close
Skip to content

chore(deps): bump the go-modules-root group with 2 updates#868

Merged
ilopezluna merged 1 commit intomainfrom
dependabot/go_modules/go-modules-root-abc81646bb
Apr 20, 2026
Merged

chore(deps): bump the go-modules-root group with 2 updates#868
ilopezluna merged 1 commit intomainfrom
dependabot/go_modules/go-modules-root-abc81646bb

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026

Bumps the go-modules-root group with 2 updates: github.com/containerd/containerd/v2 and github.com/mattn/go-shellwords.

Updates github.com/containerd/containerd/v2 from 2.2.2 to 2.2.3

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.2.3

Welcome to the v2.2.3 release of containerd!

The third patch release for containerd 2.2 contains various fixes and updates including a security patch.

Security Updates

Highlights

Container Runtime Interface (CRI)

  • Preserve cgroup mount options for privileged containers (#13120)
  • Ensure UpdatePodSandbox returns Unimplemented instead of a generic error (#13023)

Go client

  • Handle absolute symlinks in rootfs user lookup to fix regressions when using Go 1.24 (#13015)

Image Distribution

  • Enable mount manager in diff walking to fix layer extraction errors with some snapshotters (e.g., EROFS) (#13198)
  • Apply hardening to prevent TOCTOU race during tar extraction (#12971)

Runtime

  • Restore support for client-mounted roots in Windows containers using process isolation (#13195)
  • Update runc to v1.3.5 (#13061)
  • Apply absolute symlink resolution to /etc/group in OCI spec to fix lookups on NixOS-style systems (#13019)
  • Handle absolute symlinks in rootfs user lookup to fix regressions when using Go 1.24 (#13015)

Snapshotters

  • Fix bug that caused whiteouts to be ignored when parallel unpack was used (#13125)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Samuel Karp
  • Sebastiaan van Stijn
  • Maksym Pavlenko
  • Chris Henzie
  • Derek McGowan
  • Paulo Oliveira
  • Henry Wang

... (truncated)

Commits
  • 77c8424 Merge pull request #13224 from samuelkarp/prepare-release-2.2.3
  • 8a0f4ed Prepare release notes for v2.2.3
  • 1383828 Merge pull request #13217 from samuelkarp/update-spdystream-2.2
  • 31bd34a update github.com/moby/spdystream v0.5.1
  • d2c2fc3 Merge pull request #13197 from thaJeztah/2.2_bump_compress
  • 6b3c2de Merge pull request #13198 from k8s-infra-cherrypick-robot/cherry-pick-13186-t...
  • 409f75b diff/walking: enable mount manager
  • 1336f6c vendor: github.com/klauspost/compress v1.18.5
  • 33e9334 Merge pull request #13195 from thaJeztah/2.2_bump_runhcs
  • 0d85aef Merge pull request #13196 from thaJeztah/2.2_bump_hcsshim
  • Additional commits viewable in compare view

Updates github.com/mattn/go-shellwords from 1.0.12 to 1.0.13

Commits
  • fd1aa6c Run gofmt: add missing //go:build directives and trailing newlines
  • e73986e Treat bare ')' as syntax error regardless of ParseBacktick
  • 9a78803 Merge pull request #60 from scumfrog/security-fix-cve
  • b074fa0 fix: preserve parser compatibility for unmatched ')' handling
  • 735b5e8 Implement tests for shellwords parser functionality
  • e2951fc Fix dollarQuote state management in shellwords.go
  • 551a1d0 Update CI: Go 1.25/1.26 and latest GitHub Actions
  • f3bbb6f Merge pull request #53 from ndeloof/master
  • f6737fe parse \t as TAB, not escaped t
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the go-modules-root group with 2 updates
293c48b 
Bumps the go-modules-root group with 2 updates: [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) and [github.com/mattn/go-shellwords](https://github.com/mattn/go-shellwords).


Updates `github.com/containerd/containerd/v2` from 2.2.2 to 2.2.3
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v2.2.2...v2.2.3)

Updates `github.com/mattn/go-shellwords` from 1.0.12 to 1.0.13
- [Commits](mattn/go-shellwords@v1.0.12...v1.0.13)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-modules-root
- dependency-name: github.com/mattn/go-shellwords
  dependency-version: 1.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-modules-root
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 20, 2026
@ilopezluna ilopezluna merged commit 6dce306 into main Apr 20, 2026
10 of 11 checks passed
@ilopezluna ilopezluna deleted the dependabot/go_modules/go-modules-root-abc81646bb branch April 20, 2026 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ilopezluna ilopezluna ilopezluna approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ilopezluna