build(deps): bump the go_modules group across 5 directories with 6 updates

[dependabot]

Bumps the go_modules group with 5 updates in the /src/runtime directory:

Package	From	To
github.com/containerd/containerd	1.7.11	1.7.16
golang.org/x/sys	0.19.0	0.20.0
google.golang.org/protobuf	1.33.0	1.34.1
github.com/cyphar/filepath-securejoin	0.2.4	0.2.5
golang.org/x/net	0.24.0	0.25.0

Bumps the go_modules group with 3 updates in the /src/tools/csi-kata-directvolume directory: golang.org/x/sys, google.golang.org/protobuf and golang.org/x/net.
Bumps the go_modules group with 2 updates in the /src/tools/log-parser directory: golang.org/x/sys and gopkg.in/yaml.v3.
Bumps the go_modules group with 2 updates in the /tests directory: golang.org/x/sys and gopkg.in/yaml.v3.
Bumps the go_modules group with 2 updates in the /tools/testing/kata-webhook directory: golang.org/x/sys and golang.org/x/net.

Updates github.com/containerd/containerd from 1.7.11 to 1.7.16

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.16

Welcome to the v1.7.16 release of containerd!

The sixteenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

• Update AppArmor template to allow confined runc to kill containers (#10129)
• Fix config import relative path glob (#9834)
• Update AppArmor template to better support rootlesskit (#10116)
• Update HTTP fallback to better account for TLS timeout and previous attempts (#10112)
• Add support for HPC port forwarding (#10008)
• Prevent GC from schedule itself with 0 period. (#10102)
• Fix issue with using invalid token to retry fetching layer (#10065)
• Automatically decompress archives for transfer service import (#9989)
• Fix HTTPFallback fails when pushing manifest (#10044)
• Add support for configuring otel from env and config deprecation notice (#9992)
• Fix deadlock during NRI plugin registration (containerd/nri#79)

Build and Release Toolchain

• Update Go to 1.21.9 and 1.22.2 with net/http security fix (#10115)

Container Runtime Interface (CRI)

• Fix CRI snapshotter root path when not under containerd root (#10096)
• Fix network creation failure from CreatedAt time as 269 years ago (#10122)
• Include userns info in PodSandboxStatus (#9865)
• Fix default working directory Windows HostProcess containers (#10071)
• Fix ListPodSandboxStats to skip sandboxes with missing tasks (#10042)

Deprecations

• Add support for configuring otel from env and config deprecation notice (#9992)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Samuel Karp
• Wei Fu
• Danny Canter
• Kazuyoshi Kato
• Kirtana Ashok
• Maksym Pavlenko
• Phil Estes
• Sebastiaan van Stijn
• Brian Goff

... (truncated)

Commits

• 8303183 Merge pull request #10124 from kiashok/new-1.7.16-tag
• fb2d43a Merge pull request #10129 from k8s-infra-cherrypick-robot/cherry-pick-10123-t...
• 1c62308 Add release notes for v1.7.16
• 18a2c36 apparmor: Allow confined runc to kill containers
• ae97657 Merge pull request #9834 from neoaggelos/fix/config-relative
• c4a8642 Merge pull request #10096 from Kern--/cri-remote-snapshotter-stats
• 733d456 Merge pull request #10122 from AkihiroSuda/cherrypick-9673-1.7
• 293f515 pod: CreatedAt time will be 269 years ago while creating cri network failed.
• e412ca7 Merge pull request #10116 from AkihiroSuda/cherrypick-10111-1.7
• d8acdaf Merge pull request #10115 from thaJeztah/1.7_backport_go1.21.9
• Additional commits viewable in compare view

Updates golang.org/x/sys from 0.19.0 to 0.20.0

Commits

• 7d69d98 unix: extend support for z/OS
• 7758090 cpu: add support for sve2 detection
• 9a28524 windows: drop go version tags for unsupported versions
• 27dc90b unix: update to Linux kernel 6.4
• See full diff in compare view

Updates google.golang.org/protobuf from 1.33.0 to 1.34.1

Updates github.com/cyphar/filepath-securejoin from 0.2.4 to 0.2.5

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.2.5

This release makes some minor improvements to SecureJoin:

• Some changes were made to how lexical components are handled during resolution. There is no change in behaviour, and both implementations are safe, however the newer implementation is much easier to reason about.

• The error returned when a symlink loop has been detected will now reference the correct path. #10

Signed-off-by: Aleksa Sarai [email protected]

Commits

• d861a11 VERSION: release v0.2.5
• 87bc53a join: fix ELOOP error path
• e9be397 join: don't allow .. and . in working path during resolution
• 75cdbea gha: update Go versions
• b69b737 VERSION: back to development
• See full diff in compare view

Updates golang.org/x/net from 0.24.0 to 0.25.0

Commits

• d27919b go.mod: update golang.org/x dependencies
• e0324fc http2: use net.ErrClosed
• b20cd59 quic: initiate key rotation earlier in connections
• f95a3b3 html: fix typo in package doc
• 0a24555 http/httpguts: speed up ValidHeaderFieldName
• ec05fdc http2: don't retry the first request on a connection on GOAWAY error
• b67a0f0 http2: send correct LastStreamID in stream-caused GOAWAY
• a130fcc quic: don't consider goroutines running when tests start as leaked
• See full diff in compare view

Updates golang.org/x/sys from 0.19.0 to 0.20.0

Commits

• 7d69d98 unix: extend support for z/OS
• 7758090 cpu: add support for sve2 detection
• 9a28524 windows: drop go version tags for unsupported versions
• 27dc90b unix: update to Linux kernel 6.4
• See full diff in compare view

Updates google.golang.org/protobuf from 1.33.0 to 1.34.1

Updates golang.org/x/net from 0.23.0 to 0.25.0

Commits

• d27919b go.mod: update golang.org/x dependencies
• e0324fc http2: use net.ErrClosed
• b20cd59 quic: initiate key rotation earlier in connections
• f95a3b3 html: fix typo in package doc
• 0a24555 http/httpguts: speed up ValidHeaderFieldName
• ec05fdc http2: don't retry the first request on a connection on GOAWAY error
• b67a0f0 http2: send correct LastStreamID in stream-caused GOAWAY
• a130fcc quic: don't consider goroutines running when tests start as leaked
• See full diff in compare view

Updates golang.org/x/sys from 0.1.0 to 0.20.0

Commits

• 7d69d98 unix: extend support for z/OS
• 7758090 cpu: add support for sve2 detection
• 9a28524 windows: drop go version tags for unsupported versions
• 27dc90b unix: update to Linux kernel 6.4
• See full diff in compare view

Updates gopkg.in/yaml.v3 from 3.0.0 to 3.0.1

Updates golang.org/x/sys from 0.19.0 to 0.20.0

Commits

• 7d69d98 unix: extend support for z/OS
• 7758090 cpu: add support for sve2 detection
• 9a28524 windows: drop go version tags for unsupported versions
• 27dc90b unix: update to Linux kernel 6.4
• See full diff in compare view

Updates gopkg.in/yaml.v3 from 3.0.0 to 3.0.1

Updates golang.org/x/sys from 0.19.0 to 0.20.0

Commits

• 7d69d98 unix: extend support for z/OS
• 7758090 cpu: add support for sve2 detection
• 9a28524 windows: drop go version tags for unsupported versions
• 27dc90b unix: update to Linux kernel 6.4
• See full diff in compare view

Updates golang.org/x/net from 0.23.0 to 0.25.0

Commits

• d27919b go.mod: update golang.org/x dependencies
• e0324fc http2: use net.ErrClosed
• b20cd59 quic: initiate key rotation earlier in connections
• f95a3b3 html: fix typo in package doc
• 0a24555 http/httpguts: speed up ValidHeaderFieldName
• ec05fdc http2: don't retry the first request on a connection on GOAWAY error
• b67a0f0 http2: send correct LastStreamID in stream-caused GOAWAY
• a130fcc quic: don't consider goroutines running when tests start as leaked
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.