Skip to content

deps: bump the go_modules group across 1 directory with 5 updates #1953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 3 commits into
base: main
Choose a base branch
from
Open

deps: bump the go_modules group across 1 directory with 5 updates #1953

dependabot wants to merge 3 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 1, 2025

Bumps the go_modules group with 5 updates in the / directory:

Package From To
github.com/containerd/containerd 1.7.27 1.7.29
github.com/opencontainers/selinux 1.11.0 1.13.0
golang.org/x/crypto 0.41.0 0.45.0
helm.sh/helm/v3 3.17.4 3.18.5
github.com/ulikunitz/xz 0.5.12 0.5.14

Updates github.com/containerd/containerd from 1.7.27 to 1.7.29

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.29

Welcome to the v1.7.29 release of containerd!

The twenty-ninth patch release for containerd 1.7 contains various fixes and updates including security patches.

Security Updates

Highlights

Image Distribution

  • Update differ to handle zstd media types (#12018)

Runtime

  • Update runc binary to v1.3.3 (#12480)
  • Fix lost container logs from quickly closing io (#12375)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Akihiro Suda
  • Phil Estes
  • Austin Vazquez
  • Sebastiaan van Stijn
  • ningmingxiao
  • Maksym Pavlenko
  • StepSecurity Bot
  • wheat2018

Changes

... (truncated)

Commits
  • 442cb34 Merge commit from fork
  • e5cb6dd Merge commit from fork
  • 9772966 Merge pull request #12486 from dmcgowan/prepare-v1.7.29
  • 1fc2daa Prepare release notes for v1.7.29
  • 93f710a Merge pull request #12480 from k8s-infra-cherrypick-robot/cherry-pick-12475-t...
  • 68d04be Merge pull request #12471 from austinvazquez/1_7_update_ci_go_and_images
  • 3f5f9f8 runc: Update runc binary to v1.3.3
  • 667409f ci: bump Go 1.24.9, 1.25.3
  • 294f8c0 Update GHA runners to use latest images for basic binaries build
  • cf66b41 Update GHA runners to use latest image for most jobs
  • Additional commits viewable in compare view

Updates github.com/opencontainers/selinux from 1.11.0 to 1.13.0

Release notes

Sourced from github.com/opencontainers/selinux's releases.

v1.13.0

What's Changed

Full Changelog: opencontainers/selinux@v1.12.0...v1.13.0

v1.12.0

This release removes deprecated functions from the label package, and improves documentation and error reporting of SetCreateKey.

What's Changed

Full Changelog: opencontainers/selinux@v1.11.1...v1.12.0

v1.11.1

What's Changed

New Contributors

... (truncated)

Commits
  • 4be9937 Merge pull request #237 from cyphar/selinux-safe-procfs
  • c8cfa6f selinux: migrate to pathrs-lite procfs API
  • f2424d8 Merge pull request #236 from kolyshkin/modernize-ci
  • 648ce7f ci: add go 1.25
  • 916cab9 ci: bump golangci-lint to v2.5
  • b42e5c8 all: format sources with latest gofumpt
  • 74393ea Merge pull request #235 from cyphar/fix-keyring-err-check
  • 6ec194b keyring: fix typo in EACCES check
  • 879a755 Merge pull request #234 from opencontainers/dependabot/github_actions/actions...
  • 3c1bd9a build(deps): bump actions/setup-go from 5 to 6
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.41.0 to 0.45.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Updates helm.sh/helm/v3 from 3.17.4 to 3.18.5

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.18.5 is a security release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Security Advisories

Installation and Upgrading

Download Helm v3.18.5. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.19.0 is the next minor release and will be on September 11, 2025

Changelog

  • fix Chart.yaml handling 7799b483f52ceb665264a4056da3d2569d60f910 (Matt Farina)
  • Handle messy index files dd8502f7b4fd5824a696c99909babd0fbed77e9e (Matt Farina)
  • json schema fix cb8595bc650e2ec7459427d2b0430599431a3dbe (Robert Sirchia)

Helm v3.18.4 is a security release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs

... (truncated)

Commits

Updates github.com/ulikunitz/xz from 0.5.12 to 0.5.14

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
deps: bump the go_modules group across 1 directory with 5 updates
4fa1642 
Bumps the go_modules group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.27` | `1.7.29` |
| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.11.0` | `1.13.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.41.0` | `0.45.0` |
| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.17.4` | `3.18.5` |
| [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) | `0.5.12` | `0.5.14` |



Updates `github.com/containerd/containerd` from 1.7.27 to 1.7.29
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v1.7.27...v1.7.29)

Updates `github.com/opencontainers/selinux` from 1.11.0 to 1.13.0
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](opencontainers/selinux@v1.11.0...v1.13.0)

Updates `golang.org/x/crypto` from 0.41.0 to 0.45.0
- [Commits](golang/crypto@v0.41.0...v0.45.0)

Updates `helm.sh/helm/v3` from 3.17.4 to 3.18.5
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.17.4...v3.18.5)

Updates `github.com/ulikunitz/xz` from 0.5.12 to 0.5.14
- [Commits](ulikunitz/xz@v0.5.12...v0.5.14)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-version: 1.7.29
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/opencontainers/selinux
  dependency-version: 1.13.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.18.5
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/ulikunitz/xz
  dependency-version: 0.5.14
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added area/dependencies Pull requests that update a dependency file lang/go The Go Programming Language labels Dec 1, 2025
@dependabot dependabot bot requested a review from a team as a code owner December 1, 2025 17:14
@dependabot dependabot bot requested review from agrawaliti and kamilprz December 1, 2025 17:14
SRodi
SRodi previously approved these changes Dec 2, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SRodi SRodi SRodi left review comments

@agrawaliti agrawaliti Awaiting requested review from agrawaliti agrawaliti is a code owner automatically assigned from microsoft/retina

@kamilprz kamilprz Awaiting requested review from kamilprz kamilprz is a code owner automatically assigned from microsoft/retina

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/dependencies Pull requests that update a dependency file lang/go The Go Programming Language

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SRodi @mereta