Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump github.com/containers/podman/v4 from 4.2.0 to 4.4.2 #19

Closed
wants to merge 1 commit into from
Closed

build(deps): bump github.com/containers/podman/v4 from 4.2.0 to 4.4.2 #19

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 20, 2023
edited
Loading

Bumps github.com/containers/podman/v4 from 4.2.0 to 4.4.2.

Release notes

Sourced from github.com/containers/podman/v4's releases.

v4.4.2

Security

  • This release fixes CVE-2023-0778, which allowed a malicious user to potentially replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.

Bugfixes

  • Fixed a bug where containers started via the podman-kube systemd template would always use the "passthrough" log driver (#17482).
  • Fixed a bug where pulls would unexpectedly encounter an EOF error. Now, Podman automatically transparently resumes aborted pull connections.
  • Fixed a race condition in Podman's signal proxy.

Misc

  • Updated the containers/image library to v5.24.1.

v4.4.1

Changes

  • Added the podman-systemd.unit man page, which can also be displayed using man quadlet (#17349).
  • Documented journald identifiers used in the journald backend for the podman events command.
  • Dropped the CAP_CHROOT, CAP_AUDIT_WRITE, CAP_MKNOD, CAP_MKNOD default capabilities.

Bugfixes

  • Fixed a bug where the default handling of pids-limit was incorrect.
  • Fixed a bug where parallel calls to make docs crashed (#17322).
  • Fixed a regression in the podman kube play command where existing resources got mistakenly removed.

v4.4.0

Features

  • Introduce Quadlet, a new systemd-generator that easily writes and maintains systemd services using Podman.
  • The podman kube play command now supports hostPID in the pod.spec (#17157).
  • The podman build command now supports the --group-add option.
  • A new command, podman network update has been added, which updates networks for containers and pods.
  • The podman network create command now supports a new option, --network-dns-server, which sets the DNS servers that this network will use.
  • The podman kube play command now accepts the--publish option, which sets or overrides port publishing.
  • The podman inspect command now returns an error field (#13729).
  • The podman update command now accepts the --pids-limit option, which sets the PIDs limit for a container (#16543).
  • Podman now supports container names beginning with a / to match Docker behaviour (#16663).
  • The podman events command now supports die as a value (mapping to died) to the --filter option, for better Docker compatibility (#16857).
  • The podman system dfcommand’s --format "{{ json . }}" option now outputs human-readable format to improve Docker compatibility
  • The podman rm -f command now also terminates containers in "stopping" state.
  • Rootless privileged containers will now mount all tty devices, except for the virtual-console related tty devices (/dev/tty[0-9]+) (#16925).
  • The podman play kube command now supports subpaths when using configmap and hostpath volume types (#16828).
  • All commands with the --no-heading option now include a short option, -n.
  • The podman push command no longer ignores the hidden --signature-policy flag.
  • The podman wait command now supports the --ignore option.
  • The podman network create command now supports the --ignore option to instruct Podman to not fail when trying to create an already existing network.
  • The podman kube play command now supports volume subpaths when using named volumes (#12929).
  • The podman kube play command now supports container startup probes.
  • A new command, podman buildx version, has been added, which shows the buildah version (#16793).
  • Remote usage of the podman build command now supports the --volume option (#16694).
  • The --opt parent=... option is now accepted with the ipvlan network driver in the podman network create command (#16621).
  • The --init-ctr option for the podman container create command now supports shell completion.
  • The podman kube play command run with a readOnlyTmpfs Flag in the kube YAML can now write to tmpfs inside of the container.

... (truncated)

Changelog

Sourced from github.com/containers/podman/v4's changelog.

4.4.2

Security

  • This release fixes CVE-2023-0778, which allowed a malicious user to potentially replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.

Bugfixes

  • Fixed a bug where containers started via the podman-kube systemd template would always use the "passthrough" log driver (#17482).
  • Fixed a bug where pulls would unexpectedly encounter an EOF error. Now, Podman automatically transparently resumes aborted pull connections.
  • Fixed a race condition in Podman's signal proxy.

Misc

  • Updated the containers/image library to v5.24.1.

4.4.1

Changes

  • Added the podman-systemd.unit man page, which can also be displayed using man quadlet (#17349).
  • Documented journald identifiers used in the journald backend for the podman events command.
  • Dropped the CAP_CHROOT, CAP_AUDIT_WRITE, CAP_MKNOD, CAP_MKNOD default capabilities.

Bugfixes

  • Fixed a bug where the default handling of pids-limit was incorrect.
  • Fixed a bug where parallel calls to make docs crashed (#17322).
  • Fixed a regression in the podman kube play command where existing resources got mistakenly removed.

4.4.0

Features

  • Introduce Quadlet, a new systemd-generator that easily writes and maintains systemd services using Podman.
  • The podman kube play command now supports hostPID in the pod.spec (#17157).
  • The podman build command now supports the --group-add option.
  • A new command, podman network update has been added, which updates networks for containers and pods.
  • The podman network create command now supports a new option, --network-dns-server, which sets the DNS servers that this network will use.
  • The podman kube play command now accepts the--publish option, which sets or overrides port publishing.
  • The podman inspect command now returns an error field (#13729).
  • The podman update command now accepts the --pids-limit option, which sets the PIDs limit for a container (#16543).
  • Podman now supports container names beginning with a / to match Docker behaviour (#16663).
  • The podman events command now supports die as a value (mapping to died) to the --filter option, for better Docker compatibility (#16857).
  • The podman system dfcommand’s --format "{{ json . }}" option now outputs human-readable format to improve Docker compatibility
  • The podman rm -f command now also terminates containers in "stopping" state.
  • Rootless privileged containers will now mount all tty devices, except for the virtual-console related tty devices (/dev/tty[0-9]+) (#16925).
  • The podman play kube command now supports subpaths when using configmap and hostpath volume types (#16828).
  • All commands with the --no-heading option now include a short option, -n.
  • The podman push command no longer ignores the hidden --signature-policy flag.
  • The podman wait command now supports the --ignore option.
  • The podman network create command now supports the --ignore option to instruct Podman to not fail when trying to create an already existing network.
  • The podman kube play command now supports volume subpaths when using named volumes (#12929).
  • The podman kube play command now supports container startup probes.
  • A new command, podman buildx version, has been added, which shows the buildah version (#16793).
  • Remote usage of the podman build command now supports the --volume option (#16694).
  • The --opt parent=... option is now accepted with the ipvlan network driver in the podman network create command (#16621).
  • The --init-ctr option for the podman container create command now supports shell completion.
  • The podman kube play command run with a readOnlyTmpfs Flag in the kube YAML can now write to tmpfs inside of the container.

... (truncated)

Commits
  • 74afe26 Bump to v4.4.2
  • 87a1c27 Release notes for v4.4.2
  • 266ce9a Merge pull request #17557 from openshift-cherrypick-robot/cherry-pick-17554-t...
  • 3abff42 Revert "CI: Temporarily disable all AWS EC2-based tasks"
  • 2d68f21 Merge pull request #17553 from openshift-cherrypick-robot/cherry-pick-17548-t...
  • 9168027 Merge pull request #17552 from openshift-cherrypick-robot/cherry-pick-17544-t...
  • f60a6cd Merge pull request #17549 from openshift-cherrypick-robot/cherry-pick-17525-t...
  • f17495e Merge pull request #17532 from mheon/backport_17528_44
  • 8322cab kube play: only enforce passthrough in Quadlet
  • d69512b Emergency fix for man pages: check for broken includes
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
build(deps): bump github.com/containers/podman/v4 from 4.2.0 to 4.4.2
b1be910 
Bumps [github.com/containers/podman/v4](https://github.com/containers/podman) from 4.2.0 to 4.4.2.
- [Release notes](https://github.com/containers/podman/releases)
- [Changelog](https://github.com/containers/podman/blob/main/RELEASE_NOTES.md)
- [Commits](containers/podman@v4.2.0...v4.4.2)

---
updated-dependencies:
- dependency-name: github.com/containers/podman/v4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 20, 2023
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Feb 7, 2024

Superseded by #36.

@dependabot dependabot bot closed this Feb 7, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/containers/podman/v4-4.4.2 branch February 7, 2024 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants