Skip to content

vendor: github.com/containerd/containerd v2.0.5, golang.org/x/oauth2 v0.29.0#49837

Merged
AkihiroSuda merged 2 commits intomoby:masterfrom
thaJeztah:bump_containerd_2.0.5
Apr 18, 2025
Merged

vendor: github.com/containerd/containerd v2.0.5, golang.org/x/oauth2 v0.29.0#49837
AkihiroSuda merged 2 commits intomoby:masterfrom
thaJeztah:bump_containerd_2.0.5

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Apr 17, 2025
edited by vvoland
Loading

vendor: golang.org/x/oauth2 v0.29.0

notable changes

  • oauth2.go: use a more straightforward return value
  • oauth2: Deep copy context client in NewClient
  • jws: improve fix for CVE-2025-22868

full diff: golang/oauth2@v0.27.0...v0.29.0

vendor: github.com/containerd/containerd v2.0.5

full diff: containerd/containerd@v2.0.4...v2.0.5

- Human readable description for the release notes

containerd image store: Fix a potential daemon crash when using `docker load` with archives containing zero-size tar headers.

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah
vendor: golang.org/x/oauth2 v0.29.0
62f51e4 
notable changes

- oauth2.go: use a more straightforward return value
- oauth2: Deep copy context client in NewClient
- jws: improve fix for CVE-2025-22868

full diff: golang/oauth2@v0.27.0...v0.29.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
vendor: github.com/containerd/containerd v2.0.5
fc8361c 
full diff: containerd/containerd@v2.0.4...v2.0.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah added this to the 28.1.1 milestone Apr 17, 2025
@dmcgowan
Copy link
Member

dmcgowan commented Apr 18, 2025

Fixes #46746

@AkihiroSuda AkihiroSuda merged commit 8dde918 into moby:master Apr 18, 2025
153 checks passed
@thaJeztah thaJeztah deleted the bump_containerd_2.0.5 branch April 18, 2025 06:57
@thaJeztah
Copy link
Member Author

thaJeztah commented Apr 18, 2025

Fixes #46746

Ah, those don't work unless in the first comment; what I usually do is to edit the first comment before merging the PR. Bonus; if you put it in a bullet-list, GitHub UI shows the title of the linked ticket, which often is a bit more readable.

👉 Also, FWIW, the version of golang.org/x/oauth2 is one minor version ahead of containerd now; last minor contained an improvement for an earlier CVE fix, which I thought was OK to include; golang/oauth2@v0.28.0...v0.29.0

@thaJeztah thaJeztah mentioned this pull request Apr 18, 2025
Closed
@vvoland vvoland added impact/changelog kind/bugfix PR's that fix bugs containerd-integration Issues and PRs related to containerd integration labels Apr 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmcgowan dmcgowan dmcgowan approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

No one assigned

Labels

area/dependencies containerd-integration Issues and PRs related to containerd integration impact/changelog kind/bugfix PR's that fix bugs status/2-code-review

Projects

None yet

Milestone

28.1.1

Development

Successfully merging this pull request may close these issues.

c8d: Daemon crashes when using ImageLoad

4 participants

@thaJeztah @dmcgowan @AkihiroSuda @vvoland