Lokesh Mandvekar
61b2d8844f
Bump github.com/prometheus/client_golang to v1.11.1
...
Resolves: CVE-2022-21698
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2022-03-24 11:15:03 -04:00
dependabot[bot]
90f37e1a68
build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3
...
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt ) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/containers/ocicrypt/releases )
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.2...v1.1.3 )
---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 11:11:50 +00:00
Dan Čermák
63bf3991ef
vendor containers/storage with https://github.com/containers/storage/pull/1165
...
Signed-off-by: Dan Čermák <dcermak@suse.com>
2022-03-21 13:21:25 +01:00
Valentin Rothberg
57cdc21b00
vendor c/common@0ededd18a1
...
Update the login tests to reflect the latest changes to allow http{s}
prefixes (again) to address bugzilla.redhat.com/show_bug.cgi?id=2062072.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-03-18 15:18:30 +01:00
dependabot[bot]
c732adf2d0
build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-16 12:08:28 +00:00
OpenShift Merge Robot
bbae81a291
Merge pull request #13489 from Luap99/k8s
...
move k8s deps into podman
2022-03-16 04:27:41 -04:00
OpenShift Merge Robot
4e2334c149
Merge pull request #13512 from containers/dependabot/go_modules/github.com/docker/docker-20.10.13incompatible
...
Bump github.com/docker/docker from 20.10.12+incompatible to 20.10.13+incompatible
2022-03-15 12:19:57 -04:00
Paul Holzinger
a0ad1f2ad4
remove unneeded k8s code
...
There is a lot of unneeded code, k8s is the by far the biggest
dependency in podman. We should remove as much as possible so that we
only have the stuff left that we use.
This is just a quick skim over the code which removes a lot of the
generated code and many packages that are now unused.
I know that this will be impossible to properly review. I will try to
make smaller changes in follow up work.
Right now this reduces about 8 MB in binary size!!!
[NO NEW TESTS NEEDED] Hopefully existing tests will catch any problems.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-03-15 14:48:08 +01:00
Paul Holzinger
918fc88a98
move k8s deps into podman
...
We only need a small part of the k8s dependencies but they are the
biggest dependencies in podman by far. Moving them into podman allows us
to remove the unnecessary parts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-03-15 14:46:29 +01:00
dependabot[bot]
3d82d17f8c
Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-15 12:09:17 +00:00
dependabot[bot]
439323cd2e
Bump github.com/docker/docker
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 20.10.12+incompatible to 20.10.13+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md )
- [Commits](https://github.com/docker/docker/compare/v20.10.12...v20.10.13 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-15 12:09:10 +00:00
Aditya R
780d4b2d65
vendor: bump buildah, c/image and c/storage
...
Bumps
c/buildah to -> `v1.24.3-0.20220310160415-5ec70bf01ea5`
c/storage to -> `v1.38.3-0.20220308085612-93ce26691863`
c/image to -> `v5.20.1-0.20220310094651-0d8056ee346f`
Signed-off-by: Aditya R <arajan@redhat.com>
2022-03-14 12:26:12 +05:30
OpenShift Merge Robot
8934c5cfc3
Merge pull request #13483 from containers/dependabot/go_modules/github.com/spf13/cobra-1.4.0
...
Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
2022-03-11 12:18:38 -05:00
dependabot[bot]
4ab24a0681
Bump github.com/docker/docker
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 20.10.12+incompatible to 20.10.13+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md )
- [Commits](https://github.com/docker/docker/compare/v20.10.12...v20.10.13 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-11 12:07:45 +00:00
dependabot[bot]
9314774614
Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-11 12:07:32 +00:00
OpenShift Merge Robot
db08bc096e
Merge pull request #13477 from containers/dependabot/go_modules/github.com/containernetworking/plugins-1.1.1
...
Bump github.com/containernetworking/plugins from 1.1.0 to 1.1.1
2022-03-10 09:04:06 -05:00
dependabot[bot]
e6b64703fe
Bump github.com/containernetworking/plugins from 1.1.0 to 1.1.1
...
Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/containernetworking/plugins/releases )
- [Commits](https://github.com/containernetworking/plugins/compare/v1.1.0...v1.1.1 )
---
updated-dependencies:
- dependency-name: github.com/containernetworking/plugins
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-10 12:10:53 +00:00
dependabot[bot]
a5353207c7
Bump github.com/vbauerster/mpb/v7 from 7.3.2 to 7.4.1
...
Bumps [github.com/vbauerster/mpb/v7](https://github.com/vbauerster/mpb ) from 7.3.2 to 7.4.1.
- [Release notes](https://github.com/vbauerster/mpb/releases )
- [Commits](https://github.com/vbauerster/mpb/compare/v7.3.2...v7.4.1 )
---
updated-dependencies:
- dependency-name: github.com/vbauerster/mpb/v7
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-10 12:10:45 +00:00
Paul Holzinger
30bf065c3f
Use github.com/vbauerster/mpb/v7 in pkg/machine
...
We already use v7 in c/image so podman should use the same version to
prevent duplication.
This saves 170 KB binary size.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-03-09 20:02:10 +01:00
dependabot[bot]
e56150264c
Bump github.com/docker/distribution
...
Bumps [github.com/docker/distribution](https://github.com/docker/distribution ) from 2.8.0+incompatible to 2.8.1+incompatible.
- [Release notes](https://github.com/docker/distribution/releases )
- [Commits](https://github.com/docker/distribution/compare/v2.8.0...v2.8.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/distribution
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-09 12:07:43 +00:00
Aditya R
410d286608
vendor: bump c/image to main/9a9cd9
...
Bump c/image to upstream main/9a9cd9 so podman could use new race-free
code.
Signed-off-by: Aditya R <arajan@redhat.com>
2022-03-02 18:34:24 +05:30
Aditya R
08036e9af7
vendor: bump c/storage to main/d06b0f
...
Bump c/storage to main/d06b0f so we podman could use new `race-free`
`AddNames` and `RemoveNames` api
Signed-off-by: Aditya R <arajan@redhat.com>
2022-03-02 18:15:15 +05:30
Nick Guenther
572e6464f6
Use storage that better supports rootless overlayfs
...
overlayfs -- the kernel's version, not fuse-overlayfs -- recently learned
(as of linux 5.16.0, I believe) how to support rootless users. Previously,
rootless users had to use these storage.conf(5) settings:
* storage.driver=vfs (aka STORAGE_DRIVER=vfs), or
* storage.driver=overlay (aka STORAGE_DRIVER=overlay),
storage.options.overlay.mount_program=/usr/bin/fuse-overlayfs
(aka STORAGE_OPTS=/usr/bin/fuse-overlayfs)
Now that a third backend is available, setting only:
* storage.driver=overlay (aka STORAGE_DRIVER=overlay)
https://github.com/containers/podman/issues/13123 reported EXDEV errors
during the normal operation of their container. Tracing it out, the
problem turned out to be that their container was being mounted without
'userxattr'; I don't fully understand why, but mount(8) mentions this is
needed for rootless users:
> userxattr
>
> Use the "user.overlay." xattr namespace instead of "trusted.overlay.".
> This is useful for unprivileged mounting of overlayfs.
https://github.com/containers/storage/pull/1156 found and fixed the issue
in podman, and this just pulls in that via
go get github.com/containers/storage@ebc90ab
go mod vendor
make vendor
Closes https://github.com/containers/podman/issues/13123
Signed-off-by: Nick Guenther <nick.guenther@polymtl.ca>
2022-03-01 12:09:42 -05:00
Ashley Cui
569319d397
Vendor in containers/common@main
...
Signed-off-by: Ashley Cui <acui@redhat.com>
2022-02-28 16:23:26 -05:00
dependabot[bot]
f3e883fb4c
Bump github.com/containernetworking/plugins from 1.0.1 to 1.1.0
...
Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins ) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/containernetworking/plugins/releases )
- [Commits](https://github.com/containernetworking/plugins/compare/v1.0.1...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/containernetworking/plugins
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-24 12:13:02 +00:00
Evan Lezar
46b7c5bc63
Bump CDI go dependency to v0.3.0
...
This updates the CDI dependency to the v0.3.0 tagged version instead of
relying on a pseudo version. This also addresses the fact that cgroups
are not set correctly for devices using the previous dependency.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-02-23 08:02:47 +02:00
Daniel J Walsh
80c5962dba
Add containers-common spec and command to podman
...
Since containers-common package is tied to specific versions
of Podman, add tools to build the package into the contrib directory
This should help other distributions to figure out which commont
package to ship.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-02-22 14:38:57 -05:00
OpenShift Merge Robot
a09e94f9ca
Merge pull request #13263 from giuseppe/update-c-storage
...
vendor: update c/storage to 26c561f9
2022-02-17 11:24:37 -05:00
Giuseppe Scrivano
38811823c1
vendor: update c/storage to 26c561f9
...
update c/storage to commit 26c561f9a64585d9a25d340e1ae5479eca8008a1.
It contains an important fix for partial pulls.
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2022-02-17 14:54:02 +01:00
dependabot[bot]
095026c3d5
Bump github.com/containers/buildah from 1.24.1 to 1.24.2
...
Bumps [github.com/containers/buildah](https://github.com/containers/buildah ) from 1.24.1 to 1.24.2.
- [Release notes](https://github.com/containers/buildah/releases )
- [Changelog](https://github.com/containers/buildah/blob/main/CHANGELOG.md )
- [Commits](https://github.com/containers/buildah/compare/v1.24.1...v1.24.2 )
---
updated-dependencies:
- dependency-name: github.com/containers/buildah
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-17 12:08:46 +00:00
tomsweeneyredhat
1512740e3b
Bump c/common to v0.47.4
...
As the title says.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2022-02-09 15:26:51 -05:00
dependabot[bot]
5bcd9134ff
Bump github.com/docker/distribution
...
Bumps [github.com/docker/distribution](https://github.com/docker/distribution ) from 2.7.1+incompatible to 2.8.0+incompatible.
- [Release notes](https://github.com/docker/distribution/releases )
- [Commits](https://github.com/docker/distribution/compare/v2.7.1...v2.8.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/distribution
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-08 12:09:28 +00:00
OpenShift Merge Robot
8c5b47f459
Merge pull request #13146 from cevich/dependabot_goterm
...
Bump github.com/buger/goterm from 1.0.1 to 1.0.4
2022-02-04 13:21:07 -05:00
dependabot[bot]
54cf0f05e3
Bump github.com/buger/goterm from 1.0.1 to 1.0.4
...
Bumps [github.com/buger/goterm](https://github.com/buger/goterm ) from 1.0.1 to 1.0.4.
- [Release notes](https://github.com/buger/goterm/releases )
- [Commits](https://github.com/buger/goterm/compare/v1.0.1...v1.0.4 )
---
updated-dependencies:
- dependency-name: github.com/buger/goterm
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-04 12:08:41 +00:00
Daniel J Walsh
1d1b2b1509
Update containers/buildah v1.24.1
...
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-02-03 18:33:22 -05:00
dependabot[bot]
185dc5b2f3
Bump github.com/containers/common from 0.47.2 to 0.47.3
...
Bumps [github.com/containers/common](https://github.com/containers/common ) from 0.47.2 to 0.47.3.
- [Release notes](https://github.com/containers/common/releases )
- [Commits](https://github.com/containers/common/compare/v0.47.2...v0.47.3 )
---
updated-dependencies:
- dependency-name: github.com/containers/common
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-03 18:39:37 +00:00
dependabot[bot]
daf51eafee
Bump github.com/containers/image/v5 from 5.19.0 to 5.19.1
...
Bumps [github.com/containers/image/v5](https://github.com/containers/image ) from 5.19.0 to 5.19.1.
- [Release notes](https://github.com/containers/image/releases )
- [Commits](https://github.com/containers/image/compare/v5.19.0...v5.19.1 )
---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-03 16:25:23 +00:00
Daniel J Walsh
6609bb73aa
Fix use of infra image to clarify default
...
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-01-31 17:21:25 -05:00
tomsweeneyredhat
4a4d86d40f
Bump Buildah to v1.24.0
...
Bumps Buildah to v1.24.0 and adopts the new values for pull:
true, false, never, and always. The pull-never and pull-always options
for the build command are still usable, but they have been removed from
the man page documentation with this change.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2022-01-27 07:03:56 -05:00
dependabot[bot]
ab22a688d8
Bump github.com/containers/image/v5 from 5.18.0 to 5.19.0
...
Bumps [github.com/containers/image/v5](https://github.com/containers/image ) from 5.18.0 to 5.19.0.
- [Release notes](https://github.com/containers/image/releases )
- [Commits](https://github.com/containers/image/compare/v5.18.0...v5.19.0 )
---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-26 15:15:46 +00:00
dependabot[bot]
9916529880
Bump github.com/containers/storage from 1.38.0 to 1.38.1
...
Bumps [github.com/containers/storage](https://github.com/containers/storage ) from 1.38.0 to 1.38.1.
- [Release notes](https://github.com/containers/storage/releases )
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md )
- [Commits](https://github.com/containers/storage/compare/v1.38.0...v1.38.1 )
---
updated-dependencies:
- dependency-name: github.com/containers/storage
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-26 12:06:51 +00:00
Valentin Rothberg
e22b9889d6
vendor c/psgo@v1.7.2
...
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2022-01-20 16:56:20 +01:00
Aditya R
2c492be00a
vendor: bump c/common and other vendors
...
This commit bumps majorly c/common so netavark features could be synced
with podman.
But there are some other vendor bumps as well
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
2022-01-20 12:40:11 +05:30
dependabot[bot]
a0165a64b9
Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
...
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc ) from 1.0.3 to 1.1.0.
- [Release notes](https://github.com/opencontainers/runc/releases )
- [Changelog](https://github.com/opencontainers/runc/blob/master/CHANGELOG.md )
- [Commits](https://github.com/opencontainers/runc/compare/v1.0.3...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-19 12:09:54 +00:00
Paul Holzinger
774271c38a
upgrade all dependencies
...
The dependabot does not update dependencies when they do not use a tag.
This patch upgrades all untagged depenencies if possible.
You can upgrade all dependencies with `go get -u ./... && make vendor`
in theory however this failed since the k8s changes do not compile on
go v1.16 so I only updated the other dependencies.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-01-18 16:27:00 +01:00
dependabot[bot]
4adf457ff3
Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
...
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc ) from 1.0.3 to 1.1.0.
- [Release notes](https://github.com/opencontainers/runc/releases )
- [Changelog](https://github.com/opencontainers/runc/blob/master/CHANGELOG.md )
- [Commits](https://github.com/opencontainers/runc/compare/v1.0.3...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-18 12:08:58 +00:00
Paul Holzinger
06ad51c83b
update c/common to latest
...
This contains changes that are needed to enable netavark e2e testing.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-01-17 15:58:45 +01:00
Evan Lezar
968deb7c2c
Use new CDI API
...
This change updates the CDI API to commit 46367ec063fda9da931d050b308ccd768e824364
which addresses some inconistencies in the previous implementation.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2022-01-14 13:35:22 +01:00
Paul Holzinger
0151e10b62
update buildah to latest and use new network stack
...
Make sure buildah uses the new network stack.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-01-12 17:40:12 +01:00
OpenShift Merge Robot
2cdab5d539
Merge pull request #12824 from containers/dependabot/go_modules/github.com/BurntSushi/toml-1.0.0
...
Bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0
2022-01-12 15:26:20 +01:00