Skip to content

chore(deps): update module github.com/containerd/containerd/v2 to v2.0.9 [security] (main)#45

Open
anaconda-renovate[bot] wants to merge 1 commit into
mainfrom
deps-update/main-go-github.com-containerd-containerd-v2-vulnerability
Open

chore(deps): update module github.com/containerd/containerd/v2 to v2.0.9 [security] (main)#45
anaconda-renovate[bot] wants to merge 1 commit into
mainfrom
deps-update/main-go-github.com-containerd-containerd-v2-vulnerability

Conversation

@anaconda-renovate
Copy link
Copy Markdown

@anaconda-renovate anaconda-renovate Bot commented Nov 7, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
github.com/containerd/containerd/v2 v2.0.5v2.0.9 age confidence

containerd CRI server: Host memory exhaustion through Attach goroutine leak

CVE-2025-64329 / GHSA-m6hq-p25p-ffr2 / GO-2025-4108

More information

Details

Impact

A bug was found in containerd's CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks.

Repetitive calls of CRI Attach (e.g., kubectl attach) could increase the memory usage of containerd.

Patches

This bug has been fixed in the following containerd versions:

  • 2.2.0
  • 2.1.5
  • 2.0.7
  • 1.7.29

Users should update to these versions to resolve the issue.

Workarounds

Set up an admission controller to control accesses to pods/attach resources.
e.g., Validating Admission Policy.

Credits

The containerd project would like to thank @​Wheat2018 for responsibly disclosing this issue in accordance with the containerd security policy.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64329

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 6.9 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

containerd affected by a local privilege escalation via wide permissions on CRI directory

CVE-2024-25621 / GHSA-pwhc-rpq9-4c8w / GO-2025-4100

More information

Details

Impact

An overly broad default permission vulnerability was found in containerd.

  • /var/lib/containerd was created with the permission bits 0o711, while it should be created with 0o700
    • Allowed local users on the host to potentially access the metadata store and the content store
  • /run/containerd/io.containerd.grpc.v1.cri was created with 0o755, while it should be created with 0o700
    • Allowed local users on the host to potentially access the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.
  • /run/containerd/io.containerd.sandbox.controller.v1.shim was created with 0o711, while it should be created with 0o700

The directory paths may differ depending on the daemon configuration.
When the temp directory path is specified in the daemon configuration, that directory was also created with 0o711, while it should be created with 0o700.

Patches

This bug has been fixed in the following containerd versions:

  • 2.2.0
  • 2.1.5
  • 2.0.7
  • 1.7.29

Users should update to these versions to resolve the issue.
These updates automatically change the permissions of the existing directories.

[!NOTE]

/run/containerd and /run/containerd/io.containerd.runtime.v2.task are still created with 0o711.
This is an expected behavior for supporting userns-remapped containers.

Workarounds

The system administrator on the host can manually chmod the directories to not
have group or world accessible permisisons:

chmod 700 /var/lib/containerd
chmod 700 /run/containerd/io.containerd.grpc.v1.cri
chmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim

An alternative mitigation would be to run containerd in rootless mode.

Credits

The containerd project would like to thank David Leadbeater for responsibly disclosing this issue in accordance with the containerd security policy.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 7.3 / 10 (High)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

containerd affected by a local privilege escalation via wide permissions on CRI directory in github.com/containerd/containerd

CVE-2024-25621 / GHSA-pwhc-rpq9-4c8w / GO-2025-4100

More information

Details

containerd affected by a local privilege escalation via wide permissions on CRI directory in github.com/containerd/containerd

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd

CVE-2025-64329 / GHSA-m6hq-p25p-ffr2 / GO-2025-4108

More information

Details

containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

containerd user ID handling bypass allows runAsNonRoot evasion

CVE-2026-46680 / GHSA-fqw6-gf59-qr4w

More information

Details

Impact

A bug was found in containerd where containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes runAsNonRoot restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.1
  • 2.2.4
  • 2.0.9
  • 1.7.32

Note: The containerd 2.1 release has reached its end of life and a fixed version is not provided.

Users should update to these versions to resolve the issue.

Workarounds

Ensure that only trusted images are used and that only trusted users have permissions to import images. Alternatively, enforcing a specific numeric runAsUser in the Kubernetes Pod securityContext overrides the USER directive in the image and prevents the bypass. Newer versions of Kubernetes, starting with 1.34, also appear to enforce runAsNonRoot properly regardless of this bug.

Credits

The containerd project would like to thank Lei Wang (@​ssst0n3) for responsibly disclosing this issue in accordance with the containerd security policy.

Resources
For more information

If there are any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 7.3 / 10 (High)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

containerd/containerd (github.com/containerd/containerd/v2)

v2.0.9: containerd 2.0.9

Compare Source

Welcome to the v2.0.9 release of containerd!

The ninth patch release for containerd 2.0 includes various bug fixes and updates, including a security fix.

  • containerd

  • Ensure container exit events are not lost during containerd restart (#​11633)

  • Apply hardening to avoid TOCTOU race in tar extraction (#​13237)

  • Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#​13449)

  • Apply hardening to block AF_ALG in default socket policy (#​13407)

  • Support both "volatile" and "fsync=volatile" mount options for volatile snapshotter (#​13298)

  • Fix bugs in sandbox service affecting sandbox creation configuration and event publishing (#​13271)

  • Set AppArmor abi conditionally to support versions < 3.0 (#​13277)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

  • Samuel Karp
  • Chris Henzie
  • Maksym Pavlenko
  • Paweł Gronowski
  • Wei Fu
  • Brian Goff
  • LEI WANG
  • Shachar Tal
  • William Myers
  • ningmingxiao
18 commits

  • 2da65b8bd Prepare release notes for v2.0.9
  • oci: return explicit error for out-of-range USER values (#​13449)
    • 1a3d1c85e oci: return explicit error for out-of-range USER values
  • seccomp: Block AF_ALG in default socket policy (#​13407)
    • fa2a97505 seccomp: Block AF_ALG in default socket policy
    • 4b2b07879 seccomp: Document socket rule scope and socketcall limitation
  • Support both styles of volatile mount option (#​13298)
    • ea56c9605 Support both styles of volatile mount option
  • backport: sandbox: forward Create fields, fix event topics (#​13271)
    • 3d34dc820 sandbox: forward Create fields, fix event topics
  • apparmor: Set abi conditionally (#​13277)
  • Add GitHub Action for k8s node e2e tests (#​13257)
    • 3e9c4d1e0 Add GitHub Action for k8s node e2e tests
  • Fix TOCTOU race bug in tar extraction (#​13237)
    • cf73e6873 Fix TOCTOU race bug in tar extraction
  • cri:fix lost container exit events if they arrive before info is cached (#​11633)
    • 2320b319e cri:fix lost container exit events if they arrive before info is cached

This release has no dependency changes

Previous release can be found at v2.0.8

  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

v2.0.8: containerd 2.0.8

Compare Source

Welcome to the v2.0.8 release of containerd!

The eighth patch release for containerd 2.0 includes various bug fixes and updates, including a security fix.

Security Updates
Highlights
Container Runtime Interface (CRI)
  • Sanitize error before gRPC return to prevent possible credential leak in pod events (#​13181)
  • Fix CNI issue where DEL is never executed after a restart (#​13179)
Runtime

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors
  • Samuel Karp
  • Michael Zappa
  • Akhil Mohan
  • Laura Lorenz
  • Phil Estes
  • Aadhar Agarwal
  • Andrey Noskov
  • Chris Henzie
  • Davanum Srinivas
  • Maksym Pavlenko
  • Rodrigo Campos
  • Sebastiaan van Stijn
  • ningmingxiao
  • yashsingh74
Changes
32 commits

  • Prepare release notes for v2.0.8 (missed line) (#​13235)
    • c07b94f19 Prepare release notes for v2.0.8 (missed line)
  • Prepare release notes for v2.0.8 (#​13222)
  • update github.com/moby/spdystream v0.5.1 (#​13219)
    • fde1480df update github.com/moby/spdystream v0.5.1
  • update to Go 1.25.9, 1.26.2 (#​13199)
    • 5b2eee8a2 update to Go 1.25.9, 1.26.2
    • c579db16e update golangci-lint to v2.9.0 with go1.26 support
    • 185ddcfd0 remove windows/arm from cross build
    • 8538158df Ignore warnings for golangci-lint bump
    • 1cff32695 ci: bump golangci from 6.5.2 to 7.0.0
  • Updating selinux to v1.13.1 (#​13193)
    • 2e02b8bb3 Skip github.com/cyphar/filepath-securejoin license checks
    • e71fc560b Updating selinux to v1.13.1
  • fix: sanitize error before gRPC return to prevent credential leak in pod events (#​13181)
    • 868869eb9 fix: sanitize error before gRPC return to prevent credential leak in pod events
    • 40632e4f2 fix: redact all query parameters in CRI error logs
  • CODEOWNERS: mark Sam and Chris as owners for 2.0 (#​13174)
    • 85c3b2b02 CODEOWNERS: mark Sam and Chris as owners for 2.0
  • Update github.com/moby/spdystream v0.4.0->v0.5.0 (#​13182)
    • 902d804c9 Update github.com/moby/spdystream v0.4.0->v0.5.0
  • Fix CNI issue where CNI DEL is never executed (#​13179)
  • Cherry-picks to fix CI (#​13175)
    • f24653597 Ignore NOCHANGE error
    • 9c656fab4 ci: update CIFuzz actions to support Ubuntu 24.04
    • c71c4a091 integration: Fix TestImageLoad() failure on CI
    • bfee29999 ci: modprobe xt_comment on almalinux

Dependency Changes
  • github.com/cyphar/filepath-securejoin v0.5.1 new
  • github.com/moby/spdystream v0.4.0 -> v0.5.1
  • github.com/opencontainers/selinux v1.11.1 -> v1.13.1

Previous release can be found at v2.0.7

Which file should I download?
  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

v2.0.7: containerd 2.0.7

Compare Source

Welcome to the v2.0.7 release of containerd!

The seventh patch release for containerd 2.0 includes various bug fixes and updates.

Security Updates
Highlights
Container Runtime Interface (CRI)
  • Disable event subscriber during task cleanup (#​12406)
  • Add SystemdCgroup to default runtime options (#​12254)
  • Fix userns with container image VOLUME mounts that need copy (#​12241)
Image Distribution
  • Add dial timeout field to hosts toml configuration (#​12136)
Runtime
  • Update runc binary to v1.3.3 (#​12479)
  • Fix lost container logs from quickly closing io (#​12376)
  • Create bootstrap.json with 0644 permission (#​12184)
  • Fix pidfd leak in UnshareAfterEnterUserns (#​12178)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors
  • Austin Vazquez
  • Phil Estes
  • Rodrigo Campos
  • Wei Fu
  • Akihiro Suda
  • Derek McGowan
  • Maksym Pavlenko
  • ningmingxiao
  • Kirtana Ashok
  • Akhil Mohan
  • Andrew Halaney
  • Jin Dong
  • Jose Fernandez
  • Mike Baynton
  • Philip Laine
  • Swagat Bora
  • wheat2018
Changes
56 commits

  • Prepare release notes for v2.0.7 (#​12482)
  • Update runc binary to v1.3.3 (#​12479)
    • b46dc6a67 runc: Update runc binary to v1.3.3
  • ci: bump Go 1.24.9; 1.25.3 (#​12361)
    • 5e9c82178 Update GHA runners to use latest images for basic binaries build
    • 7f59248dc Update GHA runners to use latest image for most jobs
    • e1373e8a8 ci: bump Go 1.24.9, 1.25.3
    • e1a910a6a ci: bump Go 1.24.8; 1.25.2
    • fd04b7f17 move exclude-dirs to issues.exclude-dirs
    • b49377975 update golangci-lint to v1.64.2
    • 6e45022a1 build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0
    • 09ce0f2a1 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.2
    • de63a740b build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0
  • Fix lost container logs from quickly closing io (#​12376)
    • f953ee8a3 bugfix:fix container logs lost because io close too quickly
  • CI: update Fedora to 43 (#​12448)
  • Disable event subscriber during task cleanup (#​12406)
    • 2a2329cbd cri/server/podsandbox: disable event subscriber
  • CI: skip ubuntu-24.04-arm on private repos (#​12428)
    • dfb954743 CI: skip ubuntu-24.04-arm on private repos
  • Remove additional fuzzers from instrumentation repo (#​12420)
    • f6b02f6bb Remove additional fuzzers from CI
  • runc:Update runc binary to v1.3.1 (#​12275)
    • 75c13ee3f runc:Update runc binary to v1.3.1
  • Add SystemdCgroup to default runtime options (#​12254)
    • 427cdd06c add SystemdCgroup to default runtime options
  • install-runhcs-shim: fetch target commit instead of tags (#​12255)
    • 0b35e19fb install-runhcs-shim: fetch target commit instead of tags
  • Fix userns with container image VOLUME mounts that need copy (#​12241)
    • 3212afc2f integration: Add test for directives with userns
    • b855c6e10 cri: Fix userns with Dockerfile VOLUME mounts that need copy
  • Fix overlayfs issues related to user namespace (#​12223)
    • 05c0c99f4 core/mount: Retry unmounting idmapped directories
    • afdede4ce core/mount: Test cleanup of DoPrepareIDMappedOverlay()
    • 47205f814 core/mount: Properly cleanup on doPrepareIDMappedOverlay errors
    • 6f4abd970 core/mount: Don't call nil function on errors
    • a2f0d65d7 core/mount: Only idmap once per overlayfs, not per layer
    • 1c32accd7 Make ovl idmap mounts read-only
  • ci: bump Go 1.23.12, 1.24.6 (#​12187)
  • Create bootstrap.json with 0644 permission (#​12184)
    • 009622e04 fix: create bootstrap.json with 0644 permission
  • Fix pidfd leak in UnshareAfterEnterUserns (#​12178)
    • 5bec0a332 sys: fix pidfd leak in UnshareAfterEnterUserns
  • Fix windows test failures (#​12120)
    • 2a2488131 Fix intermittent test failures on Windows CIs
    • 018470948 Remove WS2025 from CIs due to regression
  • Add dial timeout field to hosts toml configuration (#​12136)
    • b50cbbc98 Add dial timeout field to hosts toml configuration

Dependency Changes

This release has no dependency changes

Previous release can be found at v2.0.6

Which file should I download?
  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

v2.0.6: containerd 2.0.6

Compare Source

Welcome to the v2.0.6 release of containerd!

The sixth patch release for containerd 2.0 includes various bug fixes and updates.

Highlights
  • Update containerd config dump to reflect plugin config migrations (#​11772)
Container Runtime Interface (CRI)
  • Fix containerd panic when sandbox extension is missing (#​12077)
  • Fix the panic caused by the failure of RunPodSandbox (#​12047)
  • Add extension to sandbox metadata store on create sandbox (#​11808)
  • Fix issue where Prometheus metric names changed for CRI (#​11750)
  • Fix issue preventing some v2 shims from shutting down properly (#​11741)
Go client
  • Fix lazy gRPC connection mode waiting for connect on client creation (#​12080)
Image Distribution
  • Fix cross-repo mount fallback after authorization failure (#​11832)
Runtime
  • Fix container io to close after runtime create failure (#​12051)
  • Fix incompatibility with some pre-v3 shims (#​11973)
  • Update runc binary to v1.3.0 (#​11801)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors
  • Derek McGowan
  • Phil Estes
  • Austin Vazquez
  • Wei Fu
  • Akihiro Suda
  • Maksym Pavlenko
  • Samuel Karp
  • Yang Yang
  • Akhil Mohan
  • ningmingxiao
  • Alberto Garcia Hierro
  • Chris Henzie
  • HirazawaUi
  • Jin Dong
  • Kirtana Ashok
  • Paweł Gronowski
  • Vinayak Goyal
Changes
49 commits

  • Prepare release notes for v2.0.6 (#​12145)
  • ci: bump Go 1.23.11, 1.24.5 (#​12116)
  • go.mod: golang.org/x/* latest (#​12097)
  • Fix lazy gRPC connection mode waiting for connect on client creation (#​12080)
    • bed6d1401 client/New: Don't unlazy the gRPC connection implicitly
  • Fix containerd panic when sandbox extension is missing (#​12077)
    • 8094fa21a cri:fix containerd panic when can't find sandbox extension
  • Fix container io to close after runtime create failure (#​12051)
    • 552f717be bugfix:close container io when runtime create failed
  • Fix the panic caused by the failure of RunPodSandbox (#​12047)
    • c4394d05a Fix the panic caused by the failure of RunPodSandbox
  • ci: bump golang [1.23.10, 1.24.4] in build and release (#​11969)
    • 54f923a30 ci: bump golang [1.23.10, 1.24.4] in build and release
    • 2de777dfe ci: bump golang [1.23.9, 1.24.3] in build and release
  • Enable CIs to run on WS2022 and WS2025 (#​11970)
    • 9724cd5ea Enable CIs to run on WS2022 and WS2025
  • Fix incompatibility with some pre-v3 shims (#​11973)
    • 7fc3151fc *: properly shutdown non-groupable shims to prevent resource leaks
    • 4396336a1 core/runtime: should invoke shim binary
    • 10bcc6929 Revert "not set sandbox id when use podsandbox type"
    • f38eb62b6 integration: add testcase to recover ungroupable shim
    • 2358561d5 Update release upgrade tests to test 1.7 and 2.0
    • 8931b1464 Fix upgrade test runtime config
  • Fetch image with default platform only in TestExportAndImportMultiLayer (#​11944)
    • fc9235910 Fetch image with default platform only in TestExportAndImportMultiLayer
  • Add extension to sandbox metadata store on create sandbox (#​11808)
    • f8679737e store extension when create sandbox in store
  • Fix cross-repo mount fallback after authorization failure (#​11832)
    • cbfa66223 fix(docker pusher): if authorizing a cross-repo mount fails, fall back
  • .github: do not mark 2.0 releases as latest (#​11820)
    • 7bf4d0a40 .github: do not mark 2.0 releases as latest
  • Update runc binary to v1.3.0 (#​11801)
  • Revert "disable portmap test in ubuntu-22 to make CI happy" (#​11784)
    • 7cf3c604e fix unbound SKIP_TEST variable error
    • 827be7c9d Revert "disable portmap test in ubuntu-22 to make CI happy"
  • Update containerd config dump to reflect plugin config migrations (#​11772)
    • 626a57dd7 fix: update containerd config dump to reflect plugin config migrations.
  • core/transfer/local: should not mark completed if it's not found (#​11768)
    • 983dd336f core/transfer/local: should not mark complete if it's not found
  • Fix issue where Prometheus metric names changed for CRI (#​11750)
    • d2a30ea0c Revert criserver metrics subsystem back to cri
  • Fix issue preventing some v2 shims from shutting down properly (#​11741)
    • e9804ee0e not set sandbox id when use podsandbox type
  • [CI] Fix vagrant (#​11740)

Dependency Changes
  • golang.org/x/crypto v0.36.0 -> v0.40.0
  • golang.org/x/exp aacd6d4 -> 6ae5c78
  • golang.org/x/mod v0.21.0 -> v0.26.0
  • golang.org/x/net v0.37.0 -> v0.42.0
  • golang.org/x/oauth2 v0.28.0 -> v0.30.0
  • golang.org/x/sync v0.12.0 -> v0.16.0
  • golang.org/x/sys v0.31.0 -> v0.34.0
  • golang.org/x/term v0.30.0 -> v0.33.0
  • golang.org/x/text v0.23.0 -> v0.27.0
  • golang.org/x/time v0.3.0 -> v0.12.0

Previous release can be found at v2.0.5

Which file should I download?
  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@anaconda-renovate
Copy link
Copy Markdown
Author

anaconda-renovate Bot commented Nov 7, 2025

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 3 additional dependencies were updated

Details:

Package Change
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 -> v0.0.0-20250711185948-6ae5c78190dc
golang.org/x/mod v0.25.0 -> v0.26.0
golang.org/x/tools v0.34.0 -> v0.35.0

@anaconda-renovate anaconda-renovate Bot force-pushed the deps-update/main-go-github.com-containerd-containerd-v2-vulnerability branch from 8f427fb to 07f2cea Compare May 31, 2026 15:58
@anaconda-renovate anaconda-renovate Bot changed the title chore(deps): update module github.com/containerd/containerd/v2 to v2.0.7 [security] (main) chore(deps): update module github.com/containerd/containerd/v2 to v2.0.9 [security] (main) May 31, 2026
@anaconda-renovate
Copy link
Copy Markdown
Author

anaconda-renovate Bot commented May 31, 2026

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 3 additional dependencies were updated

Details:

Package Change
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 -> v0.0.0-20250711185948-6ae5c78190dc
golang.org/x/mod v0.25.0 -> v0.26.0
golang.org/x/tools v0.34.0 -> v0.35.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/security dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants