Update module github.com/containerd/containerd to v2

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
github.com/containerd/containerd	require	major	v1.7.27 → v2.3.0

---

Release Notes

containerd/containerd (github.com/containerd/containerd)

v2.3.0: containerd 2.3.0

Compare Source

Welcome to the v2.3.0 release of containerd!

The third minor release of containerd 2.x focuses on continued stability alongside
new features and improvements. This is the third time-based release for containerd.

Starting with containerd 2.3, the project has moved to release cadence aligned with
the Kubernetes release schedule, with new minor releases about every 4 months. The
containerd 2.3 release is also the first annual LTS (Long Term Stable) release under
this new schedule, with support planned for at least two years. Direct upgrades
between sequential LTS releases (e.g., 1.7 to 2.3) will be tested and supported.

Highlights

• Add transfer types for container filesystem copy (#​13165)
• Add option to inject trace ID to logs (#​13117)
• Propagate OpenTelemetry traces in outgoing RPCs from plugin clients (#​13113)
• Update plugin config migration to run on load (#​12608)
• Update sandbox API to include spec field (#​12840)

Container Runtime Interface (CRI)

• Allow containers to use user namespaces with host networking (#​12518)
• Wire UpdatePodSandboxResources to Sandbox API (#​13118)
• Unpack images with per-layer labels for specific runtime (#​12835)
• Populate ImageId field in container status (#​12787)
• Set annotations parameter in CreateSandbox request (#​12566)
• Add background stats collector to calculate UsageNanoCores for containers and pod sandboxes (#​12629)

Image Distribution

• Support zstd-wrapped EROFS layers (#​13185)
• Add os.features support for EROFS native container images (#​13091)
• Add EROFS layer media type (#​12567)

Image Storage

• Add dmverity support to the erofs snapshotter (#​12502)
• Use fsmount API to avoid PAGE_SIZE limit for erofs (#​12783)

Node Resource Interface (NRI)

• Pass container user (uid, gids) to plugins (#​12769)
• Pass seccomp policy to plugins (#​12768)
• Pass any POSIX rlimits to plugins (#​12765)
• Pass extended container status to NRI. (#​12770)
• Pass injected CDI devices to plugins (#​12767)
• Pass linux sysctl to plugins (#​12766)
• Use dedicated RPC calls for all pod and container life-cycle events via the NRI wire protocol (containerd/nri#274)
• Add basic metrics collection for the NRI framework (containerd/nri#277)
• Exchange NRI versions between plugins and the runtime during registration (containerd/nri#271)
• Enable adjusting Linux memory policy from NRI plugins (containerd/nri#166)
• Close plugins if initial synchronization fails to prevent unregistered connections (containerd/nri#279)
• Accumulate owners for OCI hook adjustments, disallowing commas in plugin names (containerd/nri#264)
• Add nri_no_wasm build tag to allow disabling WASM support at compile time (containerd/nri#253)
• Support direct adjustment of the intelRdt container configuration (containerd/nri#215)
• Allow setting kernel scheduling policy attributes via NRI (containerd/nri#160)
• Allow adjusting Linux network devices via NRI (containerd/nri#157)
• Add support for sysctl adjustment via NRI (containerd/nri#248)
• Expose container user, group, and supplemental group IDs to plugins (containerd/nri#230)

Runtime

• Add configured socket directory to shim bootstrap protocol (#​12785)
• Introduce shim bootstrap protocol (#​12786)
• Fix binary logging driver not blocking container start on failure (#​12595)
• Use new filtered cgroups stats API (#​12901)
• Update OOMKilled event handling (#​12714)

Snapshotters

• Propagate parent chain ID and diff ID via labels during snapshot preparation (#​13071)

ctr development tool

• Detect vendor in CDI specs to generate device IDs for --gpus in ctr (#​12839)

Breaking

• Accumulate owners for OCI hook adjustments, disallowing commas in plugin names (containerd/nri#264)

Deprecations

• Deprecate shim.Command (#​13319)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Maksym Pavlenko
• Derek McGowan
• Sebastiaan van Stijn
• Krisztian Litkey
• Samuel Karp
• Wei Fu
• Akihiro Suda
• Phil Estes
• Mike Brown
• Markus Lehtonen
• Hudson Zhu
• Davanum Srinivas
• Chris Henzie
• Gao Xiang
• Chengyu Zhu
• Akhil Mohan
• Kazuyoshi Kato
• Sergey Kanzhelev
• Austin Vazquez
• ningmingxiao
• Aadhar Agarwal
• Andrew Halaney
• Apurv Barve
• Bing Hongtao
• Brian Goff
• Michael Zappa
• Paweł Gronowski
• Fabiano Fidêncio
• Hasan Siddiqui
• Jintao Zhang
• Paulo Oliveira
• Shiv Tyagi
• Albin Kerouanton
• Alex Lyn
• Avinesh Singh
• Danny Canter
• Esteban Ginez
• Henry Wang
• Jin Dong
• Jérôme Poulin
• Laura Lorenz
• Luke Hinds
• Mark Dodgson
• Sascha Grunert
• Tianon Gravi
• majianhan
• qiuxue
• Adrien Delorme
• Alessio Biancalana
• Alex Chernyakhovsky
• Andrey Noskov
• Andrey Smirnov
• Annie Cherkaev
• Antti Kervinen
• Anuj Singh
• Benjamin Elder
• Bo Jiang
• Cameron McDermott
• Chris Adeniyi-Jones
• Chris Chang
• Chris Henderson
• Cindy Li
• CrazyMax
• Eldon Stegall
• Evan Lezar
• Fletcher Woodruff
• Gaurav Ghildiyal
• Harsh Rawat
• Hayato Kiwata
• Joseph Zhang
• Justin Chadwell
• Kaleab Ayenew
• Manuel de Brito Fontes
• Mikhail Dmitrichenko
• Mujib Ahasan
• Neeraj Krishna Gopalakrishna
• Pierluigi Lenoci
• Ricardo Branco
• Rob Murray
• Rodrigo Campos
• Sameer
• Sameer Saeed
• Sanil Khurana
• Shachar Tal
• Shaobao Feng
• Shiming Zhang
• Sreeram Venkitesh
• Tariq Ibrahim
• Tim Windelschmidt
• Tõnis Tiigi
• Wade Simmons
• Weixie Cui
• Will Jordan
• William Myers
• Yohei Yamamoto
• You Binhao
• Youfu Zhang
• Yuanliang Zhang
• delthas
• guodong
• jinda.ljd
• jokemanfire
• pandaWall

Dependency Changes

• cyphar.com/go-pathrs v0.2.1 new
• github.com/Microsoft/go-winio v0.6.2 -> ad3df93
• github.com/Microsoft/hcsshim v0.14.0-rc.1 -> v0.15.0-rc.1
• github.com/cenkalti/backoff/v5 v5.0.3 new
• github.com/checkpoint-restore/checkpointctl v1.4.0 -> v1.5.0
• github.com/containerd/cgroups/v3 v3.1.0 -> v3.1.3
• github.com/containerd/containerd/api v1.10.0 -> v1.11.0
• github.com/containerd/continuity v0.4.5 -> v0.5.0
• github.com/containerd/go-dmverity v0.1.0 new
• github.com/containerd/imgcrypt/v2 v2.0.1 -> v2.0.2
• github.com/containerd/nri v0.10.0 -> v0.12.0
• github.com/containerd/platforms v1.0.0-rc.2 -> v1.0.0-rc.4
• github.com/containerd/plugin v1.0.0 -> v1.1.0
• github.com/containerd/ttrpc v1.2.7 -> v1.2.8
• github.com/containerd/zfs/v2 v2.0.0-rc.0 -> v2.0.0
• github.com/containernetworking/plugins v1.8.0 -> v1.9.1
• github.com/coreos/go-systemd/v22 v22.6.0 -> v22.7.0
• github.com/cyphar/filepath-securejoin v0.6.0 new
• github.com/davecgh/go-spew v1.1.1 -> d8f796a
• github.com/erofs/go-erofs v0.3.0 new
• github.com/go-jose/go-jose/v4 v4.1.2 -> v4.1.4
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.1 -> v2.28.0
• github.com/intel/goresctrl v0.10.0 -> v0.12.0
• github.com/klauspost/compress v1.18.1 -> v1.18.5
• github.com/moby/spdystream v0.5.0 -> v0.5.1
• github.com/opencontainers/runtime-spec v1.2.1 -> v1.3.0
• github.com/opencontainers/runtime-tools 0ea5ed0 -> edf4cb3
• github.com/opencontainers/selinux v1.12.0 -> v1.13.1
• github.com/pelletier/go-toml/v2 v2.2.4 -> v2.3.0
• github.com/pmezard/go-difflib v1.0.0 -> 5d4384e
• github.com/prometheus/common v0.66.1 -> v0.67.5
• github.com/prometheus/procfs v0.16.1 -> v0.19.2
• github.com/sirupsen/logrus v1.9.3 -> v1.9.4
• github.com/tetratelabs/wazero v1.9.0 -> v1.11.0
• go.opentelemetry.io/auto/sdk v1.1.0 -> v1.2.1
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 -> v0.68.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 -> v0.68.0
• go.opentelemetry.io/otel v1.37.0 -> v1.43.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 -> v1.43.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 -> v1.43.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 -> v1.43.0
• go.opentelemetry.io/otel/metric v1.37.0 -> v1.43.0
• go.opentelemetry.io/otel/sdk v1.37.0 -> v1.43.0
• go.opentelemetry.io/otel/trace v1.37.0 -> v1.43.0
• go.opentelemetry.io/proto/otlp v1.5.0 -> v1.10.0
• go.yaml.in/yaml/v2 v2.4.2 -> v2.4.3
• golang.org/x/crypto v0.41.0 -> v0.49.0
• golang.org/x/mod v0.29.0 -> v0.35.0
• golang.org/x/net v0.43.0 -> v0.52.0
• golang.org/x/oauth2 v0.30.0 -> v0.35.0
• golang.org/x/sync v0.17.0 -> v0.20.0
• golang.org/x/sys v0.37.0 -> v0.43.0
• golang.org/x/term v0.34.0 -> v0.41.0
• golang.org/x/text v0.28.0 -> v0.35.0
• golang.org/x/time v0.14.0 -> v0.15.0
• google.golang.org/genproto/googleapis/api a7a43d2 -> 9d38bb4
• google.golang.org/genproto/googleapis/rpc a7a43d2 -> 6f92a3b
• google.golang.org/grpc v1.76.0 -> v1.80.0
• google.golang.org/protobuf v1.36.10 -> f2248ac
• k8s.io/api v0.34.1 -> v0.36.0
• k8s.io/apimachinery v0.34.1 -> v0.36.0
• k8s.io/client-go v0.34.1 -> v0.36.0
• k8s.io/component-base v0.36.0 new
• k8s.io/cri-api v0.34.1 -> v0.36.0
• k8s.io/cri-client v0.36.0 new
• k8s.io/cri-streaming v0.36.0 new
• k8s.io/klog/v2 v2.130.1 -> v2.140.0
• k8s.io/kube-openapi 5883c5e new
• k8s.io/streaming v0.36.0 new
• k8s.io/utils 4c0f3b2 -> 28399d8
• sigs.k8s.io/json cfa47c3 -> 2d32026
• sigs.k8s.io/structured-merge-diff/v6 v6.3.0 -> v6.3.2
• tags.cncf.io/container-device-interface v1.0.1 -> v1.1.0
• tags.cncf.io/container-device-interface/specs-go v1.0.0 -> v1.1.0

Previous release can be found at v2.2.0

Which file should I download?

• containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04).
• containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

v2.2.3: containerd 2.2.3

Compare Source

Welcome to the v2.2.3 release of containerd!

The third patch release for containerd 2.2 contains various fixes
and updates including a security patch.

Security Updates

• spdystream
  • CVE-2026-35469

Highlights

Container Runtime Interface (CRI)

• Preserve cgroup mount options for privileged containers (#​13120)
• Ensure UpdatePodSandbox returns Unimplemented instead of a generic error (#​13023)

Go client

• Handle absolute symlinks in rootfs user lookup to fix regressions when using Go 1.24 (#​13015)

Image Distribution

• Enable mount manager in diff walking to fix layer extraction errors with some snapshotters (e.g., EROFS) (#​13198)
• Apply hardening to prevent TOCTOU race during tar extraction (#​12971)

Runtime

• Restore support for client-mounted roots in Windows containers using process isolation (#​13195)
• Update runc to v1.3.5 (#​13061)
• Apply absolute symlink resolution to /etc/group in OCI spec to fix lookups on NixOS-style systems (#​13019)
• Handle absolute symlinks in rootfs user lookup to fix regressions when using Go 1.24 (#​13015)

Snapshotters

• Fix bug that caused whiteouts to be ignored when parallel unpack was used (#​13125)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Sebastiaan van Stijn
• Maksym Pavlenko
• Chris Henzie
• Derek McGowan
• Paulo Oliveira
• Henry Wang
• Phil Estes
• Wei Fu
• Akihiro Suda
• Gao Xiang
• Ricardo Branco
• Shachar Tal

Changes

40 commits

• Prepare release notes for v2.2.3 (#​13224)
  • 8a0f4ed5d Prepare release notes for v2.2.3
• update github.com/moby/spdystream v0.5.1 (#​13217)
  • 31bd34a06 update github.com/moby/spdystream v0.5.1
• vendor: github.com/klauspost/compress v1.18.5 (#​13197)
  • 1336f6c45 vendor: github.com/klauspost/compress v1.18.5
• diff/walking: enable mount manager (#​13198)
  • 409f75be8 diff/walking: enable mount manager
• update runhcs to v0.14.1 (#​13195)
  • 3f33146c1 update runhcs to v0.14.1
• vendor: github.com/Microsoft/hcsshim v0.14.1 (#​13196)
  • 8bd1b74e5 vendor: github.com/Microsoft/hcsshim v0.14.1
  • c6b0be8e1 vendor: github.com/Microsoft/hcsshim v0.14.0
• update to Go 1.25.9, 1.26.2 (#​13190)
  • 2ecde8cfe update to Go 1.25.9, 1.26.2
• Skip TestExportAndImportMultiLayer on s390x (#​13154)
  • be554f478 Skip TestExportAndImportMultiLayer on s390x
• Tweak mount info for overlayfs in case of parallel unpack (#​13125)
  • 660de195b Tweak mount info for overlayfs in case of parallel unpack
  • bc9274a4b Add integration test for issue 13030
• Preserve cgroup mount options for privileged containers (#​13120)
  • c387890b5 Add integration test for privileged container cgroup mounts
  • 047a335a6 Forward RUNC_FLAVOR env var down to integration tests
  • 9b2d72ee0 Preserve host cgroup mount options for privileged containers
  • 5b66cd6a0 Move cgroup namespace placement higher in spec builder
• update runc binary to v1.3.5 (#​13061)
  • 584205c2f [release/2.2] update runc binary to v1.3.5
• Fix vagrant on CI (#​13066)
  • 77c6886df Ignore NOCHANGE error
• Fix TOCTOU race bug in tar extraction (#​12971)
  • fbed68b8f Fix TOCTOU race bug in tar extraction
• cri: UpdatePodSandbox should return Unimplemented (#​13023)
  • a83510103 cri: UpdatePodSandbox should return Unimplemented
• fix(oci): apply absolute symlink resolution to /etc/group (#​13019)
  • ee4179e52 fix(oci): apply absolute symlink resolution to /etc/group
• fix(oci): handle absolute symlinks in rootfs user lookup (#​13015)
  • fd061b848 test(oci): use fstest and mock fs for better symlink coverage
  • 5d44d2c22 fix(oci): handle absolute symlinks in rootfs user lookup
• update to go1.25.8, test go1.26.1 (#​13011)
  • 00c776f07 update to go1.25.8, test go1.26.1

Dependency Changes

• github.com/Microsoft/hcsshim v0.14.0-rc.1 -> v0.14.1
• github.com/klauspost/compress v1.18.1 -> v1.18.5
• github.com/moby/spdystream v0.5.0 -> v0.5.1

Previous release can be found at v2.2.2

Which file should I download?

• containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04).
• containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

v2.2.2: containerd 2.2.2

Compare Source

Welcome to the v2.2.2 release of containerd!

The second patch release for containerd 2.2 contains various fixes and improvements.

Highlights

Container Runtime Interface (CRI)

• Fix migrated CRI image config when using legacy registry mirrors (#​12987)
• Unpack images with per-layer labels for runtime-specific snapshotters (#​12936)
• Fix CNI issue where DEL is never executed after a restart (#​12926)
• Harden error handling to strip potentially-sensitive registry parameters (#​12804)
• Fix nil pointer dereference in container spec memory metrics when memory constraints are not fully configured (#​12731)
• Use the specified runtime handler when pulling images (#​12721)
• Reduce noisy CDI logs (#​12717)
• Fix regression for pulling encrypted images (#​12712)

Runtime

• Fix unintended dropping of mount flags for read-only bind-mounts in user namespaces (#​12944)
• Fix AppArmor bug disallowing unix domain sockets on newer kernels (#​12897)

ctr development tool

• Fix ctr image mount failing with "no such device" (#​12831)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Maksym Pavlenko
• Akhil Mohan
• Samuel Karp
• Wei Fu
• Michael Zappa
• Phil Estes
• Fabiano Fidêncio
• Jérôme Poulin
• Luke Hinds
• Aadhar Agarwal
• Akihiro Suda
• Alex Chernyakhovsky
• Chris Adeniyi-Jones
• Kazuyoshi Kato
• Rodrigo Campos
• Sebastiaan van Stijn
• You Binhao
• ningmingxiao
• qiuxue

Changes

48 commits

• Prepare release notes for v2.2.2 (#​12998)
  • 7e6ecf434 Prepare release notes for v2.2.2
• Fix migrated CRI image config when using legacy registry mirrors (#​12987)
  • a20dead7c set default config_path in plugin init
• Unpack images with per-layer labels for runtime-specific snapshotters (#​12936)
  • a5f83d8c2 cri: unpack images with per-layer labels for runtime-specific snapshotters
• ci: modprobe xt_comment on almalinux (#​12957)
  • 68855cb0b ci: modprobe xt_comment on almalinux
• Fix unintended dropping of mount flags for read-only bind-mounts in user namespaces (#​12944)
  • ef7a8beb3 core/mount: add test for getUnprivilegedMountFlags
  • 07b2cc07e core/mount: fix getUnprivilegedMountFlags iterating over indices instead of values
• Fix CNI issue where DEL is never executed after a restart (#​12926)
  • 54101116f add integration test for cni result nil
  • d44c4384e address comment
  • f1835270b fix issue where cni del is never executed
• Fix AppArmor bug disallowing unix domain sockets on newer kernels (#​12897)
  • 6c05047b4 apparmor: explicitly set abi/3.0
• ci: add build/test go1.26.0, drop go1.24 (#​12917)
  • 5dbf1b915 update golangci-lint to v2.9.0 with go1.26 support
  • 8ec695ebe remove windows/arm from cross build
  • b9c22a6e3 ci: build/test go1.26.0
• integration: Fix TestImageLoad() failure on CI (#​12906)
  • 09b876a81 integration: Fix TestImageLoad() failure on CI
• cri: Fix image volumes with user namespaces (#​12885)
  • 172ba65b6 cri: Fix image volumes with user namespaces
• update to go1.24.13, go1.25.7 (#​12871)
  • b4240ef87 update to go1.24.13, go1.25.7
  • 94dbfaea7 ci: bump go 1.24.12, 1.25.6
• ci: set fetch-depth for containerd to 0 for version parsing (#​12875)
  • e46a7a286 set fetch-depth for containerd to 0 for version parsing
• Fix ctr image mount failing with "no such device" (#​12831)
  • 1d7908273 core/mount/manager: fix bind mount missing rbind option
  • 3d509bcd3 core/mount/manager: add tests for WithTemporary option
• Harden error handling to strip potentially-sensitive registry parameters (#​12804)
  • cb3ae2119 fix: sanitize error before gRPC return to prevent credential leak in pod events
• bump google.golang.org/grpc from 1.76.0 to 1.78.0 (#​12739)
  • 533a2552e build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0
  • b120237fb build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0
• Fix nil pointer dereference in container spec memory metrics when memory constraints are not fully configured (#​12731)
  • 4be4e5156 Fix nil pointer dereference in container spec memory metrics
• cri: emit warning for concurrent CreateContainer (#​12735)
  • a76eb698a cri: emit warning for concurrent CreateContainer
• Use the specified runtime handler when pulling images (#​12721)
  • 3d2e188b1 cri: Use the runtimeHandler parameter in PullImage
• Reduce noisy CDI logs (#​12717)
  • 633057382 cri: move noisy CDI logs to debug level
• Fix regression for pulling encrypted images (#​12712)
  • 8a7409e2e Reinstate image decryption

Dependency Changes

• github.com/go-jose/go-jose/v4 v4.1.2 -> v4.1.3
• go.opentelemetry.io/auto/sdk v1.1.0 -> v1.2.1
• go.opentelemetry.io/otel v1.37.0 -> v1.38.0
• go.opentelemetry.io/otel/metric v1.37.0 -> v1.38.0
• go.opentelemetry.io/otel/sdk v1.37.0 -> v1.38.0
• go.opentelemetry.io/otel/trace v1.37.0 -> v1.38.0
• golang.org/x/oauth2 v0.30.0 -> v0.32.0
• google.golang.org/genproto/googleapis/api a7a43d2 -> ab9386a
• google.golang.org/genproto/googleapis/rpc a7a43d2 -> ab9386a
• google.golang.org/grpc v1.76.0 -> v1.78.0

Previous release can be found at v2.2.1

Which file should I download?

• containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04).
• containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

v2.2.1: containerd 2.2.1

Compare Source

Welcome to the v2.2.1 release of containerd!

The first patch release for containerd 2.2 contains various fixes and improvements.

Highlights

Container Runtime Interface (CRI)

• Redact all query parameters in CRI error logs (#​12546)

Image Distribution

• Fix image defaults on Darwin to usable configuration (#​12544)
• Fix possible panic from WithMediaTypeKeyPrefix (#​12516)

Runtime

• Update runc binary to v1.3.4 (#​12593)
• Fix parsing of hugetlb..events files (containerd/cgroups#379)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Krisztian Litkey
• Markus Lehtonen
• Akihiro Suda
• Mike Brown
• Sebastiaan van Stijn
• Derek McGowan
• Heran Yang
• Wei Fu
• Phil Estes
• Samuel Karp
• Austin Vazquez
• Sascha Grunert
• Akhil Mohan
• Andrey Noskov
• Brian Goff
• CrazyMax
• Davanum Srinivas
• Gaurav Ghildiyal
• Neeraj Krishna Gopalakrishna
• Paweł Gronowski
• Tariq Ibrahim
• TomerLev
• Tõnis Tiigi
• bo.jiang
• ningmingxiao

Changes

53 commits

• Prepare release notes for v2.2.1 (#​12677)
  • f6bae1f88 Prepare release notes for v2.2.1
• cri,nri: bump NRI dependencies to v0.11.0 (#​12701)
  • c22cf5d49 cri,nri: pass any linux security profile to plugins.
  • d7532de75 cri,nri: pass any linux RDT constraints to plugins.
  • ef36e6181 cri,nri: pass any linux net devices to plugins.
  • d56faf426 cri,nri: pass any linux scheduler attributes to plugins.
  • e1824d261 cri,nri: pass any linux I/O priority to plugins.
  • 01d5490ae go.{mod,sum}: bump NRI deps to v0.11.0, re-vendor.
• pkg/tracing: HTTPStatusCodeAttributes: remove use of deprecated SemConv const (#​12697)
  • 58d23ab63 pkg/tracing: HTTPStatusCodeAttributes: remove use of deprecated SemConv const
• cri/nri: short-circuit nil adjustment. (#​12672)
  • 05ccbb3a7 cri/nri: short-circuit nil adjustment.
• go.{mod,sum}: bump CDI deps to v1.1.0. (#​12664)
  • c166a577d go.{mod,sum} bump CDI deps to v1.1.0.
• go.mod: containerd/zfs v2.0.0; remove exclude rules (#​12654)
  • 73a08aa00 go.mod: remove exclude rules
  • cee08c8af build(deps): bump github.com/containerd/zfs/v2 from 2.0.0-rc.0 to 2.0.0
• go.mod: github.com/containernetworking/plugins v1.9.0 (#​12658)
  • 8a5fc8641 go.mod: github.com/containernetworking/plugins v1.9.0
• go.mod: golang.org/x/crypto v0.45.0 (#​12638)
  • 55c93d6fb go.mod: golang.org/x/crypto v0.45.0
• ci :bump Go 1.24.11, 1.25.5 (#​12625)
  • aedd29bb4 ci: bump Go 1.24.11, 1.25.5
  • 26628f139 ci: bump Go 1.24.10, 1.25.4
  • 8bb0e9be6 ci(release): set GO_VERSION in Dockerfile
• core/runtime/v2: remove uses of otelgrpc.UnaryClientInterceptor (#​12622)
  • ed19c5420 core/runtime/v2: remove uses of otelgrpc.UnaryClientInterceptor
• ci: update CIFuzz actions to support Ubuntu 24.04 (#​12632)
  • 952237d9b ci: update CIFuzz actions to support Ubuntu 24.04
• Update runc binary to v1.3.4 (#​12593)
  • fb5b818a9 runc: Update runc binary to v1.3.4
• : update containerd/cgroups from v3.1.0 to v3.1.2 (#​12598)
  • 51582ed27 bump containerd/cgroups to v3.1.2
  • 50d0e4fd4 build(deps): bump github.com/containerd/cgroups/v3 from 3.1.0 to 3.1.1
• core/mount: should not call removeLoop when set autoclear (#​12587)
  • 41a69eb0d core/mount: should not call removeLoop when set autoclear
• build(deps): bump github.com/opencontainers/selinux (#​12589)
  • e3bf2b80b build(deps): bump github.com/opencontainers/selinux
• .github: skip 5 critest cases for window-2022 (#​12584)
  • da8e846f9 .github: skip 5 critest cases in window CI pipeline
• Fix image defaults on Darwin to usable configuration (#​12544)
  • d154e234b Update the ctr pull defaults when using the transfer service
  • 09364216d Fix transfer unpack defaults on darwin
  • 2055d3c62 Update default differs on darwin
  • 9da97686d Use default writable size in erofs snapshotter for non-Linux hosts
  • eeb0f889a Update default erofs block size on macOS during erofs diff
• Redact all query parameters in CRI error logs (#​12546)
  • c707f771a fix: redact all query parameters in CRI error logs
• Revert "Implement io.ReaderAt on docker fetch reader" (#​12542)
  • 678f944dd Revert "Implement io.ReaderAt on docker fetch reader"
• Fix possible panic from WithMediaTypeKeyPrefix (#​12516)
  • 8b73c2de3 remotes: fix possible panic from WithMediaTypeKeyPrefix

Changes from containerd/cgroups

13 commits

• ci: bump golangci-lint to v2.6.2 (containerd/cgroups#382)
  • a302e56 ci: bump golangci-lint to v2.6.2
  • 731cf7a ci: suppress errcheck
  • 9bee663 utils: move Close() to defer block
  • 9d7647c rdma: use strings.Cut in Go 1.18
  • 109f063 memory_test: apply De Morgan's law
  • e6fcf3f memory_test: omit type from declaration
• build(deps): bump actions/checkout from 5 to 6 (containerd/cgroups#381)
  • 4e30098 build(deps): bump actions/checkout from 5 to 6
• Fix parsing of hugetlb..events files (containerd/cgroups#379)
  • 2ad7a12 hugetlb: correctly parse hugetlb..events files
• go.mod: github.com/opencontainers/runtime-spec v1.3.0 (containerd/cgroups#376)
  • 34ef430 go.mod: github.com/opencontainers/runtime-spec v1.3.0

Changes from containerd/nri

79 commits

• adaptation: allow compiling out WASM support altogether. (containerd/nri#253)
  • ab88fe6 adaptation: allow compiling out WASM support altogether.
• Support direct editing of the intelRdt config (containerd/nri#215)
  • 8c0c9f6 Implement removal of RDT
  • dfbae8a plugins: add sample rdt plugin
  • d05dd81 pkg/adaptation: support new RDT fields
  • 725289b pkg/runtime-tools/generate: support new RDT fields
  • a7832a2 api: add rdt
• update wazero/wazero version to v1.10.1 (containerd/nri#252)
  • 9eb9a0f update tetratelabs/wazero version to v1.10.1
• support specifying a custom NRI socket path (containerd/nri#249)
  • 2df6565 [plugins] support specifying a custom NRI socket path
• pkg/api: add OptionalRepeatedString type (containerd/nri#212)
  • 687c1a6 pkg/api: add OptionalRepeatedString type
• api,adaptation,generate: allow setting kernel scheduling policy attributes. (containerd/nri#160)
  • 6a371ac device-injector: add scheduling policy adjustment.
  • e06369e api,adaptation,generate: allow setting scheduler attributes.
• device-injector: always log injection summary. (containerd/nri#246)
  • 14cc2e2 device-injector: always log injection summary.
• api,adaptation,generate: allow adjusting linux net devices (containerd/nri#157)
  • 5145c92 device-injector: add network device injection.
  • 8a03823 api,adaptation,generate: allow adjusting linux net devices.
• Add support for sysctl adjustment (containerd/nri#248)
  • 914fbf3 default-validator: restrict sysctl adjustment
  • a418956 api: apply sysctl adjustments
  • 8705f9b api: add sysctl container adjustment
• feat: Make logger a configurable struct member for stub (containerd/nri#239)
  • 08a891a feat: Make logger a configurable struct member for stub
• Drop dependency on opencontainers/runtime-tools (containerd/nri#247)
  • 5e5c2be Drop dependency on opencontainers/runtime-tools
• deps: bump runtime-spec to v1.3.0. (containerd/nri#243)
  • 29c5811 (v0.1.0) examples: lock NRI, runtime spec deps.
  • d812952 v010-adapter: lock NRI, runtime spec and tools deps.
  • 7dd7c7f api,runtime-tools: adjust for runtime-spec v1.3.0.
  • 5d5d4c4 go.{mod,sum}: update runtime-tools, runtime-spec to v1.3.0.
• adaptation: ensure sync'ed plugins are fully registered in tests. (containerd/nri#234)
  • c840397 adaptation: ensure sync'ed plugins are fully registered in tests.
• Fix wasm example ([Fix wasm example containerd/nri#237](https://redirect.github.c

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 59 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.24 -> 1.24.3
github.com/stretchr/testify	v1.10.0 -> v1.11.1
golang.org/x/sync	v0.13.0 -> v0.18.0
cel.dev/expr	v0.19.0 -> v0.24.0
cloud.google.com/go/compute/metadata	v0.6.0 -> v0.9.0
dario.cat/mergo	v1.0.1 -> v1.0.2
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp	v1.25.0 -> v1.30.0
github.com/Microsoft/hcsshim	v0.12.9 -> v0.14.1
github.com/cncf/xds/go	v0.0.0-20240905190251-b4127c9b8d78 -> v0.0.0-20251022180443-0feb69152e9f
github.com/containerd/cgroups/v3	v3.0.3 -> v3.1.2
github.com/containerd/containerd/api	v1.8.0 -> v1.10.0
github.com/containerd/platforms	v1.0.0-rc.1 -> v1.0.0-rc.2
github.com/cyphar/filepath-securejoin	v0.4.1 -> v0.5.1
github.com/emicklei/go-restful/v3	v3.11.0 -> v3.13.0
github.com/envoyproxy/go-control-plane	v0.13.1 -> v0.13.5-0.20251024222203-75eaa193e329
github.com/envoyproxy/protoc-gen-validate	v1.1.0 -> v1.2.1
github.com/fxamacker/cbor/v2	v2.7.0 -> v2.9.0
github.com/go-logr/logr	v1.4.2 -> v1.4.3
github.com/google/btree	v1.1.2 -> v1.1.3
github.com/google/gnostic-models	v0.6.9-0.20230804172637-c7be7c783f49 -> v0.7.0
github.com/gorilla/websocket	v1.5.0 -> v1.5.4-0.20250319132907-e064f32e3674
github.com/klauspost/compress	v1.17.11 -> v1.18.5
github.com/moby/spdystream	v0.5.0 -> v0.5.1
github.com/moby/sys/user	v0.3.0 -> v0.4.0
github.com/modern-go/reflect2	v1.0.2 -> v1.0.3-0.20250322232337-35a7c28c31ee
github.com/opencontainers/runtime-spec	v1.2.0 -> v1.3.0
github.com/opencontainers/selinux	v1.11.1 -> v1.13.1
github.com/prometheus/client_golang	v1.21.0 -> v1.23.2
github.com/prometheus/client_model	v0.6.1 -> v0.6.2
github.com/prometheus/common	v0.62.0 -> v0.66.1
github.com/prometheus/procfs	v0.15.1 -> v0.16.1
github.com/tchap/go-patricia/v2	v2.3.2 -> v2.3.3
go.etcd.io/bbolt	v1.4.0 -> v1.4.3
go.opentelemetry.io/auto/sdk	v1.1.0 -> v1.2.1
go.opentelemetry.io/contrib/detectors/gcp	v1.32.0 -> v1.38.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	v0.56.0 -> v0.60.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.59.0 -> v0.60.0
go.opentelemetry.io/otel	v1.34.0 -> v1.38.0
go.opentelemetry.io/otel/metric	v1.34.0 -> v1.38.0
go.opentelemetry.io/otel/sdk	v1.34.0 -> v1.38.0
go.opentelemetry.io/otel/sdk/metric	v1.32.0 -> v1.38.0
go.opentelemetry.io/otel/trace	v1.34.0 -> v1.38.0
golang.org/x/crypto	v0.36.0 -> v0.45.0
golang.org/x/mod	v0.24.0 -> v0.29.0
golang.org/x/net	v0.37.0 -> v0.47.0
golang.org/x/oauth2	v0.26.0 -> v0.32.0
golang.org/x/sys	v0.31.0 -> v0.38.0
golang.org/x/term	v0.30.0 -> v0.37.0
golang.org/x/text	v0.23.0 -> v0.31.0
google.golang.org/genproto/googleapis/api	v0.0.0-20250115164207-1a7da9e5054f -> v0.0.0-20251029180050-ab9386a59fda
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250115164207-1a7da9e5054f -> v0.0.0-20251029180050-ab9386a59fda
google.golang.org/grpc	v1.70.0 -> v1.78.0
google.golang.org/protobuf	v1.36.5 -> v1.36.10
k8s.io/api	v0.32.3 -> v0.34.1
k8s.io/apimachinery	v0.32.3 -> v0.34.1
k8s.io/client-go	v0.32.3 -> v0.34.1
k8s.io/kube-openapi	v0.0.0-20241105132330-32ad38e42d3f -> v0.0.0-20250710124328-f3f2b991d03b
k8s.io/utils	v0.0.0-20241104100929-3ea5e8cea738 -> v0.0.0-20250604170112-4c0f3b243397
sigs.k8s.io/json	v0.0.0-20241010143419-9aa6b5e7a4b3 -> v0.0.0-20241014173422-cfa47c3a1cc8
sigs.k8s.io/yaml	v1.4.0 -> v1.6.0

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: module github.com/containerd/containerd/v2@v2.3.0 requires go >= 1.26.2; switching to go1.26.3
go: downloading go1.26.3 (linux/amd64)
go: downloading github.com/aquasecurity/trivy v0.61.1
go: downloading github.com/google/go-containerregistry v0.20.3
go: downloading github.com/samber/lo v1.52.0
go: downloading github.com/containerd/containerd v1.7.27
go: downloading github.com/docker/docker v27.5.1+incompatible
go: downloading github.com/docker/go-connections v0.5.0
go: downloading github.com/package-url/packageurl-go v0.1.3
go: downloading golang.org/x/text v0.35.0
go: downloading github.com/docker/cli v29.2.0+incompatible
go: downloading github.com/containerd/containerd/api v1.11.0
go: downloading google.golang.org/grpc v1.80.0
go: downloading google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af
go: downloading github.com/Microsoft/hcsshim v0.15.0-rc.1
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0
go: downloading github.com/containerd/stargz-snapshotter/estargz v0.16.3
go: downloading github.com/fatih/color v1.18.0
go: downloading github.com/moby/buildkit v0.18.2
go: downloading github.com/bmatcuk/doublestar/v4 v4.8.1
go: downloading golang.org/x/net v0.52.0
go: downloading github.com/BurntSushi/toml v1.4.0
go: downloading github.com/aquasecurity/trivy-db v0.0.0-20250227071930-8bd8a9b89e2d
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2
go: downloading github.com/aws/aws-sdk-go-v2 v1.36.3
go: downloading github.com/aws/aws-sdk-go-v2/config v1.29.9
go: downloading github.com/aws/aws-sdk-go-v2/credentials v1.17.62
go: downloading github.com/aws/aws-sdk-go-v2/service/ecr v1.42.1
go: downloading github.com/docker/distribution v2.8.3+incompatible
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260406210006-6f92a3bedf2d
go: downloading google.golang.org/genproto v0.0.0-20241118233622-e639e219e697
go: downloading github.com/containerd/continuity v0.5.0
go: downloading github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29
go: downloading github.com/vbatts/tar-split v0.11.6
go: downloading github.com/liamg/memoryfs v1.6.0
go: downloading github.com/zclconf/go-cty v1.16.2
go: downloading k8s.io/utils v0.0.0-20260319190234-28399d86e0b5
go: downloading github.com/aquasecurity/trivy-checks v1.8.1
go: downloading github.com/mitchellh/mapstructure v1.5.0
go: downloading github.com/open-policy-agent/opa v1.2.0
go: downloading helm.sh/helm/v3 v3.17.2
go: downloading github.com/tonistiigi/go-csvvalue v0.0.0-20240710180619-ddb21b71c0b4
go: downloading github.com/spf13/pflag v1.0.9
go: downloading github.com/aquasecurity/go-npm-version v0.0.1
go: downloading github.com/ProtonMail/go-crypto v1.1.5
go: downloading github.com/ulikunitz/xz v0.5.12
go: downloading github.com/in-toto/in-toto-golang v0.9.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0
go: downloading github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3
go: downloading golang.org/x/crypto v0.49.0
go: downloading github.com/aws/smithy-go v1.22.3
go: downloading github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30
go: downloading github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3
go: downloading github.com/aws/aws-sdk-go-v2/service/sso v1.25.1
go: downloading github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1
go: downloading github.com/aws/aws-sdk-go-v2/service/sts v1.33.17
go: downloading github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34
go: downloading golang.org/x/oauth2 v0.35.0
go: downloading github.com/docker/docker-credential-helpers v0.8.2
go: downloading github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c
go: downloading github.com/cyphar/filepath-securejoin v0.6.0
go: downloading github.com/hashicorp/hcl/v2 v2.23.0
go: downloading github.com/zclconf/go-cty-yaml v1.1.0
go: downloading github.com/dlclark/regexp2 v1.4.0
go: downloading github.com/go-json-experiment/json v0.0.0-20250211171154-1ae217ad3535
go: downloading github.com/Masterminds/semver/v3 v3.3.0
go: downloading k8s.io/apiextensions-apiserver v0.32.2
go: downloading k8s.io/client-go v0.36.0
go: downloading github.com/containerd/containerd/v2 v2.3.0
go: downloading github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
go: downloading github.com/secure-systems-lab/go-securesystemslib v0.9.0
go: downloading github.com/CycloneDX/cyclonedx-go v0.9.2
go: downloading github.com/spdx/tools-golang v0.5.5
go: downloading github.com/Azure/go-autorest/autorest v0.11.29
go: downloading github.com/Azure/go-autorest v14.2.0+incompatible
go: downloading github.com/Azure/go-autorest/autorest/date v0.3.0
go: downloading github.com/Azure/go-autorest/tracing v0.6.0
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15
go: downloading github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34
go: downloading cloud.google.com/go v0.116.0
go: downloading github.com/hashicorp/go-getter v1.7.8
go: downloading golang.org/x/tools v0.43.0
go: downloading github.com/owenrumney/squealer v1.2.11
go: downloading mvdan.cc/sh/v3 v3.11.0
go: downloading github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475
go: downloading github.com/gorilla/mux v1.8.1
go: downloading github.com/prometheus/client_golang v1.23.2
go: downloading golang.org/x/term v0.41.0
go: downloading k8s.io/api v0.36.0
go: downloading k8s.io/apimachinery v0.36.0
go: downloading k8s.io/cli-runtime v0.32.3
go: downloading github.com/containerd/plugin v1.1.0
go: downloading github.com/cloudflare/circl v1.6.0
go: downloading github.com/Azure/go-autorest/autorest/adal v0.9.23
go: downloading github.com/Azure/go-autorest/logger v0.2.1
go: downloading github.com/golang-jwt/jwt/v5 v5.3.0
go: downloading cloud.google.com/go/storage v1.49.0
go: downloading github.com/aws/aws-sdk-go v1.55.6
go: downloading github.com/hashicorp/go-safetemp v1.0.0
go: downloading github.com/hashicorp/go-version v1.7.0
go: downloading github.com/mitchellh/go-testing-interface v1.14.1
go: downloading google.golang.org/api v0.218.0
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/prometheus/client_model v0.6.2
go: downloading github.com/prometheus/common v0.67.5
go: downloading github.com/prometheus/procfs v0.19.2
go: downloading github.com/aws/aws-sdk-go-v2/service/s3 v1.78.1
go: downloading github.com/spf13/cast v1.7.1
go: downloading github.com/evanphx/json-patch v5.9.0+incompatible
go: downloading k8s.io/kubectl v0.32.3
go: downloading github.com/rubenv/sql-migrate v1.7.1
go: downloading k8s.io/klog/v2 v2.140.0
go: downloading k8s.io/kube-openapi v0.0.0-20260319004828-5883c5ee87b9
go: downloading sigs.k8s.io/structured-merge-diff/v6 v6.3.2
go: downloading github.com/moby/term v0.5.0
go: downloading sigs.k8s.io/kustomize/api v0.18.0
go: downloading sigs.k8s.io/kustomize/kyaml v0.18.1
go: downloading github.com/samber/oops v1.15.0
go: downloading github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092
go: downloading github.com/golang-jwt/jwt/v4 v4.5.2
go: downloading cloud.google.com/go/iam v1.2.2
go: downloading github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1
go: downloading github.com/googleapis/gax-go/v2 v2.14.1
go: downloading cloud.google.com/go/auth v0.14.0
go: downloading github.com/go-git/go-git/v5 v5.14.0
go: downloading github.com/go-git/go-billy/v5 v5.6.2
go: downloading k8s.io/component-base v0.36.0
go: downloading k8s.io/apiserver v0.32.2
go: downloading github.com/go-openapi/swag v0.23.0
go: downloading github.com/go-openapi/jsonreference v0.21.0
go: downloading github.com/oklog/ulid/v2 v2.1.0
go: downloading github.com/stretchr/objx v0.5.2
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9
go: downloading cloud.google.com/go/monitoring v1.21.2
go: downloading github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1
go: downloading github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.31.0
go: downloading cloud.google.com/go/auth/oauth2adapt v0.2.7
go: downloading github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24
go: downloading github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161
go: downloading github.com/mailru/easyjson v0.7.7
go: downloading github.com/go-openapi/jsonpointer v0.21.0
go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.68.0
go: downloading github.com/googleapis/enterprise-certificate-proxy v0.3.4
go: downloading github.com/josharian/intern v1.0.0
go: downloading github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
go: downloading github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674
go: downloading k8s.io/streaming v0.36.0
go: downloading github.com/docker/go-metrics v0.0.1
go: downloading github.com/moby/spdystream v0.5.1
go: github.com/castai/image-analyzer imports
	github.com/aquasecurity/trivy/pkg/fanal/analyzer imports
	github.com/aquasecurity/trivy/pkg/misconf imports
	github.com/aquasecurity/trivy/pkg/iac/scanners/helm imports
	github.com/aquasecurity/trivy/pkg/iac/scanners/helm/parser imports
	helm.sh/helm/v3/pkg/action imports
	helm.sh/helm/v3/pkg/kube imports
	k8s.io/kubectl/pkg/cmd/util imports
	k8s.io/kubectl/pkg/scheme imports
	k8s.io/api/scheduling/v1alpha1: cannot find module providing package k8s.io/api/scheduling/v1alpha1