Bump the go_modules group across 2 directories with 4 updates

[dependabot]

Bumps the go_modules group with 1 update in the /scripts/buildinputs directory: github.com/containerd/containerd.
Bumps the go_modules group with 3 updates in the /scripts/check-payload directory: github.com/containerd/containerd, golang.org/x/net and github.com/containers/image/v5.

Updates github.com/containerd/containerd from 1.7.24 to 1.7.27

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.27

Welcome to the v1.7.27 release of containerd!

The twenty-seventh patch release for containerd 1.7 contains various fixes and updates.

Highlights

• Fix integer overflow in User ID handling (GHSA-265r-hfxg-fhmg)
• Update image type checks to avoid unnecessary logs for attestations (#11538)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Jin Dong
• Akhil Mohan
• Derek McGowan
• Maksym Pavlenko
• Paweł Gronowski
• Phil Estes
• Akihiro Suda
• Craig Ingram
• Krisztian Litkey
• Samuel Karp

Changes

• 05044ec0a Merge commit from fork
• 11504c3fc validate uid/gid
• Prepare release notes for v1.7.27 (#11540)
  • 1be04be6c Prepare release notes for v1.7.27
• Update image type checks to avoid unnecessary logs for attestations (#11538)
  • 82b5c43fe core/remotes: Handle attestations in MakeRefKey
  • 2c670e79b core/images: Ignore attestations when traversing children
• update build to go1.23.7, test go1.24.1 (#11515)
  • a39863c9f update build to go1.23.7, test go1.24.1
• Remove hashicorp/go-multierror dependency and fix CI (#11499)
  • 49537b3a7 e2e: use the shim bundled with containerd artifact
  • fe490b76f Bump up github.com/intel/goresctrl to 0.5.0
  • 13fc9d313 update containerd/project-checks to 1.2.1
  • 585699c94 Remove unnecessary joinError unwrap
  • 4b9df59be Remove hashicorp/go-multierror
• go.{mod,sum}: bump CDI deps to v0.8.1. (#11422)
  • 5ba28f8dc go.{mod,sum}: bump CDI deps to v0.8.1, re-vendor.
• CI: arm64-8core-32gb -> ubuntu-24.04-arm (#11437)
  • 85f10bd92 CI: arm64-8core-32gb -> ubuntu-24.04-arm

... (truncated)

Commits

• 05044ec Merge commit from fork
• 0b7f2a5 Merge pull request #11540 from dmcgowan/prepare-1.7.27
• 574a304 Merge pull request #11538 from dmcgowan/backport-11327
• 1be04be Prepare release notes for v1.7.27
• 82b5c43 core/remotes: Handle attestations in MakeRefKey
• 2c670e7 core/images: Ignore attestations when traversing children
• 11504c3 validate uid/gid
• 576178b Merge pull request #11515 from akhilerm/1.7-updatego1.24.1
• a39863c update build to go1.23.7, test go1.24.1
• 8946aa0 Merge pull request #11499 from djdongjin/1-7-remove-hashi-multierror
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.29.0 to 0.33.0

Commits

• e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
• ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
• 1f1fa29 publicsuffix: regenerate table
• 1215081 http2: improve error when server sends HTTP/1
• 312450e html: ensure <search> tag closes <p> and update tests
• 09731f9 http2: improve handling of lost PING in Server
• 55989e2 http2/h2c: use ResponseController for hijacking connections
• 2914f46 websocket: re-recommend gorilla/websocket
• 99b3ae0 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates github.com/containerd/containerd from 1.5.18 to 1.6.38

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.27

Welcome to the v1.7.27 release of containerd!

The twenty-seventh patch release for containerd 1.7 contains various fixes and updates.

Highlights

• Fix integer overflow in User ID handling (GHSA-265r-hfxg-fhmg)
• Update image type checks to avoid unnecessary logs for attestations (#11538)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Jin Dong
• Akhil Mohan
• Derek McGowan
• Maksym Pavlenko
• Paweł Gronowski
• Phil Estes
• Akihiro Suda
• Craig Ingram
• Krisztian Litkey
• Samuel Karp

Changes

• 05044ec0a Merge commit from fork
• 11504c3fc validate uid/gid
• Prepare release notes for v1.7.27 (#11540)
  • 1be04be6c Prepare release notes for v1.7.27
• Update image type checks to avoid unnecessary logs for attestations (#11538)
  • 82b5c43fe core/remotes: Handle attestations in MakeRefKey
  • 2c670e79b core/images: Ignore attestations when traversing children
• update build to go1.23.7, test go1.24.1 (#11515)
  • a39863c9f update build to go1.23.7, test go1.24.1
• Remove hashicorp/go-multierror dependency and fix CI (#11499)
  • 49537b3a7 e2e: use the shim bundled with containerd artifact
  • fe490b76f Bump up github.com/intel/goresctrl to 0.5.0
  • 13fc9d313 update containerd/project-checks to 1.2.1
  • 585699c94 Remove unnecessary joinError unwrap
  • 4b9df59be Remove hashicorp/go-multierror
• go.{mod,sum}: bump CDI deps to v0.8.1. (#11422)
  • 5ba28f8dc go.{mod,sum}: bump CDI deps to v0.8.1, re-vendor.
• CI: arm64-8core-32gb -> ubuntu-24.04-arm (#11437)
  • 85f10bd92 CI: arm64-8core-32gb -> ubuntu-24.04-arm

... (truncated)

Commits

• 05044ec Merge commit from fork
• 0b7f2a5 Merge pull request #11540 from dmcgowan/prepare-1.7.27
• 574a304 Merge pull request #11538 from dmcgowan/backport-11327
• 1be04be Prepare release notes for v1.7.27
• 82b5c43 core/remotes: Handle attestations in MakeRefKey
• 2c670e7 core/images: Ignore attestations when traversing children
• 11504c3 validate uid/gid
• 576178b Merge pull request #11515 from akhilerm/1.7-updatego1.24.1
• a39863c update build to go1.23.7, test go1.24.1
• 8946aa0 Merge pull request #11499 from djdongjin/1-7-remove-hashi-multierror
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.36.0 to 0.38.0

Commits

• e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
• ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
• 1f1fa29 publicsuffix: regenerate table
• 1215081 http2: improve error when server sends HTTP/1
• 312450e html: ensure <search> tag closes <p> and update tests
• 09731f9 http2: improve handling of lost PING in Server
• 55989e2 http2/h2c: use ResponseController for hijacking connections
• 2914f46 websocket: re-recommend gorilla/websocket
• 99b3ae0 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates github.com/containers/image/v5 from 5.22.1 to 5.29.3

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.29.3

What's Changed

• Backport Docker Daemon fix #2260, bump to 5.29.2, then 5.29.3-dev by @​TomSweeneyRedHat in containers/image#2270
• [release-5.29] Fix CVE-2024-3727 by @​mtrmac in containers/image#2418

Full Changelog: containers/image@v5.29.2...v5.29.3

v5.29.2

What's Changed

• [release-5.29] backport Docker Daemon fix by @​TomSweeneyRedHat in containers/image#2270
• [release-5.29] Tag 5.29.1 by @​mtrmac in containers/image#2253
• Use a stable Skopeo branch for testing the stable c/image branch by @​mtrmac in containers/image#2262

Full Changelog: containers/image@v5.29.1...v5.29.2

v5.29.1

• Add support for pushing an image with unknown digest

v5.29.0

What's Changed

• Bump to v5.28.0 by @​rhatdan in containers/image#2114
• fix(deps): update module github.com/containers/storage to v1.50.2 by @​renovate in containers/image#2115
• Run codespell on code by @​rhatdan in containers/image#2116
• fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5 by @​renovate in containers/image#2117
• Use constants and types from opencontainers/image-spec/specs-go/v1 by @​mtrmac in containers/image#2119
• progress: set Current before Refill by @​giuseppe in containers/image#2121
• copy: fix nil pointer dereference when checking compression algorithm by @​crazy-max in containers/image#2120
• fix(deps): update module github.com/klauspost/compress to v1.17.0 by @​renovate in containers/image#2122
• fix(deps): update module github.com/sylabs/sif/v2 to v2.14.0 by @​renovate in containers/image#2124
• ociarchive: Add new ArchiveFileNotFoundError by @​cgwalters in containers/image#2123
• fix: typo by @​testwill in containers/image#2125
• fix(deps): update module github.com/sylabs/sif/v2 to v2.14.1 by @​renovate in containers/image#2126
• fix(deps): update golang.org/x/exp digest to 7918f67 by @​renovate in containers/image#2130
• fix(deps): update module github.com/sylabs/sif/v2 to v2.15.0 by @​renovate in containers/image#2137
• fix(deps): update module golang.org/x/oauth2 to v0.13.0 by @​renovate in containers/image#2136
• Fix podman search for docker.io/library images by @​boaz0 in containers/image#2133
• fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible by @​renovate in containers/image#2131
• fix(deps): update module github.com/sigstore/fulcio to v1.4.1 by @​renovate in containers/image#2138
• fix(deps): update module github.com/sigstore/fulcio to v1.4.2 by @​renovate in containers/image#2140
• Oci image deletion by @​Pvlerick in containers/image#2003
• fix(deps): update module github.com/sigstore/fulcio to v1.4.3 by @​renovate in containers/image#2142
• fix(deps): update module github.com/otiai10/copy to v1.14.0 by @​renovate in containers/image#2144
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2 by @​renovate in containers/image#2146
• fix(deps): update module github.com/klauspost/compress to v1.17.1 by @​renovate in containers/image#2148
• fix(deps): update module github.com/sigstore/sigstore to v1.7.4 by @​renovate in containers/image#2145
• chore(deps): update dependency containers/automation_images to v20231004 by @​renovate in containers/image#2150
• Fix conversion of Zstd images to non-OCI formats by @​mtrmac in containers/image#2151
• Parse the body of (docker load) response to correctly handle errors by @​mtrmac in containers/image#2153

... (truncated)

Commits

• 3e684b1 [release-5.29] Bump to v5.29.3
• e894804 Merge pull request #2418 from mtrmac/digest-unmarshal-5.29
• 6e25805 Validate the tags returned by a registry
• 086c760 Call .Validate() before digest.Digest.String() if necessary
• 0860c58 Refactor the error handling further
• 7b58b43 Refactor the error handling path of saveStream
• af94ba1 Call .Validate() before digest.Hex() / digest.Encoded()
• 9c49ca1 Validate digests before using them
• 534068f Merge pull request #2270 from TomSweeneyRedHat/dev/tsweeney/ddaemon
• 0111e79 [release-5.29] Bump to v5.29.3-dev
• Additional commits viewable in compare view

Updates github.com/docker/docker from 20.10.17+incompatible to 24.0.7+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v24.0.7

24.0.7

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.7 milestone
• moby/moby, 24.0.7 milestone

Bug fixes and enhancements

• Write overlay2 layer metadata atomically. moby/moby#46703
• Fix "Rootful-in-Rootless" Docker-in-Docker on systemd version 250 and later. moby/moby#46626
• Fix dockerd-rootless-setuptools.sh when username contains a backslash. moby/moby#46407
• Fix a bug that would prevent network sandboxes to be fully deleted when stopping containers with no network attachments and when dockerd --bridge=none is used. moby/moby#46702
• Fix a bug where cancelling an API request could interrupt container restart. moby/moby#46697
• Fix an issue where containers would fail to start when providing --ip-range with a range larger than the subnet. docker/for-mac#6870
• Fix data corruption with zstd output. moby/moby#46709
• Fix the conditions under which the container's MAC address is applied. moby/moby#46478
• Improve the performance of the stats collector. moby/moby#46448
• Fix an issue with source policy rules ending up in the wrong order. moby/moby#46441

Packaging updates

• Add support for Fedora 39 and Ubuntu 23.10. docker/docker-ce-packaging#940, docker/docker-ce-packaging#955
• Fix docker.socket not getting disabled when uninstalling the docker-ce RPM package. docker/docker-ce-packaging#852
• Upgrade Go to go1.20.10. docker/docker-ce-packaging#951
• Upgrade containerd to v1.7.6 (static binaries only). moby/moby#46103
• Upgrade the containerd.io package to v1.6.24.

Security

• Deny containers access to /sys/devices/virtual/powercap by default. This change hardens against CVE-2020-8694, CVE-2020-8695, and CVE-2020-12912, and an attack known as the PLATYPUS attack. For more details, see advisory, commit.

v24.0.6

24.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.6 milestone
• moby/moby, 24.0.6 milestone

Bug fixes and enhancements

• containerd storage backend: Fix docker ps failing when a container image is no longer present in the content store. moby/moby#46095
• containerd storage backend: Fix docker ps -s -a and docker container prune failing when a container image config is no longer present in the content store. moby/moby#46097
• containerd storage backend: Fix docker inspect failing when a container image config is no longer (or was never) present in the content store. moby/moby#46244
• containerd storage backend: Fix diff and export with the overlayfs snapshotter by using reference-counted rootfs mounts. moby/moby#46266
• containerd storage backend: Fix a misleading error message when the image platforms available locally do not match the desired platform. moby/moby#46300
• containerd storage backend: Fix the FROM scratch Dockerfile instruction with the classic builder. moby/moby#46302
• containerd storage backend: Fix mismatched image rootfs and manifest layers errors with the classic builder. moby/moby#46310

... (truncated)

Commits

• 311b9ff Merge pull request #46697 from thaJeztah/24.0_backport_restart_nocancel
• af60804 Merge pull request from GHSA-jq35-85cj-fj4p
• 3cf363e Merge pull request #46709 from thaJeztah/24.0_backport_bump_compress
• 05d7386 daemon: daemon.containerRestart: don't cancel restart on context cancel
• 649c944 Merge pull request #46703 from thaJeztah/24.0_backport_atomic-layer-data-write
• 9b20b1a Merge pull request #46702 from thaJeztah/24.0_backport_releaseNetwork_Network...
• dd37b0b vendor: github.com/klauspost/compress v1.17.2
• 7058c0d vendor: github.com/klauspost/compress v1.16.5
• 57bd388 daemon: overlay2: Write layer metadata atomically
• 05d95fd daemon: release sandbox even when NetworkDisabled
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.