[pull] main from containerd:main #56
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [github.com/containerd/imgcrypt/v2](https://github.com/containerd/imgcrypt) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/containerd/imgcrypt/releases) - [Changelog](https://github.com/containerd/imgcrypt/blob/main/CHANGES) - [Commits](containerd/imgcrypt@v2.0.1...v2.0.2) --- updated-dependencies: - dependency-name: github.com/containerd/imgcrypt/v2 dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 8.0.0 to 9.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@4afd733...0a35821) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Phil Estes <[email protected]>
As the same instance of a map is used in context and mutated directly, this leads to a situation where: - Calling WithMediaTypeKeyPrefix from parallel goroutines where the context was based on the same base context can trigger a panic. - A subcontext calling WithMediaTypeKeyPrefix changes the value for another context when they both originate from the same base context. Signed-off-by: Tonis Tiigi <[email protected]>
remotes: fix possible panic from WithMediaTypeKeyPrefix
Update RELEASES.md to set 2.0 to EOL
…olangci/golangci-lint-action-9.0.0 build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0
…b.com/containerd/imgcrypt/v2-2.0.2 build(deps): bump github.com/containerd/imgcrypt/v2 from 2.0.1 to 2.0.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@08c6903...93cb6ef) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.31.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@0499de3...014f16e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.76.0 to 1.77.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.76.0...v1.77.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.77.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Samuel Karp <[email protected]>
This reverts commit 4bf1705. This caused issues for downstream clients who were wrapping the type contingent on it implementing io.ReaderAt. Consequently this is causing headaches due to increased round trips with the remote. Meanwhile I only added this as a convenience for implementing content.Provider in the remote which can done even without the original change, just... less conveniently. In hindsight, this was just a bad change as it has a rather wide impact and the actual implementation isn't an optimized ReaderAt. Signed-off-by: Brian Goff <[email protected]>
Use the Linux default rather than the block size from the local macOS system. The local macOS block size is not relevant as the erofs file will not be mounted directly on macOS. Signed-off-by: Derek McGowan <[email protected]>
Signed-off-by: Samuel Karp <[email protected]>
Non-Linux hosts are not expected to be able to directly mount erofs snapshotters on the host system. Non-Linux hosts should use block mode by default with a reasonably set default block size. Signed-off-by: Derek McGowan <[email protected]>
Use the erofs differ by default on darwin. This could be default for all Unix platforms but limit the default changes to fix broken cases for backports. Signed-off-by: Derek McGowan <[email protected]>
Fix the default unpack configuration on darwin to a usable configuration. Signed-off-by: Derek McGowan <[email protected]>
Match the defaults set by the transfer service which will configure linux by default on darwin hosts. Signed-off-by: Derek McGowan <[email protected]>
Fix image defaults on Darwin to usable configuration
ctr: allow rlimit-nofile override
ctr run: dump OCI config to a file
Revert "Implement io.ReaderAt on docker fetch reader"
…ithub/codeql-action-4.31.3 build(deps): bump github/codeql-action from 4.31.2 to 4.31.3
…e.golang.org/grpc-1.77.0 build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0
Bumps the k8s group with 3 updates: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery), [k8s.io/client-go](https://github.com/kubernetes/client-go) and [k8s.io/cri-api](https://github.com/kubernetes/cri-api). Updates `k8s.io/apimachinery` from 0.34.1 to 0.34.2 - [Commits](kubernetes/apimachinery@v0.34.1...v0.34.2) Updates `k8s.io/client-go` from 0.34.1 to 0.34.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.34.1...v0.34.2) Updates `k8s.io/cri-api` from 0.34.1 to 0.34.2 - [Commits](kubernetes/cri-api@v0.34.1...v0.34.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/client-go dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/cri-api dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps the golang-x group with 3 updates in the / directory: [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/mod` from 0.29.0 to 0.30.0 - [Commits](golang/mod@v0.29.0...v0.30.0) Updates `golang.org/x/sync` from 0.17.0 to 0.18.0 - [Commits](golang/sync@v0.17.0...v0.18.0) Updates `golang.org/x/sys` from 0.37.0 to 0.38.0 - [Commits](golang/sys@v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sync dependency-version: 0.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sys dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.4.1 to 2.4.2. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@6da8fa9...5be0e66) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…ctions/checkout-5.0.1 build(deps): bump actions/checkout from 5.0.0 to 5.0.1
mkfs.ext4 supports creating filesystems from regular files. Signed-off-by: Gao Xiang <[email protected]>
…licy cri,nri: pass seccomp policy to plugins.
Signed-off-by: Maksym Pavlenko <[email protected]>
Bumps the golang-x group with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/mod` from 0.31.0 to 0.32.0 - [Commits](golang/mod@v0.31.0...v0.32.0) Updates `golang.org/x/sys` from 0.39.0 to 0.40.0 - [Commits](golang/sys@v0.39.0...v0.40.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sys dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.9 to 4.31.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@5d4e8d1...cdefb33) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: ningmingxiao <[email protected]>
…ithub/codeql-action-4.31.10 build(deps): bump github/codeql-action from 4.31.9 to 4.31.10
…g-x-c601d64063 build(deps): bump the golang-x group with 2 updates
Signed-off-by: Krisztian Litkey <[email protected]>
Detect breaking API changes in proto files
Signed-off-by: Maksym Pavlenko <[email protected]>
cri: fix create container panic if originalAnnotations is nil
…user cri,nri: pass container user (uid, gids) to plugins.
snapshotservice: add WithParent handling for Commit + tests
content: ensure root directory exists before checking fs-verity support
Signed-off-by: Paulo Oliveira <[email protected]>
command: show help and exit on unknown positional arguments
…olution fix(oci): handle absolute symlinks in rootfs user lookup
cri/podsandbox: reduce dependencies to internal CRI APIs
The traditional mount() syscall has a PAGE_SIZE (typically 4KB) limit for mount options. Use the new mount API (fsopen/fsconfig/fsmount/ move_mount) introduced in Linux 5.2 to bypass this limitation. Fixed: #12662 Signed-off-by: ChengyuZhu6 <[email protected]>
Signed-off-by: Yohei Yamamoto <[email protected]>
fix: typo in comment
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.2 to 1.18.3. - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.2...v1.18.3) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-version: 1.18.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@9255dc7...8b402f5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.3 to 1.9.4. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
plugins/mount/erofs: use fsmount API to avoid PAGE_SIZE limit
…b.com/sirupsen/logrus-1.9.4 build(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4
…ctions/cache-5.0.2 build(deps): bump actions/cache from 5.0.1 to 5.0.2
…b.com/klauspost/compress-1.18.3 build(deps): bump github.com/klauspost/compress from 1.18.2 to 1.18.3
…pod events PR #12491 fixed credential leaks in containerd logs but the gRPC error returned to kubelet still contained sensitive information. This was visible in Kubernetes pod events via `kubectl describe pod`. The issue was that SanitizeError was called inside the defer block, but errgrpc.ToGRPC(err) was evaluated before the defer ran, so the gRPC message contained the original unsanitized error. Move SanitizeError before the return statement so both the logged error and the gRPC error are sanitized. Ref: #5453 Signed-off-by: Aadhar Agarwal <[email protected]>
…c-error-5453 fix: sanitize error before gRPC return to prevent credential leak in pod events
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )