Bump dependencies using scripts/bump-deps.sh

[github-actions]

This PR created by create-pull-request must be closed and reopened manually to trigger automated checks.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 8 package(s) with unknown licenses.

See the Details below.

License Issues

cmd/go.mod

Package	Version	License	Issue Type
github.com/docker/cli	29.3.0+incompatible	Null	Unknown License
golang.org/x/sync	0.20.0	Null	Unknown License
golang.org/x/sys	0.42.0	Null	Unknown License
golang.org/x/time	0.15.0	Null	Unknown License

go.mod

Package	Version	License	Issue Type
github.com/docker/cli	29.3.0+incompatible	Null	Unknown License
golang.org/x/sync	0.20.0	Null	Unknown License
golang.org/x/sys	0.42.0	Null	Unknown License
golang.org/x/time	0.15.0	Null	Unknown License

Allowed Licenses:

Apache-2.0, BSD-2-Clause, BSD-2-Clause-FreeBSD, BSD-3-Clause, LicenseRef-scancode-google-patent-license-golang, MIT, ISC, Python-2.0, PostgreSQL, X11, Zlib

Excluded from license check:

pkg:golang/github.com/hashicorp/go-retryablehttp, pkg:golang/github.com/hashicorp/errwrap, pkg:golang/github.com/hashicorp/go-cleanhttp, pkg:golang/github.com/hashicorp/go-multierror

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/docker/cli	29.3.0+incompatible	Unknown	Unknown
gomod/github.com/urfave/cli/v3	3.7.0	🟢 7.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 2 SAST tool is not run on all commits -- score normalized to 2
gomod/golang.org/x/sync	0.20.0	Unknown	Unknown
gomod/golang.org/x/sys	0.42.0	Unknown	Unknown
gomod/golang.org/x/time	0.15.0	Unknown	Unknown
gomod/github.com/docker/cli	29.3.0+incompatible	Unknown	Unknown
gomod/golang.org/x/sync	0.20.0	Unknown	Unknown
gomod/golang.org/x/sys	0.42.0	Unknown	Unknown
gomod/golang.org/x/time	0.15.0	Unknown	Unknown

Scanned Files

• cmd/go.mod
• go.mod

[sondavidb]

target testing: failed to solve: process "/bin/sh -c curl -sSL --output /tmp/containerd.tgz [https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-linux-${TARGETARCH:-amd64}.tar.gz](https://github.com/containerd/containerd/releases/download/v$%7BCONTAINERD_VERSION%7D/containerd-$%7BCONTAINERD_VERSION%7D-linux-$%7BTARGETARCH:-amd64%7D.tar.gz)     && tar zxvf /tmp/containerd.tgz -C /usr/local/     && rm -f /tmp/containerd.tgz" did not complete successfully: exit code: 2

Still haven't figured out why we get this intermittently :/