Update module github.com/containerd/containerd to v1.7.27 [SECURITY]

[redhat-renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change
github.com/containerd/containerd	replace	minor	v1.6.26 -> v1.7.27
github.com/containerd/containerd	indirect	patch	v1.7.24 -> v1.7.27

GitHub Vulnerability Alerts

CVE-2024-40635

Impact

A bug was found in containerd where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user.

Patches

This bug has been fixed in the following containerd versions:

• 2.0.4 (Fixed in containerd/containerd@1a43cb6)
• 1.7.27 (Fixed in containerd/containerd@05044ec)
• 1.6.38 (Fixed in containerd/containerd@cf158e8)

Users should update to these versions to resolve the issue.

Workarounds

Ensure that only trusted images are used and that only trusted users have permissions to import images.

Credits

The containerd project would like to thank Benjamin Koltermann and emxll for responsibly disclosing this issue in accordance with the containerd security policy.

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635

For more information

If you have any questions or comments about this advisory:

• Open an issue in containerd
• Email us at security@containerd.io

To report a security issue in containerd:

• Report a new vulnerability
• Email us at security@containerd.io

---

containerd has an integer overflow in User ID handling

CVE-2024-40635 / GHSA-265r-hfxg-fhmg / GO-2025-3528

More information

Details

Impact

A bug was found in containerd where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user.

Patches

This bug has been fixed in the following containerd versions:

• 2.0.4 (Fixed in containerd/containerd@1a43cb6)
• 1.7.27 (Fixed in containerd/containerd@05044ec)
• 1.6.38 (Fixed in containerd/containerd@cf158e8)

Users should update to these versions to resolve the issue.

Workarounds

Ensure that only trusted images are used and that only trusted users have permissions to import images.

Credits

The containerd project would like to thank Benjamin Koltermann and emxll for responsibly disclosing this issue in accordance with the containerd security policy.

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635

For more information

If you have any questions or comments about this advisory:

• Open an issue in containerd
• Email us at security@containerd.io

To report a security issue in containerd:

• Report a new vulnerability
• Email us at security@containerd.io

Severity

• CVSS Score: 4.6 / 10 (Medium)
• Vector String: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

References

• https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg
• https://nvd.nist.gov/vuln/detail/CVE-2024-40635
• https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da
• https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20
• https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a
• https://github.com/containerd/containerd
• https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

containerd has an integer overflow in User ID handling in github.com/containerd/containerd

CVE-2024-40635 / GHSA-265r-hfxg-fhmg / GO-2025-3528

More information

Details

containerd has an integer overflow in User ID handling in github.com/containerd/containerd

Severity

Unknown

References

• https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg
• https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da
• https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20
• https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Release Notes

containerd/containerd (github.com/containerd/containerd)

v1.7.27: containerd 1.7.27

Compare Source

Welcome to the v1.7.27 release of containerd!

The twenty-seventh patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Fix integer overflow in User ID handling (GHSA-265r-hfxg-fhmg)
• Update image type checks to avoid unnecessary logs for attestations (#​11538)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Jin Dong
• Akhil Mohan
• Derek McGowan
• Maksym Pavlenko
• Paweł Gronowski
• Phil Estes
• Akihiro Suda
• Craig Ingram
• Krisztian Litkey
• Samuel Karp

Changes

20 commits

• 05044ec0a Merge commit from fork
• 11504c3fc validate uid/gid
• Prepare release notes for v1.7.27 (#​11540)
  • 1be04be6c Prepare release notes for v1.7.27
• Update image type checks to avoid unnecessary logs for attestations (#​11538)
  • 82b5c43fe core/remotes: Handle attestations in MakeRefKey
  • 2c670e79b core/images: Ignore attestations when traversing children
• update build to go1.23.7, test go1.24.1 (#​11515)
  • a39863c9f update build to go1.23.7, test go1.24.1
• Remove hashicorp/go-multierror dependency and fix CI (#​11499)
  • 49537b3a7 e2e: use the shim bundled with containerd artifact
  • fe490b76f Bump up github.com/intel/goresctrl to 0.5.0
  • 13fc9d313 update containerd/project-checks to 1.2.1
  • 585699c94 Remove unnecessary joinError unwrap
  • 4b9df59be Remove hashicorp/go-multierror
• go.{mod,sum}: bump CDI deps to v0.8.1. (#​11422)
  • 5ba28f8dc go.{mod,sum}: bump CDI deps to v0.8.1, re-vendor.
• CI: arm64-8core-32gb -> ubuntu-24.04-arm (#​11437)
  • 85f10bd92 CI: arm64-8core-32gb -> ubuntu-24.04-arm
  • 561ed520e increase xfs base image size to 300Mb

Dependency Changes

• github.com/intel/goresctrl v0.3.0 -> v0.5.0
• github.com/prometheus/client_golang v1.14.0 -> v1.16.0
• github.com/prometheus/common v0.37.0 -> v0.42.0
• github.com/prometheus/procfs v0.8.0 -> v0.10.1
• k8s.io/apimachinery v0.26.2 -> v0.27.4
• sigs.k8s.io/json f223a00 -> bc3834c
• tags.cncf.io/container-device-interface v0.7.2 -> v0.8.1
• tags.cncf.io/container-device-interface/specs-go v0.7.0 -> v0.8.0

Previous release can be found at v1.7.26

v1.7.26: containerd 1.7.26

Compare Source

Welcome to the v1.7.26 release of containerd!

The twenty-sixth patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Add support for syncfs after unpack (#​11267)
• Update runc binary to v1.2.5 (#​11395)
• Fix race between serve and immediate shutdown on the server (containerd/ttrpc#175)
• Reject oversized messages from the sender (containerd/ttrpc#171)

Container Runtime Interface (CRI)

• Fix fatal concurrency error in port forwarding (#​11306)

Node Resource Interface (NRI)

• Fix initial sync race when registering NRI plugins (#​11326)
• Add API support for reading Pod IPs (containerd/nri#119)
• Fix plugin sync to use multiple messages if ttrpc max message limit is hit (containerd/nri#111)
• Update API to pass configured timeouts to plugins. (containerd/nri#109)
• Fix mount removal in adjustments (containerd/nri#107)
• Close plugin if initial synchronization fails (containerd/nri#103)
• Add support for adjusting OOM score (containerd/nri#94)
• Add API support for NRI-native CDI injection (containerd/nri#98)
• Add support for pids cgroup (containerd/nri#76)

Runtime

• Fix console TTY leak in runc shim (#​11250)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Krisztian Litkey
• Mike Brown
• Samuel Karp
• Wei Fu
• Phil Estes
• Derek McGowan
• Iceber Gu
• Akhil Mohan
• Antonio Ojea
• Austin Vazquez
• Henry Wang
• Jin Dong
• Xiaojin Zhang
• ningmingxiao
• AbdelrahmanElawady
• Akihiro Suda
• Antti Kervinen
• Jing Xu
• Jitang Lei
• Justin Alvarez
• Lei Liu
• Maksym Pavlenko
• Yang Yang
• Yuhang Wei
• cormick
• jingtao.liang

Changes

24 commits

• Prepare release notes for v1.7.26 (#​11356)
  • ceba197f5 Prepare release notes for v1.7.26
• Upgrade x/net to 0.33.0 to fix vulnerability GHSA-w32m-9786-jp63 (#​11434)
  • 3486bc8dd Upgrade x/net to 0.33.0
• update build to go1.23.6, test go1.24.0 (#​11419)
  • 9025d3075 update build to go1.23.6, test go1.24.0
• Update install-imgcrypt to allow change install repo (#​11358)
  • 83eaab482 Update install-imgcrypt to allow change install repo
• Add support for syncfs after unpack (#​11267)
  • 8bc21cba7 support to syncfs after pull by using diff plugin
• Update runc binary to v1.2.5 (#​11395)
  • 27c472acf Update runc binary to v1.2.5
• Move run.skip-dirs to issues.exclude-dirs in golangci-lint config (#​11400)
  • 8d8034b66 move skip-dirs to issues.exclude-dirs
• Fix initial sync race when registering NRI plugins (#​11326)
  • 11af05177 cri,nri: block NRI plugin sync. during event processing.
  • d4036cd3d go.{mod,sum}: bump NRI to v0.8.0, re-vendor.
• Fix console TTY leak in runc shim (#​11250)
  • c3e24e024 Add integ test to check tty leak
  • 4e45a463d fix master tty leak due to leaking init container object
• Fix fatal concurrency error in port forwarding (#​11306)
  • 0fe9f0b52 fix fatal error: concurrent map iteration and map write
• update build to go1.22.11, test go1.23.5 (#​11298)
  • 441b92636 update build to go1.22.11, test go1.23.5

Changes from containerd/nri

77 commits

• Add API support for reading Pod IPs (containerd/nri#119)
  • eaf78a9 api: support Pod IPs
• generate: do not set OOMScoreAdj if no adjustment (containerd/nri#116)
• 07bfc18 wip: generate: add test for oom score adj
• b5fc359 generate: do not set OOMScoreAdj if no adjustment
• device-injector: remove unreachable code. (containerd/nri#115)
  • 235aa11 chore: remove unreachable code and fmt files
• Fix plugin sync to use multiple messages if ttrpc max message limit is hit (containerd/nri#111)
  • 159f575 template: dump pod/container count in sync message.
  • bf267e3 stub: collect/handle split sync messages.
  • ed78ae9 adaptation: use multiple sync messages if necessary.
  • 6fd59d6 api: add support for multiple sync messages.
  • a7fcccc mux: split oversized messages.
  • 5fe9b06 mux: fix maximum allowed message size.
  • 693d64e go.{mod,sum}, plugins: update ttrpc and NRI deps.
• Update API to pass configured timeouts to plugins. (containerd/nri#109)
  • 320e4e7 adaptation: tests for runtime version, timeouts.
  • f86d982 api,adaptation,stub: let plugin know configured timeouts.
  • cfcd2af Makefile: fix ginkgo-tests target.
  • 8cd9504 adaptation: block plugin sync/registration in test suite.
  • 966ac92 adaptation: implement plugin synchronization blocks.
• ci: verify that code generation works and results match (containerd/nri#113)
  • f74ce31 ci: verify code generation and generated files in repo
• deps: bump gingko to v2.19.1, golang to v1.21.x. (containerd/nri#110)
  • e4d5c36 ci: stop testing with golang 1.20.x.
  • 6578149 go.{mod,sum}: bump golang requirement to 1.21.
  • 442e812 go.{mod,sum}: update to ginkgo v2.19.1.
• sync sandboxes and containers after starting the pre-installed plugins (containerd/nri#43)
  • eada085 ignore pre-installed plugins that did not sync successfully
  • b881bc4 sync sandboxes and containers after starting the pre-installed plugins
• Fix mount removal in adjustments (containerd/nri#107)
  • 3880f1d adaptation: add test case for mount removal.
  • 0d3b376 adaptation: fix mount removal in adjustments.
• codespell: add codespell config, workflow, fix spelling errors. (containerd/nri#105)
  • df84c47 .github: add codespell workflow.
  • a03dc93 pkg,plugins,.codespellrc: add codespellrc, fix spelling.
• Close plugin if initial synchronization fails (containerd/nri#103)
  • 4aec208 adaptation: log plugin as connected and synchronized.
  • 4e60cd0 adaptation: close plugin if initial synchronization fails.
• Reset source path of api.pb.go to pkg/api/api.proto (containerd/nri#104)
  • 1cc026f Reset source path of api.pb.go to pkg/api/api.proto
• Add support for adjusting OOM score (containerd/nri#94)
  • efcb2da NRI plugins support adjust oom_score_adj
• Add API support for NRI-native CDI injection (containerd/nri#98)
  • 8783973 device-injector: clarify precedence of annotations.
  • 4eb7075 pkg/adaptation: fix grammatical mistakes in comments.
  • 4bd8da8 device-injector: add support for CDI injection.
  • 44773bd runtime-tools/generate: add support CDI injection.
  • 65282fe adaptation: add CDI device injection unit test.
  • 01f3b7a adaptation: add support for native CDI injection.
  • f1aa58f api: add support for native CDI device injection.
• types: Fix a typo (containerd/nri#101)
  • 8434439 types: Fix a typo
• Add support for pids cgroup (containerd/nri#76)
  • 1719502 support pids cgroup
• stub: support restart after stub stopped (containerd/nri#91)
  • 242661f stub: support re-start after stub stopped
• stop closed plugins that will be removed (containerd/nri#89)
  • ba398fa stop closed plugins that will be removed
• plugins/device-injector: fix a small typo in README.md. (containerd/nri#97)
  • f96a550 device-injector: small grammar fix in README.md.
• plugins/template: fix a typo in a comment. (containerd/nri#96)
  • 5680921 plugins/template: fix typo in a comment.
• go.{mod,sum}, .github: bump minimum golang version to 1.20. (containerd/nri#88)
  • 2c3608d .golangci.yml: silence dot-import errors for tests.
  • 8f56974 pkg/{adaptation,api,net,stub}: fix linter errors.
  • e863892 .github: bump golangci-lint to v1.58.0.
  • 674cb41 .github: bump setup-go to v5.
  • 9106283 .github: test with golang 1.20.x, 1.21.x, 1.22.3 in CI.
  • a9778ad plugins: bump golang version to 1.20.
  • 8e86065 go.{mod.sum}: bump golang version to 1.20.
• network device injector plugin (containerd/nri#82)
  • ff774e6 network device injector plugin
• Modify hook-injector plugin to monitor directories to match cri-o (containerd/nri#84)
  • 06841c2 Modify hook-injector plugin to monitor directories to match cri-o
• docs: fix broken link to sample plugins in README.md (containerd/nri#81)
  • 2791e93 docs: fix broken link to sample plugins in README.md

Changes from containerd/ttrpc

11 commits

• Add MD.Clone function (containerd/ttrpc#177)
  • 430f734 Add MD.Clone
• Fix race between serve and immediate shutdown on the server (containerd/ttrpc#175)
  • c4d96d5 server: fix Serve() vs. immediate Shutdown() race.
  • ed6c3ba server_test: add Serve()/Shutdown() race test.
• Reject oversized messages from the sender (containerd/ttrpc#171)
  • b5cd6e4 channel: allow discovery of overflown message size.
  • d8c00df channel_test: update oversize message test.
  • de273bf channel: reject oversized messages on the sender side.
• server_test: fix error message in TestOversizeCall. (containerd/ttrpc#170)
  • 84e1784 server_test: fix error message in TestOversizeCall.

Dependency Changes

• github.com/containerd/nri v0.6.1 -> v0.8.0
• github.com/containerd/ttrpc v1.2.5 -> v1.2.7
• github.com/go-logr/logr v1.3.0 -> v1.4.2
• golang.org/x/net v0.25.0 -> v0.33.0

Previous release can be found at v1.7.25

v1.7.25: containerd 1.7.25

Compare Source

Welcome to the v1.7.25 release of containerd!

The twenty-fifth patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Update runc binary to v1.2.4 (#​11238)
• Fix proto conflicts and update to 1.8 API (#​11184)

Container Runtime Interface (CRI)

• Fix ip_pref configuration option (#​11223)

Runtime

• Fix panic due to nil dereference cgroups v2 (#​11099)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Derek McGowan
• Sebastiaan van Stijn
• Wei Fu
• Maksym Pavlenko
• Akhil Mohan
• Henry Wang
• Jin Dong
• Phil Estes
• Sam Edwards
• Samuel Karp
• Brian Goff
• David Son
• Kohei Tokunaga
• Pierre Gimalac
• Yang Yang
• bo.jiang

Changes

32 commits

• Prepare release notes for v1.7.25 (#​11243)
  • bda53fc60 Prepare release notes for v1.7.25
• Update runc binary to v1.2.4 (#​11238)
  • d4a649130 update runc binary to v1.2.4
• Reduce shim plugin log level (#​11224)
  • 99c973791 runtime/v2: reduce shim plugin log
• Fix ip_pref configuration option (#​11223)
  • 0cfc1edf3 Fix "even if IPv4 comes first" test to have IPv4 first
  • 53d1fd0d9 Don't use To16() != nil to detect IPv6 addresses
• Add a build tag to disable std plugin import (#​11202) (#​11203)
  • 2b12ef2f4 chore: add a build tag to disable containerd plugin import
• bump github.com/containerd/continuity from 0.4.2 to 0.4.4 (#​11216)
  • b99091838 build(deps): bump github.com/containerd/continuity from 0.4.3 to 0.4.4
  • 9f48f7af0 build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.2
  • 79172ba16 go.mod: github.com/containerd/continuity v0.4.3
• deps: update golang.org/x/ (#​11178)
  • 2dfbe2c7c vendor: update golang.org/x/crypto dependencies
• Fix proto conflicts and update to 1.8 API (#​11184)
  • 3d7a50749 Replace use of deprecated api Envelope
  • 929e7bde6 Use api types over deprecated alias
  • 5a42503d1 Remove end of life api directory
  • c4069878e Update runtime/v2/runc/options to alias api type
  • 4d955223a Update to containerd api 1.8
  • efacd2ac7 Fix lint failures
• update runc binary to v1.2.3 (#​11143)
  • 957c31895 update runc binary to v1.2.3
• update build to go1.22.10, test go1.23.4 (#​11111)
  • 4c0db6ad6 update build to go1.22.10, test go1.23.4
• Fix panic due to nil dereference cgroups v2 (#​11099)
  • a40aa60a5 fix panic due to nil dereference cgroups v2
• Move rockylinux 9.4 to almalinux/9 in CI (#​11054)
  • b1ef1dda7 move rocky 9.4 to almalinux/9 in CI

Changes from containerd/continuity

40 commits

• go.mod: bump up (containerd/continuity#257)
  • 8ae2b5e Disable FUSE for FreeBSD
  • ef3b6f4 go.mod: bump up
• cmd/continuity/commands: MountCmd: remove macOS remnants (containerd/continuity#254)
  • 327ebdd cmd/continuity/commands: MountCmd: remove macOS remnants
• kind.String(): fix missing case statements for iota consts in switch (containerd/continuity#256)
  • 7d074e7 kind.String(): fix missing case statements for iota consts in switch
• go-fix: remove pre-go1.17 build-tags (containerd/continuity#252)
  • 433b975 go-fix: remove pre-go1.17 build-tags
• fs: properly handle ENOTSUP in copyXAttrs (containerd/continuity#245)
  • c494f3d fs: properly handle ENOTSUP in copyXAttrs
• gha: update CodeQL action to v3, run on go1.22 (containerd/continuity#251)
  • 3ca0c62 gha: update CodeQL action to v3, as v2 is deprecated
  • 1d06b76 gha: update CodeQL action to run on go1.22
• go.mod: prune indirect gopkg.in/yaml.v3 (containerd/continuity#250)
  • 3eb1ef4 cmd/continuity: tidy go.mod, go.sum
  • f0775b0 go.mod: prune indirect gopkg.in/yaml.v3
• gha: run CI on go1.22 (containerd/continuity#242)
  • f0f6869 gha: run CI on go1.22
• switch to github.com/containerd/log module (containerd/continuity#243)
  • 7d07d28 switch to github.com/containerd/log module
• Fix TestDiffDirChangeWithOverlayfs (also updates the CI to use Ubuntu 24.04) (containerd/continuity#249)
  • 97eff17 Fix TestDiffDirChangeWithOverlayfs
  • d934057 CI: use ubuntu-24.04
• fs: implement Atime for Windows (containerd/continuity#241)
  • 3cbda8c fs: implement Atime for Windows
• build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.33.0 (containerd/continuity#238)
  • 31a50de build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.33.0
• build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.33.0 in /cmd/continuity (containerd/continuity#237)
  • b3e10e6 build(deps): bump google.golang.org/protobuf in /cmd/continuity
• support filesystem magic for linux (containerd/continuity#239)
  • 8df9930 support filesystem magic for linux
• fs: add DiffDirChanges function to get changeset fast (containerd/continuity#145)
  • 8b312bd fs: add DiffDirChanges function to get changeset fast
• update golangci-lint to vl.55.0 (containerd/continuity#233)
  • e08b7e4 update golangci-lint to vl.55.0 , matching the version used by containerd
• Add type to iterate directory (containerd/continuity#229)
  • 5c2d1b4 Add type to itterate directory
• Substitute deprecated rand.Seed() in Go 1.20 (containerd/continuity#231)
  • 242e29e Substitute deprecated rand.Seed() in Go 1.20

Dependency Changes

• github.com/containerd/containerd/api v1.7.19 -> v1.8.0
• github.com/containerd/continuity v0.4.2 -> v0.4.4
• golang.org/x/crypto v0.21.0 -> v0.31.0
• golang.org/x/mod v0.12.0 -> v0.17.0
• golang.org/x/net v0.23.0 -> v0.25.0
• golang.org/x/sync v0.5.0 -> v0.10.0
• golang.org/x/sys v0.18.0 -> v0.28.0
• golang.org/x/term v0.18.0 -> v0.27.0
• golang.org/x/text v0.14.0 -> v0.21.0
• google.golang.org/genproto/googleapis/rpc 995d672 -> c3f9821
• google.golang.org/protobuf v1.33.0 -> v1.35.2

Previous release can be found at v1.7.24

v1.7.24: containerd 1.7.24

Compare Source

Welcome to the v1.7.24 release of containerd!

The twenty-fourth patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Update runc binary to 1.2.2 (#​11027)
• Fix "invalid metric type" error message for cgroup v1 (#​10814)

Container Runtime Interface (CRI)

• Update the container exit log to info level (#​11007)

Image Distribution

• Fix retry logic and concurrency issue with http fallback (#​11032)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Phil Estes
• Akhil Mohan
• Akihiro Suda
• Maksym Pavlenko
• Austin Vazquez
• Samuel Karp
• Benjamin Peterson
• Davanum Srinivas
• Iceber Gu
• Mike Brown
• Sebastiaan van Stijn
• Tõnis Tiigi
• ningmingxiao

Changes

36 commits

• Prepare release notes for v1.7.24 (#​11036)
  • 936f8e2de Prepare release notes for v1.7.24
• Update the container exit log to info level (#​11007)
  • 47ff8e2b6 add info of exited event
• Fix retry logic and concurrency issue with http fallback (#​11032)
  • 10af0d60f Adds a mutex to protect fallback host
  • e426ec51b Use unix and windows specific connection error checks
  • 49c9f303b Allow fallback across default ports
• local: avoid writing to content root on readonly store (#​10913)
  • ddf2b03ed local: avoid writing to content root on readonly store
• Update runc binary to 1.2.2 (#​11027)
  • 06e72da76 update runc binary to 1.2.2
• Revert "Disable vagrant strict dependency checking" (#​11011)
  • 23a31ce63 Revert "Disable vagrant strict dependency checking"
• testutil: avoid conflict with continuity/testutil (#​10956)
  • 4bd411f8c testutil: avoid conflict with continuity/testutil
• update cri-tools to v1.29.0 (#​10969)
  • 216dc892e update cri-tools to v1.29.0
• update build to go1.22.9, test go1.23.3 (#​10974)
  • 56a7d31cb update build to go1.22.9, test go1.23.3
• ci: disable marking 1.7 releases as latest (#​10962)
  • 205940716 ci: disable marking 1.7 releases as latest
• Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz (#​10976)
  • b7bb8d515 Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz
• backport: Disable vagrant strict dependency checking (#​10965)
  • 860a51384 Disable vagrant strict dependency checking
• Update runc binary to 1.2.1 (#​10940)
  • 710cd3716 update runc binary to 1.2.1
• services/snapshots: include name of snapshotter in debug logs (#​10931)
  • 5bd0834ce services/snapshots: include name of snapshotter in debug logs
• Make TestContainerPids more resilient (#​10936)
  • 455787bf8 Make TestContainerPids more resilient
• Add After=dbus.service to containerd.service (#​10859)
  • cb82e52a4 Add After=dbus.service to containerd.service
• Fix "invalid metric type" error message for cgroup v1 (#​10814)
  • d6f577843 metrics: Use UnmarshalTo instead of UnmarshalAny

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.7.23

v1.7.23: containerd 1.7.23

Compare Source

Welcome to the v1.7.23 release of containerd!

The twenty-third patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Add errdefs aliases (#​10792)
• Allow proxy plugins to have capabilities (#​10731)
• Revert errdefs package migration (#​10712)

Container Runtime Interface (CRI)

• Add check for CNI plugins before tearing down pod network (#​10767)

Image Distribution

• Fix the race condition during GC of snapshots when client retries (#​10763)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Austin Vazquez
• Phil Estes
• Akihiro Suda
• Samuel Karp
• Maksym Pavlenko
• Kern Walster
• Kir Kolyshkin
• Saket Jajoo
• Sameer
• Wei Fu
• Zou Nengren
• bo.jiang

Changes

37 commits

• Prepare release notes for v1.7.23 (#​10802)
  • 921f554af Prepare release notes for v1.7.23
• Revert "update runc binary to 1.1.15" (#​10826)
  • 8f16d6588 Revert "update runc binary to 1.1.15"
• Switch from actuated.dev to GH Action runners for arm64 (#​10822)
  • 41e8f24cd Switch from actuated.dev to GH Action runners for arm64
  • dd811f224 Update github actions ci to run on forks
• bump golangci/golangci-lint-action from 4 to 6 (#​10813)
  • 284484af4 bump golangci/golangci-lint-action from 4 to 6
• update to go1.23.2,go1.22.8 (#​10808)
  • 814c59ba5 update to go1.23.2,go1.22.8
• prow: allow ENABLE_CRI_SANDBOXES to be configured (#​10801)
  • ae11176fa prow: allow ENABLE_CRI_SANDBOXES to be configured
• TestNewBinaryIOCleanup: fix a comment, minor rewrite (#​10776)
  • 7fd794a7c TestNewBinaryIOCleanup: fix a comment, minor rewrite
• Add errdefs aliases (#​10792)
  • 0714a2952 Add errdefs aliases
• Update runc binary to 1.1.15 (#​10794)
  • 113a9f1fc update runc binary to 1.1.15
• Update runner images to macOS13 (#​10783)
  • 5305b03f2 Update runner images to macOS13
• Allow proxy plugins to have capabilities (#​10731)
  • 950740390 Allow proxy plugins to have capabilities
• Bump crun to 1.16.1 (#​10774)
  • e8aae7824 Bump crun to 1.16
  • ee1c39b79 CI: bump up crun to 1.15
• Fix the race condition during GC of snapshots when client retries (#​10763)
  • cb5e6a01a Fix the race condition during GC of snapshots when client retries
• Add check for CNI plugins before tearing down pod network (#​10767)
  • 278bd0f72 [release/1.7] Add check for CNI plugins before tearing down pod network
• Revert errdefs package migration (#​10712)
  • 18403239e Synchronize 1.7 error package with errdefs
  • d8d27205b Revert "migrate errdefs package to github.com/containerd/errdefs module"

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[redhat-renovate-bot]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go mod tidy
go: downloading github.com/github-release/github-release v0.10.0
go: downloading github.com/operator-framework/operator-sdk v1.12.0
go: downloading golang.org/x/tools v0.26.0
go: downloading sigs.k8s.io/controller-tools v0.6.0
go: downloading github.com/stretchr/testify v1.10.0
go: downloading github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
go: downloading github.com/dustin/go-humanize v1.0.1
go: downloading github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2
go: downloading github.com/kevinburke/rest v0.0.0-20210506044642-5611499aa33c
go: downloading github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
go: downloading github.com/gobuffalo/flect v0.2.2
go: downloading go.uber.org/goleak v1.3.0
go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
go: downloading github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399
go: downloading github.com/go-logr/zapr v1.3.0
go: downloading go.uber.org/zap v1.27.0
go: downloading github.com/elazarl/goproxy v1.2.1
go: downloading github.com/gliderlabs/ssh v0.3.8
go: downloading github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
go: downloading github.com/onsi/ginkgo v1.16.5
go: downloading github.com/vishvananda/netlink v1.3.1-0.20250206174618-62fb240731fa
go: downloading github.com/kr/pretty v0.3.1
go: downloading github.com/krolaw/dhcp4 v0.0.0-20180925202202-7cead472c414
go: downloading github.com/insomniacslk/dhcp v0.0.0-20230908212754-65c27093e38a
go: downloading github.com/go-openapi/spec v0.20.3
go: downloading github.com/go-openapi/strfmt v0.20.0
go: downloading github.com/go-openapi/validate v0.20.2
go: downloading github.com/kr/text v0.2.0
go: downloading github.com/rogpeppe/go-internal v1.12.0
go: downloading github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be
go: downloading github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
go: downloading github.com/go-openapi/errors v0.19.9
go: downloading github.com/mitchellh/mapstructure v1.5.0
go: downloading go.mongodb.org/mongo-driver v1.8.4
go: downloading go.uber.org/multierr v1.11.0
go: downloading github.com/sirupsen/logrus v1.9.3
go: downloading github.com/vishvananda/netns v0.0.4
go: downloading github.com/operator-framework/java-operator-plugins v0.0.0-20210708174638-463fb91f3d5e
go: downloading github.com/spf13/viper v1.8.1
go: downloading sigs.k8s.io/kubebuilder/v3 v3.0.0-alpha.0.0.20210803185103-51e4a9aa5055
go: downloading golang.org/x/mod v0.21.0
go: downloading github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923
go: downloading github.com/operator-framework/api v0.10.5
go: downloading github.com/spf13/afero v1.10.0
go: downloading github.com/iancoleman/strcase v0.3.0
go: downloading helm.sh/helm/v3 v3.17.3
go: downloading github.com/hashicorp/hcl v1.0.0
go: downloading github.com/magiconair/properties v1.8.5
go: downloading github.com/pelletier/go-toml v1.9.5
go: downloading github.com/spf13/cast v1.7.0
go: downloading github.com/spf13/jwalterweatherman v1.1.0
go: downloading github.com/subosito/gotenv v1.2.0
go: downloading gopkg.in/ini.v1 v1.62.0
go: downloading github.com/go-openapi/analysis v0.20.0
go: downloading github.com/go-openapi/loads v0.20.2
go: downloading github.com/go-openapi/runtime v0.19.24
go: downloading golang.org/x/sync v0.12.0
go: downloading github.com/operator-framework/operator-registry v1.17.4
go: downloading github.com/josharian/native v1.1.0
go: downloading github.com/pierrec/lz4/v4 v4.1.18
go: downloading github.com/blang/semver/v4 v4.0.0
go: downloading github.com/thoas/go-funk v0.8.0
go: downloading github.com/nxadm/tail v1.4.8
go: downloading github.com/frankban/quicktest v1.14.6
go: downloading github.com/smartystreets/goconvey v1.6.4
go: downloading github.com/cloudflare/cfssl v1.5.0
go: downloading sigs.k8s.io/kustomize/kyaml v0.13.3
go: downloading github.com/Masterminds/semver/v3 v3.3.0
go: downloading github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24
go: downloading github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
go: downloading github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
go: downloading github.com/xeipuuv/gojsonschema v1.2.0
go: downloading k8s.io/cli-runtime v0.31.0
go: downloading github.com/fatih/structtag v1.1.0
go: downloading github.com/markbates/inflect v1.0.4
go: downloading gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
go: downloading github.com/docker/distribution v2.8.2+incompatible
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/containerd/containerd v1.7.27
go: downloading github.com/docker/cli v25.0.1+incompatible
go: downloading github.com/docker/docker v25.0.6+incompatible
go: downloading github.com/opencontainers/image-spec v1.0.2
go: downloading go.etcd.io/bbolt v1.3.11
go: downloading github.com/otiai10/copy v1.2.0
go: downloading github.com/Masterminds/sprig/v3 v3.3.0
go: downloading github.com/gosuri/uitable v0.0.4
go: downloading github.com/jtolds/gls v4.20.0+incompatible
go: downloading github.com/smartystreets/assertions v1.0.1
go: downloading github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d
go: downloading github.com/bshuster-repo/logrus-logstash-hook v1.0.2
go: downloading github.com/bugsnag/bugsnag-go v1.5.3
go: downloading github.com/gorilla/handlers v1.5.1
go: downloading github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7
go: downloading github.com/docker/go-metrics v0.0.1
go: downloading github.com/yvasiyarov/gorelic v0.0.7
go: downloading oras.land/oras-go v1.2.5
go: downloading github.com/foxcpp/go-mockdns v1.1.0
go: downloading github.com/hashicorp/go-multierror v1.1.1
go: downloading github.com/zmap/zlint/v2 v2.2.1
go: downloading github.com/google/certificate-transparency-go v1.0.21
go: downloading github.com/google/cel-go v0.22.0
go: downloading github.com/go-stack/stack v1.8.0
go: downloading k8s.io/component-base v0.31.0
go: downloading github.com/go-errors/errors v1.4.2
go: downloading github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00
go: downloading github.com/xlab/treeprint v1.2.0
go: downloading github.com/gobuffalo/envy v1.7.1
go: downloading github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415
go: downloading sigs.k8s.io/kustomize/api v0.11.1
go: downloading gotest.tools/v3 v3.5.1
go: downloading gotest.tools v2.2.0+incompatible
go: downloading github.com/docker/docker-credential-helpers v0.7.0
go: downloading github.com/h2non/filetype v1.1.1
go: downloading github.com/h2non/go-is-svg v0.0.0-20160927212452-35e8c4b0612c
go: downloading github.com/joelanford/ignore v0.0.0-20210607151042-0d25dc18b62d
go: downloading github.com/golang-migrate/migrate/v4 v4.6.2
go: downloading github.com/mattn/go-sqlite3 v1.10.0
go: downloading github.com/otiai10/mint v1.3.1
go: downloading github.com/Masterminds/squirrel v1.5.4
go: downloading github.com/jmoiron/sqlx v1.4.0
go: downloading github.com/lib/pq v1.10.9
go: downloading github.com/rubenv/sql-migrate v1.7.1
go: downloading github.com/DATA-DOG/go-sqlmock v1.5.2
go: downloading github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de
go: downloading github.com/moby/term v0.5.0
go: downloading github.com/Microsoft/hcsshim v0.11.7
go: downloading github.com/containerd/continuity v0.4.4
go: downloading github.com/containerd/log v0.1.0
go: downloading github.com/moby/sys/sequential v0.5.0
go: downloading github.com/moby/sys/userns v0.1.0
go: downloading github.com/klauspost/compress v1.16.7
go: downloading github.com/gorilla/mux v1.8.0
go: downloading github.com/containerd/errdefs v0.3.0
go: downloading github.com/containerd/platforms v0.2.1
go: downloading github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c
go: downloading github.com/gomodule/redigo v1.8.2
go: downloading github.com/containerd/containerd/api v1.8.0
go: downloading github.com/containerd/ttrpc v1.2.7
go: downloading github.com/containerd/typeurl/v2 v2.1.1
go: downloading github.com/containerd/typeurl v1.0.2
go: downloading github.com/moby/locker v1.0.1
go: downloading github.com/opencontainers/runtime-spec v1.2.0
go: downloading github.com/shopspring/decimal v1.4.0
go: downloading github.com/gopherjs/gopherjs v0.0.0-20191106031601-ce3c9ade29de
go: downloading github.com/yvasiyarov/go-metrics v0.0.0-20150112132944-c25f46c4b940
go: downloading github.com/yvasiyarov/newrelic_platform_go v0.0.0-20160601141957-9c099fbc30e9
go: downloading github.com/felixge/httpsnoop v1.0.4
go: downloading github.com/miekg/dns v1.1.57
go: downloading github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading github.com/docker/go-connections v0.5.0
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7
go: downloading github.com/googleapis/gnostic v0.5.5
go: downloading go.opentelemetry.io/otel/trace v1.28.0
go: downloading github.com/stretchr/objx v0.5.2
go: downloading rsc.io/letsencrypt v0.0.3
go: downloading github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79
go: downloading go.opentelemetry.io/otel v1.28.0
go: downloading github.com/peterbourgon/diskv v2.0.1+incompatible
go: downloading github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
go: downloading github.com/joho/godotenv v1.3.0
go: downloading github.com/bugsnag/panicwrap v1.2.0
go: downloading github.com/gofrs/uuid v4.0.0+incompatible
go: downloading cel.dev/expr v0.18.0
go: downloading github.com/lann/builder v0.0.0-20180802200727-47ae307949d0
go: downloading github.com/go-sql-driver/mysql v1.8.1
go: downloading github.com/creack/pty v1.1.18
go: downloading github.com/go-gorp/gorp/v3 v3.1.0
go: downloading github.com/moby/sys/mountinfo v0.7.2
go: downloading github.com/hashicorp/golang-lru v0.5.4
go: downloading google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0
go: downloading github.com/chai2010/gettext-go v1.0.2
go: downloading github.com/MakeNowJust/heredoc v1.0.0
go: downloading github.com/mitchellh/go-wordwrap v1.0.1
go: downloading github.com/russross/blackfriday/v2 v2.1.0
go: downloading github.com/zmap/zcrypto v0.0.0-20200911161511-43ff0ea04f21
go: downloading github.com/stoewer/go-strcase v1.3.0
go: downloading sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0
go: downloading github.com/pierrec/lz4 v2.0.5+incompatible
go: downloading go.opentelemetry.io/otel/sdk v1.28.0
go: downloading github.com/garyburd/redigo v1.6.0
go: downloading github.com/google/btree v1.0.1
go: downloading github.com/antlr4-go/antlr/v4 v4.13.0
go: downloading github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0
go: downloading github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161
go: downloading github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0
go: downloading github.com/poy/onpar v1.1.2
go: downloading filippo.io/edwards25519 v1.1.0
go: downloading go.opentelemetry.io/otel/metric v1.28.0
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading go.opentelemetry.io/proto/otlp v1.3.1
go: downloading github.com/weppos/publicsuffix-go v0.13.0
go: downloading github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
go: downloading go.opencensus.io v0.24.0
go: downloading github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
go: downloading go.etcd.io/etcd/client/pkg/v3 v3.5.16
go: downloading go.etcd.io/etcd/client/v3 v3.5.16
go: downloading go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738
go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0
go: downloading github.com/cenkalti/backoff/v4 v4.3.0
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0
go: downloading go.opentelemetry.io/contrib v0.20.0
go: downloading github.com/containerd/cgroups v1.1.0
go: downloading go.etcd.io/etcd/api/v3 v3.5.16
go: downloading go.starlark.net v0.0.0-20230525235612-a134d8f9ddca
go: downloading github.com/distribution/reference v0.6.0
go: downloading github.com/coreos/go-systemd/v22 v22.5.0
go: downloading github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e
go: finding module for package github.com/Microsoft/go-winio/pkg/bindfilter
go: github.com/kubevirt/cluster-network-addons-operator imports
	github.com/operator-framework/operator-sdk/cmd/operator-sdk imports
	github.com/operator-framework/operator-sdk/internal/cmd/operator-sdk/cli imports
	github.com/operator-framework/operator-sdk/internal/cmd/operator-sdk/bundle imports
	github.com/operator-framework/operator-sdk/internal/cmd/operator-sdk/bundle/validate imports
	github.com/operator-framework/operator-registry/pkg/image/containerdregistry imports
	github.com/containerd/containerd/metadata imports
	github.com/containerd/containerd/mount imports
	github.com/Microsoft/go-winio/pkg/bindfilter: module github.com/Microsoft/go-winio@latest found (v0.6.2, replaced by github.com/Microsoft/go-winio@v0.4.17), but does not contain package github.com/Microsoft/go-winio/pkg/bindfilter

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign oshoval for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[kubevirt-bot]

@redhat-renovate-bot: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-e2e-cluster-network-addons-operator-kubemacpool-functests	d3abcda	link	true	/test pull-e2e-cluster-network-addons-operator-kubemacpool-functests
pull-e2e-cluster-network-addons-operator-ovs-cni-functests	d3abcda	link	true	/test pull-e2e-cluster-network-addons-operator-ovs-cni-functests
pull-e2e-cluster-network-addons-operator-macvtap-cni-functests	d3abcda	link	true	/test pull-e2e-cluster-network-addons-operator-macvtap-cni-functests
pull-e2e-cluster-network-addons-operator-br-marker-functests	d3abcda	link	true	/test pull-e2e-cluster-network-addons-operator-br-marker-functests
pull-e2e-cluster-network-addons-operator-lifecycle-k8s	d3abcda	link	true	/test pull-e2e-cluster-network-addons-operator-lifecycle-k8s
pull-e2e-cluster-network-addons-operator-workflow-k8s-s390x	d3abcda	link	false	/test pull-e2e-cluster-network-addons-operator-workflow-k8s-s390x
pull-e2e-cluster-network-addons-operator-multus-functests	d3abcda	link	true	/test pull-e2e-cluster-network-addons-operator-multus-functests
pull-e2e-cnao-kube-secondary-dns-functests	d3abcda	link	true	/test pull-e2e-cnao-kube-secondary-dns-functests
pull-e2e-cnao-multus-dynamic-networks-functests	d3abcda	link	true	/test pull-e2e-cnao-multus-dynamic-networks-functests
pull-e2e-cluster-network-addons-operator-workflow-k8s	d3abcda	link	true	/test pull-e2e-cluster-network-addons-operator-workflow-k8s
pull-e2e-cluster-network-addons-operator-monitoring-k8s	d3abcda	link	true	/test pull-e2e-cluster-network-addons-operator-monitoring-k8s
pull-cluster-network-addons-operator-unit-test	d3abcda	link	true	/test pull-cluster-network-addons-operator-unit-test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[oshoval]

⚠️ Artifact update problem

Hi @ksimon1
Maybe worth to consider please, if possible, not opening such PRs ?
they are broken on arrival
Thanks