build(deps): bump tags.cncf.io/container-device-interface from 0.8.1 to 1.0.0

[dependabot]

Bumps tags.cncf.io/container-device-interface from 0.8.1 to 1.0.0.

Release notes

Sourced from tags.cncf.io/container-device-interface's releases.

specs-go/v1.0.0

What's Changed

• Remove the ToOCI functions from the specs-go package by @​elezar in cncf-tags/container-device-interface#208
• Move version APIs to the specs-go package by @​bart0sh in cncf-tags/container-device-interface#214
• Document fields in spec to indicate when these were added. by @​bart0sh in cncf-tags/container-device-interface#215
• Remove specs-go/parsing APIs by @​bart0sh in cncf-tags/container-device-interface#221

Full Changelog: cncf-tags/container-device-interface@specs-go/v0.8.0...specs-go/v1.0.0

v1.0.0

What's Changed

• Update description of CDI spec directories by @​elezar in cncf-tags/container-device-interface#217
• Remove deprecated oci and qualified-device APIs by @​bart0sh in cncf-tags/container-device-interface#218
• Release table: add forgotten v0.5.0 change by @​bart0sh in cncf-tags/container-device-interface#220
• Ignore issues / PRs with frozen labels for stale workflow by @​elezar in cncf-tags/container-device-interface#226
• Remove deprecated registry API by @​bart0sh in cncf-tags/container-device-interface#219
• pkg/cdi: name cdi specs-go imports consistently. by @​klihub in cncf-tags/container-device-interface#228
• Code cleanup by @​bart0sh in cncf-tags/container-device-interface#223
• fixes: enable golanci-lint in CI, fix complaints. by @​klihub in cncf-tags/container-device-interface#232
• Update golang.org/x/sys to v0.19.0 by @​elezar in cncf-tags/container-device-interface#237
• Document version match process by @​bart0sh in cncf-tags/container-device-interface#238
• sortMounts stable and remove alphabetical order by @​Epsilon314 in cncf-tags/container-device-interface#241
• Fix cache refresh on darwin by @​elezar in cncf-tags/container-device-interface#249
• Create schema submodule by @​elezar in cncf-tags/container-device-interface#248
• Bump golangci-lint version to v1.64.5 by @​elezar in cncf-tags/container-device-interface#251
• Ensure that YAML fields are sorted by @​elezar in cncf-tags/container-device-interface#236
• .github: run codespell for release branches, too. by @​klihub in cncf-tags/container-device-interface#256
• Preparation for release 1.0.0 by @​bart0sh in cncf-tags/container-device-interface#257
• Add RELEASE.md with steps to create a release by @​elezar in cncf-tags/container-device-interface#258
• Bump version to v1.0.0 by @​bart0sh in cncf-tags/container-device-interface#260

New Contributors

• @​Epsilon314 made their first contribution in cncf-tags/container-device-interface#241

Full Changelog: cncf-tags/container-device-interface@v0.8.1...v1.0.0

Commits

• 40e4c31 Merge pull request #260 from bart0sh/PR026-Bump-version-to-v1.0.0
• 6784e01 Bump version to v1.0.0
• a097fb1 Merge pull request #258 from elezar/document-release-process
• 8aa91e1 Add RELEASE.md with steps to create a release
• 3a09dd0 Merge pull request #257 from bart0sh/PR025-prepare-1.0.0
• 2a62da8 Preparation for release 1.0.0
• 012c8be Merge pull request #256 from klihub/fixes/codespell-release-branches
• 842db48 .github: run codespell for release branches, too.
• a582593 Merge pull request #254 from klihub/fixes/refresh-sigsegv-with-nil-watcher
• 1de2560 pkg/cdi: add test case for post-EMFILE recovery.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[djdongjin]

/ok-to-test

[estesp]

Kind of painful that CDI seems to rely on yaml v2 vs. v3 like the rest of containerd ecosystem. Wonder if we can get them to migrate to v3 so we don't have 2 complete versions of the yaml package imported.

[djdongjin]

Kind of painful that CDI seems to rely on yaml v2 vs. v3 like the rest of containerd ecosystem. Wonder if we can get them to migrate to v3 so we don't have 2 complete versions of the yaml package imported.

@estesp based on this comment they explicitly choose v2 to avoid introducing a new dep (cncf-tags/container-device-interface#236 (comment))

However it seems CDI already had both v2/v3 as indirect dependencies before that change (https://github.com/cncf-tags/container-device-interface/pull/236/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6L20-L21), and yaml v2 and v3 have the same dependencies:

https://github.com/go-yaml/yaml/blob/v3.0.1/go.mod
https://github.com/go-yaml/yaml/blob/v2.4.0/go.mod

So my understanding is there shouldn't be difference for CDI to choose v3 or v2. Did I miss anything? @elezar

[estesp]

yeah, I guess my comment was mostly that we now have another 10k lines of vendored code, with that being the addition of the entire v2 yaml project, while we already have v3 vendored. I'm not sure it's a huge deal, but I happened to notice it.

[AkihiroSuda]

Having multiple YAML libraries is annoying, but probably not a blocker to merge this

[elezar]

So my understanding is there shouldn't be difference for CDI to choose v3 or v2. Did I miss anything? @elezar

@djdongjin that is correct. There should be no functional difference and we elected to stick with v2 at that stage because that was what was being imported by the sigs.k8s.io/yaml v1.3.0.

Note that the v3 dependency is due to the github.com/stretchr/testify/assert package bein used in tests.

We could look at released a v1.0.1 package that only bumps the YAML dependency, but I don't know whethere there are unforseen issues with this. Note that sigs.k8s.io/yaml v1.4.0 seems to have forked the v2 dependencies (or at least some subset of the functionality).

We have created https://github.com/cncf-tags/container-device-interface/pull/262/files to switch to v3.