• CRI-O v1.31.0
  • Downloads
  • Changelog since v1.30.0
    • Changes by Kind
      • Other
      • Dependency-Change
      • Deprecation
      • API Change
      • Feature
      • Design
      • Documentation
      • Bug or Regression
      • Other (Cleanup or Flake)
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.31.0

The release notes have been generated for the commit range v1.30.0…c9e874c on Thu, 05 Sep 2024 00:09:11 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz
  • cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.sha256sum
  • cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.sig
  • cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.cert
  • cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx
  • cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx.sig
  • cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx.cert
• cri-o.arm64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz
  • cri-o.arm64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.sha256sum
  • cri-o.arm64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.sig
  • cri-o.arm64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.cert
  • cri-o.arm64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx
  • cri-o.arm64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx.sig
  • cri-o.arm64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx.cert
• cri-o.ppc64le.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz
  • cri-o.ppc64le.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.sha256sum
  • cri-o.ppc64le.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.sig
  • cri-o.ppc64le.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.cert
  • cri-o.ppc64le.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx
  • cri-o.ppc64le.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx.sig
  • cri-o.ppc64le.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx.cert
• cri-o.s390x.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz
  • cri-o.s390x.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.sha256sum
  • cri-o.s390x.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.sig
  • cri-o.s390x.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.cert
  • cri-o.s390x.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx
  • cri-o.s390x.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx.sig
  • cri-o.s390x.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx.cert

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/c9e874cdb1f03178490f37c09df7d87e1fdffd62 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/c9e874cdb1f03178490f37c09df7d87e1fdffd62 \
    --signature cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.sig \
    --certificate cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz
> bom validate -e cri-o.amd64.c9e874cdb1f03178490f37c09df7d87e1fdffd62.tar.gz.spdx -d cri-o

Changelog since v1.30.0

Changes by Kind

Other

• Move the tracing endpoint listener to use 127.0.0.1 as the new default. (#8495, @bitoku)
• Move the tracing profile listener to use 127.0.0.1 as the new default. (#8506, @bitoku)

Dependency-Change

• Update pause image to 3.10. (#8382, @PannagaRao)
• Updated vendored conmon-rs libraries to v0.6.5. (#8451, @saschagrunert)

Deprecation

• Remove registries config in crio.image and --registry option which have been already deprecated. (#8194, @bitoku)
• Remove device mapper storage driver. (#8019, @kolyshkin)

API Change

• Removed crio config --migrate-defaults command which has been deprecated in v1.28. (#8367, @saschagrunert)

Feature

• Add RuntimeStatus.features.supplemental_groups_policy field (KEP-3619) (#8386, @everpeace)
• Add no_sync_log option to disable fsync on container log rotation and container exit. This can improve performance at the cost of potential data loss on machine crashes. (#8363, @rtreffer)
• Add fine-grained SupplementalGroups control for enhanced security (KEP-3619) (#8268, @sohankunkerkar)
• Added support for the Kubernetes OCI / image Volume Source (KEP-4639). (#8317, @saschagrunert)
• Config: add /dev/net/tun to default allowed devices (#8525, @haircommander)
• Respect image pull timeout set by RPC context to potentially abort an ongoing image pull. (#8266, @saschagrunert)
• Show runtime configuration in the CRI-O logs. (#7783, @LenkaSeg)
• Update the type of checks the internal repair feature performs on CRI-O’s start-up following an unclean shutdown, enable the internal repair option by default, and add a new crio check sub-command. (#8417, @kwilczynski)

Design

• Remove a container after it fails to start, to prevent copies of it from piling up until it succeeds. (#8288, @haircommander)

Documentation

• Fixed version output formatting in crio -h. (#8337, @saschagrunert)
• Sorted crio subcommands by name. (#8336, @saschagrunert)
• Updated documentation to not mention legacy installation instructions any more. (#8359, @saschagrunert)
• Updated installation docs and move all binary related information to https://github.com/cri-o/packaging (#8383, @saschagrunert)

Bug or Regression

• Check for nil values when importing container definition for a given container checkpoint to be restored. (#8150, @kwilczynski)
• Enabled restoring container logs from a checkpoint. (#8290, @rst0git)
• Fix CVE-2024-5154 where a malicious container image could make a symlink of /proc/mounts on the host, out of the container’s rootfs (#8225, @haircommander)
• Fix a bug where a pod with a userns would fail to be created when ping_group_range sysctl was specified for it (and the max of that range was outside of the pods user namespace) (#8174, @haircommander)
• Fix a bug where pinns wasn’t setting the sysctls at the correct time when it was also pinning a user namespace (#8149, @haircommander)
• Fix a bug where the GID is not added to /etc/group when run_as_group is set (#8251, @PannagaRao)
• Fix memory leakage when sending a failing port-forward request (#8203, @bitoku)
• Fix the bug that cri-o stops watching container exits after it gets an fsnotify error (#8195, @bitoku)
• Fixed a bug where stopping a container would block all further stop attempts for the same container. (#8300, @sohankunkerkar)
• Fixed container stats label filtering. (#8240, @saschagrunert)
• Fixed container volume restore on CRI-O restart. (#8301, @saschagrunert)
• Fixed pod lifecycle regression where the exec PID’s got killed before the actual container. (#8162, @saschagrunert)
• Reload config should remove pinned images when an empty list is provided (#8213, @roman-kiselenko)
• The default seccomp policy now blocks clone and clone3 system calls that can create a Linux namespace. This matches the default seccomp policy containerd uses. (#8514, @bitoku)

Other (Cleanup or Flake)

• Log exactly how configuration gets loaded into memory on SIGHUP and CRI-O start. (#8452, @saschagrunert)
• Log version only for main CRI-O command, not on others like crio config or crio status. (#8406, @saschagrunert)
• Made StopContainer, RemoveContainer and RemoveImage idempotent per CRI API definition: https://github.com/kubernetes/cri-api/blob/c20fa40/pkg/apis/runtime/v1/api.proto (#8431, @saschagrunert)
• Reduced “Failed to get pid for pod infra container” NRI message for spoofed containers and lowering the verbosity to DEBUG. (#8347, @saschagrunert)

Dependencies

Added

• cel.dev/expr: v0.15.0
• cuelabs.dev/go/oci/ociregistry: 224736b
• github.com/antlr4-go/antlr/v4: v4.13.0
• github.com/colega/zeropool: 6fb4a4f
• github.com/containerd/containerd/api: v1.7.19
• github.com/containerd/platforms: v0.2.1
• github.com/go-jose/go-jose/v4: v4.0.2
• github.com/go-task/slim-sprig/v3: v3.0.0
• github.com/google/go-github/v60: v60.0.0
• github.com/moby/docker-image-spec: v1.3.1
• github.com/moby/sys/userns: v0.1.0
• github.com/planetscale/vtprotobuf: 0393e58
• github.com/tj/assert: v0.0.3
• go.opentelemetry.io/otel/log: v0.3.0
• gopkg.in/evanphx/json-patch.v4: v4.12.0

Changed

• capnproto.org/go/capnp/v3: v3.0.0-alpha.25 → v3.0.1-alpha.2
• chainguard.dev/go-grpc-kit: v0.17.1 → v0.17.2
• cloud.google.com/go/accessapproval: v1.7.4 → v1.7.5
• cloud.google.com/go/accesscontextmanager: v1.8.4 → v1.8.5
• cloud.google.com/go/aiplatform: v1.58.0 → v1.62.2
• cloud.google.com/go/analytics: v0.22.0 → v0.23.0
• cloud.google.com/go/apigateway: v1.6.4 → v1.6.5
• cloud.google.com/go/apigeeconnect: v1.6.4 → v1.6.5
• cloud.google.com/go/apigeeregistry: v0.8.2 → v0.8.3
• cloud.google.com/go/appengine: v1.8.4 → v1.8.5
• cloud.google.com/go/area120: v0.8.4 → v0.8.5
• cloud.google.com/go/artifactregistry: v1.14.6 → v1.14.7
• cloud.google.com/go/asset: v1.17.0 → v1.18.0
• cloud.google.com/go/assuredworkloads: v1.11.4 → v1.11.5
• cloud.google.com/go/automl: v1.13.4 → v1.13.5
• cloud.google.com/go/baremetalsolution: v1.2.3 → v1.2.4
• cloud.google.com/go/batch: v1.7.0 → v1.8.2
• cloud.google.com/go/beyondcorp: v1.0.3 → v1.0.4
• cloud.google.com/go/bigquery: v1.58.0 → v1.59.1
• cloud.google.com/go/billing: v1.18.0 → v1.18.3
• cloud.google.com/go/binaryauthorization: v1.8.0 → v1.8.1
• cloud.google.com/go/certificatemanager: v1.7.4 → v1.7.5
• cloud.google.com/go/channel: v1.17.4 → v1.17.5
• cloud.google.com/go/cloudbuild: v1.15.0 → v1.15.1
• cloud.google.com/go/clouddms: v1.7.3 → v1.7.4
• cloud.google.com/go/cloudtasks: v1.12.4 → v1.12.6
• cloud.google.com/go/compute/metadata: v0.2.3 → v0.3.0
• cloud.google.com/go/compute: v1.23.3 → v1.25.0
• cloud.google.com/go/contactcenterinsights: v1.12.1 → v1.13.0
• cloud.google.com/go/container: v1.29.0 → v1.33.0
• cloud.google.com/go/containeranalysis: v0.11.3 → v0.11.4
• cloud.google.com/go/datacatalog: v1.19.2 → v1.19.3
• cloud.google.com/go/dataflow: v0.9.4 → v0.9.5
• cloud.google.com/go/dataform: v0.9.1 → v0.9.2
• cloud.google.com/go/datafusion: v1.7.4 → v1.7.5
• cloud.google.com/go/datalabeling: v0.8.4 → v0.8.5
• cloud.google.com/go/dataplex: v1.14.0 → v1.14.2
• cloud.google.com/go/dataproc/v2: v2.3.0 → v2.4.0
• cloud.google.com/go/dataqna: v0.8.4 → v0.8.5
• cloud.google.com/go/datastream: v1.10.3 → v1.10.4
• cloud.google.com/go/deploy: v1.17.0 → v1.17.1
• cloud.google.com/go/dialogflow: v1.48.1 → v1.49.0
• cloud.google.com/go/dlp: v1.11.1 → v1.12.0
• cloud.google.com/go/documentai: v1.23.7 → v1.26.0
• cloud.google.com/go/domains: v0.9.4 → v0.9.5
• cloud.google.com/go/edgecontainer: v1.1.4 → v1.1.5
• cloud.google.com/go/essentialcontacts: v1.6.5 → v1.6.6
• cloud.google.com/go/eventarc: v1.13.3 → v1.13.4
• cloud.google.com/go/filestore: v1.8.0 → v1.8.1
• cloud.google.com/go/firestore: v1.14.0 → v1.15.0
• cloud.google.com/go/functions: v1.15.4 → v1.16.0
• cloud.google.com/go/gkebackup: v1.3.4 → v1.3.5
• cloud.google.com/go/gkeconnect: v0.8.4 → v0.8.5
• cloud.google.com/go/gkehub: v0.14.4 → v0.14.5
• cloud.google.com/go/gkemulticloud: v1.1.0 → v1.1.1
• cloud.google.com/go/gsuiteaddons: v1.6.4 → v1.6.5
• cloud.google.com/go/iam: v1.1.5 → v1.1.6
• cloud.google.com/go/iap: v1.9.3 → v1.9.4
• cloud.google.com/go/ids: v1.4.4 → v1.4.5
• cloud.google.com/go/iot: v1.7.4 → v1.7.5
• cloud.google.com/go/kms: v1.15.5 → v1.15.8
• cloud.google.com/go/language: v1.12.2 → v1.12.3
• cloud.google.com/go/lifesciences: v0.9.4 → v0.9.5
• cloud.google.com/go/longrunning: v0.5.4 → v0.5.5
• cloud.google.com/go/managedidentities: v1.6.4 → v1.6.5
• cloud.google.com/go/maps: v1.6.3 → v1.7.0
• cloud.google.com/go/mediatranslation: v0.8.4 → v0.8.5
• cloud.google.com/go/memcache: v1.10.4 → v1.10.5
• cloud.google.com/go/metastore: v1.13.3 → v1.13.4
• cloud.google.com/go/monitoring: v1.17.0 → v1.18.0
• cloud.google.com/go/networkconnectivity: v1.14.3 → v1.14.4
• cloud.google.com/go/networkmanagement: v1.9.3 → v1.9.4
• cloud.google.com/go/networksecurity: v0.9.4 → v0.9.5
• cloud.google.com/go/notebooks: v1.11.2 → v1.11.3
• cloud.google.com/go/optimization: v1.6.2 → v1.6.3
• cloud.google.com/go/orchestration: v1.8.4 → v1.9.0
• cloud.google.com/go/orgpolicy: v1.12.0 → v1.12.1
• cloud.google.com/go/osconfig: v1.12.4 → v1.12.5
• cloud.google.com/go/oslogin: v1.13.0 → v1.13.1
• cloud.google.com/go/phishingprotection: v0.8.4 → v0.8.5
• cloud.google.com/go/policytroubleshooter: v1.10.2 → v1.10.3
• cloud.google.com/go/privatecatalog: v0.9.4 → v0.9.5
• cloud.google.com/go/pubsub: v1.34.0 → v1.37.0
• cloud.google.com/go/recaptchaenterprise/v2: v2.9.0 → v2.11.0
• cloud.google.com/go/recommendationengine: v0.8.4 → v0.8.5
• cloud.google.com/go/recommender: v1.12.0 → v1.12.1
• cloud.google.com/go/redis: v1.14.1 → v1.14.2
• cloud.google.com/go/resourcemanager: v1.9.4 → v1.9.5
• cloud.google.com/go/resourcesettings: v1.6.4 → v1.6.5
• cloud.google.com/go/retail: v1.14.4 → v1.16.0
• cloud.google.com/go/run: v1.3.3 → v1.3.5
• cloud.google.com/go/scheduler: v1.10.5 → v1.10.6
• cloud.google.com/go/secretmanager: v1.11.4 → v1.11.5
• cloud.google.com/go/security: v1.15.4 → v1.15.6
• cloud.google.com/go/securitycenter: v1.24.3 → v1.27.0
• cloud.google.com/go/servicedirectory: v1.11.3 → v1.11.4
• cloud.google.com/go/shell: v1.7.4 → v1.7.5
• cloud.google.com/go/spanner: v1.55.0 → v1.58.0
• cloud.google.com/go/speech: v1.21.0 → v1.22.0
• cloud.google.com/go/storage: v1.33.0 → v1.39.1
• cloud.google.com/go/storagetransfer: v1.10.3 → v1.10.4
• cloud.google.com/go/talent: v1.6.5 → v1.6.6
• cloud.google.com/go/texttospeech: v1.7.4 → v1.7.5
• cloud.google.com/go/tpu: v1.6.4 → v1.6.5
• cloud.google.com/go/trace: v1.10.4 → v1.10.5
• cloud.google.com/go/translate: v1.10.0 → v1.10.1
• cloud.google.com/go/video: v1.20.3 → v1.20.4
• cloud.google.com/go/videointelligence: v1.11.4 → v1.11.5
• cloud.google.com/go/vision/v2: v2.7.5 → v2.8.0
• cloud.google.com/go/vmmigration: v1.7.4 → v1.7.5
• cloud.google.com/go/vmwareengine: v1.0.3 → v1.1.1
• cloud.google.com/go/vpcaccess: v1.7.4 → v1.7.5
• cloud.google.com/go/webrisk: v1.9.4 → v1.9.5
• cloud.google.com/go/websecurityscanner: v1.6.4 → v1.6.5
• cloud.google.com/go/workflows: v1.12.3 → v1.12.4
• cloud.google.com/go: v0.112.0 → v0.112.1
• cuelang.org/go: v0.6.0 → v0.8.1
• filippo.io/edwards25519: v1.0.0 → v1.1.0
• github.com/AdamKorcz/go-fuzz-headers-1: e936619 → 8b5d3ce
• github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.9.0 → v1.10.0
• github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.4.0 → v1.5.1
• github.com/Azure/azure-sdk-for-go/sdk/internal: v1.5.0 → v1.5.2
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys: v1.0.1 → v1.1.0
• github.com/AzureAD/microsoft-authentication-library-for-go: v1.1.1 → v1.2.2
• github.com/BurntSushi/toml: v1.3.2 → v1.4.0
• github.com/DATA-DOG/go-sqlmock: v1.5.0 → v1.5.2
• github.com/Microsoft/go-winio: v0.6.1 → v0.6.2
• github.com/Microsoft/hcsshim: v0.12.0 → v0.12.5
• github.com/alecthomas/kingpin/v2: v2.3.2 → v2.4.0
• github.com/andybalholm/brotli: v1.0.6 → v1.1.0
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream: v1.4.13 → v1.6.1
• github.com/aws/aws-sdk-go-v2/config: v1.25.11 → v1.27.9
• github.com/aws/aws-sdk-go-v2/credentials: v1.16.9 → v1.17.9
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds: v1.14.9 → v1.16.0
• github.com/aws/aws-sdk-go-v2/feature/s3/manager: v1.11.76 → v1.16.9
• github.com/aws/aws-sdk-go-v2/internal/configsources: v1.2.8 → v1.3.4
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2: v2.5.8 → v2.6.4
• github.com/aws/aws-sdk-go-v2/internal/ini: v1.7.1 → v1.8.0
• github.com/aws/aws-sdk-go-v2/internal/v4a: v1.1.4 → v1.3.3
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding: v1.10.3 → v1.11.1
• github.com/aws/aws-sdk-go-v2/service/internal/checksum: v1.1.36 → v1.3.5
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url: v1.10.8 → v1.11.6
• github.com/aws/aws-sdk-go-v2/service/internal/s3shared: v1.15.4 → v1.17.3
• github.com/aws/aws-sdk-go-v2/service/kms: v1.24.7 → v1.30.0
• github.com/aws/aws-sdk-go-v2/service/s3: v1.40.0 → v1.51.4
• github.com/aws/aws-sdk-go-v2/service/sso: v1.18.2 → v1.20.3
• github.com/aws/aws-sdk-go-v2/service/ssooidc: v1.21.2 → v1.23.3
• github.com/aws/aws-sdk-go-v2/service/sts: v1.26.2 → v1.28.5
• github.com/aws/aws-sdk-go-v2: v1.23.5 → v1.26.0
• github.com/aws/aws-sdk-go: v1.48.7 → v1.51.6
• github.com/aws/smithy-go: v1.18.1 → v1.20.1
• github.com/buildkite/agent/v3: v3.59.0 → v3.62.0
• github.com/buildkite/go-pipeline: v0.2.0 → v0.3.2
• github.com/cenkalti/backoff/v4: v4.2.1 → v4.3.0
• github.com/cespare/xxhash/v2: v2.2.0 → v2.3.0
• github.com/checkpoint-restore/checkpointctl: v1.1.0 → v1.2.1
• github.com/cilium/ebpf: v0.9.1 → v0.11.0
• github.com/cncf/xds/go: 0fa0005 → 555b57e
• github.com/containerd/cgroups/v3: v3.0.2 → v3.0.3
• github.com/containerd/containerd: v1.7.13 → v1.7.21
• github.com/containerd/imgcrypt: v1.1.7 → v1.1.8
• github.com/containerd/nri: v0.6.0 → v0.6.1
• github.com/containerd/ttrpc: v1.2.3 → v1.2.5
• github.com/containernetworking/cni: v1.1.2 → v1.2.3
• github.com/containernetworking/plugins: v1.4.1 → v1.5.1
• github.com/containers/common: v0.57.4 → v0.60.2
• github.com/containers/conmon-rs: f5a3620 → v0.6.5
• github.com/containers/image/v5: ea4fcca → v5.32.2
• github.com/containers/ocicrypt: v1.1.10 → v1.2.0
• github.com/containers/podman/v4: v4.9.3 → v4.2.0
• github.com/containers/storage: v1.51.0 → v1.55.0
• github.com/coreos/go-oidc/v3: v3.9.0 → v3.10.0
• github.com/cpuguy83/go-md2man/v2: v2.0.3 → v2.0.4
• github.com/creack/pty: v1.1.21 → v1.1.23
• github.com/cyberphone/json-canonicalization: 785e297 → ba74d44
• github.com/cyphar/filepath-securejoin: v0.2.4 → v0.3.1
• github.com/danieljoos/wincred: v1.2.0 → v1.2.1
• github.com/digitorus/timestamp: 6877345 → 220c5c2
• github.com/distribution/reference: v0.5.0 → v0.6.0
• github.com/docker/cli: v24.0.7+incompatible → v27.1.1+incompatible
• github.com/docker/docker-credential-helpers: v0.8.0 → v0.8.2
• github.com/docker/docker: v24.0.7+incompatible → v27.1.1+incompatible
• github.com/docker/go-connections: 0b8c1f4 → v0.5.0
• github.com/eggsampler/acme/v3: v3.4.0 → v3.5.0
• github.com/envoyproxy/go-control-plane: v0.12.0 → 1eb8caa
• github.com/felixge/httpsnoop: v1.0.3 → v1.0.4
• github.com/frankban/quicktest: v1.14.0 → v1.14.5
• github.com/fxamacker/cbor/v2: v2.6.0 → v2.7.0
• github.com/go-chi/chi/v5: v5.0.12 → v5.1.0
• github.com/go-logr/logr: v1.4.1 → v1.4.2
• github.com/go-openapi/analysis: v0.21.4 → v0.23.0
• github.com/go-openapi/errors: v0.20.4 → v0.22.0
• github.com/go-openapi/jsonpointer: v0.20.0 → v0.21.0
• github.com/go-openapi/jsonreference: v0.20.2 → v0.21.0
• github.com/go-openapi/loads: v0.21.2 → v0.22.0
• github.com/go-openapi/runtime: v0.26.0 → v0.28.0
• github.com/go-openapi/spec: v0.20.11 → v0.21.0
• github.com/go-openapi/strfmt: v0.21.8 → v0.23.0
• github.com/go-openapi/swag: v0.22.4 → v0.23.0
• github.com/go-openapi/validate: v0.22.3 → v0.24.0
• github.com/go-rod/rod: v0.114.5 → v0.116.0
• github.com/go-sql-driver/mysql: v1.7.1 → v1.8.1
• github.com/golang-jwt/jwt/v5: v5.0.0 → v5.2.1
• github.com/golang/glog: v1.2.0 → v1.2.1
• github.com/google/cel-go: v0.17.8 → v0.20.1
• github.com/google/certificate-transparency-go: v1.1.7 → v1.1.8
• github.com/google/go-containerregistry: v0.18.0 → v0.20.0
• github.com/google/pprof: f3a68a3 → fa2c70b
• github.com/google/rpmpack: v0.5.0 → v0.6.0
• github.com/google/trillian: v1.5.3 → v1.6.0
• github.com/google/wire: v0.5.0 → v0.6.0
• github.com/googleapis/gax-go/v2: v2.12.0 → v2.12.3
• github.com/grpc-ecosystem/grpc-gateway/v2: v2.19.0 → v2.22.0
• github.com/hashicorp/go-retryablehttp: v0.7.5 → v0.7.7
• github.com/hashicorp/vault/api: v1.10.0 → v1.12.2
• github.com/ianlancetaylor/demangle: eabc099 → bd984b5
• github.com/intel/goresctrl: v0.6.0 → v0.7.0
• github.com/jellydator/ttlcache/v3: v3.1.1 → v3.2.0
• github.com/klauspost/compress: v1.17.4 → v1.17.9
• github.com/klauspost/cpuid/v2: v2.2.5 → v2.0.9
• github.com/letsencrypt/boulder: 000cd05 → 89b07f4
• github.com/linuxkit/virtsock: 1a23e78 → f8cee7d
• github.com/mattn/go-isatty: v0.0.19 → v0.0.17
• github.com/mattn/go-runewidth: v0.0.15 → v0.0.16
• github.com/mattn/go-sqlite3: v1.14.18 → v1.14.22
• github.com/mdlayher/socket: v0.4.1 → v0.2.0
• github.com/mdlayher/vsock: v1.2.1 → v1.1.0
• github.com/miekg/dns: v1.1.55 → v1.1.58
• github.com/moby/spdystream: v0.2.0 → v0.4.0
• github.com/moby/sys/mountinfo: v0.7.1 → v0.7.2
• github.com/moby/sys/user: v0.1.0 → v0.3.0
• github.com/nwaples/rardecode: v1.1.0 → v1.1.3
• github.com/onsi/ginkgo/v2: v2.17.0 → v2.20.2
• github.com/onsi/gomega: v1.31.1 → v1.34.2
• github.com/open-policy-agent/opa: v0.59.0 → v0.63.0
• github.com/opencontainers/runc: v1.1.12 → v1.1.14
• github.com/philhofer/fwd: v1.1.1 → v1.1.2
• github.com/pierrec/lz4/v4: v4.1.18 → v4.1.21
• github.com/pkg/browser: 681adbf → 5ac0b6a
• github.com/prometheus/client_golang: v1.18.0 → v1.20.2
• github.com/prometheus/client_model: v0.5.0 → v0.6.1
• github.com/prometheus/common: v0.45.0 → v0.55.0
• github.com/prometheus/procfs: v0.12.0 → v0.15.1
• github.com/redis/go-redis/v9: v9.3.0 → v9.5.1
• github.com/rivo/uniseg: v0.4.4 → v0.4.7
• github.com/rogpeppe/go-internal: v1.11.0 → v1.12.0
• github.com/safchain/ethtool: v0.3.0 → v0.4.0
• github.com/sagikazarmark/locafero: v0.3.0 → v0.4.0
• github.com/sassoftware/relic/v7: v7.6.1 → v7.6.2
• github.com/sigstore/cosign/v2: v2.2.2 → v2.2.4
• github.com/sigstore/fulcio: v1.4.3 → v1.4.5
• github.com/sigstore/protobuf-specs: v0.2.1 → v0.3.0
• github.com/sigstore/rekor: v1.3.4 → v1.3.6
• github.com/sigstore/sigstore/pkg/signature/kms/aws: v1.7.5 → v1.8.3
• github.com/sigstore/sigstore/pkg/signature/kms/azure: v1.7.5 → v1.8.3
• github.com/sigstore/sigstore/pkg/signature/kms/gcp: v1.7.5 → v1.8.3
• github.com/sigstore/sigstore/pkg/signature/kms/hashivault: v1.7.5 → v1.8.3
• github.com/sigstore/sigstore: v1.8.1 → v1.8.4
• github.com/sigstore/timestamp-authority: v1.2.0 → v1.2.2
• github.com/spf13/afero: v1.10.0 → v1.11.0
• github.com/spf13/cast: v1.5.1 → v1.6.0
• github.com/spf13/cobra: v1.8.0 → v1.8.1
• github.com/spf13/viper: v1.17.0 → v1.18.2
• github.com/spiffe/go-spiffe/v2: v2.1.6 → v2.2.0
• github.com/stefanberger/go-pkcs11uri: 78d3cae → 7828495
• github.com/sylabs/sif/v2: v2.15.0 → v2.18.0
• github.com/tinylib/msgp: v1.1.5 → v1.1.9
• github.com/ulikunitz/xz: v0.5.11 → v0.5.12
• github.com/uptrace/opentelemetry-go-extra/otellogrus: v0.2.3 → v0.3.1
• github.com/uptrace/opentelemetry-go-extra/otelutil: v0.2.3 → v0.3.1
• github.com/urfave/cli/v2: v2.27.1 → v2.27.4
• github.com/vbauerster/mpb/v8: v8.6.2 → v8.7.5
• github.com/veraison/go-cose: v1.2.0 → v1.2.1
• github.com/vishvananda/netlink: v1.2.1-beta.2 → v1.3.0
• github.com/weppos/publicsuffix-go: 38c92ad → 2120216
• github.com/xanzy/go-gitlab: v0.94.0 → v0.102.0
• github.com/xrash/smetrics: 039620a → 686a1a2
• github.com/zalando/go-keyring: v0.2.2 → v0.2.3
• github.com/zmap/zcrypto: c8b263f → a1f61fb
• github.com/zmap/zlint/v3: v3.5.0 → v3.6.0
• go.etcd.io/bbolt: v1.3.9 → v1.3.10
• go.etcd.io/etcd/api/v3: v3.5.10 → v3.5.14
• go.etcd.io/etcd/client/pkg/v3: v3.5.10 → v3.5.14
• go.etcd.io/etcd/client/v2: v2.305.10 → v2.305.13
• go.etcd.io/etcd/client/v3: v3.5.10 → v3.5.14
• go.etcd.io/etcd/pkg/v3: v3.5.10 → v3.5.13
• go.etcd.io/etcd/raft/v3: v3.5.10 → v3.5.13
• go.etcd.io/etcd/server/v3: v3.5.10 → v3.5.13
• go.mongodb.org/mongo-driver: v1.12.1 → v1.14.0
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.48.0 → v0.54.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.45.0 → v0.53.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.23.1 → v1.29.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.19.0 → v1.21.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.23.1 → v1.29.0
• go.opentelemetry.io/otel/metric: v1.23.1 → v1.29.0
• go.opentelemetry.io/otel/sdk: v1.23.1 → v1.29.0
• go.opentelemetry.io/otel/trace: v1.23.1 → v1.29.0
• go.opentelemetry.io/otel: v1.23.1 → v1.29.0
• go.opentelemetry.io/proto/otlp: v1.1.0 → v1.3.1
• go.step.sm/crypto: v0.38.0 → v0.44.2
• go.uber.org/zap: v1.26.0 → v1.27.0
• gocloud.dev: v0.34.0 → v0.37.0
• golang.org/x/crypto: v0.21.0 → v0.26.0
• golang.org/x/exp: aacd6d4 → 8a7402a
• golang.org/x/mod: v0.16.0 → v0.20.0
• golang.org/x/net: v0.23.0 → v0.28.0
• golang.org/x/oauth2: v0.16.0 → v0.22.0
• golang.org/x/sync: v0.6.0 → v0.8.0
• golang.org/x/sys: v0.18.0 → v0.24.0
• golang.org/x/telemetry: f48c80b → bda5523
• golang.org/x/term: v0.18.0 → v0.23.0
• golang.org/x/text: v0.14.0 → v0.17.0
• golang.org/x/tools: v0.19.0 → v0.24.0
• google.golang.org/api: v0.152.0 → v0.172.0
• google.golang.org/genproto/googleapis/api: ef43131 → fc7c04a
• google.golang.org/genproto/googleapis/rpc: ef43131 → fc7c04a
• google.golang.org/genproto: ef43131 → c811ad7
• google.golang.org/grpc: v1.62.0 → v1.66.0
• google.golang.org/protobuf: v1.33.0 → v1.34.2
• gotest.tools/v3: v3.5.0 → v3.5.1
• k8s.io/api: v0.30.0 → v0.31.0
• k8s.io/apimachinery: v0.30.0 → v0.31.0
• k8s.io/apiserver: v0.30.0 → v0.31.0
• k8s.io/client-go: v0.30.0 → v0.31.0
• k8s.io/component-base: v0.30.0 → v0.31.0
• k8s.io/cri-api: v0.30.0 → v0.31.0
• k8s.io/klog/v2: v2.120.1 → v2.130.1
• k8s.io/kms: v0.30.0 → v0.31.0
• k8s.io/kubelet: v0.30.0 → v0.31.0
• k8s.io/utils: e7106e6 → 18e509b
• sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.29.0 → v0.30.3
• sigs.k8s.io/release-sdk: v0.11.0 → v0.12.1
• sigs.k8s.io/release-utils: v0.7.7 → v0.8.4
• software.sslmate.com/src/go-pkcs12: v0.2.0 → v0.4.0
• tags.cncf.io/container-device-interface/specs-go: v0.7.0 → v0.8.0
• tags.cncf.io/container-device-interface: v0.7.2 → v0.8.0

Removed

• github.com/aead/serpent: fba1697
• github.com/antlr/antlr4/runtime/Go/antlr/v4: 8188dc5
• github.com/buger/goterm: v1.0.4
• github.com/bytedance/sonic: v1.10.1
• github.com/chenzhuoyu/base64x: 296ad89
• github.com/chenzhuoyu/iasm: v0.9.0
• github.com/chromedp/cdproto: 3cf4e6d
• github.com/chromedp/chromedp: v0.9.2
• github.com/chromedp/sysutil: v1.0.0
• github.com/containers/buildah: v1.33.5
• github.com/containers/gvisor-tap-vsock: v0.7.2
• github.com/containers/libhvee: v0.5.0
• github.com/containers/luksy: b5a7f79
• github.com/containers/psgo: v1.8.0
• github.com/coreos/go-systemd: fd7a80b
• github.com/coreos/stream-metadata-go: v0.4.4
• github.com/crc-org/vfkit: f3c783d
• github.com/digitalocean/go-libvirt: 8648fbd
• github.com/digitalocean/go-qemu: 2e3d018
• github.com/docker/go-plugins-helpers: 6eecb7b
• github.com/evanphx/json-patch: v4.12.0+incompatible
• github.com/fsouza/go-dockerclient: v1.10.0
• github.com/gabriel-vasile/mimetype: v1.4.2
• github.com/gin-contrib/sse: v0.1.0
• github.com/gin-gonic/gin: v1.9.1
• github.com/go-ole/go-ole: v1.2.6
• github.com/go-playground/validator/v10: v10.15.5
• github.com/gobwas/httphead: v0.1.0
• github.com/gobwas/pool: v0.2.1
• github.com/gobwas/ws: v1.2.1
• github.com/google/go-github/v58: v58.0.0
• github.com/google/shlex: e7afc7f
• github.com/gorilla/handlers: v1.5.2
• github.com/gorilla/schema: v1.2.0
• github.com/hpcloud/tail: v1.0.0
• github.com/hugelgupf/p9: 54f5c55
• github.com/leodido/go-urn: v1.2.4
• github.com/lufia/plan9stats: 39d0f17
• github.com/matttproud/golang_protobuf_extensions/v2: v2.0.0
• github.com/moby/buildkit: v0.12.5
• github.com/moby/patternmatcher: v0.6.0
• github.com/mpvl/unique: cbe035f
• github.com/onsi/ginkgo: v1.16.4
• github.com/openshift/imagebuilder: 35a50d5
• github.com/otiai10/copy: v1.14.0
• github.com/power-devops/perfstat: 5aafc22
• github.com/rootless-containers/rootlesskit: v1.1.1
• github.com/shirou/gopsutil/v3: v3.23.10
• github.com/shoenig/go-m1cpu: v0.1.6
• github.com/tidwall/pretty: v1.0.0
• github.com/tklauser/go-sysconf: v0.3.12
• github.com/tklauser/numcpus: v0.6.1
• github.com/twitchyliquid64/golang-asm: v0.15.1
• github.com/u-root/uio: 3e8cd9d
• github.com/ugorji/go/codec: v1.2.11
• github.com/yusufpapurcu/wmi: v1.2.3
• go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.16.0
• golang.org/x/arch: v0.5.0
• gopkg.in/fsnotify.v1: v1.4.7
• k8s.io/kubernetes: v1.28.4
• zenhack.net/go/util: 744d2d6