dependabot[bot] opened a new pull request, #1243:
URL: https://github.com/apache/iceberg-go/pull/1243

   Bumps 
[github.com/containerd/containerd/v2](https://github.com/containerd/containerd) 
from 2.2.4 to 2.2.5.
   <details>
   <summary>Release notes</summary>
   <p><em>Sourced from <a 
href="https://github.com/containerd/containerd/releases";>github.com/containerd/containerd/v2's
 releases</a>.</em></p>
   <blockquote>
   <h2>containerd 2.2.5</h2>
   <p>Welcome to the v2.2.5 release of containerd!</p>
   <p>The fifth patch release for containerd 2.2 contains various fixes
   and updates including security patches.</p>
   <h3>Security Updates</h3>
   <ul>
   <li><strong>containerd</strong>
   <ul>
   <li><a 
href="https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574";><strong>CVE-2026-50195</strong></a></li>
   <li><a 
href="https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp";><strong>CVE-2026-53488</strong></a></li>
   <li><a 
href="https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc";><strong>CVE-2026-53492</strong></a></li>
   <li><a 
href="https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388";><strong>CVE-2026-53489</strong></a></li>
   <li><a 
href="https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq";><strong>CVE-2026-47262</strong></a></li>
   </ul>
   </li>
   </ul>
   <p>Please try out the release binaries and report any issues at
   <a 
href="https://github.com/containerd/containerd/issues";>https://github.com/containerd/containerd/issues</a>.</p>
   <h3>Contributors</h3>
   <ul>
   <li>Samuel Karp</li>
   <li>Chris Henzie</li>
   <li>Akihiro Suda</li>
   <li>Derek McGowan</li>
   <li>Maksym Pavlenko</li>
   <li>Akhil Mohan</li>
   <li>Ben Cressey</li>
   <li>Brian Goff</li>
   <li>Davanum Srinivas</li>
   <li>Sebastiaan van Stijn</li>
   </ul>
   <h3>Changes</h3>
   <!-- raw HTML omitted -->
   <ul>
   <li>Prepare release notes for v2.2.5 (<a 
href="https://redirect.github.com/containerd/containerd/pull/13628";>#13628</a>)
   <ul>
   <li><a 
href="https://github.com/containerd/containerd/commit/269031099e51bd875bc8097b79a41fd00af08a28";><code>269031099</code></a>
 Prepare release notes for v2.2.5</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/ad59aa5647ac505a97965f521e21fcd4f9403631";><code>ad59aa564</code></a>
 Merge commit from fork</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/0b4d23690ead6f34fb990155e1cc19d27f906370";><code>0b4d23690</code></a>
 Merge commit from fork</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/be8460656b84c4a1a4b244a03801e9fff1e914d3";><code>be8460656</code></a>
 cri: filter CDI annotations on checkpoint restore</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/347240f72479246a801ea4ec4304e180ac45b85e";><code>347240f72</code></a>
 Merge commit from fork</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/cff57884176a1e6ba0857a417753d799958e0f46";><code>cff578841</code></a>
 cri: do not re-tag restored checkpoints</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/668cf2c2fd0d9c6394f2aa95c44c4735c353d380";><code>668cf2c2f</code></a>
 Merge commit from fork</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/357652293053d0cd3ed565f718b0050aa662ae1a";><code>357652293</code></a>
 cri: make checkpoint restore robust to unexpected archive content</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/d43da05af9b515b89740889a84a91c8ed27a73f0";><code>d43da05af</code></a>
 Merge commit from fork</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/30708e8d1142287e9c6bb839f1b3f84c71ca4485";><code>30708e8d1</code></a>
 Bound user-database file reads in openUserFile</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/028647ea2597eb3f7add39c6171b62768e0be74c";><code>028647ea2</code></a>
 Merge commit from fork</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/b6072a49f8d3f6efc5ac9895efbb1852b16a2602";><code>b6072a49f</code></a>
 Do not propagate reserved labels from image configs</li>
   </ul>
   </li>
   <li>vendor: golang.org/x/crypto v0.53.0 (<a 
href="https://redirect.github.com/containerd/containerd/pull/13607";>#13607</a>)
   <ul>
   <li><a 
href="https://github.com/containerd/containerd/commit/cfea2c1413a55243e5d8db9def5ed5e3e595894e";><code>cfea2c141</code></a>
 [release/2.2] vendor: golang.org/x/crypto v0.53.0</li>
   </ul>
   </li>
   </ul>
   <!-- raw HTML omitted -->
   </blockquote>
   <p>... (truncated)</p>
   </details>
   <details>
   <summary>Commits</summary>
   <ul>
   <li><a 
href="https://github.com/containerd/containerd/commit/e53c7c1516c3b2bff98eb76f1f4117477e6f4e66";><code>e53c7c1</code></a>
 Merge pull request <a 
href="https://redirect.github.com/containerd/containerd/issues/13628";>#13628</a>
 from samuelkarp/prepare-2.2.5</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/269031099e51bd875bc8097b79a41fd00af08a28";><code>2690310</code></a>
 Prepare release notes for v2.2.5</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/ad59aa5647ac505a97965f521e21fcd4f9403631";><code>ad59aa5</code></a>
 Merge commit from fork</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/8bea48a3997876dd5936c8586c9610d623dda63c";><code>8bea48a</code></a>
 Merge pull request <a 
href="https://redirect.github.com/containerd/containerd/issues/13607";>#13607</a>
 from thaJeztah/2.2_bump_crypto</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/699c4fb4560805ae4497e2bb488aaea52d61dd4d";><code>699c4fb</code></a>
 Merge pull request <a 
href="https://redirect.github.com/containerd/containerd/issues/13606";>#13606</a>
 from AkihiroSuda/runc-1.3.6-containerd-2.2</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/cfea2c1413a55243e5d8db9def5ed5e3e595894e";><code>cfea2c1</code></a>
 [release/2.2] vendor: golang.org/x/crypto v0.53.0</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/fc96ea6b3fbcd8fb467914a3fe5f977a5705efff";><code>fc96ea6</code></a>
 update runc binary to v1.3.6</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/0b4d23690ead6f34fb990155e1cc19d27f906370";><code>0b4d236</code></a>
 Merge commit from fork</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/347240f72479246a801ea4ec4304e180ac45b85e";><code>347240f</code></a>
 Merge commit from fork</li>
   <li><a 
href="https://github.com/containerd/containerd/commit/668cf2c2fd0d9c6394f2aa95c44c4735c353d380";><code>668cf2c</code></a>
 Merge commit from fork</li>
   <li>Additional commits viewable in <a 
href="https://github.com/containerd/containerd/compare/v2.2.4...v2.2.5";>compare 
view</a></li>
   </ul>
   </details>
   <br />
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/containerd/containerd/v2&package-manager=go_modules&previous-version=2.2.4&new-version=2.2.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   <details>
   <summary>Dependabot commands and options</summary>
   <br />
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot show <dependency name> ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   You can disable automated security fix PRs for this repo from the [Security 
Alerts page](https://github.com/apache/iceberg-go/network/alerts).
   
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to