• CRI-O v1.35.0
  • Downloads
  • Changelog since v1.34.0
    • Urgent Upgrade Notes
    • Changes by Kind
      • Dependency-Change
      • Ci
      • Other
      • Deprecation
      • Feature
      • Documentation
      • Failing Test
      • Bug or Regression
      • Other (Cleanup or Flake)
      • Uncategorized
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.35.0

The release notes have been generated for the commit range v1.34.0…c0a22cf on Wed, 18 Feb 2026 08:10:13 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz
  • cri-o.amd64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.sha256sum
  • cri-o.amd64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.bundle
  • cri-o.amd64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.spdx
  • cri-o.amd64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.spdx.bundle
• cri-o.arm64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz
  • cri-o.arm64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.sha256sum
  • cri-o.arm64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.bundle
  • cri-o.arm64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.spdx
  • cri-o.arm64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.spdx.bundle
• cri-o.ppc64le.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz
  • cri-o.ppc64le.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.sha256sum
  • cri-o.ppc64le.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.bundle
  • cri-o.ppc64le.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.spdx
  • cri-o.ppc64le.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.spdx.bundle
• cri-o.s390x.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz
  • cri-o.s390x.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.sha256sum
  • cri-o.s390x.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.bundle
  • cri-o.s390x.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.spdx
  • cri-o.s390x.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.spdx.bundle

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz \
    --certificate-identity https://github.com/cri-o/packaging/.github/workflows/obs.yml@refs/heads/main \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/packaging \
    --certificate-github-workflow-ref refs/heads/main \
    --bundle cri-o.amd64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.bundle

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz
> bom validate -e cri-o.amd64.c0a22cf3d686867ffd0b8e7527a318ea5fa546ba.tar.gz.spdx -d cri-o

Changelog since v1.34.0

Urgent Upgrade Notes

• Add container_spec* and container_last_seen metrics

Action required: container_spec_memory_limit_bytes has moved from the memory metrics category to the new spec category. Update your CRI-O configuration to include spec in included_pod_metrics if you rely on this metric. (#9531, @haircommander)

Changes by Kind

Dependency-Change

• CDI: bump CDI dependencies to v1.1.0. (#9650, @klihub)

Ci

• Require go 1.25 for building CRI-O. (#9489, @saschagrunert)

Other

• Bump NRI dependency to v0.11.0 (#9673, @klihub)

Deprecation

• Deprecated –insecure-registries option, and made it ineffective. (#9511, @bitoku)

Feature

• Add DiskIO metrics to collected container metrics (#9571, @haircommander)
• Add container_start_time_seconds metric, nested under the spec metrics family (#9567, @haircommander)
• Added PSI metrics for containers (#9608, @bitoku)
• Added container_create_timeout option to control timeout duration of container creation (#9499, @snir911)
• Added disk metrics (container_fs_inodes_free, container_fs_inodes_total, container_fs_limit_bytes, container_fs_usage_bytes) (#9344, @R3hankhan123)
• Added new metric container_file_descriptors to expose the number of open file descriptors for each container from CRI-O metrics (#9329, @sreeram-venkitesh)
• Added support for the namespaced pull secret credential provider. (#9463, @saschagrunert)
• Allow containers to use both host network and user namespace. (#9634, @HirazawaUi)
• CRI-O annotations migrated to Kubernetes-recommended naming: io.kubernetes.cri-o.* → *.crio.io (e.g., io.kubernetes.cri-o.userns-mode → userns-mode.crio.io). Full backward compatibility maintained - V2 format takes precedence when both present. All annotations consolidated in pkg/annotations/v2 package. See ANNOTATION_MIGRATION.md for migration guide. (#9537, @saschagrunert)
• This commit introduces a new housekeeping value for the irq-load-balancing.crio.io annotation.

When housekeeping is set:

• The housekeeping CPU set is injected into the container’s environment variables as OPENSHIFT_HOUSEKEEPING_CPUS
• IRQ SMP affinity bits are not disabled on the housekeeping CPUs when adding a new container
• The housekeeping CPUs are chosen as the first CPU within each container plus its thread siblings (#9223, @andreaskaris)

Documentation

• Fixed release description to use cosigns new bundle format. (#9655, @saschagrunert)

Failing Test

• Fixed pod sandbox stop timeout allocation to properly distribute deadline between container and infra container stops, preventing timeout failures on slower systems. (#9643, @saschagrunert)

Bug or Regression

• Fix Exec CPU affinity doesn’t work when CPU load balancing is disabled. (#9647, @bitoku)
• Fix a bug in high performance hook irq smp affinity disabling where a late container deletion could cause other containers to have their irq smp affinity messed up. (#9613, @haircommander)
• Fix a bug where CRI metrics had the incorrect metadata. Now, instead of the metrics being populated with the sandbox metadata, they are populated with the container metadata. (#9535, @haircommander)
• Fix the bug where the ContainersStatuses.Image returned by the GetContainerEvents is nil. (#9663, @HirazawaUi)
• Fixed CVE-2025-58183: Updated tar-split to v0.12.2 to fix unbounded memory allocation vulnerability when parsing malicious container images with GNU sparse tar files. (#9589, @saschagrunert)
• Fixed a bug where includedPodMetrics are not respected in ListMetricDescriptors (#9565, @bitoku)
• Fixed memory leak with CRI connection when using the systemd watchdog feature. (#9448, @saschagrunert)
• Fixed static build gpgme issue resulting in an “Invalid crypto engine” error on various platforms. (#9479, @saschagrunert)
• LoadSandbox now validates critical metadata fields (name, namespace, uid) to prevent restoring sandboxes with corrupt configurations. (#9633, @saschagrunert)
• Respect user specified selinux label for systemd or init container. (#9666, @bitoku)
• Server: Fix network cleanup failures when NetNS path is empty (#9410, @sohankunkerkar)

Other (Cleanup or Flake)

• Artifacts now require fully-qualified names or configured short-name aliases. Unqualified-search-registries are no longer supported for artifacts. (#9639, @R3hankhan123)
• Changed GRPC debug log format to be more informative (#9501, @bitoku)
• Use system dbus when running as UID 0 regardless of rootless detection (#9626, @sohankunkerkar)

Uncategorized

• Added tls_min_version and tls_cipher_suites configuration options to [crio.api] for configuring TLS settings on streaming and metrics servers. Supports TLS 1.2 (default) and TLS 1.3. (#9762, @openshift-cherrypick-robot)
• Cleaned up duplicate signature policy path logic in server image pull (#9509, @gouthamhusky)
• Fixed a regression in v1.35.0 where systemd containers with hostUsers: false (user namespaces enabled) would fail with “Permission denied” errors when systemd attempted to create cgroups. (#9713, @openshift-cherrypick-robot)
• Fixed kubectl exec and crictl exec commands hanging when accessing containers in the Terminating state. These commands now work correctly throughout the container shutdown period. (#9614, @willianpaixao)

Dependencies

Added

• cyphar.com/go-pathrs: v0.2.1
• github.com/Masterminds/goutils: v1.1.1
• github.com/Masterminds/sprig/v3: v3.3.0
• github.com/checkpoint-restore/go-criu/v8: v8.1.0
• github.com/clipperhouse/stringish: v0.1.1
• github.com/clipperhouse/uax29/v2: v2.3.0
• github.com/cri-o/crio-credential-provider: v0.1.2
• github.com/gkampitakis/ciinfo: v0.3.2
• github.com/gkampitakis/go-diff: v1.3.2
• github.com/gkampitakis/go-snaps: v0.5.15
• github.com/go-openapi/swag/cmdutils: v0.24.0
• github.com/go-openapi/swag/conv: v0.24.0
• github.com/go-openapi/swag/fileutils: v0.24.0
• github.com/go-openapi/swag/jsonname: v0.24.0
• github.com/go-openapi/swag/jsonutils: v0.24.0
• github.com/go-openapi/swag/loading: v0.24.0
• github.com/go-openapi/swag/mangling: v0.24.0
• github.com/go-openapi/swag/netutils: v0.24.0
• github.com/go-openapi/swag/stringutils: v0.24.0
• github.com/go-openapi/swag/typeutils: v0.24.0
• github.com/go-openapi/swag/yamlutils: v0.24.0
• github.com/goccy/go-yaml: v1.18.0
• github.com/google/go-github/v75: v75.0.0
• github.com/grafana/regexp: a468a5b
• github.com/hashicorp/golang-lru/v2: v2.0.7
• github.com/huandu/xstrings: v1.5.0
• github.com/joho/godotenv: v1.5.1
• github.com/joshdk/go-junit: v1.0.0
• github.com/maruel/natural: v1.1.1
• github.com/mfridman/tparse: v0.18.0
• github.com/mistifyio/go-zfs/v4: v4.0.0
• github.com/mitchellh/copystructure: v1.2.0
• github.com/mitchellh/reflectwalk: v1.0.2
• github.com/natefinch/atomic: v1.0.1
• github.com/prometheus/otlptranslator: v0.0.2
• github.com/shopspring/decimal: v1.4.0
• github.com/tidwall/gjson: v1.18.0
• github.com/tidwall/match: v1.1.1
• github.com/tidwall/pretty: v1.2.1
• github.com/tidwall/sjson: v1.2.5
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc: v1.38.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp: v1.38.0
• go.opentelemetry.io/otel/exporters/prometheus: v0.60.0
• go.opentelemetry.io/otel/exporters/stdout/stdoutmetric: v1.38.0
• go.podman.io/common: 1e46b07
• go.podman.io/image/v5: v5.38.0
• go.podman.io/storage: b0f86df
• goa.design/goa/v3: v3.22.6
• golang.org/x/tools/go/expect: v0.1.0-deprecated
• golang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated

Changed

• chainguard.dev/go-grpc-kit: v0.17.7 → v0.17.15
• chainguard.dev/sdk: v0.1.29 → v0.1.44
• cloud.google.com/go/accessapproval: v1.8.3 → v1.8.6
• cloud.google.com/go/accesscontextmanager: v1.9.3 → v1.9.6
• cloud.google.com/go/aiplatform: v1.74.0 → v1.89.0
• cloud.google.com/go/analytics: v0.26.0 → v0.28.1
• cloud.google.com/go/apigateway: v1.7.3 → v1.7.6
• cloud.google.com/go/apigeeconnect: v1.7.3 → v1.7.6
• cloud.google.com/go/apigeeregistry: v0.9.3 → v0.9.6
• cloud.google.com/go/appengine: v1.9.3 → v1.9.6
• cloud.google.com/go/area120: v0.9.3 → v0.9.6
• cloud.google.com/go/artifactregistry: v1.16.1 → v1.17.1
• cloud.google.com/go/asset: v1.20.4 → v1.21.1
• cloud.google.com/go/assuredworkloads: v1.12.3 → v1.12.6
• cloud.google.com/go/auth: v0.16.2 → v0.17.0
• cloud.google.com/go/automl: v1.14.4 → v1.14.7
• cloud.google.com/go/baremetalsolution: v1.3.3 → v1.3.6
• cloud.google.com/go/batch: v1.12.0 → v1.12.2
• cloud.google.com/go/beyondcorp: v1.1.3 → v1.1.6
• cloud.google.com/go/bigquery: v1.66.2 → v1.69.0
• cloud.google.com/go/bigtable: v1.35.0 → v1.37.0
• cloud.google.com/go/billing: v1.20.1 → v1.20.4
• cloud.google.com/go/binaryauthorization: v1.9.3 → v1.9.5
• cloud.google.com/go/certificatemanager: v1.9.3 → v1.9.5
• cloud.google.com/go/channel: v1.19.2 → v1.19.5
• cloud.google.com/go/cloudbuild: v1.22.0 → v1.22.2
• cloud.google.com/go/clouddms: v1.8.4 → v1.8.7
• cloud.google.com/go/cloudtasks: v1.13.3 → v1.13.6
• cloud.google.com/go/compute/metadata: v0.7.0 → v0.9.0
• cloud.google.com/go/compute: v1.34.0 → v1.38.0
• cloud.google.com/go/contactcenterinsights: v1.17.1 → v1.17.3
• cloud.google.com/go/container: v1.42.2 → v1.43.0
• cloud.google.com/go/containeranalysis: v0.13.3 → v0.14.1
• cloud.google.com/go/datacatalog: v1.24.3 → v1.26.0
• cloud.google.com/go/dataflow: v0.10.3 → v0.11.0
• cloud.google.com/go/dataform: v0.10.3 → v0.12.0
• cloud.google.com/go/datafusion: v1.8.3 → v1.8.6
• cloud.google.com/go/datalabeling: v0.9.3 → v0.9.6
• cloud.google.com/go/dataplex: v1.22.0 → v1.25.3
• cloud.google.com/go/dataproc/v2: v2.11.0 → v2.11.2
• cloud.google.com/go/dataqna: v0.9.3 → v0.9.7
• cloud.google.com/go/datastream: v1.13.0 → v1.14.1
• cloud.google.com/go/deploy: v1.26.2 → v1.27.2
• cloud.google.com/go/dialogflow: v1.66.0 → v1.68.2
• cloud.google.com/go/dlp: v1.21.0 → v1.23.0
• cloud.google.com/go/documentai: v1.35.2 → v1.37.0
• cloud.google.com/go/domains: v0.10.3 → v0.10.6
• cloud.google.com/go/edgecontainer: v1.4.1 → v1.4.3
• cloud.google.com/go/essentialcontacts: v1.7.3 → v1.7.6
• cloud.google.com/go/eventarc: v1.15.1 → v1.15.5
• cloud.google.com/go/filestore: v1.9.3 → v1.10.2
• cloud.google.com/go/functions: v1.19.3 → v1.19.6
• cloud.google.com/go/gkebackup: v1.6.3 → v1.8.0
• cloud.google.com/go/gkeconnect: v0.12.1 → v0.12.4
• cloud.google.com/go/gkehub: v0.15.3 → v0.15.6
• cloud.google.com/go/gkemulticloud: v1.5.1 → v1.5.3
• cloud.google.com/go/gsuiteaddons: v1.7.4 → v1.7.7
• cloud.google.com/go/iam: v1.4.0 → v1.5.2
• cloud.google.com/go/iap: v1.10.3 → v1.11.2
• cloud.google.com/go/ids: v1.5.3 → v1.5.6
• cloud.google.com/go/iot: v1.8.3 → v1.8.6
• cloud.google.com/go/kms: v1.21.0 → v1.23.2
• cloud.google.com/go/language: v1.14.3 → v1.14.5
• cloud.google.com/go/lifesciences: v0.10.3 → v0.10.6
• cloud.google.com/go/longrunning: v0.6.4 → v0.6.7
• cloud.google.com/go/managedidentities: v1.7.3 → v1.7.6
• cloud.google.com/go/maps: v1.19.0 → v1.21.0
• cloud.google.com/go/mediatranslation: v0.9.3 → v0.9.6
• cloud.google.com/go/memcache: v1.11.3 → v1.11.6
• cloud.google.com/go/metastore: v1.14.3 → v1.14.7
• cloud.google.com/go/monitoring: v1.24.0 → v1.24.2
• cloud.google.com/go/networkconnectivity: v1.16.1 → v1.17.1
• cloud.google.com/go/networkmanagement: v1.18.0 → v1.19.1
• cloud.google.com/go/networksecurity: v0.10.3 → v0.10.6
• cloud.google.com/go/notebooks: v1.12.3 → v1.12.6
• cloud.google.com/go/optimization: v1.7.3 → v1.7.6
• cloud.google.com/go/orchestration: v1.11.4 → v1.11.9
• cloud.google.com/go/orgpolicy: v1.14.2 → v1.15.0
• cloud.google.com/go/osconfig: v1.14.3 → v1.14.6
• cloud.google.com/go/oslogin: v1.14.3 → v1.14.6
• cloud.google.com/go/phishingprotection: v0.9.3 → v0.9.6
• cloud.google.com/go/policytroubleshooter: v1.11.3 → v1.11.6
• cloud.google.com/go/privatecatalog: v0.10.4 → v0.10.7
• cloud.google.com/go/pubsub: v1.47.0 → v1.49.0
• cloud.google.com/go/recaptchaenterprise/v2: v2.19.4 → v2.20.4
• cloud.google.com/go/recommendationengine: v0.9.3 → v0.9.6
• cloud.google.com/go/recommender: v1.13.3 → v1.13.5
• cloud.google.com/go/redis: v1.18.0 → v1.18.2
• cloud.google.com/go/resourcemanager: v1.10.3 → v1.10.6
• cloud.google.com/go/retail: v1.19.2 → v1.21.0
• cloud.google.com/go/run: v1.9.0 → v1.10.0
• cloud.google.com/go/scheduler: v1.11.4 → v1.11.7
• cloud.google.com/go/secretmanager: v1.14.5 → v1.14.7
• cloud.google.com/go/security: v1.18.3 → v1.19.2
• cloud.google.com/go/securitycenter: v1.36.0 → v1.36.2
• cloud.google.com/go/servicedirectory: v1.12.3 → v1.12.6
• cloud.google.com/go/shell: v1.8.3 → v1.8.6
• cloud.google.com/go/spanner: v1.76.1 → v1.82.0
• cloud.google.com/go/speech: v1.26.0 → v1.27.1
• cloud.google.com/go/storagetransfer: v1.12.1 → v1.13.0
• cloud.google.com/go/talent: v1.8.0 → v1.8.3
• cloud.google.com/go/texttospeech: v1.11.0 → v1.13.0
• cloud.google.com/go/tpu: v1.8.0 → v1.8.3
• cloud.google.com/go/trace: v1.11.3 → v1.11.6
• cloud.google.com/go/translate: v1.12.3 → v1.12.5
• cloud.google.com/go/video: v1.23.3 → v1.24.0
• cloud.google.com/go/videointelligence: v1.12.3 → v1.12.6
• cloud.google.com/go/vision/v2: v2.9.3 → v2.9.5
• cloud.google.com/go/vmmigration: v1.8.3 → v1.8.6
• cloud.google.com/go/vmwareengine: v1.3.3 → v1.3.5
• cloud.google.com/go/vpcaccess: v1.8.3 → v1.8.6
• cloud.google.com/go/webrisk: v1.10.3 → v1.11.1
• cloud.google.com/go/websecurityscanner: v1.7.3 → v1.7.6
• cloud.google.com/go/workflows: v1.13.3 → v1.14.2
• cloud.google.com/go: v0.118.3 → v0.120.0
• github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.17.0 → v1.20.0
• github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.8.0 → v1.13.1
• github.com/Azure/azure-sdk-for-go/sdk/internal: v1.10.0 → v1.11.2
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys: v1.3.0 → v1.4.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal: v1.1.0 → v1.2.0
• github.com/AzureAD/microsoft-authentication-library-for-go: v1.3.1 → v1.6.0
• github.com/BurntSushi/toml: v1.5.0 → v1.6.0
• github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.29.0 → v1.30.0
• github.com/ProtonMail/go-crypto: v1.1.6 → v1.3.0
• github.com/alecthomas/units: b94a6e3 → 0f3dac3
• github.com/aws/aws-sdk-go-v2/config: v1.29.16 → v1.31.20
• github.com/aws/aws-sdk-go-v2/credentials: v1.17.69 → v1.18.24
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds: v1.16.31 → v1.18.13
• github.com/aws/aws-sdk-go-v2/internal/configsources: v1.3.35 → v1.4.13
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2: v2.6.35 → v2.7.13
• github.com/aws/aws-sdk-go-v2/internal/ini: v1.8.3 → v1.8.4
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding: v1.12.3 → v1.13.3
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url: v1.12.16 → v1.13.13
• github.com/aws/aws-sdk-go-v2/service/kms: v1.37.8 → v1.48.2
• github.com/aws/aws-sdk-go-v2/service/sso: v1.25.4 → v1.30.3
• github.com/aws/aws-sdk-go-v2/service/ssooidc: v1.30.2 → v1.35.7
• github.com/aws/aws-sdk-go-v2/service/sts: v1.33.21 → v1.40.2
• github.com/aws/aws-sdk-go-v2: v1.36.4 → v1.39.6
• github.com/aws/aws-sdk-go: v1.55.5 → v1.55.7
• github.com/aws/smithy-go: v1.22.3 → v1.23.2
• github.com/chainguard-dev/clog: v1.5.1 → v1.7.0
• github.com/checkpoint-restore/checkpointctl: v1.4.0 → v1.5.0
• github.com/cncf/xds/go: 2ac532f → 0feb691
• github.com/containerd/cgroups/v3: v3.0.5 → v3.0.3
• github.com/containerd/console: v1.0.4 → v1.0.5
• github.com/containerd/containerd/api: v1.9.0 → v1.10.0
• github.com/containerd/containerd: v1.7.28 → v1.7.29
• github.com/containerd/nri: v0.10.0 → v0.11.0
• github.com/containerd/stargz-snapshotter/estargz: v0.16.3 → v0.18.2
• github.com/containernetworking/plugins: v1.8.0 → v1.9.0
• github.com/containers/conmon-rs: v0.7.2 → 737e4d6
• github.com/coreos/go-oidc/v3: v3.14.1 → v3.17.0
• github.com/cri-o/ocicni: v0.4.3 → v0.5.0
• github.com/cyphar/filepath-securejoin: v0.4.1 → v0.6.1
• github.com/danieljoos/wincred: v1.2.2 → v1.2.3
• github.com/docker/cli: v28.3.2+incompatible → v29.1.5+incompatible
• github.com/docker/docker-credential-helpers: v0.9.3 → v0.9.5
• github.com/docker/docker: v28.3.3+incompatible → v28.5.2+incompatible
• github.com/docker/go-connections: v0.5.0 → v0.6.0
• github.com/envoyproxy/go-control-plane/envoy: v1.32.4 → v1.35.0
• github.com/envoyproxy/go-control-plane: v0.13.4 → 75eaa19
• github.com/fatih/color: v1.16.0 → v1.18.0
• github.com/go-git/go-git/v5: v5.16.2 → v5.16.3
• github.com/go-jose/go-jose/v4: v4.1.1 → v4.1.3
• github.com/go-logfmt/logfmt: v0.5.0 → v0.4.0
• github.com/go-openapi/errors: v0.22.1 → v0.22.2
• github.com/go-openapi/swag: v0.23.1 → v0.24.1
• github.com/go-viper/mapstructure/v2: v2.3.0 → v2.4.0
• github.com/goccy/go-json: v0.10.2 → v0.10.5
• github.com/godbus/dbus/v5: 7623695 → v5.2.2
• github.com/golang-jwt/jwt/v5: v5.2.2 → v5.3.0
• github.com/google/certificate-transparency-go: v1.3.1 → v1.3.2
• github.com/googleapis/enterprise-certificate-proxy: v0.3.6 → v0.3.7
• github.com/googleapis/gax-go/v2: v2.14.2 → v2.15.0
• github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus: v1.0.1 → v1.1.0
• github.com/grpc-ecosystem/go-grpc-middleware/v2: v2.3.0 → v2.3.3
• github.com/grpc-ecosystem/grpc-gateway/v2: v2.27.2 → v2.27.3
• github.com/hashicorp/go-secure-stdlib/parseutil: v0.1.7 → v0.2.0
• github.com/hashicorp/go-sockaddr: v1.0.2 → v1.0.7
• github.com/hashicorp/vault/api: v1.15.0 → v1.22.0
• github.com/intel/goresctrl: v0.9.0 → v0.11.0
• github.com/klauspost/compress: v1.18.0 → v1.18.3
• github.com/letsencrypt/boulder: 28b49a8 → v0.20251110.0
• github.com/magiconair/properties: v1.8.9 → v1.8.10
• github.com/mattn/go-colorable: v0.1.13 → v0.1.14
• github.com/mattn/go-runewidth: v0.0.16 → v0.0.19
• github.com/mattn/go-sqlite3: v1.14.28 → v1.14.33
• github.com/maxbrunsfeld/counterfeiter/v6: v6.11.3 → v6.12.0
• github.com/mistifyio/go-zfs/v3: v3.0.1 → v3.1.0
• github.com/moby/sys/sequential: v0.5.0 → v0.6.0
• github.com/olekukonko/tablewriter: v1.0.9 → v1.1.0
• github.com/onsi/ginkgo/v2: v2.25.3 → v2.27.5
• github.com/onsi/gomega: v1.38.2 → v1.39.0
• github.com/opencontainers/cgroups: v0.0.5 → v0.0.6
• github.com/opencontainers/runc: v1.3.1 → v1.4.0
• github.com/opencontainers/runtime-spec: v1.2.1 → v1.3.0
• github.com/opencontainers/runtime-tools: 0ea5ed0 → 5e63903
• github.com/opencontainers/selinux: v1.12.0 → v1.13.1
• github.com/pkg/sftp: v1.13.9 → v1.13.10
• github.com/proglottis/gpgme: v0.1.4 → v0.1.6
• github.com/prometheus/common: v0.66.1 → v0.67.4
• github.com/prometheus/procfs: v0.16.1 → v0.17.0
• github.com/sebdah/goldie/v2: v2.5.5 → v2.7.1
• github.com/secure-systems-lab/go-securesystemslib: v0.9.0 → v0.10.0
• github.com/sergi/go-diff: 5b0b94c → v1.4.0
• github.com/sigstore/fulcio: v1.6.6 → v1.8.3
• github.com/sigstore/rekor: v1.4.0 → v1.4.2
• github.com/sigstore/sigstore/pkg/signature/kms/aws: v1.8.12 → v1.10.0
• github.com/sigstore/sigstore/pkg/signature/kms/azure: v1.8.12 → v1.10.0
• github.com/sigstore/sigstore/pkg/signature/kms/gcp: v1.8.12 → v1.10.0
• github.com/sigstore/sigstore/pkg/signature/kms/hashivault: v1.8.12 → v1.10.0
• github.com/sigstore/sigstore: v1.9.5 → v1.10.0
• github.com/sirupsen/logrus: v1.9.3 → v1.9.4
• github.com/skeema/knownhosts: v1.3.1 → v1.3.2
• github.com/spf13/cobra: v1.9.1 → v1.10.2
• github.com/spf13/pflag: v1.0.9 → v1.0.10
• github.com/spiffe/go-spiffe/v2: v2.5.0 → v2.6.0
• github.com/sylabs/sif/v2: v2.21.1 → v2.22.0
• github.com/tetratelabs/wazero: v1.9.0 → v1.10.1
• github.com/tink-crypto/tink-go/v2: v2.4.0 → v2.5.0
• github.com/urfave/cli: v1.22.16 → v1.22.17
• github.com/vbatts/tar-split: v0.12.1 → v0.12.2
• github.com/vbauerster/mpb/v8: v8.10.2 → v8.11.3
• go.etcd.io/bbolt: v1.4.2 → v1.4.3
• go.etcd.io/etcd/api/v3: v3.6.4 → v3.6.5
• go.etcd.io/etcd/client/pkg/v3: v3.6.4 → v3.6.5
• go.etcd.io/etcd/client/v3: v3.6.4 → v3.6.5
• go.etcd.io/etcd/pkg/v3: v3.6.4 → v3.6.5
• go.etcd.io/etcd/server/v3: v3.6.4 → v3.6.5
• go.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1
• go.opentelemetry.io/contrib/detectors/gcp: v1.36.0 → v1.38.0
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.63.0 → v0.64.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.61.0 → v0.63.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.38.0 → v1.39.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.38.0 → v1.39.0
• go.opentelemetry.io/otel/metric: v1.38.0 → v1.39.0
• go.opentelemetry.io/otel/sdk/metric: v1.38.0 → v1.39.0
• go.opentelemetry.io/otel/sdk: v1.38.0 → v1.39.0
• go.opentelemetry.io/otel/trace: v1.38.0 → v1.39.0
• go.opentelemetry.io/otel: v1.38.0 → v1.39.0
• go.opentelemetry.io/proto/otlp: v1.7.1 → v1.9.0
• go.step.sm/crypto: v0.57.0 → v0.74.0
• go.uber.org/zap: v1.27.0 → v1.27.1
• go.yaml.in/yaml/v2: v2.4.2 → v2.4.3
• golang.org/x/crypto: v0.42.0 → v0.47.0
• golang.org/x/exp: 7e4ce0a → b7579e2
• golang.org/x/mod: v0.27.0 → v0.31.0
• golang.org/x/net: v0.44.0 → v0.48.0
• golang.org/x/oauth2: v0.30.0 → v0.34.0
• golang.org/x/sync: v0.17.0 → v0.19.0
• golang.org/x/sys: v0.36.0 → v0.40.0
• golang.org/x/telemetry: 1a19826 → 8fff8a5
• golang.org/x/term: v0.35.0 → v0.39.0
• golang.org/x/text: v0.29.0 → v0.33.0
• golang.org/x/time: v0.12.0 → v0.14.0
• golang.org/x/tools: v0.36.0 → v0.40.0
• google.golang.org/api: v0.242.0 → v0.256.0
• google.golang.org/genproto/googleapis/api: c5933d9 → 0a764e5
• google.golang.org/genproto/googleapis/rpc: c5933d9 → 0a764e5
• google.golang.org/genproto: a0af3ef → 513f239
• google.golang.org/grpc: v1.75.1 → v1.78.0
• google.golang.org/protobuf: v1.36.9 → v1.36.11
• gopkg.in/evanphx/json-patch.v4: v4.12.0 → v4.13.0
• k8s.io/api: v0.34.1 → v0.35.0-rc.0
• k8s.io/apimachinery: v0.34.1 → v0.35.0-rc.0
• k8s.io/apiserver: v0.34.1 → v0.35.0-rc.0
• k8s.io/client-go: v0.34.1 → v0.35.0-rc.0
• k8s.io/component-base: v0.34.1 → v0.35.0-rc.0
• k8s.io/cri-api: v0.34.1 → v0.35.0-rc.0
• k8s.io/cri-client: v0.34.1 → v0.35.0-rc.0
• k8s.io/kms: v0.34.1 → v0.35.0-rc.0
• k8s.io/kube-openapi: f3f2b99 → 589584f
• k8s.io/kubelet: v0.34.1 → v0.35.0-rc.0
• k8s.io/utils: 4c0f3b2 → bc988d5
• sigs.k8s.io/json: cfa47c3 → 2d32026
• sigs.k8s.io/knftables: v0.0.18 → v0.0.19
• sigs.k8s.io/release-sdk: v0.12.4 → v0.12.5
• sigs.k8s.io/release-utils: v0.12.1 → v0.12.2
• tags.cncf.io/container-device-interface/specs-go: v1.0.0 → v1.1.0
• tags.cncf.io/container-device-interface: v1.0.1 → v1.1.0

Removed

• github.com/Microsoft/cosesign1go: v1.4.0
• github.com/Microsoft/didx509go: v0.0.3
• github.com/OneOfOne/xxhash: v1.2.8
• github.com/akavel/rsrc: v0.10.2
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream: v1.6.6
• github.com/aws/aws-sdk-go-v2/internal/v4a: v1.3.21
• github.com/aws/aws-sdk-go-v2/service/internal/checksum: v1.4.2
• github.com/aws/aws-sdk-go-v2/service/internal/s3shared: v1.18.2
• github.com/aws/aws-sdk-go-v2/service/s3: v1.65.3
• github.com/benbjohnson/clock: v1.1.0
• github.com/census-instrumentation/opencensus-proto: v0.2.1
• github.com/checkpoint-restore/go-criu/v6: v6.3.0
• github.com/client9/misspell: v0.3.4
• github.com/cncf/udpa/go: 269d4d4
• github.com/containerd/protobuild: v0.3.0
• github.com/containers/common: v0.64.2
• github.com/containers/image/v5: v5.36.2
• github.com/decred/dcrd/dcrec/secp256k1/v4: v4.2.0
• github.com/dgryski/go-rendezvous: 9f7001d
• github.com/eggsampler/acme/v3: 0466a02
• github.com/go-chi/chi: v4.1.2+incompatible
• github.com/go-kit/log: v0.1.0
• github.com/go-playground/locales: v0.14.1
• github.com/go-playground/universal-translator: v0.18.1
• github.com/go-sql-driver/mysql: v1.5.0
• github.com/go-test/deep: v1.1.1
• github.com/goadesign/goa: v2.2.5+incompatible
• github.com/golang/mock: v1.1.1
• github.com/google/go-github/v72: v72.0.0
• github.com/hashicorp/golang-lru: v1.0.2
• github.com/jmhodges/clock: v1.2.0
• github.com/josephspurrier/goversioninfo: v1.4.0
• github.com/lestrrat-go/backoff/v2: v2.0.8
• github.com/lestrrat-go/blackmagic: v1.0.2
• github.com/lestrrat-go/httpcc: v1.0.1
• github.com/lestrrat-go/iter: v1.0.2
• github.com/lestrrat-go/jwx: v1.2.29
• github.com/lestrrat-go/option: v1.0.1
• github.com/letsencrypt/borp: a78493c
• github.com/letsencrypt/challtestsrv: v1.2.1
• github.com/letsencrypt/pkcs11key/v4: v4.0.0
• github.com/letsencrypt/validator/v10: a0c7dfc
• github.com/linuxkit/virtsock: f8cee7d
• github.com/miekg/dns: v1.1.61
• github.com/nxadm/tail: v1.4.11
• github.com/poy/onpar: v1.1.2
• github.com/prashantv/gostub: v1.1.0
• github.com/redis/go-redis/extra/rediscmd/v9: v9.5.3
• github.com/redis/go-redis/extra/redisotel/v9: v9.5.3
• github.com/redis/go-redis/v9: v9.5.3
• github.com/sagikazarmark/slog-shim: v0.1.0
• github.com/veraison/go-cose: v1.1.0
• github.com/weppos/publicsuffix-go: a8ed110
• github.com/zmap/zcrypto: a1f61fb
• github.com/zmap/zlint/v3: v3.6.4
• go.uber.org/atomic: v1.7.0
• goa.design/goa: v2.2.5+incompatible
• golang.org/x/lint: 1621716
• google.golang.org/appengine: v1.4.0
• google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.5.1
• gopkg.in/tomb.v1: dd63297
• honnef.co/go/tools: ea95bdf