Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump github.com/containers/podman/v4 from 4.6.2 to 4.9.5 #264

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump github.com/containers/podman/v4 from 4.6.2 to 4.9.5 #264

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jul 16, 2024

Bumps github.com/containers/podman/v4 from 4.6.2 to 4.9.5.

Release notes

Sourced from github.com/containers/podman/v4's releases.

v4.9.5

Security

  • This release addresses CVE-2024-3727, a vulnerability in the containers/image library which allows attackers to trigger authenticated registry access on behalf of the victim user.

API

  • Fixed a bug in the Compat List endpoint for Networks which could result in a server crash due to concurrent writes to a map (#22330).

v4.9.4

Security

  • Fixed CVE-2024-1753 in Buildah and podman build which allowed a user to write files to the / directory of the host machine if selinux was not enabled.

Bugfixes

  • Fixed a bug where health check status would be updated to "healthy" before the startup delay had expired.

v4.9.3

Features

  • The podman container commit command now features a --config option which accepts a filename containing a JSON-encoded container configuration to be merged in to the newly-created image.

v4.9.2

Security

Misc

  • Updated Buildah to v1.33.5
  • Updated the containers/common library to v0.57.4

v4.9.1

Bugfixes

  • Fixed a bug where the --rootful option to podman machine set would not set the machine to use the root connection (#21195).
  • Fixed a bug where podman would crash when running in a containerized environment with euid != 0 and capabilities set (#20766).
  • Fixed a bug where the podman info command would crash on if called multiple times when podman was running as euid=0 without CAP_SYS_ADMIN (#20908).
  • Fixed a bug where podman machine commands were not relayed to the correct machine on AppleHV (#21115).
  • Fixed a bug where the podman machine list and podman machine inspect commands would not show the correct Last Up time on AppleHV (#21244).

Misc

  • Updated the Mac pkginstaller QEMU to v8.2.1
  • Updated Buildah to v1.33.4
  • Updated the containers/image library to v5.29.2
  • Updated the containers/common library to v0.57.3

v4.9.0

Features

  • The podman farm suite of commands for multi-architecture builds is now fully enabled and documented.
  • Add a network recovery service to Podman Machine VMs using the QEMU backend to detect and recover from an inoperable host networking issues experienced by Mac users when running for long periods of time.

Bugfixes

  • Fixed a bug where the HyperV provider for podman machine did not forward the API socket to the host machine.
  • Fixed a bug where improperly formatted annotations passed to podman kube play could cause Podman to panic.
  • Fixed a bug where podman system reset could fail if non-Podman containers (e.g. containers created by Buildah) were present.

... (truncated)

Changelog

Sourced from github.com/containers/podman/v4's changelog.

4.9.5

Security

  • This release addresses CVE-2024-3727, a vulnerability in the containers/image library which allows attackers to trigger authenticated registry access on behalf of the victim user.

API

  • Fixed a bug in the Compat List endpoint for Networks which could result in a server crash due to concurrent writes to a map (#22330).

4.9.4

Security

  • Fixed CVE-2024-1753 in Buildah and podman build which allowed a user to write files to the / directory of the host machine if selinux was not enabled.

Bugfixes

  • Fixed a bug where health check status would be updated to "healthy" before the startup delay had expired.

4.9.3

Features

  • The podman container commit command now features a --config option which accepts a filename containing a JSON-encoded container configuration to be merged in to the newly-created image.

4.9.2

Security

Misc

  • Updated Buildah to v1.33.5
  • Updated the containers/common library to v0.57.4

4.9.1

Bugfixes

  • Fixed a bug where the --rootful option to podman machine set would not set the machine to use the root connection (#21195).
  • Fixed a bug where podman would crash when running in a containerized environment with euid != 0 and capabilities set (#20766).
  • Fixed a bug where the podman info command would crash on if called multiple times when podman was running as euid=0 without CAP_SYS_ADMIN (#20908).
  • Fixed a bug where podman machine commands were not relayed to the correct machine on AppleHV (#21115).
  • Fixed a bug where the podman machine list and podman machine inspect commands would not show the correct Last Up time on AppleHV (#21244).

Misc

  • Updated the Mac pkginstaller QEMU to v8.2.1
  • Updated Buildah to v1.33.4
  • Updated the containers/image library to v5.29.2
  • Updated the containers/common library to v0.57.3

4.9.0

Features

  • The podman farm suite of commands for multi-architecture builds is now fully enabled and documented.
  • Add a network recovery service to Podman Machine VMs using the QEMU backend to detect and recover from an inoperable host networking issues experienced by Mac users when running for long periods of time.

Bugfixes

  • Fixed a bug where the HyperV provider for podman machine did not forward the API socket to the host machine.
  • Fixed a bug where improperly formatted annotations passed to podman kube play could cause Podman to panic.
  • Fixed a bug where podman system reset could fail if non-Podman containers (e.g. containers created by Buildah) were present.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump github.com/containers/podman/v4 from 4.6.2 to 4.9.5
102fc1e 
Bumps [github.com/containers/podman/v4](https://github.com/containers/podman) from 4.6.2 to 4.9.5.
- [Release notes](https://github.com/containers/podman/releases)
- [Changelog](https://github.com/containers/podman/blob/v4.9.5/RELEASE_NOTES.md)
- [Commits](containers/podman@v4.6.2...v4.9.5)

---
updated-dependencies:
- dependency-name: github.com/containers/podman/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions GitHub Actions
Copy link

A friendly reminder that this PR had no activity for 30 days.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
lifecycle/stale release-note-none
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants