[WIP][release/1.5] sync 1.5 branch go.mod with main / update runc v1.0.0#5638
[WIP][release/1.5] sync 1.5 branch go.mod with main / update runc v1.0.0#5638dims wants to merge 3 commits intocontainerd:release/1.5from
Conversation
|
Skipping CI for Draft Pull Request. |
Signed-off-by: Davanum Srinivas <[email protected]>
dims
force-pushed
the
sync-go-mod-from-main
branch
from
e5ca35e to
d045c10
Compare
|
/test all |
|
@dims: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
dims
changed the title
Signed-off-by: Davanum Srinivas <[email protected]>
dims
changed the title
Signed-off-by: Davanum Srinivas <[email protected]>
|
Build succeeded.
|
|
Build succeeded.
|
thaJeztah
left a comment
thaJeztah
left a comment
There was a problem hiding this comment.
Unless there's an important change in any of these that affects containerd, I'd rather keep this for v1.6. This is a huge diff in dependencies, and no changes in the runc code (except for removing dead code for windows, and some minor linting issues).
We keep release branches, so that we can backport specific (focussed) fixes, without having to include other changes from the main branch.
This will also be updating to a new major version, so we should be careful picking this, unless we have a specific reason to update the dependency (I think this is coming in because this PR updates runc v1.0.0-rc95, but we only use a single package (
libcontainer/userfrom runc), so we should no longer have a need to update it, unless there were changes in that package
I'm a bit cautious with some of the updates; we should be careful updating these in a patch release if there's no specific reason to require these changes. Especially with go modules, updating the version here will also force any consumer of containerd go module to update their dependencies to these newer versions, so there's a risk that containerd itself is not affected by the updated version (it may not be using the code), but consumers of containerd may be, and will now be forced to accept (possibly breaking) changes.
|
I agree with @thaJeztah. We should not update dependencies during patch releases except CVEs, to make patch releases safer for clients. |
|
+1 @kzys @thaJeztah |
4 participants
Signed-off-by: Davanum Srinivas [email protected]