Bump the go_modules group across 3 directories with 3 updates

[dependabot]

Bumps the go_modules group with 1 update in the /cmd directory: github.com/golang-jwt/jwt/v4.
Bumps the go_modules group with 2 updates in the /launcher directory: github.com/golang-jwt/jwt/v4 and github.com/containerd/containerd/v2.
Bumps the go_modules group with 1 update in the /verifier directory: github.com/golang-jwt/jwt/v4.

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

• 2f0e9ad Backporting 0951d18 to v4
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

• 2f0e9ad Backporting 0951d18 to v4
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

• 2f0e9ad Backporting 0951d18 to v4
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

• 2f0e9ad Backporting 0951d18 to v4
• See full diff in compare view

Updates github.com/containerd/containerd/v2 from 2.0.1 to 2.0.7

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.0.7

Welcome to the v2.0.7 release of containerd!

The seventh patch release for containerd 2.0 includes various bug fixes and updates.

Security Updates

• containerd

  • GHSA-pwhc-rpq9-4c8w
  • GHSA-m6hq-p25p-ffr2

• runc

  • GHSA-qw9x-cqr3-wc7r
  • GHSA-cgrx-mc8f-2prm
  • GHSA-9493-h29p-rfm2

Highlights

Container Runtime Interface (CRI)

• Disable event subscriber during task cleanup (#12406)
• Add SystemdCgroup to default runtime options (#12254)
• Fix userns with container image VOLUME mounts that need copy (#12241)

Image Distribution

• Add dial timeout field to hosts toml configuration (#12136)

Runtime

• Update runc binary to v1.3.3 (#12479)
• Fix lost container logs from quickly closing io (#12376)
• Create bootstrap.json with 0644 permission (#12184)
• Fix pidfd leak in UnshareAfterEnterUserns (#12178)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Austin Vazquez
• Phil Estes
• Rodrigo Campos
• Wei Fu
• Akihiro Suda
• Derek McGowan
• Maksym Pavlenko
• ningmingxiao
• Kirtana Ashok
• Akhil Mohan

... (truncated)

Changelog

Sourced from github.com/containerd/containerd/v2's changelog.

Versioning and Release

This document details the versioning and release plan for containerd. Stability is a top goal for this project, and we hope that this document and the processes it entails will help to achieve that. It covers the release process, versioning numbering, backporting, API stability and support horizons.

If you rely on containerd, it would be good to spend time understanding the areas of the API that are and are not supported and how they impact your project in the future.

This document will be considered a living document. Supported timelines, backport targets and API stability guarantees will be updated here as they change.

If there is something that you require or this document leaves out, please reach out by filing an issue.

Releases

Releases of containerd will be versioned using dotted triples, similar to Semantic Version. For the purposes of this document, we will refer to the respective components of this triple as <major>.<minor>.<patch>. The version number may have additional information, such as alpha, beta and release candidate qualifications. Such releases will be considered "pre-releases".

Major and Minor Releases

Major and minor releases of containerd will be made from main. Releases of containerd will be marked with GPG signed tags and announced at https://github.com/containerd/containerd/releases. The tag will be of the format v<major>.<minor>.<patch> and should be made with the command git tag -s v<major>.<minor>.<patch>.

After a minor release, a branch will be created, with the format release/<major>.<minor> from the minor tag. All further patch releases will be done from that branch. For example, once we release v1.0.0, a branch release/1.0 will be created from that tag. All future patch releases will be done against that branch.

Release Cadence

Since containerd v2.3 in April 2026, minor releases are provided on a time basis with a cadence of 4 months. New minor releases are scheduled for April, August, and December of each year. This cadence is synchronized with the Kubernetes release schedule to ensure that new features in containerd can be smoothly adopted by new Kubernetes releases.

The maintainers will maintain a roadmap and milestones for each release, however,

... (truncated)

Commits

• 4ac6c20 Merge pull request #12482 from austinvazquez/prep_2_0_7
• 4931e24 Prepare release notes for v2.0.7
• 205bc4f Update mailmap
• 5f708b7 Merge commit from fork
• 05290b5 Merge commit from fork
• f319588 Merge pull request #12479 from k8s-infra-cherrypick-robot/cherry-pick-12475-t...
• b46dc6a runc: Update runc binary to v1.3.3
• b4e0409 Merge pull request #12361 from austinvazquez/cherry-pick-c039f534907ff206dd91...
• 8bc2606 Merge pull request #12376 from k8s-infra-cherrypick-robot/cherry-pick-12364-t...
• 5e9c821 Update GHA runners to use latest images for basic binaries build
• Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

• 2f0e9ad Backporting 0951d18 to v4
• See full diff in compare view

Updates github.com/opencontainers/selinux from 1.11.1 to 1.13.1

Release notes

Sourced from github.com/opencontainers/selinux's releases.

v1.13.1

This release includes a minor update to reduce the minimum version requirement of the github.com/cyphar/filepath-securejoin package from v0.6.0 to v0.5.1. We did not use any of the newer features, so downgrading is a no-op but will help with downstreams that need to backport github.com/opencontainers/selinux updates.

What's Changed

• build(deps): bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in opencontainers/selinux#240
• downgrade github.com/cyphar/filepath-securejoin to v0.5.1 by @​Luap99 in opencontainers/selinux#242

New Contributors

• @​Luap99 made their first contribution in opencontainers/selinux#242

Full Changelog: opencontainers/selinux@v1.13.0...v1.13.1

v1.13.0

What's Changed

• Switch to golangci-lint v2 by @​kolyshkin in opencontainers/selinux#230
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in opencontainers/selinux#233
• build(deps): bump actions/setup-go from 5 to 6 by @​dependabot[bot] in opencontainers/selinux#234
• keyring: fix typo in EACCES check by @​cyphar in opencontainers/selinux#235
• Add Go 1.25, drop go 1.23, bump golangci-lint by @​kolyshkin in opencontainers/selinux#236
• selinux: migrate to pathrs-lite procfs API by @​cyphar in opencontainers/selinux#237

Full Changelog: opencontainers/selinux@v1.12.0...v1.13.0

v1.12.0

This release removes deprecated functions from the label package, and improves documentation and error reporting of SetCreateKey.

What's Changed

• VERSION: remove by @​kolyshkin in opencontainers/selinux#217
• CI: add AlmaLinux 8, CentOS Stream 9, and Fedora by @​AkihiroSuda in opencontainers/selinux#221
• ci: install git-core by @​kolyshkin in opencontainers/selinux#224
• CI: add openSUSE Tumbleweed by @​AkihiroSuda in opencontainers/selinux#223
• Bump Go version, deps, fix some linter issues... by @​kolyshkin in opencontainers/selinux#218
• label: remove deprecated stuff by @​kolyshkin in opencontainers/selinux#228
• Improve SetKeyCreate error reporting, fix test flakes by @​kolyshkin in opencontainers/selinux#227

Full Changelog: opencontainers/selinux@v1.11.1...v1.12.0

Commits

• 5647f06 Merge pull request #242 from Luap99/securejoin
• 69a52b8 downgrade github.com/cyphar/filepath-securejoin to v0.5.1
• 6950c32 Merge pull request #240 from opencontainers/dependabot/github_actions/golangc...
• 9a88c88 build(deps): bump golangci/golangci-lint-action from 8 to 9
• 4be9937 Merge pull request #237 from cyphar/selinux-safe-procfs
• c8cfa6f selinux: migrate to pathrs-lite procfs API
• f2424d8 Merge pull request #236 from kolyshkin/modernize-ci
• 648ce7f ci: add go 1.25
• 916cab9 ci: bump golangci-lint to v2.5
• b42e5c8 all: format sources with latest gofumpt
• Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

• 2f0e9ad Backporting 0951d18 to v4
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

• 2f0e9ad Backporting 0951d18 to v4
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

• 2f0e9ad Backporting 0951d18 to v4
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

• 2f0e9ad Backporting 0951d18 to v4
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.