...
  • 70234da Add instructions to use different log levels for local and syslog
  • Additional commits viewable in compare view

Updates github.com/docker/distribution from 2.8.0+incompatible to 2.8.1+incompatible

Release notes

Sourced from github.com/docker/distribution's releases.

v2.8.1

Welcome to the v2.8.1 release of registry!

The 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0

There have been no changes made in the released binaries other than the bump of the Go runtime.

See the changelog below for a full list of changes.

CI

  • ci: use proper git ref for versioning #3595
  • Go: make Go version explicit and pin it to the latest 1.16 release #3604

Contributors

  • CrazyMax
  • Milos Gajdos

Changes

  • 96cc1fdb FIx typo
  • e744906f Update 2.8.1. release notes
  • Prepare for v2.8.1 release (#3596)
  • [2.8 backport] ci: use proper git ref for versioning (#3595)
    • 80acbdf0 ci: use proper git ref for versioning

Dependency Changes

This release has no dependency changes

The previous release can be found at v2.8.0

Commits

Updates golang.org/x/crypto from 0.0.0-20220427172511-eb4f295cb31f to 0.40.0

Commits

Updates golang.org/x/net from 0.0.0-20220412020605-290c469a71a5 to 0.42.0

Commits

Updates golang.org/x/text from 0.3.7 to 0.27.0

Commits
  • b6d2645 go.mod: update golang.org/x dependencies
  • 8072180 go.mod: update golang.org/x dependencies
  • 6cacac1 go.mod: update tagx:ignore'd golang.org/x dependencies
  • 700cc20 go.mod: update golang.org/x dependencies
  • 4890c57 go.mod: update golang.org/x dependencies
  • 566b44f go.mod: update golang.org/x dependencies
  • d5156da collate/build: do not use println in tests
  • 221d88c x/text: fix scientific notation by removing extraneous spaces
  • b18c107 internal/export/unicode: change C comment to mention unassigned code points
  • 835f8ac language: use a more straightforward return value
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.46.0 to 1.59.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.59.0

Behavior Changes

  • balancer: grpc will switch to case-sensitive balancer names soon; log a warning if a capital letter is encountered in an LB policy name (#6647)
  • server: allow applications to send arbitrary data in the grpc-status-details-bin trailer (#6662)
  • client: validate grpc-status-details-bin trailer and pass through the trailer to the application directly (#6662)

New Features

  • tap (experimental): Add Header metadata to tap handler (#6652)
  • grpc: channel idleness enabled by default with an idle_timeout of 30m (#6585)

Documentation

  • examples: add an example of flow control behavior (#6648)

Bug Fixes

  • xds: fix hash policy header to skip "-bin" headers and read content-type header as expected (#6609)

Release 1.58.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.58.2

Bug Fixes

  • balancer/weighted_round_robin: fix ticker leak on update

    A new ticker is created every time there is an update of addresses or configuration, but was not properly stopped. This change stops the ticker when it is no longer needed.

Release 1.58.1

Bug Fixes

  • grpc: fix a bug that was decrementing active RPC count too early for streaming RPCs; leading to channel moving to IDLE even though it had open streams
  • grpc: fix a bug where transports were not being closed upon channel entering IDLE

Release 1.58.0

API Changes

See #6472 for details about these changes.

  • balancer: add StateListener to NewSubConnOptions for SubConn state updates and deprecate Balancer.UpdateSubConnState (#6481)
    • UpdateSubConnState will be deleted in the future.
  • balancer: add SubConn.Shutdown and deprecate Balancer.RemoveSubConn (#6493)
    • RemoveSubConn will be deleted in the future.

... (truncated)

Commits
  • 7765221 Change version to 1.59.0 (#6695)
  • e88f12e server: prohibit more than MaxConcurrentStreams handlers from running at once...
  • be7919c transport: Pass Header metadata to tap handle. (#6652)
  • e3f1514 Reapply "status: fix/improve status handling (#6662)" (#6673) (#6688)
  • 696faa9 client: add a test for NewSubConn / StateListener / cc.Close racing (#6678)
  • 318c717 readme: fix badges (#6687)
  • 39972fd github: add code coverage with codecov.io (#6676)
  • 93dbc05 xds: move virtual host matcher test to the xdsresource package (#6680)
  • 2c00469 github: update actions/setup-go and actions/checkout (#6675)
  • 1f73ed5 Replace the gRFC pull request with the permanent link. (#6674)
  • Additional commits viewable in compare view

Updates gopkg.in/yaml.v3 from 3.0.0-20210107192922-496545a6307b to 3.0.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the go_modules group across 1 directory with 10 updates
9e21b6d 
Bumps the go_modules group with 1 update in the / directory: [github.com/containerd/containerd](https://github.com/containerd/containerd).


Updates `github.com/containerd/containerd` from 1.5.10 to 1.7.29
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v1.5.10...v1.7.29)

Updates `github.com/docker/cli` from 20.10.12+incompatible to 23.0.3+incompatible
- [Commits](docker/cli@v20.10.12...v23.0.3)

Updates `github.com/docker/docker` from 20.10.12+incompatible to 23.0.3+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v20.10.12...v23.0.3)

Updates `github.com/sirupsen/logrus` from 1.8.1 to 1.9.3
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](sirupsen/logrus@v1.8.1...v1.9.3)

Updates `github.com/docker/distribution` from 2.8.0+incompatible to 2.8.1+incompatible
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](distribution/distribution@v2.8.0...v2.8.1)

Updates `golang.org/x/crypto` from 0.0.0-20220427172511-eb4f295cb31f to 0.40.0
- [Commits](https://github.com/golang/crypto/commits/v0.40.0)

Updates `golang.org/x/net` from 0.0.0-20220412020605-290c469a71a5 to 0.42.0
- [Commits](https://github.com/golang/net/commits/v0.42.0)

Updates `golang.org/x/text` from 0.3.7 to 0.27.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.3.7...v0.27.0)

Updates `google.golang.org/grpc` from 1.46.0 to 1.59.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.46.0...v1.59.0)

Updates `gopkg.in/yaml.v3` from 3.0.0-20210107192922-496545a6307b to 3.0.1

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-version: 1.7.29
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/docker/cli
  dependency-version: 23.0.3+incompatible
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/docker/docker
  dependency-version: 23.0.3+incompatible
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/sirupsen/logrus
  dependency-version: 1.9.3
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/docker/distribution
  dependency-version: 2.8.1+incompatible
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.40.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.42.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/text
  dependency-version: 0.27.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-version: 1.59.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: gopkg.in/yaml.v3
  dependency-version: 3.0.1
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 18, 2026
This was referenced Mar 18, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants