Bump github.com/containerd/containerd/api from 1.8.0 to 1.9.0 in /cmd

[dependabot]

Bumps github.com/containerd/containerd/api from 1.8.0 to 1.9.0.

Release notes

Sourced from github.com/containerd/containerd/api's releases.

containerd API 1.9.0

Welcome to the api/v1.9.0 release of containerd!

The 10th release for the containerd 1.x API aligns with the containerd 2.1 release.

Highlights

• Add content create event (#11006)

Image Distribution

• Enable HTTP debug and trace for transfer based puller (#10762)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Maksym Pavlenko
• Akihiro Suda
• Davanum Srinivas
• Phil Estes
• Adrian Reber
• Jin Dong
• Philip Laine

Changes

• Prepare release notes for api/v1.9.0 (#11812)
  • 145175bf4 Prepare release notes for api/v1.9.0
• Add release notes for api v1.9.0-rc.0 (#11751)
  • c0ce618a1 Add release notes for api v1.9.0-rc.0
• Enable HTTP debug and trace for transfer based puller (#10762)
  • 17b6e1ef8 Allow streaming to client
  • 40eb2fdbb Fix protos
  • 1d436803d Add http debug fields to OCI registry protos
• Add content create event (#11006)
  • 752914b5b Add content create event to api
• bump golang.org/x/net from 0.33.0 to 0.37.0 (#11574)
  • 7fe5c4123 go.mod: golang.org/x/net v0.37.0
• Support container restore through CRI/Kubernetes (#10365)
  • 9e6beafd5 Support container restore through CRI/Kubernetes
• build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /api (#11472)
  • 37fe1e8b4 build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /api
• Bump to newer opencontainers/image-spec @ v1.1.1 (#11461)
  • d37ea6977 Bump to newer opencontainers/image-spec @ v1.1.1

... (truncated)

Changelog

Sourced from github.com/containerd/containerd/api's changelog.

Versioning and Release

This document details the versioning and release plan for containerd. Stability is a top goal for this project, and we hope that this document and the processes it entails will help to achieve that. It covers the release process, versioning numbering, backporting, API stability and support horizons.

If you rely on containerd, it would be good to spend time understanding the areas of the API that are and are not supported and how they impact your project in the future.

This document will be considered a living document. Supported timelines, backport targets and API stability guarantees will be updated here as they change.

If there is something that you require or this document leaves out, please reach out by filing an issue.

Releases

Releases of containerd will be versioned using dotted triples, similar to Semantic Version. For the purposes of this document, we will refer to the respective components of this triple as <major>.<minor>.<patch>. The version number may have additional information, such as alpha, beta and release candidate qualifications. Such releases will be considered "pre-releases".

Major and Minor Releases

Major and minor releases of containerd will be made from main. Releases of containerd will be marked with GPG signed tags and announced at https://github.com/containerd/containerd/releases. The tag will be of the format v<major>.<minor>.<patch> and should be made with the command git tag -s v<major>.<minor>.<patch>.

After a minor release, a branch will be created, with the format release/<major>.<minor> from the minor tag. All further patch releases will be done from that branch. For example, once we release v1.0.0, a branch release/1.0 will be created from that tag. All future patch releases will be done against that branch.

Release Cadence

Minor releases are provided on a time basis with an initial cadence of 6 months. The next two containerd releases should have a target release date scheduled based on the current release cadence. Changes to the release cadence will not impact releases which are already scheduled.

The maintainers will maintain a roadmap and milestones for each release, however, features may be pushed to accommodate the release timeline. If your issue or feature

... (truncated)

Commits

• 9033738 Merge pull request #11812 from dmcgowan/prepare-api-v1.9.0
• 145175b Prepare release notes for api/v1.9.0
• 5a3bbca Merge pull request #11724 from swagatbora90/cri-image-transfer-doc-update
• 3a1c2db Merge pull request #11793 from fuweid/carry-on-11761
• a806c0a Merge pull request #11796 from containerd/dependabot/go_modules/golang-x-c9f3...
• 5dc29f0 core/runtime: should invoke shim binary
• 76d3ad5 Merge pull request #11798 from containerd/dependabot/github_actions/github/co...
• e5ef650 Revert "not set sandbox id when use podsandbox type"
• 1c70f23 integration: add testcase to recover ungroupable shim
• 00824bf Merge pull request #11792 from mikebrow/reducing-k8s-vendor-footprint-apimach...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/containerd/containerd/api	1.9.0	🟢 9.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices 🟢 5 badge detected: Passing Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 9 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases 🟢 10 4 out of the last 4 releases have a total of 4 signed artifacts. SAST 🟢 10 SAST tool is run on all commits Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Vulnerabilities 🟢 9 1 existing vulnerabilities detected

Scanned Files

• cmd/go.mod

[dependabot]

Looks like github.com/containerd/containerd/api is up-to-date now, so this is no longer needed.