⬆️ Bump sigs.k8s.io/kind from 0.28.0 to 0.29.0

[dependabot]

Bumps sigs.k8s.io/kind from 0.28.0 to 0.29.0.

Release notes

Sourced from sigs.k8s.io/kind's releases.

v0.29.0

This is a quick security release to pickup the containerd 2.1.1 CVE-2025-47290 fix. See v0.28.0 (release days ago!) for full release notes with recent changes: https://github.com/kubernetes-sigs/kind/releases/tag/v0.28.0

The default node image is now kindest/node:v1.33.1@sha256:050072256b9a903bd914c0b2866828150cb229cea0efe5892e2b644d5dd3b34f

• Updated to containerd 2.1.1

Images pre-built for this release:

• v1.33.1: kindest/node:v1.33.1@sha256:050072256b9a903bd914c0b2866828150cb229cea0efe5892e2b644d5dd3b34f
• v1.32.5: kindest/node:v1.32.5@sha256:e3b2327e3a5ab8c76f5ece68936e4cafaa82edf58486b769727ab0b3b97a5b0d
• v1.31.9: kindest/node:v1.31.9@sha256:b94a3a6c06198d17f59cca8c6f486236fa05e2fb359cbd75dabbfc348a10b211
• v1.30.13: kindest/node:v1.30.13@sha256:397209b3d947d154f6641f2d0ce8d473732bd91c87d9575ade99049aa33cd648

NOTE: You must use the @sha256 digest to guarantee an image built for this release, until such a time as we switch to a different tagging scheme. Even then we will highly encourage digest pinning for security and reproducibility reasons.

See also:

• https://kind.sigs.k8s.io/docs/user/quick-start/#creating-a-cluster
• https://kind.sigs.k8s.io/docs/user/quick-start/#building-images

NOTE: These node images support amd64 and arm64, both of our supported platforms. You must use the same platform as your host, for more context see kubernetes-sigs/kind#2718

• Fixes containerd CVE-2025-47290 / GHSA-cm76-qm8v-3j95

Committers for this release:

• @​BenTheElder
• @​k8s-ci-robot
• @​stmcginnis

(Please see v0.28.0 https://github.com/kubernetes-sigs/kind/releases/tag/v0.28.0#Contributors)

Commits

• 200b3aa version v0.29.0
• 05fd094 Merge pull request #3937 from BenTheElder/ctr211
• d4708af switch to promoted v1.33.1 with containerd 2.1.1 node image
• 64430da use staging node image
• 06a0fce bump base image
• 31a79fd upgrade containerd to 2.1.1
• 9eb6105 Merge pull request #3934 from stmcginnis/release-028
• d8045c8 Update docs for v0.28.0
• 65d4298 version v0.29.0-alpha
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)