Skip to content

chore(deps): update containerd (8.19)#6013

Open
elastic-renovate-prod[bot] wants to merge 1 commit into
8.19from
renovate/8.19-containerd
Open

chore(deps): update containerd (8.19)#6013
elastic-renovate-prod[bot] wants to merge 1 commit into
8.19from
renovate/8.19-containerd

Conversation

@elastic-renovate-prod

@elastic-renovate-prod elastic-renovate-prod Bot commented May 7, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/containerd/containerd v1.7.29v1.7.34 age confidence
github.com/containerd/containerd/api v1.10.0v1.11.1 age confidence
github.com/containerd/containerd/v2 v2.2.4v2.3.3 age confidence
github.com/containerd/plugin v1.0.0v1.1.0 age confidence
github.com/containerd/ttrpc v1.2.8v1.2.9 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

containerd/containerd (github.com/containerd/containerd)

v1.7.34: containerd 1.7.34

Compare Source

Welcome to the v1.7.34 release of containerd!

The thirty-fourth patch release for containerd 1.7 contains various fixes and updates.

Highlights
Container Runtime Interface (CRI)
  • Fix lost container exit events when events arrive before container info is cached (#​11634)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors
  • Chris Henzie
  • Samuel Karp
  • Akihiro Suda
  • Maksym Pavlenko
  • Phil Estes
  • Sopho Merkviladze
  • ningmingxiao
Changes
5 commits

  • Prepare release notes for v1.7.34 (#​13753)
    • 7db112471 Prepare release notes for v1.7.34
  • Update go to 1.26.5/1.25.12 (#​13731)
  • ci: pin fog-json to resolve gem conflict (#​13712)
    • b84460e50 ci: pin fog-json to resolve gem conflict
  • cri:fix lost container exit events if they arrive before info is cached (#​11634)
    • 2fe076ea7 cri:fix lost container exit events if they arrive before info is cached
  • build(deps): bump golang.org/x/* dependencies (#​13502)

Dependency Changes
  • golang.org/x/crypto v0.45.0 -> v0.52.0
  • golang.org/x/mod v0.29.0 -> v0.35.0
  • golang.org/x/net v0.47.0 -> v0.55.0
  • golang.org/x/sync v0.18.0 -> v0.20.0
  • golang.org/x/sys v0.38.0 -> v0.45.0
  • golang.org/x/term v0.37.0 -> v0.43.0
  • golang.org/x/text v0.31.0 -> v0.37.0

Previous release can be found at v1.7.33

v1.7.33: containerd 1.7.33

Compare Source

Welcome to the v1.7.33 release of containerd!

The thirty-third patch release for containerd 1.7 contains various fixes
and updates including security patches.

Security Updates

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors
  • Samuel Karp
  • Chris Henzie
  • Akihiro Suda
  • Akhil Mohan
  • Ben Cressey
  • Davanum Srinivas
  • Sopho Merkviladze
Changes
17 commits

Dependency Changes
  • github.com/go-jose/go-jose/v3 v3.0.4 -> v3.0.5

Previous release can be found at v1.7.32

v1.7.32: containerd 1.7.32

Compare Source

Welcome to the v1.7.32 release of containerd!


The thirty-second patch release for containerd 1.7 contains various fixes
and updates including a security patch.

  • containerd

  • Allow hosts.toml to contain only root-level fields without an explicit [host] section (#​10028)

  • Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#​13450)

  • Apply hardening to block AF_ALG in default socket policy (#​13406)

  • Support both "volatile" and "fsync=volatile" mount options for volatile snapshotter (#​13299)

  • Set AppArmor abi conditionally to support versions < 3.0 (#​13273)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

  • Maksym Pavlenko
  • Chris Henzie
  • Derek McGowan
  • Paweł Gronowski
  • Samuel Karp
  • Wei Fu
  • Brad Davidson
  • Brian Goff
  • LEI WANG
  • Phil Estes
17 commits

  • bc87d865c Prepare release notes for v1.7.32
  • oci: return explicit error for out-of-range USER values (#​13450)
    • 503f47946 oci: return explicit error for out-of-range USER values
  • seccomp: Block AF_ALG in default socket policy (#​13406)
    • e55b747d3 seccomp: Block AF_ALG in default socket policy
    • 4627a65f8 seccomp: Document socket rule scope and socketcall limitation
  • Fix issue with empty host tree in hosts.toml (#​10028)
    • 24007441d Fix error parsing hosts.toml without any host tree
  • Support both styles of volatile mount option (#​13299)
    • 940733149 Support both styles of volatile mount option
  • apparmor: Set abi conditionally (#​13273)
  • Add GitHub Action for k8s node e2e tests (#​13258)
    • 0db1e143a Add GitHub Action for k8s node e2e tests
  • Update release process after 1.7 (#​13236)
    • 3223a75c2 Update for latest updates to release tool
    • 1b30082eb Update release process after 1.7

This release has no dependency changes

Previous release can be found at v1.7.31

v1.7.31: containerd 1.7.31

Compare Source

Welcome to the v1.7.31 release of containerd!

The thirty-first patch release for containerd 1.7 contains various fixes
and updates including a security patch.

Security Updates
Highlights
Container Runtime Interface (CRI)
  • Fix CNI issue where DEL is never executed after a restart (#​12931)
  • Sanitize error before gRPC return to prevent possible credential leak in pod events (#​12805)
  • Improve error message and add warning when concurrent container creation is detected (#​12744)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors
  • Samuel Karp
  • Maksym Pavlenko
  • Akhil Mohan
  • Phil Estes
  • Sebastiaan van Stijn
  • Wei Fu
  • Akihiro Suda
  • Alex Chernyakhovsky
  • Chris Henzie
  • Michael Zappa
  • Ricardo Branco
  • Shachar Tal
  • ningmingxiao
  • yashsingh74
Changes
37 commits

  • Prepare release notes for v1.7.31 (#​13221)
    • 7d2662653 Prepare release notes for v1.7.31
  • update github.com/moby/spdystream v0.5.1 (#​13220)
    • 3f795c02a update github.com/moby/spdystream v0.5.1
  • update to Go 1.25.9, 1.26.2 (#​13200)
    • 7b1e1b17b update to Go 1.25.9, 1.26.2
    • b673f2d42 update golangci-lint to v2.9.0 with go1.26 support
    • d88d8513a remove windows/arm from cross build
    • a763407b5 Ignore warnings for golangci-lint bump
    • 03dcd8360 ci: bump golangci from 6.5.2 to 7.0.0
  • Update github.com/moby/spdystream v0.2.0->v0.5.0 (#​13176)
    • c08711218 Update github.com/moby/spdystream v0.2.0->v0.5.0
  • Skip TestExportAndImportMultiLayer on s390x (#​13152)
    • 043548f6d Skip TestExportAndImportMultiLayer on s390x
  • update runc binary to v1.3.5 (#​13059)
    • e99bd6050 [release/1.7] update runc binary to v1.3.5
  • CODEOWNERS: mark Sam and Chris as owners for 1.7 (#​13069)
    • 3a3103aaf CODEOWNERS: mark Sam and Chris as owners for 1.7
  • Fix vagrant on CI (#​13064)
  • ci: modprobe xt_comment on almalinux (#​12959)
    • 53e9e73f0 ci: modprobe xt_comment on almalinux
  • Fix TOCTOU race bug in tar extraction (#​12970)
    • 61c2733fd Fix TOCTOU race bug in tar extraction
  • Fix CNI issue where CNI DEL is never executed (#​12931)
    • f854c1890 fix issue where cni del is never executed
  • apparmor: explicitly set abi/3.0 (#​12899)
  • backport: integration: Fix TestImageLoad() failure on CI (#​12908)
    • 177ac10fe integration: Fix TestImageLoad() failure on CI
  • update to go1.24.13, go1.25.7 (#​12873)
  • fix: sanitize error before gRPC return to prevent credential leak in pod events (#​12805)
    • b1fa03843 fix: sanitize error before gRPC return to prevent credential leak in pod events
  • cri: emit warning for concurrent CreateContainer (#​12744)
    • e2c93a42c cri: emit warning for concurrent CreateContainer

Dependency Changes
  • github.com/moby/spdystream v0.2.0 -> v0.5.1

Previous release can be found at v1.7.30

v1.7.30: containerd 1.7.30

Compare Source

Welcome to the v1.7.30 release of containerd!

The thirtieth patch release for containerd 1.7 contains various fixes
and updates.

Highlights
Container Runtime Interface (CRI)
  • Fix NRI dropping requested CDI devices silently (#​12650)
  • Redact all query parameters in CRI error logs (#​12551)
Runtime

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors
  • Derek McGowan
  • Akihiro Suda
  • Austin Vazquez
  • Mike Brown
  • Wei Fu
  • Andrey Noskov
  • CrazyMax
  • Davanum Srinivas
  • Jin Dong
  • Krisztian Litkey
  • Maksym Pavlenko
  • Paweł Gronowski
  • Phil Estes
  • Samuel Karp
Changes
26 commits

  • Prepare release notes for v1.7.30 (#​12652)
    • 3d0ca6d2e Prepare release notes for v1.7.30
  • Fix NRI dropping requested CDI devices silently (#​12650)
    • 0bc74f47e cri,nri: don't drop requested CDI devices silently.
  • script/setup/install-cni: install CNI plugins v1.9.0 (#​12660)
    • 7db16b562 script/setup/install-cni: install CNI plugins v1.9.0
  • go.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (#​12640)
  • ci: bump Go 1.24.11, 1.25.5 (#​12627)
  • Update runc binary to v1.3.4 (#​12619)
    • 34b89a574 runc: Update runc binary to v1.3.4
  • ci: update CIFuzz actions to support Ubuntu 24.04 (#​12635)
    • 6e0dd8956 ci: update CIFuzz actions to support Ubuntu 24.04
  • build(deps): bump github.com/opencontainers/selinux (#​12591)
    • 3eea2a4af build(deps): bump github.com/opencontainers/selinux
  • remove sha256-simd (#​12576)
  • .github: skip 5 critest cases for window-2022 (#​12586)
    • ce2d3a67f .github: skip 5 critest cases in window CI pipeline
  • Redact all query parameters in CRI error logs (#​12551)
    • 65271ea89 fix: redact all query parameters in CRI error logs

Dependency Changes
  • github.com/cyphar/filepath-securejoin v0.5.1 new
  • github.com/opencontainers/selinux v1.11.0 -> v1.13.1
  • golang.org/x/crypto v0.40.0 -> v0.45.0
  • golang.org/x/mod v0.26.0 -> v0.29.0
  • golang.org/x/net v0.42.0 -> v0.47.0
  • golang.org/x/sync v0.16.0 -> v0.18.0
  • golang.org/x/sys v0.34.0 -> v0.38.0
  • golang.org/x/term v0.33.0 -> v0.37.0
  • golang.org/x/text v0.27.0 -> v0.31.0

Previous release can be found at v1.7.29

containerd/plugin (github.com/containerd/plugin)

v1.1.0

Compare Source

What's Changed

Full Changelog: containerd/plugin@v1.0.0...v1.1.0

containerd/ttrpc (github.com/containerd/ttrpc)

v1.2.9

Compare Source

What's Changed

New Contributors

Full Changelog: containerd/ttrpc@v1.2.8...v1.2.9


Configuration

📅 Schedule: Branch creation - Between 01:00 AM and 01:59 AM, Monday through Friday ( * 1 * * 1-5 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@elastic-renovate-prod elastic-renovate-prod Bot requested a review from a team as a code owner May 7, 2026 11:12
@elastic-renovate-prod elastic-renovate-prod Bot added backport-skip dependencies Pull requests that update a dependency file renovate renovate-auto-approve Team:Security-Cloud Services Security Data Experience - Cloud Services team. labels May 7, 2026
@elastic-renovate-prod elastic-renovate-prod Bot enabled auto-merge May 7, 2026 11:12
@elastic-renovate-prod

elastic-renovate-prod Bot commented May 7, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -t ./...
go: downloading k8s.io/client-go v0.36.0
go: downloading k8s.io/api v0.36.0
go: downloading k8s.io/apimachinery v0.36.0
go: downloading k8s.io/utils v0.0.0-20260319190234-28399d86e0b5
go: downloading github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29
go: downloading github.com/containerd/containerd/v2 v2.3.3
go: downloading github.com/containerd/containerd v1.7.34
go: downloading github.com/containerd/ttrpc v1.2.9
go: downloading github.com/Microsoft/hcsshim v0.15.0-rc.1
go: downloading k8s.io/component-base v0.36.0
go: downloading k8s.io/streaming v0.36.0
go: github.com/elastic/cloudbeat/internal/vulnerability imports
	github.com/aquasecurity/trivy/pkg/commands/artifact imports
	github.com/aquasecurity/trivy/pkg/misconf imports
	github.com/aquasecurity/trivy/pkg/iac/scanners/helm imports
	github.com/aquasecurity/trivy/pkg/iac/scanners/helm/parser imports
	helm.sh/helm/v3/pkg/action imports
	helm.sh/helm/v3/pkg/kube imports
	k8s.io/kubectl/pkg/cmd/util imports
	k8s.io/kubectl/pkg/scheme imports
	k8s.io/api/scheduling/v1alpha1: cannot find module providing package k8s.io/api/scheduling/v1alpha1

@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 9daeffa to 775347a Compare May 7, 2026 18:54
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 775347a to bfaaf28 Compare May 8, 2026 01:03
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from bfaaf28 to 46e361d Compare May 8, 2026 01:04
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch 2 times, most recently from a61fce8 to 21c6913 Compare May 8, 2026 01:04
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 21c6913 to 3227238 Compare May 8, 2026 01:06
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 3227238 to 5aa1c4a Compare May 8, 2026 01:07
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 5aa1c4a to 170ace8 Compare May 8, 2026 02:49
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 9cc7332 to 194aac1 Compare May 27, 2026 23:00
@mergify

mergify Bot commented May 28, 2026

Copy link
Copy Markdown
Contributor

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b renovate/8.19-containerd upstream/renovate/8.19-containerd
git merge upstream/8.19
git push upstream renovate/8.19-containerd

@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 194aac1 to 89ed8f0 Compare May 29, 2026 02:59
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 89ed8f0 to 8a679dd Compare May 30, 2026 02:50
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 8a679dd to 4f5a75b Compare June 1, 2026 13:26
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 4f5a75b to 551b474 Compare June 1, 2026 15:54
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 551b474 to ab8213a Compare June 1, 2026 15:54
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch 2 times, most recently from 4aab605 to a09748b Compare June 2, 2026 13:59
@mergify

mergify Bot commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b renovate/8.19-containerd upstream/renovate/8.19-containerd
git merge upstream/8.19
git push upstream renovate/8.19-containerd

@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from a09748b to 91ab8e0 Compare June 19, 2026 06:53
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 91ab8e0 to 9a9a06c Compare June 21, 2026 02:53
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 9a9a06c to 430b3eb Compare July 8, 2026 23:03
@mergify

mergify Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b renovate/8.19-containerd upstream/renovate/8.19-containerd
git merge upstream/8.19
git push upstream renovate/8.19-containerd

@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from 430b3eb to bfb6e4d Compare July 10, 2026 23:01
@elastic-renovate-prod elastic-renovate-prod Bot force-pushed the renovate/8.19-containerd branch from bfb6e4d to d5deb38 Compare July 12, 2026 03:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport-skip dependencies Pull requests that update a dependency file renovate renovate-auto-approve Team:Security-Cloud Services Security Data Experience - Cloud Services team.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants