containerd

Files

Sebastiaan van Stijn 45e425ccce vendor: github.com/golang/protobuf v1.5.4

commit 10c7f03b3b updated google.golang.org/protobuf
to v1.33.0, which addresses CVE-2024-24786, however a follow-up post on the
Golang security list issued a warning that the v1.33.0 update introduced a
breaking change, causing compatibility with github.com/golang/protobuf to be
broken;

> A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown
> option is set (as well as when unmarshaling into any message which contains a
> google.protobuf.Any). There is no UnmarshalUnknown option.
>
> In addition, version 1.33.0 of google.golang.org/protobuf inadvertently
> introduced an incompatibility with the older github.com/golang/protobuf
> module. (https://github.com/golang/protobuf/issues/1596) Users of the older
> module should update to github.com/golang/protobuf@v1.5.4.

Containerd itself does not appear to be using this code, but consumers may be,
so update the github.com/golang/protobuf to restore compatibility.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

2024-03-18 13:44:06 +01:00

dario.cat/mergo

go.mod: dario.cat/mergo v1.0.0

2023-07-23 03:08:00 +09:00

github.com

Merge pull request #9916 from containerd/dependabot/go_modules/github.com/stretchr/testify-1.9.0

2024-03-07 23:32:08 +00:00

go.etcd.io/bbolt

vendor: go.etcd.io/bbolt v1.3.9

2024-02-27 15:12:15 +01:00

go.opencensus.io

Bump grpc to v1.51.0