Skip to content
This repository was archived by the owner on Jan 7, 2026. It is now read-only.

fix(deps): update all patch dependencies#1588

Open
gardener-ci-robot wants to merge 1 commit into
masterfrom
renovate/all-patch
Open

fix(deps): update all patch dependencies#1588
gardener-ci-robot wants to merge 1 commit into
masterfrom
renovate/all-patch

Conversation

@gardener-ci-robot

@gardener-ci-robot gardener-ci-robot commented Dec 9, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change OpenSSF
github.com/containerd/containerd require patch v1.7.29v1.7.30 OpenSSF Scorecard
github.com/mandelsoft/spiff require patch v1.7.0-beta-7v1.7.0-beta-8 OpenSSF Scorecard
helm.sh/helm/v3 require patch v3.19.2v3.19.4 OpenSSF Scorecard
k8s.io/utils require digest bc988d561b37f7 OpenSSF Scorecard
ocm.software/ocm require patch v0.34.1v0.34.2 OpenSSF Scorecard

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

containerd/containerd (github.com/containerd/containerd)

v1.7.30: containerd 1.7.30

Compare Source

Welcome to the v1.7.30 release of containerd!

The thirtieth patch release for containerd 1.7 contains various fixes
and updates.

Highlights
Container Runtime Interface (CRI)
  • Fix NRI dropping requested CDI devices silently (#​12650)
  • Redact all query parameters in CRI error logs (#​12551)
Runtime

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors
  • Derek McGowan
  • Akihiro Suda
  • Austin Vazquez
  • Mike Brown
  • Wei Fu
  • Andrey Noskov
  • CrazyMax
  • Davanum Srinivas
  • Jin Dong
  • Krisztian Litkey
  • Maksym Pavlenko
  • Paweł Gronowski
  • Phil Estes
  • Samuel Karp
Changes
26 commits

  • Prepare release notes for v1.7.30 (#​12652)
    • 3d0ca6d2e Prepare release notes for v1.7.30
  • Fix NRI dropping requested CDI devices silently (#​12650)
    • 0bc74f47e cri,nri: don't drop requested CDI devices silently.
  • script/setup/install-cni: install CNI plugins v1.9.0 (#​12660)
    • 7db16b562 script/setup/install-cni: install CNI plugins v1.9.0
  • go.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (#​12640)
  • ci: bump Go 1.24.11, 1.25.5 (#​12627)
  • Update runc binary to v1.3.4 (#​12619)
    • 34b89a574 runc: Update runc binary to v1.3.4
  • ci: update CIFuzz actions to support Ubuntu 24.04 (#​12635)
    • 6e0dd8956 ci: update CIFuzz actions to support Ubuntu 24.04
  • build(deps): bump github.com/opencontainers/selinux (#​12591)
    • 3eea2a4af build(deps): bump github.com/opencontainers/selinux
  • remove sha256-simd (#​12576)
  • .github: skip 5 critest cases for window-2022 (#​12586)
    • ce2d3a67f .github: skip 5 critest cases in window CI pipeline
  • Redact all query parameters in CRI error logs (#​12551)
    • 65271ea89 fix: redact all query parameters in CRI error logs

Dependency Changes
  • github.com/cyphar/filepath-securejoin v0.5.1 new
  • github.com/opencontainers/selinux v1.11.0 -> v1.13.1
  • golang.org/x/crypto v0.40.0 -> v0.45.0
  • golang.org/x/mod v0.26.0 -> v0.29.0
  • golang.org/x/net v0.42.0 -> v0.47.0
  • golang.org/x/sync v0.16.0 -> v0.18.0
  • golang.org/x/sys v0.34.0 -> v0.38.0
  • golang.org/x/term v0.33.0 -> v0.37.0
  • golang.org/x/text v0.27.0 -> v0.31.0

Previous release can be found at v1.7.29

mandelsoft/spiff (github.com/mandelsoft/spiff)

v1.7.0-beta-8

Compare Source

Features:

  • filter statement replaces select
  • function optional(cond,value) provide a value, if a condition is defined and evaluated to true, otherwise undefined is provided
  • function deepmerge to offer a deep merge of map elements

Fixes:

  • fix string interpolation, assure correct evaluation priority for nested expressions
  • fix delayed list merge
  • marshal non-printable characters
helm/helm (helm.sh/helm/v3)

v3.19.4: Helm v3.19.4

Compare Source

Helm v3.19.4 is a security fix for a Go CVE in the previous tag. This patch release rebuilds the Helm v3.19.3 release with the latest Go toolchain, to fix the Go CVE. Users are encouraged to upgrade.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.4. The common platform binaries are here:

This release was signed with 208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155 and can be found at @​scottrigby keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.19.5 and 4.0.4 are the next patch releases and will be on January 14, 2026
  • 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

  • Use latest patch release of Go in releases 7cfb6e4 (Matt Farina)
  • chore(deps): bump github.com/gofrs/flock from 0.12.1 to 0.13.0 59c951f (dependabot[bot])
  • chore(deps): bump github.com/cyphar/filepath-securejoin d45f3f1 (dependabot[bot])
  • chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 d459544 (dependabot[bot])
  • chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 becd387 (dependabot[bot])
  • chore(deps): bump the k8s-io group with 7 updates edb1579 (dependabot[bot])

v3.19.3: Helm v3.19.3

Compare Source

Helm v3.19.3 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.3. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

  • Bump golang.org/x/crypto to v0.45.0 0707f56 (Dirk Müller)
  • [backport] fix: get-helm-3 script use helm3-latest-version 8766e71 (George Jenkins)
open-component-model/ocm (ocm.software/ocm)

v0.34.2

Compare Source

Warning

  • This library relies on replace statements in go.mod to pin specific module versions that introduced breaking changes.
  • These pinned replace directives must eventually be applied when consuming the library; omitting them can resolve to incompatible versions and cause build or runtime issues.
  • Ensure all required modules are pinned via replace to the versions declared by the project before building or releasing.

What's Changed

⬆️ Dependencies
🧰 Maintenance

Full Changelog: open-component-model/ocm@v0.34.1...v0.34.2

Configuration

📅 Schedule: Branch creation - "after 07:30am,before 07:15pm,every weekday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@gardener-ci-robot gardener-ci-robot requested a review from a team as a code owner December 9, 2025 20:59
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 9, 2025
@ghost ghost added needs/review Needs review size/xs Size of pull request is tiny (see gardener-robot robot/bots/size.py) labels Dec 9, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Dec 9, 2025
@gardener-ci-robot gardener-ci-robot changed the title fix(deps): update module github.com/mandelsoft/spiff to v1.7.0-beta-8 fix(deps): update all patch dependencies Dec 10, 2025
@gardener-ci-robot

gardener-ci-robot commented Dec 10, 2025
edited
Loading

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 2 additional dependencies were updated

Details:

Package Change
github.com/cyphar/filepath-securejoin v0.6.0 -> v0.6.1
k8s.io/kubectl v0.34.1 -> v0.34.2

@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 10, 2025
@ghost ghost added size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) and removed size/xs Size of pull request is tiny (see gardener-robot robot/bots/size.py) labels Dec 10, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 10, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 10, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 10, 2025
@ghost

ghost commented Dec 12, 2025

Copy link
Copy Markdown

@reshnm, @maximilianbraun You have pull request review open invite, please check

@ghost ghost added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 12, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 12, 2025
@ghost ghost added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Dec 17, 2025
@ghost ghost added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) size/s Size of pull request is small (see gardener-robot robot/bots/size.py) and removed size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) labels Dec 18, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 18, 2025
@ghost ghost added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 18, 2025
@gardener-ci-robot

gardener-ci-robot commented Jan 7, 2026

Copy link
Copy Markdown
Contributor Author

The Gardener project currently lacks enough active contributors to adequately respond to all PRs.
This bot triages PRs according to the following rules:

  • After 15d of inactivity, lifecycle/stale is applied
  • After 15d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 7d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Mark this PR as rotten with /lifecycle rotten
  • Close this PR with /close

/lifecycle stale

@ghost ghost added the lifecycle/stale Nobody worked on this for 6 months (will further age) label Jan 7, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@reshnm reshnm Awaiting requested review from reshnm reshnm is a code owner automatically assigned from gardener/landscaper-maintainers
@maximilianbraun maximilianbraun Awaiting requested review from maximilianbraun maximilianbraun is a code owner automatically assigned from gardener/landscaper-maintainers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

lifecycle/stale Nobody worked on this for 6 months (will further age) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/review Needs review reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) size/s Size of pull request is small (see gardener-robot robot/bots/size.py)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gardener-ci-robot @gardener-robot-ci-1 @gardener-robot-ci-2