Update module github.com/containerd/containerd to v2

[gardener-ci-robot]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
github.com/containerd/containerd	require	major	v1.7.18 -> v2.0.0

---

Release Notes

containerd/containerd (github.com/containerd/containerd)

v2.0.0: containerd 2.0.0

Compare Source

Welcome to the v2.0.0 release of containerd!

The first major release of containerd 2.x focuses on the continued stability of
containerd's core feature set with an easy upgrade from containerd 1.x. This
release includes the stabilization of new features added in the last 1.x release
as well as the removal of features which were deprecated in 1.x. The goal is to
support the vast community of containerd users well into the future along with
their ever increasing deployment footprints and variety of use cases.

See containerd 2.0 documentation for details on what is new and has changed in this release.

Highlights

• Allow sections of Plugins to be merged, and not overwritten as entire sections. (#​9982)
• Add Update API for sandbox controller (#​9903)
• Configure otel from env instead of config.toml (#​8970)
• Enable NRI by default (#​9744)
• Add PluginInfo to introspection API (#​9442)
• Remove overlayfs volatile option on temp mounts (#​9555)
• Expose usage of deprecated features (#​9258)
• Use Intel ISA-L's igzip if available (#​9200)
• Introduce top level config migration (#​9223)
• Add image delete target (#​8989)
• Remove LimitNOFILE from containerd.service (#​8924)
• Add support for image expiration during garbage collection (#​9022)
• Reduce the contention between ref lock and boltdb lock in content store (#​8792)
• Remove "containerd.io/restart.logpath" label (#​8264)
• Remove aufs snapshotter (#​8263)
• Fix deadlock during NRI plugin registration (containerd/nri#79)
• Support arm64/v9 and minor variants (containerd/platforms#8)
• Fix deadlock when writing to pipe blocks (containerd/ttrpc#168)

Build and Release Toolchain

• Generate attestation for artifacts during release (#​10543)
• Remove cri-containerd-*.tar.gz release bundles (#​9096)

Container Runtime Interface (CRI)

• Use 'UserSpecifiedImage' from CRI to set the image-name annotation (#​10747)
• Fine-grained SupplementalGroups control (#​9737)
• Add support to set loopback to up (#​10238)
• KEP-3857: Recursive Read-only (RRO) mounts (#​9787)
• Add support for multiple subscribers to CRI container events (#​9661)
• Enable CDI by default (#​9621)
• Remove non-sandboxed CRI implementation (#​9228)
• Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) (#​8287)
• Use sandboxed CRI by default (#​8994)
• Implement RuntimeConfig CRI call (#​8722)
• Add support for user namespaces (KEP-127) (#​8803)
• Remove CRI v1alpha2 (#​8276)

Go client

• Add api Go module and move all protos under api (#​10151)
• Move packages based on contributing guide (#​9365)
• Generalize plugin library (#​9214)
• Use github.com/containerd/log (#​9086)

Image Distribution

• Support to syncfs after pull by using diff plugin (#​10284)
• Skip "unknown" in image platform listing (#​10257)
• Update unpacker to fetch all provided content (#​10202)
• Enable Transfer service API to support plain HTTP (#​10024)
• Enable Transfer service to use registry configuration directory (#​9908)
• Disable the support for Schema 1 images (#​9765)
• Update Transfer service to add OCI descriptors to Progress structure (#​9630)
• Update import and export to allow references to missing content (#​9554)
• Add option to perform syncfs after pull (#​9401)
• Add image verifier transfer service plugin system based on a binary directory (#​8493)

Runtime

• Implement RuntimeStatus.features.supplemental_groups_policy from KEP-3619 (#​10410)
• Add pprof to runc-shim (#​10242)
• Provide runtime options in plugin info (#​10251)
• Store bootstrap parameters in sandbox metadata (#​9736)
• Update apparmor to allow confined runc to kill containers (#​10123)
• Support vsock connection to task api (#​9738)
• Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#​9320)
• Switch runc shim to task service v3 and fix restore (#​9233)
• Add sandboxer configuration and move sandbox controllers to plugins (#​8268)
• Add annotations to CreateSandbox request (#​8960)
• Add SandboxMetrics (#​8680)
• Publish sandbox events (#​8602)
• Remove the CriuPath field from runc's options (#​8279)
• Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#​8262)

Security Advisories

• [medium] RAPL accessible to a container GHSA-7ww5-4wqc-m92c

Breaking

• Remove disable_cgroup from CRI config (#​10594)
• Disable the support for Schema 1 images (#​9765)
• Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#​9320)
• Move client to subpackage (#​9316)
• Remove LimitNOFILE from containerd.service (#​8924)
• Remove CRI v1alpha2 (#​8276)
• Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#​8262)
• Remove "containerd.io/restart.logpath" label (#​8264)
• Remove aufs snapshotter (#​8263)

Deprecations

• Update warnings for deprecated CRI config fields (#​10509)
• Add type alias for event Envelope (#​10279)
• Postpone removal of deprecated CRI config properties (#​9966)
• Deprecate go-plugin configuration option (#​9238)
• CNI conf_template in CRI is no longer deprecated (#​8637)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Maksym Pavlenko
• Wei Fu
• Phil Estes
• Sebastiaan van Stijn
• Samuel Karp
• Krisztian Litkey
• Kazuyoshi Kato
• Austin Vazquez
• Rodrigo Campos
• Danny Canter
• Abel Feng
• Mike Brown
• Kirtana Ashok
• Akhil Mohan
• Iceber Gu
• Gabriel Adrian Samfira
• Jin Dong
• Kohei Tokunaga
• Bjorn Neergaard
• Brian Goff
• Justin Chadwell
• rongfu.leng
• James Sturtevant
• Davanum Srinivas
• Paul "TBBle" Hampson
• Henry Wang
• Enrico Weigelt
• Laura Brehm
• Marat Radchenko
• Paweł Gronowski
• Shingo Omura
• Hsing-Yu (David) Chen
• Ilya Hanov
• Cardy.Tang
• Swagat Bora
• Aditi Sharma
• Amit Barve
• Bryant Biggs
• Evan Lezar
• James Jenkins
• Jordan Liggitt
• Kay Yan
• Markus Lehtonen
• Nashwan Azhari
• Shuaiyi Zhang
• Vinayak Goyal
• helen
• Alexandru Matei
• Anthony Nandaa
• Avi Deitcher
• Charity Kathure
• Cory Snider
• Ed Bartosh
• Etienne Champetier
• Kevin Parsons
• Michael Zappa
• Milas Bowman
• lengrongfu
• ningmingxiao
• yanggang
• zounengren
• Aditya Ramani
• Adrian Reber
• Amir M. Ghazanfari
• Antonio Ojea
• Artem Khramov
• Brad Davidson
• Chen Yiyang
• Chongyi Zheng
• Christian Muehlhaeuser
• Djordje Lukic
• Edgar Lee
• Eric Lin
• Ethan Lowman
• Jiang Liu
• June Rhodes
• Kern Walster
• Lei Jitang
• Lucas Rattz
• Mahamed Ali
• Maksim An
• Michael Crosby
• Peteris Rudzusiks
• Ray Burgemeestre
• Sam Edwards
• Samruddhi Khandale
• Sascha Grunert
• Steve Griffith
• Tony Fang
• Tõnis Tiigi
• VERNOU Cédric
• Vishal Reddy Gurrala
• Xiaojin Zhang
• Yang Yang
• hang.jiang
• harshitasao
• jerryzhuang
• roman-kiselenko
• zhanluxianshen
• Aaron Lehmann
• AbdelrahmanElawady
• Adrien Delorme
• Alex Couture-Beil
• Alex Ellis
• Alex Rodriguez
• Angelos Kolaitis
• Antonio Huete Jimenez
• Antti Kervinen
• Arash Haghighat
• Arkin Modi
• Ben Foster
• Benjamin Peterson
• Bin Tang
• Bin Xin
• BinBin He
• Brennan Kinney
• Changqing Li
• ChengenH
• ChengyuZhu6
• Christian Stewart
• Colin O'Dell
• Craig Ingram
• Daisy Rong
• David Porter
• David Son
• Derek Nola
• Eng Zer Jun
• Erikson Tung
• Fabiano Fidêncio
• Fahed Dorgaa
• Gabriela Cervantes
• Gary McDonald
• Iain Macdonald
• James Lakin
• Jan Dubois
• Jaroslav Jindrak
• Javier Maestro
• Jian Wang
• Jiongchi Yu
• Julien Balestra
• Kir Kolyshkin
• Kirill A. Korinsky
• Konstantin Khlebnikov
• Lei Liu
• Matteo Pulcini
• Mauri de Souza Meneguzzo
• Mike Baynton
• Niklas Gehlen
• Pan Yibo
• Paul Meyer
• Qasim Sarfraz
• Qiutong Song
• Reinhard Tartler
• Robbie Buxton
• Robert-André Mauchin
• Ruihua Wen
• Saket Jajoo
• Sameer
• Shengjing Zhu
• Shiming Zhang
• Shukui Yang
• StepSecurity Bot
• Talon
• Tariq Ibrahim
• Tianon Gravi
• Tim Hockin
• TinaMor
• Tobias Klauser
• Tomáš Virtus
• Wang Xinwen
• William Chen
• Xinyang Ge
• Yibo Zhuang
• Yuhang Wei
• Yury Gargay
• Zechun Chen
• Zhang Tianyang
• Zoe
• baijia
• bo.jiang
• bzsuni
• charles-chenzz
• chschumacher1994
• cormick
• guangli.bao
• guangwu
• jinda.ljd
• jingtao.liang
• krglosse
• pigletfly
• rokkiter
• wangxiang
• zhangpeng
• zhaojizhuang
• 吴小白
• 张钰
• 沈陵
• 谭九鼎

Dependency Changes

• dario.cat/mergo v1.0.1 new
• github.com/AdaLogics/go-fuzz-headers 1f10f66 -> e8a1dd7
• github.com/AdamKorcz/go-118-fuzz-build 5330a85 -> 2b5cbb2
• github.com/Microsoft/go-winio v0.6.0 -> v0.6.2
• github.com/Microsoft/hcsshim v0.10.0-rc.7 -> v0.12.9
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.3.0
• github.com/cespare/xxhash/v2 v2.2.0 -> v2.3.0
• github.com/checkpoint-restore/checkpointctl v1.3.0 new
• github.com/checkpoint-restore/go-criu/v7 v7.2.0 new
• github.com/cilium/ebpf v0.9.1 -> v0.11.0
• github.com/containerd/cgroups/v3 v3.0.1 -> v3.0.3
• github.com/containerd/console v1.0.3 -> v1.0.4
• github.com/containerd/containerd/api v1.8.0 new
• github.com/containerd/continuity v0.3.0 -> v0.4.4
• github.com/containerd/errdefs v1.0.0 new
• github.com/containerd/errdefs/pkg v0.3.0 new
• github.com/containerd/go-cni v1.1.9 -> v1.1.10
• github.com/containerd/go-runc v1.0.0 -> v1.1.0
• github.com/containerd/imgcrypt/v2 v2.0.0-rc.1 new
• github.com/containerd/log v0.1.0 new
• github.com/containerd/nri v0.3.0 -> v0.8.0
• github.com/containerd/otelttrpc ea5083f new
• github.com/containerd/platforms v1.0.0-rc.0 new
• github.com/containerd/plugin v1.0.0 new
• github.com/containerd/ttrpc v1.2.1 -> v1.2.6
• github.com/containerd/typeurl/v2 v2.1.0 -> v2.2.2
• github.com/containerd/zfs/v2 v2.0.0-rc.0 new
• github.com/containernetworking/cni v1.1.2 -> v1.2.3
• github.com/containernetworking/plugins v1.2.0 -> v1.5.1
• github.com/containers/ocicrypt v1.1.6 -> v1.2.0
• github.com/cpuguy83/go-md2man/v2 v2.0.2 -> v2.0.5
• github.com/davecgh/go-spew v1.1.1 -> d8f796a
• github.com/distribution/reference v0.6.0 new
• github.com/emicklei/go-restful/v3 v3.10.1 -> v3.11.0
• github.com/felixge/httpsnoop v1.0.4 new
• github.com/fsnotify/fsnotify v1.6.0 -> v1.7.0
• github.com/fxamacker/cbor/v2 v2.7.0 new
• github.com/go-jose/go-jose/v4 v4.0.4 new
• github.com/go-logr/logr v1.2.3 -> v1.4.2
• github.com/golang/protobuf v1.5.2 -> v1.5.4
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/uuid v1.3.0 -> v1.6.0
• github.com/gorilla/websocket v1.5.0 new
• github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.1 new
• github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 new
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 -> v2.22.0
• github.com/intel/goresctrl v0.3.0 -> v0.8.0
• github.com/klauspost/compress v1.16.0 -> v1.17.11
• github.com/mdlayher/socket v0.4.1 new
• github.com/mdlayher/vsock v1.2.1 new
• github.com/mistifyio/go-zfs/v3 v3.0.1 new
• github.com/moby/spdystream v0.2.0 -> v0.4.0
• github.com/moby/sys/mountinfo v0.6.2 -> v0.7.2
• github.com/moby/sys/sequential v0.5.0 -> v0.6.0
• github.com/moby/sys/signal v0.7.0 -> v0.7.1
• github.com/moby/sys/symlink v0.2.0 -> v0.3.0
• github.com/moby/sys/user v0.3.0 new
• github.com/moby/sys/userns v0.1.0 new
• github.com/munnerz/goautoneg a7dc8b6 new
• github.com/mxk/go-flowrate cca7078 new
• github.com/opencontainers/image-spec 3a7f492 -> v1.1.0
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.2.0
• github.com/opencontainers/runtime-tools 946c877 -> 2e043c6
• github.com/opencontainers/selinux v1.11.0 -> v1.11.1
• github.com/pelletier/go-toml/v2 v2.2.3 new
• github.com/pmezard/go-difflib v1.0.0 -> 5d4384e
• github.com/prometheus/client_golang v1.14.0 -> v1.20.5
• github.com/prometheus/client_model v0.3.0 -> v0.6.1
• github.com/prometheus/common v0.37.0 -> v0.55.0
• github.com/prometheus/procfs v0.8.0 -> v0.15.1
• github.com/sirupsen/logrus v1.9.0 -> v1.9.3
• github.com/stefanberger/go-pkcs11uri 78d3cae -> 7828495
• github.com/stretchr/testify v1.8.2 -> v1.9.0
• github.com/urfave/cli/v2 v2.27.5 new
• github.com/vishvananda/netlink v1.2.1-beta.2 -> v1.3.0
• github.com/vishvananda/netns 2eb08e3 -> v0.0.4
• github.com/x448/float16 v0.8.4 new
• github.com/xrash/smetrics 686a1a2 new
• go.etcd.io/bbolt v1.3.7 -> v1.3.11
• go.mozilla.org/pkcs7 432b235 -> v0.9.0
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0 -> v0.56.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 new
• go.opentelemetry.io/otel v1.14.0 -> v1.31.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 -> v1.31.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 -> v1.31.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0 -> v1.31.0
• go.opentelemetry.io/otel/metric v0.37.0 -> v1.31.0
• go.opentelemetry.io/otel/sdk v1.14.0 -> v1.31.0
• go.opentelemetry.io/otel/trace v1.14.0 -> v1.31.0
• go.opentelemetry.io/proto/otlp v0.19.0 -> v1.3.1
• golang.org/x/crypto v0.1.0 -> v0.28.0
• golang.org/x/exp aacd6d4 new
• golang.org/x/mod v0.7.0 -> v0.21.0
• golang.org/x/net v0.7.0 -> v0.30.0
• golang.org/x/oauth2 v0.4.0 -> v0.22.0
• golang.org/x/sync v0.1.0 -> v0.8.0
• golang.org/x/sys v0.6.0 -> v0.26.0
• golang.org/x/term v0.5.0 -> v0.25.0
• golang.org/x/text v0.7.0 -> v0.19.0
• golang.org/x/time 90d013b -> v0.3.0
• google.golang.org/genproto/googleapis/api 5fefd90 new
• google.golang.org/genproto/googleapis/rpc 324edc3 new
• google.golang.org/grpc v1.53.0 -> v1.67.1
• google.golang.org/protobuf v1.28.1 -> v1.35.1
• k8s.io/api v0.26.2 -> v0.31.2
• k8s.io/apimachinery v0.26.2 -> v0.31.2
• k8s.io/apiserver v0.26.2 -> v0.31.2
• k8s.io/client-go v0.26.2 -> v0.31.2
• k8s.io/component-base v0.26.2 -> v0.31.2
• k8s.io/cri-api v0.26.2 -> v0.31.2
• k8s.io/klog/v2 v2.90.1 -> v2.130.1
• k8s.io/kubelet v0.31.2 new
• k8s.io/utils a5ecb01 -> 18e509b
• sigs.k8s.io/json f223a00 -> bc3834c
• sigs.k8s.io/structured-merge-diff/v4 v4.2.3 -> v4.4.1
• sigs.k8s.io/yaml v1.3.0 -> v1.4.0
• tags.cncf.io/container-device-interface v0.8.0 new
• tags.cncf.io/container-device-interface/specs-go v0.8.0 new

Previous release can be found at v1.7.0

Which file should I download?

• containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
• containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

v1.7.23: containerd 1.7.23

Compare Source

Welcome to the v1.7.23 release of containerd!

The twenty-third patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Add errdefs aliases (#​10792)
• Allow proxy plugins to have capabilities (#​10731)
• Revert errdefs package migration (#​10712)

Container Runtime Interface (CRI)

• Add check for CNI plugins before tearing down pod network (#​10767)

Image Distribution

• Fix the race condition during GC of snapshots when client retries (#​10763)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Austin Vazquez
• Phil Estes
• Akihiro Suda
• Samuel Karp
• Maksym Pavlenko
• Kern Walster
• Kir Kolyshkin
• Saket Jajoo
• Sameer
• Wei Fu
• Zou Nengren
• bo.jiang

Changes

37 commits

• Prepare release notes for v1.7.23 (#​10802)
  • 921f554af Prepare release notes for v1.7.23
• Revert "update runc binary to 1.1.15" (#​10826)
  • 8f16d6588 Revert "update runc binary to 1.1.15"
• Switch from actuated.dev to GH Action runners for arm64 (#​10822)
  • 41e8f24cd Switch from actuated.dev to GH Action runners for arm64
  • dd811f224 Update github actions ci to run on forks
• bump golangci/golangci-lint-action from 4 to 6 (#​10813)
  • 284484af4 bump golangci/golangci-lint-action from 4 to 6
• update to go1.23.2,go1.22.8 (#​10808)
  • 814c59ba5 update to go1.23.2,go1.22.8
• prow: allow ENABLE_CRI_SANDBOXES to be configured (#​10801)
  • ae11176fa prow: allow ENABLE_CRI_SANDBOXES to be configured
• TestNewBinaryIOCleanup: fix a comment, minor rewrite (#​10776)
  • 7fd794a7c TestNewBinaryIOCleanup: fix a comment, minor rewrite
• Add errdefs aliases (#​10792)
  • 0714a2952 Add errdefs aliases
• Update runc binary to 1.1.15 (#​10794)
  • 113a9f1fc update runc binary to 1.1.15
• Update runner images to macOS13 (#​10783)
  • 5305b03f2 Update runner images to macOS13
• Allow proxy plugins to have capabilities (#​10731)
  • 950740390 Allow proxy plugins to have capabilities
• Bump crun to 1.16.1 (#​10774)
  • e8aae7824 Bump crun to 1.16
  • ee1c39b79 CI: bump up crun to 1.15
• Fix the race condition during GC of snapshots when client retries (#​10763)
  • cb5e6a01a Fix the race condition during GC of snapshots when client retries
• Add check for CNI plugins before tearing down pod network (#​10767)
  • 278bd0f72 [release/1.7] Add check for CNI plugins before tearing down pod network
• Revert errdefs package migration (#​10712)
  • 18403239e Synchronize 1.7 error package with errdefs
  • d8d27205b Revert "migrate errdefs package to github.com/containerd/errdefs module"
  • e82d201b3 Revert "replace uses of github.com/containerd/containerd/errdefs"
  • 51939238f Revert "errdefs: denote deprecation as a godoc comment"
  • ae80077e8 Revert "golangci-lint: enable depguard for packages that moved"
  • 32675f983 Revert "remove imports of errdefs package"

Changes from containerd/errdefs

29 commits

• Add errdefs/pkg package (containerd/errdefs#19)
  • 46a6522 Add errdefs/pkg package
• Update GitHub Actions packages and runners (containerd/errdefs#20)
  • 303a6ea Update to Go 1.22.8 in CI
  • e70104e Upgrade to golangci-lint@v1.61.0
  • ffe5586 Upgrade to golangci/golangci-lint-action@v6
  • 908b04b Upgrade to actions/checkout@v4
  • 608b83c Upgrade to actions/setup-go@v5
  • 8e82ae4 Upgrade macOS runner image to macOS 13
• Complete interface definitions for errors (containerd/errdefs#18)
  • 41d12e1 Complete interface definitions for errors
• Add support for grpc error details and multiple errors (containerd/errdefs#7)
  • b9dce4d Add support for grpc error details
  • ffb0349 Update Resolve function to support Is interface
• Add support for custom error messages (containerd/errdefs#10)
  • dc9b20e Add support for custom error messages
• Add a resolve error function to return first error (containerd/errdefs#9)
  • 9f87502 Add a resolve error function to return first error
• Add stack support (containerd/errdefs#8)
  • f96dfda Add stack package for managing error stack traces
  • 70fd2d7 Add collapsible error type
  • 6022faf Add typeurl to go mod
• Fix Cancelled interface typo (containerd/errdefs#6)
  • 9564d8f Fix Cancelled interface typo
• Split gRPC and HTTP error utility into seperate packages (containerd/errdefs#5)
  • fd0e482 Split gRPC and HTTP error utility into seperate packages
• Add more grpc types (containerd/errdefs#3)
  • f727cdb Add HTTP status code and error type conversion
  • 9854dc7 Add more grpc error types

Dependency Changes

• github.com/containerd/errdefs v0.1.0 -> v0.3.0

Previous release can be found at v1.7.22

v1.7.22: containerd 1.7.22

Compare Source

Welcome to the v1.7.22 release of containerd!

The twenty-second patch release for containerd 1.7 contains various fixes
and updates.

Highlights

Build and Release Toolchain

• Update to go1.22.7, go1.23.1 (#​10679)

Container Runtime Interface (CRI)

• Cumulative stats can't decrease (#​10670)

Runtime

• Fix bug where init exits were being dropped (#​10675)
• Update runc binary to 1.1.14 (#​10668)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• James Sturtevant
• Laura Brehm
• Maksym Pavlenko
• Akhil Mohan
• Akihiro Suda
• Cory Snider
• Derek McGowan
• Sebastiaan van Stijn

Changes

16 commits

• Prepare release notes for v1.7.22 (#​10684)
  • 43174ee6a Prepare release notes for v1.7.22
• integration: regression test for issue 10589 (#​10682)
  • 0c4ba21d8 integration: regression test for issue 10589
  • 1cc2cfa4b fifosync: cross-process synchronization
• Fix bug where init exits were being dropped (#​10675)
  • f338717ed runc-shim: handle pending execs as running
  • 686c69490 runc-shim: refuse to start execs after init exits
  • 760935e52 runc-shim: remove misleading comment
• Update to go1.22.7, go1.23.1 (#​10679)
  • 19d678f73 update to go1.22.7, go1.23.1
• Cumulative stats can't decrease (#​10670)
  • 3658d5b40 Include change in cri server
  • 88d001c74 Cumulative stats can't decrease
• Update runc binary to 1.1.14 (#​10668)
  • 33e8a2005 update runc binary to 1.1.14

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.7.21

v1.7.21: containerd 1.7.21

Compare Source

Welcome to the v1.7.21 release of containerd!

The twenty-first patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Regenerate introspection UUID if state is empty (#​10510)
• Set stderr to empty string when using terminal on Windows (#​10499)

Build and Release Toolchain

• Move builds to Go 1.22 and add support for testing with 1.23 (#​10596)

Container Runtime Interface (CRI)

• Borrow latest wsstream from k8s v1.31.x to 1.7 (#​10575)
• Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate (#​10571)
• Make StopContainer idempotent (#​10528)
• Make StopPodSandbox idempotent (#​10527)

Go client

• Fix failed force deletion for tasks with PID 0 (#​10523)

Runtime

• Fix packaged runc reporting incorrect version (#​10559)
• Ensure /run/containerd gets created with correct perms (#​10534)

Deprecations

• Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate (#​10571)
• Update warnings for deprecated CRI config fields (#​10512)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Davanum Srinivas
• Samuel Karp
• Sebastiaan van Stijn
• Phil Estes
• Maksym Pavlenko
• Akhil Mohan
• Chris Henzie
• Derek McGowan
• Kazuyoshi Kato
• Sascha Grunert
• Akihiro Suda
• Erikson Tung
• Iceber Gu
• Mauri de Souza Meneguzzo
• Mike Brown
• Shengjing Zhu
• TinaMor
• rongfu.leng

Changes

45 commits

• Prepare release notes for v1.7.21 (#​10632)
  • 975f279ee Prepare release notes for v1.7.21
• go.mod: keep minimum go version at go1.21 (#​10633)
  • d63bd8464 go.mod: keep minimum go version at go1.21
• Move builds to Go 1.22 and add support for testing with 1.23 (#​10596)
  • c76028088 update golangci-lint to 1.60.1
  • 3b263d082 add go1.23.0, drop go1.21.x
• Fix TestNewBinaryIOCleanup on Go 1.23 and Linux 5.4 (#​10590)
  • 09ca004de Fix TestNewBinaryIOCleanup on Go 1.23 and Linux 5.4
• Borrow latest wsstream from k8s v1.31.x to 1.7 (#​10575)
  • 9269d97b1 hide wsstream under internal/ to prevent external use
  • 59815fa44 golangci-lint should only look for problems in new code
  • 1c431dc6f Run go mod tidy
  • 226f93d92 Add copyright headers
  • 6f3252733 switch over references to the new package
  • 0a85d476a Fix up some constant references
  • 82bfa44d0 Copy over wsstream from k8s v1.31.0-rc.1 release
• Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate (#​10571)
  • 52b79f337 Update CRIAPIV1Alpha2 warning lastOccurrence every call
• pkg/userns: deprecate and migrate to github.com/moby/sys/userns (#​10564)
  • dce0b5a6d migrate to github.com/moby/sys/userns
  • 65f7d0740 pkg/userns: deprecate and migrate to github.com/moby/sys/user/userns
  • f21675c27 vendor: github.com/moby/sys/user v0.2.0
• update to go1.21.13 / go1.22.6 (#​10570)
  • 228914a5e update to go1.21.13 / go1.22.6
• Fix TestNewBinaryIOCleanup failing with gotip (#​10554)
  • 3ff82ba0f Fix TestNewBinaryIOCleanup failing with gotip
• Fix packaged runc reporting incorrect version (#​10559)
  • d51143f6f script/setup/install-runc: fix runc using incorrect version
• update auths code comment (#​10536)
  • 7bb1455d8 update auths code comment
• Ensure /run/containerd gets created with correct perms (#​10534)
  • 16c5fc768 Ensure /run/containerd is created with correct perms
• Make StopContainer idempotent (#​10528)
  • 6da4e40b2 Make StopContainer RPC idempotent
• Make StopPodSandbox idempotent (#​10527)
  • b3b6f1507 Make StopPodSandbox RPC idempotent
• Fix failed force deletion for tasks with PID 0 (#​10523)
  • 0db46f664 client: fix tasks with PID 0 cannot be forced to delete
• Update warnings for deprecated CRI config fields (#​10512)
  • 9afb8dcdf deprecation: update warnings for CRI config fields
• Regenerate introspection UUID if state is empty (#​10510)
  • b140792e4 introspection: regenerate UUID if state is empty
• Set stderr to empty string when using terminal on Windows (#​10499)
  • f9beac3db Set stderr to empty string when using terminal on Windows.

Dependency Changes

• github.com/moby/sys/userns v0.1.0 new

Previous release can be found at v1.7.20

v1.7.20: containerd 1.7.20

Compare Source

Welcome to the v1.7.20 release of containerd!

The twentieth patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Support for dropping inheritable capabilities (#​10469)

Container Runtime Interface (CRI)

• Make PodSandboxStatus friendlier to shim crashes (#​10461)
• Handle empty DNSConfig differently than unspecified (#​10462)
• Fix for [cri] ttrpc: closed during ListPodSandboxStats (#​10423)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Phil Estes
• Akhil Mohan
• Bryant Biggs
• Danny Canter
• Davanum Srinivas
• Mike Brown
• Samuel Karp
• Tim Hockin

Changes

16 commits

• Prepare release notes for v1.7.20 (#​10481)
  • 7f2d4cd97 Prepare release notes for v1.7.20
• deps: Update otelgrpc (#​10413)
  • 3a02c523d deps: Update otelgrpc
• Make PodSandboxStatus friendlier to shim crashes (#​10461)
  • df86bdd5d CRI Sbserver: Make PodSandboxStatus friendlier to shim crashes
• Handle empty DNSConfig differently than unspecified (#​10462)
  • 209ee4f10 CRI: An empty DNSConfig != unspecified
• Support for dropping inheritable capabilities (#​10469)
  • ce65228af Support for dropping inheritable capabilities
• Fix for [cri] ttrpc: closed during ListPodSandboxStats (#​10423)
  • 610498df7 Fix for [cri] ttrpc: closed during ListPodSandboxStats
• update to go1.21.12 / go1.22.5 (#​10426)
  • e61c7932e update to go1.21.12 / go1.22.5
• errdefs: denote deprecation as a godoc comment (#​10424)
  • c7d5e430a errdefs: denote deprecation as a godoc comment

Dependency Changes

• github.com/go-logr/logr v1.2.4 -> v1.3.0
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/uuid v1.3.1 -> v1.4.0
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.45.0 -> v0.46.1
• go.opentelemetry.io/otel v1.19.0 -> v1.21.0
• go.opentelemetry.io/otel/metric v1.19.0 -> v1.21.0
• go.opentelemetry.io/otel/sdk v1.19.0 -> v1.21.0
• go.opentelemetry.io/otel/trace v1.19.0 -> v1.21.0
• google.golang.org/genproto e6e6cda -> [989df2b](https://redirect.github.com/containerd/con

---

Configuration

📅 Schedule: Branch creation - "after 07:30am,before 07:15pm,every weekday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[gardener-ci-robot]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 32 additional dependencies were updated

Details:

Package	Change
github.com/prometheus/client_golang	v1.20.4 -> v1.20.5
k8s.io/api	v0.30.3 -> v0.31.2
k8s.io/apimachinery	v0.30.3 -> v0.31.2
k8s.io/client-go	v0.30.3 -> v0.31.2
cloud.google.com/go/compute/metadata	v0.3.0 -> v0.5.0
github.com/AdaLogics/go-fuzz-headers	v0.0.0-20230811130428-ced1acdcaa24 -> v0.0.0-20240806141605-e8a1dd7889d6
github.com/Microsoft/hcsshim	v0.12.3 -> v0.12.9
github.com/containerd/errdefs	v0.1.0 -> v1.0.0
github.com/containers/ocicrypt	v1.1.10 -> v1.2.0
github.com/docker/docker	v26.1.5+incompatible -> v27.1.1+incompatible
github.com/go-jose/go-jose/v4	v4.0.1 -> v4.0.4
github.com/google/go-containerregistry	v0.19.1 -> v0.20.1
github.com/grpc-ecosystem/grpc-gateway/v2	v2.19.1 -> v2.22.0
github.com/klauspost/compress	v1.17.9 -> v1.17.11
github.com/moby/spdystream	v0.2.0 -> v0.4.0
github.com/moby/sys/sequential	v0.5.0 -> v0.6.0
github.com/pelletier/go-toml/v2	v2.2.2 -> v2.2.3
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.49.0 -> v0.56.0
go.opentelemetry.io/otel	v1.25.0 -> v1.31.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	v1.22.0 -> v1.31.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	v1.22.0 -> v1.31.0
go.opentelemetry.io/otel/metric	v1.25.0 -> v1.31.0
go.opentelemetry.io/otel/sdk	v1.25.0 -> v1.31.0
go.opentelemetry.io/otel/trace	v1.25.0 -> v1.31.0
go.opentelemetry.io/proto/otlp	v1.1.0 -> v1.3.1
golang.org/x/oauth2	v0.21.0 -> v0.22.0
google.golang.org/genproto/googleapis/api	v0.0.0-20240311173647-c811ad7063a7 -> v0.0.0-20241007155032-5fefd90f89a9
google.golang.org/genproto/googleapis/rpc	v0.0.0-20240401170217-c3f982113cda -> v0.0.0-20241021214115-324edc3d5d38
google.golang.org/grpc	v1.63.0 -> v1.67.1
google.golang.org/protobuf	v1.34.2 -> v1.35.1
k8s.io/apiserver	v0.30.3 -> v0.31.2
k8s.io/component-base	v0.30.3 -> v0.31.2

[gardener-robot]

@gardener-ci-robot Thank you for your contribution.

[gardener-robot]

@gardener-ci-robot You need rebase this pull request with latest master branch. Please check.

[guewa]

build error