Update module github.com/containers/common to v0.60.4 [SECURITY]

[bootc-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/containers/common	v0.58.1 -> v0.60.4

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-9341

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

---

Release Notes

containers/common (github.com/containers/common)

v0.60.4

Compare Source

What's Changed

• [v0.60] Backport pkg/subscriptions: use securejoin for the container path + new 0.60.4 release by @​Luap99 in #​2186
  Fixes CVE-2024-9341

Full Changelog: containers/common@v0.60.3...v0.60.4

v0.60.3

Compare Source

What's Changed

• [v0.60] Bump c/image to v5.32.2, c/common to v0.60.2 by @​TomSweeneyRedHat in #​2127
• Some pkg/netns improvements by @​Luap99 in #​2170

Full Changelog: containers/common@v0.60.2...v0.60.3

v0.60.2

Compare Source

What's Changed

• [v0.60] Bump c/image to v5.32.2, c/common to v0.60.2 by @​TomSweeneyRedHat in #​2127
• [v0.60] Bumpc to c/common v0.60.1 by @​TomSweeneyRedHat in #​2121

Full Changelog: containers/common@v0.60.1...v0.60.2

v0.60.1

Compare Source

What's Changed

• [v0.60] Backport a number of PRs from main, bump c/image to v5.32.1 by @​TomSweeneyRedHat in #​2118

Full Changelog: containers/common@v0.60.0...v0.60.1

v0.60.0

Compare Source

What's Changed

• Bump c/image v5.31.0, c/storage v1.54.0, c/common to v0.59.0 by @​TomSweeneyRedHat in #​2011
• fix(deps): update module github.com/burntsushi/toml to v1.4.0 by @​renovate in #​2016
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.0 by @​renovate in #​2017
• Fix spelling mistake by @​rhatdan in #​2019
• [skip-ci] Packit/RPM: more fixes by @​lsm5 in #​2015
• libnetwork: fix rexec env check for rootlessnetns by @​Luap99 in #​2020
• libimage/manifests.list.Add(): preserve artifactType when all=true by @​nalind in #​2021
• fix windows config path regression by @​Luap99 in #​2027
• [skip-ci] RPM: ensure config files are patched by @​lsm5 in #​2026
• fix outdated firewall_driver docs by @​Luap99 in #​2029
• [skip-ci] RPM: own dirs by @​lsm5 in #​2030
• fix(deps): update golang.org/x/exp digest to fd00a4e by @​renovate in #​2034
• Trivial patches to minimize patches needed by NetBSD by @​coypoop in #​2035
• pkg/version: fix parsing of package names by @​dawidpotocki in #​2033
• fix(deps): update module golang.org/x/sys to v0.21.0 by @​renovate in #​2037
• fix(deps): update module golang.org/x/term to v0.21.0 by @​renovate in #​2039
• fix(deps): update module golang.org/x/crypto to v0.24.0 by @​renovate in #​2038
• fix(deps): update module github.com/containerd/containerd to v1.7.18 by @​renovate in #​2041
• Remove nil checks before calling slices.Clone/maps.Clone by @​nalind in #​2046
• libimage.ManifestList.AnnotateInstance(): allow clearing variant values by @​nalind in #​2045
• Seccomp: initial small additions to the rules by @​martinetd in #​2040
• fix(deps): update module github.com/docker/docker to v26.1.4+incompatible by @​renovate in #​2043
• add relabel documentation to Containerfile man page by @​rhatdan in #​2044
• fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.2.0 by @​renovate in #​2047
• libnetwork/rootlessnetns: create run dir explicitly by @​Luap99 in #​2042
• fix(deps): update module github.com/spf13/cobra to v1.8.1 by @​renovate in #​2050
• replace k8s.gcr.io with registry.k8s.io by @​Luap99 in #​2057
• Allow --debug/--trace options for pasta by @​ant-bl in #​2052
• fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.2.1 by @​renovate in #​2055
• fix(deps): update module github.com/opencontainers/runc to v1.1.13 by @​renovate in #​2049
• fix(deps): update module github.com/containernetworking/plugins to v1.5.1 by @​renovate in #​2053
• fix(deps): update module github.com/containernetworking/cni to v1.2.1 by @​renovate in #​2056
• fix(deps): update module github.com/containers/image/v5 to v5.31.1 by @​renovate in #​2058
• Bump CI VM Images by @​cevich in #​2059
• Fix typos by @​chrisnestrud in #​2061
• fix(deps): update module github.com/containernetworking/cni to v1.2.2 by @​renovate in #​2062
• [skip-ci] RPM: fix netavark dependency epoch by @​lsm5 in #​2071
• Vendor in latest containers/(storage, image) by @​rhatdan in #​2065
• [CI:DOCS] add jnovy by @​lsm5 in #​2072
• fix(deps): update github.com/containers/storage digest to 52b643e by @​renovate in #​2074
• fix(deps): update module github.com/containers/ocicrypt to v1.2.0 by @​renovate in #​2075
• [skip-ci] Packit: isolate rhel jobs from centos by @​lsm5 in #​2076
• fix(deps): update module golang.org/x/sys to v0.22.0 by @​renovate in #​2078
• fix(deps): update module golang.org/x/term to v0.22.0 by @​renovate in #​2079
• fix(deps): update module github.com/docker/docker to v27.0.3+incompatible by @​renovate in #​2064
• fix(deps): update module golang.org/x/crypto to v0.25.0 by @​renovate in #​2080
• Make Fedora dependencies Fedora-only by @​jnovy in #​2081
• fix(deps): update module tags.cncf.io/container-device-interface to v0.8.0 by @​renovate in #​2082
• Docs: Semiautomatic platform ARGs by @​cevich in #​2084
• libnetwork/netavark: accept metric option for mac/ipvlan by @​Luap99 in #​2063
• fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.0 by @​renovate in #​2085
• chore(deps): update module google.golang.org/grpc to v1.64.1 [security] by @​renovate in #​2086
• Vendor in latest containers/(storage, image) by @​rhatdan in #​2083
• Make the definition of LookupReferenceFunc unconditional by @​nalind in #​2089
• Display same error as split by @​rhatdan in #​2066
• Update module github.com/docker/docker to v27.1.0+incompatible by @​renovate in #​2092
• Update module github.com/containernetworking/cni to v1.2.3 by @​renovate in #​2093
• libimage: recommend podman system check over reset by @​Luap99 in #​2094
• fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.1 by @​renovate in #​2096
• fix(deps): update module github.com/docker/docker to v27.1.1+incompatible by @​renovate in #​2097
• doc: fix typo in Containerfile.5.md by @​dweiller in #​2098

New Contributors

• @​coypoop made their first contribution in #​2035
• @​dawidpotocki made their first contribution in #​2033
• @​ant-bl made their first contribution in #​2052
• @​chrisnestrud made their first contribution in #​2061
• @​jnovy made their first contribution in #​2081
• @​dweiller made their first contribution in #​2098

Full Changelog: containers/common@v0.59.0...v0.60.0

v0.59.2

Compare Source

What's Changed

• [v0.59] Bump c/common to v0.59.1, then to v0.59.2-dev by @​TomSweeneyRedHat in #​2036
• [skip-ci] RPM: `zstd:chunked on fedora > 40 and rhel > 10 by @​cgwalters in #​2048

Full Changelog: containers/common@v0.59.1...v0.59.2

v0.59.1

Compare Source

What's Changed

• [v0.59.0] Bump c/common to v0.59.1-dev by @​TomSweeneyRedHat in #​2014
• [v0.59 backport] [skip-ci] Packit/RPM: more fixes by @​lsm5 in #​2022
• [v0.59 backport] [skip-ci] RPM: ensure config files are patched by @​lsm5 in #​2028
• [v0.59 backport] [skip-ci] RPM: own dirs by @​lsm5 in #​2031
• [v0.59] more backports by @​Luap99 in #​2032

Full Changelog: containers/common@v0.59.0...v0.59.1

v0.59.0

Compare Source

What's Changed

• Bump c/storage to v1.53.0, c/image to v5.30.0, and common to v0.58.0, then to v0.59.0-dev by @​TomSweeneyRedHat in #​1886
• fix(deps): update module github.com/containerd/containerd to v1.7.14 by @​renovate in #​1897
• fix(deps): update module github.com/docker/docker to v25.0.4+incompatible by @​renovate in #​1895
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.16.0 by @​renovate in #​1806
• fix(deps): update module github.com/containers/ocicrypt to v1.1.10 by @​renovate in #​1899
• fix(deps): update module github.com/containernetworking/plugins to v1.4.1 by @​renovate in #​1903
• chore(deps): update module gopkg.in/go-jose/go-jose.v2 to v2.6.3 [security] by @​renovate in #​1901
• Added checkpoint specific functions by @​adrianreber in #​1904
• Cirrus-CI: Give success a name by @​cevich in #​1906
• chore(deps): update module google.golang.org/protobuf to v1.33.0 [security] by @​renovate in #​1911
• revert dep bumps that require go 1.21 by @​Luap99 in #​1913
• fix(deps): update module github.com/checkpoint-restore/go-criu/v7 to v7.1.0 by @​renovate in #​1916
• lint: enable ginkgolinter by @​Luap99 in #​1894
• libnetwork: add new function to better deal with pasta's resolv.conf/hosts file setup in podman by @​Luap99 in #​1905
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.0 by @​renovate in #​1918
• fix(deps): update module github.com/docker/docker to v25.0.5+incompatible by @​renovate in #​1921
• fix(deps): update module github.com/onsi/gomega to v1.32.0 by @​renovate in #​1808
• Only try each package format once by @​afbjorklund in #​1926
• CI: bump VMs to 2024-03-20 by @​edsantiago in #​1928
• Simplify PullPolicy handling by @​rhatdan in #​1922
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1 by @​renovate in #​1932
• Use dlocate list instead of dpkg query by @​afbjorklund in #​1923
• mention default runtimes correctly by @​lsm5 in #​1941
• feat: add cdi path to engine config by @​micahcc in #​1834
• Add a libimage.Runtime.LoadReference for loading images by @​nalind in #​1920
• manifests: preserve Annotations when adding from indexes by @​nalind in #​1917
• manifest add: check for local images last by @​nalind in #​1919
• fix(deps): update golang.org/x/exp digest to a685a6e by @​renovate in #​1943
• libnetwork/rootlessnetns: fix some issues by @​Luap99 in #​1945
• fix(deps): update module tags.cncf.io/container-device-interface to v0.7.0 by @​renovate in #​1944
• libnetwork/netavark: remove ipam bucket on network rm by @​Luap99 in #​1946
• fix(deps): update module golang.org/x/sync to v0.7.0 by @​renovate in #​1949
• fix(deps): update module golang.org/x/term to v0.19.0 by @​renovate in #​1951
• fix(deps): update module golang.org/x/crypto to v0.22.0 by @​renovate in #​1948
• fix(deps): update module tags.cncf.io/container-device-interface to v0.7.1 by @​renovate in #​1952
• use fileutils.(Le|E)xists from containers/storage/pkg/fileutils by @​giuseppe in #​1953
• fix(deps): update module tags.cncf.io/container-device-interface to v0.7.2 by @​renovate in #​1958
• fix(deps): update module github.com/onsi/gomega to v1.33.0 by @​renovate in #​1962
• pkg/config: add new healthcheck_events field by @​Luap99 in #​1959
• Don't error out on secret create --replace on missing secret by @​rhatdan in #​1909
• pkg/config: fix FindHelperBinary() error message by @​Luap99 in #​1961
• Update to go 1.21 by @​Luap99 in #​1963
• fix(deps): update module github.com/containerd/containerd to v1.7.15 by @​renovate in #​1914
• fix(deps): update module github.com/containernetworking/plugins to v1.4.1 by @​renovate in #​1915
• CI VMs: bump to new versions with tmpfs /tmp by @​edsantiago in #​1965
• libnetwork/pasta: fix --map-gw parsing by @​Luap99 in #​1966
• [skip-ci] Update golangci/golangci-lint-action action to v5 by @​renovate in #​1967
• vendor: update module github.com/docker/docker to v26 by @​Luap99 in #​1969
• libnetwork/pasta: fix multiple --map-gw parsing by @​Luap99 in #​1968
• fix(deps): update module github.com/containerd/containerd to v1.7.16 by @​renovate in #​1970
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.2 by @​renovate in #​1972
• fix(deps): update module github.com/onsi/gomega to v1.33.1 by @​renovate in #​1974
• Support system-wide containers config folder on windows by @​l0rd in #​1973
• fix(deps): update module github.com/docker/docker to v26.1.1+incompatible by @​renovate in #​1925
• fix(deps): update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f by @​renovate in #​1976
• fix(deps): update module github.com/cyphar/filepath-securejoin to v0.2.5 by @​renovate in #​1977
• fix(deps): update module golang.org/x/term to v0.20.0 by @​renovate in #​1979
• libimage: Add input to error context when normalizing by @​cgwalters in #​1971
• [skip-ci] Packit: New workflow for downstream Fedora and CentOS Stream 10 by @​lsm5 in #​1960
• fix(deps): update module go.etcd.io/bbolt to v1.3.10 by @​renovate in #​1980
• [skip-ci] Packit: fix copr name by @​lsm5 in #​1982
• fix(deps): update module golang.org/x/crypto to v0.23.0 by @​renovate in #​1981
• [skip-ci] Update golangci/golangci-lint-action action to v6 by @​renovate in #​1985
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3 by @​renovate in #​1986
• Address CVE-2024-3737 by @​TomSweeneyRedHat in #​1990
• [skip-ci] RPM: redhat registry config files should be config(noreplace) by @​lsm5 in #​1987
• fix(deps): update module github.com/docker/docker to v26.1.2+incompatible by @​renovate in #​1989
• fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 by @​renovate in #​1984
• Make code checking for secret --replace cleaner by @​rhatdan in #​1995
• use new "lookaside" setting for RH registries by @​ktdreyer in #​1983
• CI: update VM to fedora 40 by @​Luap99 in #​1997
• libnetwork: add option to return rootless-netns ips by @​Luap99 in #​1998
• fix(deps): update module github.com/docker/docker to v26.1.3+incompatible by @​renovate in #​2000
• fix(deps): update module github.com/containerd/containerd to v1.7.17 by @​renovate in #​2001
• config: attempt to guess DBUS_SESSION_BUS_ADDRESS by @​giuseppe in #​2002
• fix(deps): update module github.com/containernetworking/plugins to v1.5.0 by @​renovate in #​2007
• Update apparmor profile to support v4.0.0 by @​NeilW in #​2004
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.18.0 by @​renovate in #​2010
• Fix data race with hooks map by @​AbdelrahmanElawady in #​2009
• Allow configuration of podmansh by @​grisu48 in #​1993

New Contributors

• @​adrianreber made their first contribution in #​1904
• @​micahcc made their first contribution in #​1834
• @​l0rd made their first contribution in #​1973
• @​cgwalters made their first contribution in #​1971
• @​ktdreyer made their first contribution in #​1983
• @​NeilW made their first contribution in #​2004
• @​AbdelrahmanElawady made their first contribution in #​2009

Full Changelog: containers/common@v0.58.0...v0.59.0

v0.58.5

Compare Source

What's Changed

• [v0.58] Backport pkg/subscriptions: use securejoin for the container path by @​danishprakash in #​2188
  Fixes CVE-2024-9341

Full Changelog: containers/common@v0.58.4...v0.58.5

v0.58.4

Compare Source

What's Changed

• [v0.58] Address CVE-2024-3737 by @​TomSweeneyRedHat in #​1991
• [backport v0.58] [skip-ci] packit rpm backports by @​lsm5 in #​1999

Full Changelog: containers/common@v0.58.3...v0.58.4

v0.58.3

Compare Source

What's Changed

• [v0.58] Address CVE-2024-3737 by @​TomSweeneyRedHat in https://github.com/containers/common/pull/#​1991
• Bump to v0.58.2 by @​TomSweeneyRedHat in #​1957

Full Changelog: containers/common@v0.58.2...v0.58.3

v0.58.2

Compare Source

What's Changed

• Bump to v0.58.1 by @​mheon in #​1942
• [v0.58] backport my networking fixes by @​Luap99 in #​1954

Full Changelog: containers/common@v0.58.1...v0.58.2

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[bootc-bot]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 51 additional dependencies were updated

Details:

Package	Change
github.com/distribution/reference	v0.5.0 -> v0.6.0
github.com/onsi/ginkgo/v2	v2.17.1 -> v2.20.0
github.com/onsi/gomega	v1.32.0 -> v1.34.1
github.com/spf13/cobra	v1.8.0 -> v1.8.1
github.com/BurntSushi/toml	v1.3.2 -> v1.4.0
github.com/Microsoft/go-winio	v0.6.1 -> v0.6.2
github.com/Microsoft/hcsshim	v0.12.0-rc.3 -> v0.12.5
github.com/containerd/containerd	v1.7.13 -> v1.7.18
github.com/containers/image/v5	v5.30.0 -> v5.32.2
github.com/containers/ocicrypt	v1.1.9 -> v1.2.0
github.com/containers/storage	v1.53.0 -> v1.55.0
github.com/cyphar/filepath-securejoin	v0.2.4 -> v0.3.1
github.com/docker/docker	v25.0.3+incompatible -> v27.1.1+incompatible
github.com/docker/docker-credential-helpers	v0.8.1 -> v0.8.2
github.com/go-logr/logr	v1.4.1 -> v1.4.2
github.com/go-openapi/analysis	v0.21.4 -> v0.23.0
github.com/go-openapi/errors	v0.21.1 -> v0.22.0
github.com/go-openapi/jsonpointer	v0.19.6 -> v0.21.0
github.com/go-openapi/jsonreference	v0.20.2 -> v0.21.0
github.com/go-openapi/loads	v0.21.2 -> v0.22.0
github.com/go-openapi/runtime	v0.26.0 -> v0.28.0
github.com/go-openapi/spec	v0.20.9 -> v0.21.0
github.com/go-openapi/strfmt	v0.22.2 -> v0.23.0
github.com/go-openapi/swag	v0.22.10 -> v0.23.0
github.com/go-openapi/validate	v0.22.1 -> v0.24.0
github.com/golang/protobuf	v1.5.3 -> v1.5.4
github.com/google/go-containerregistry	v0.19.0 -> v0.20.0
github.com/google/pprof	v0.0.0-20230323073829-e72429f035bd -> v0.0.0-20240727154555-813a5fbdbec8
github.com/klauspost/compress	v1.17.7 -> v1.17.9
github.com/letsencrypt/boulder	v0.0.0-20230907030200-6d76a0f91e1e -> v0.0.0-20240418210053-89b07f4543e0
github.com/mattn/go-runewidth	v0.0.15 -> v0.0.16
github.com/moby/sys/mountinfo	v0.7.1 -> v0.7.2
github.com/moby/sys/user	v0.1.0 -> v0.2.0
github.com/opencontainers/runc	v1.1.12 -> v1.1.13
github.com/sigstore/fulcio	v1.4.3 -> v1.4.5
github.com/sigstore/rekor	v1.2.2 -> v1.3.6
github.com/sigstore/sigstore	v1.8.2 -> v1.8.4
github.com/stefanberger/go-pkcs11uri	v0.0.0-20201008174630-78d3cae3a980 -> v0.0.0-20230803200340-78284954bff6
github.com/sylabs/sif/v2	v2.15.1 -> v2.18.0
github.com/ulikunitz/xz	v0.5.11 -> v0.5.12
github.com/vbauerster/mpb/v8	v8.7.2 -> v8.7.5
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.45.0 -> v0.49.0
go.opentelemetry.io/otel	v1.22.0 -> v1.24.0
go.opentelemetry.io/otel/metric	v1.22.0 -> v1.24.0
go.opentelemetry.io/otel/trace	v1.22.0 -> v1.24.0
golang.org/x/exp	v0.0.0-20240222234643-814bf88cf225 -> v0.0.0-20240719175910-8a7402abbf56
golang.org/x/time	v0.3.0 -> v0.5.0
golang.org/x/tools	v0.21.1-0.20240508182429-e35e4ccd0d2d -> v0.24.0
google.golang.org/genproto/googleapis/rpc	v0.0.0-20231212172506-995d672761c0 -> v0.0.0-20240318140521-94a12d6c2237
google.golang.org/grpc	v1.61.0 -> v1.64.1
tags.cncf.io/container-device-interface	v0.6.2 -> v0.8.0

[bootc-bot]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.