#389 Bump github.com/containerd/containerd from 1.5.10 to 1.5.18 Pull request opened by dependabot[bot] Bumps github.com/containerd/containerd from 1.5.10 to 1.5.18. Release notes Sourced from github.com/containerd/containerd's releases.

containerd 1.5.18

Welcome to the v1.5.18 release of containerd!

The eighteenth patch release for containerd 1.5 includes fixes for CVE-2023-25153 and CVE-2023-25173 along with a security update for Go.

Notable Updates

• Fix supplementary groups not being set up properly (GHSA-hmfx-3pcx-653p)

• Fix OCI image importer memory exhaustion (GHSA-259w-8hf6-59c2)

• Update Go to 1.19.6 (#8112)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda

• Derek McGowan

• Ye Sijun

• Samuel Karp

• Phil Estes

• Swagat Bora

• Wei Fu

Changes

• [release/1.5] Prepare release notes for v1.5.18 (#8117)

• `ddf9de6cb` Prepare release notes for v1.5.18

• Github Security Advisory GHSA-hmfx-3pcx-653p

• `a62c38bf2` oci: fix additional GIDs

• `3b89da580` oci: fix loop iterator aliasing

• `b07ec6b25` oci: skip checking gid for WithAppendAdditionalGroups

• `356672cb5` refactor: reduce duplicate code

• `6a7b7617c` add WithAdditionalGIDs test

• `832bcf300` add WithAppendAdditionalGroups helper

• Github Security Advisory GHSA-259w-8hf6-59c2

• `19a347e45` importer: stream oci-layout and manifest.json

• [release/1.5] Go 1.19.6 (#8112)

• `4209dc243` Go 1.19.6

• [release/1.5] Fix retry logic within devmapper device deactivation (#8089)

• `0d16d045d` Fix retry logic within devmapper device deactivation

• [release/1.5] CI: skip some jobs when

repo != containerd/containerd

(#8084)

• `34451bc66` CI: skip some jobs when

repo != containerd/containerd

... (truncated) Commits • `39bb06f` Merge pull request #8117 from dmcgowan/prepare-v1.5.18 • `ddf9de6` Prepare release notes for v1.5.18 • `28e4618` Merge pull request from GHSA-hmfx-3pcx-653p • `959e1cf` Merge pull request from GHSA-259w-8hf6-59c2 • `b4538c2` Merge pull request #8112 from AkihiroSuda/cherrypick-8109-1.5 • `4209dc2` Go 1.19.6 • `7c3b243` Merge pull request #8089 from swagatbora90/backport-1.5 • `0d16d04` Fix retry logic within devmapper device deactivation • `9e9f4c8` Merge pull request #8084 from AkihiroSuda/ci-skip-on-fork-1.5 • `a62c38b` oci: fix additional GIDs • Additional commits viewable in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

will set the current milestone as the default for future PRs for this repo and language You can di… flyteorg/flytectl GitHub Actions: Unit Tests / Run Unit Test GitHub Actions: Lint / Run Lint GitHub Actions: Check Go Gennerate / Go Generate GitHub Actions: Dry Run Goreleaser GitHub Actions: Test Getting started ✅ 2 other checks have passed 2/7 successful checks