Skip to content

chore: release 2.18.3#10042

Merged
ChrisGe4 merged 6 commits intoGoogleContainerTools:release/v2.18from
ChrisGe4:cherrypick
Apr 8, 2026
Merged

chore: release 2.18.3#10042
ChrisGe4 merged 6 commits intoGoogleContainerTools:release/v2.18from
ChrisGe4:cherrypick

Conversation

@ChrisGe4
Copy link
Copy Markdown
Contributor

@ChrisGe4 ChrisGe4 commented Apr 7, 2026

Fixes: #nnn
Related: Relevant tracking issues, for context
Merge before/after: Dependent or prerequisite PRs

Description

User facing changes (remove if N/A)

Follow-up Work (remove if N/A)

dependabot Bot added 6 commits April 7, 2026 18:07
…tainerTools#10028)

Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.28.0 to 0.28.1.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.28.0...v0.28.1)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-version: 0.28.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 357f3a2)
…ContainerTools#10032)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.17.0 to 5.17.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.17.0...v5.17.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.17.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit fdf5579)
…mples/grpc-e2e-tests/service (GoogleContainerTools#10038)

chore: bump github.com/go-jose/go-jose/v4

Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](go-jose/go-jose@v4.1.3...v4.1.4)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit b7d1897)
…ContainerTools#10037)

Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](go-jose/go-jose@v4.1.3...v4.1.4)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 2db86cf)
…backend (GoogleContainerTools#10036)

chore: bump rack in /integration/examples/ruby/backend

Bumps [rack](https://github.com/rack/rack) from 2.2.22 to 2.2.23.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@v2.2.22...v2.2.23)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 2.2.23
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 501d6a5)
…gleContainerTools#10035)

Bumps [rack](https://github.com/rack/rack) from 2.2.22 to 2.2.23.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@v2.2.22...v2.2.23)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 2.2.23
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 4363f11)
@ChrisGe4 ChrisGe4 marked this pull request as ready for review April 7, 2026 22:14
@ChrisGe4 ChrisGe4 requested a review from a team as a code owner April 7, 2026 22:14
@ChrisGe4 ChrisGe4 requested a review from menahyouyeah April 7, 2026 22:16
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates several dependencies, including go-git, go-jose, buildkit, and patternmatcher, and includes several bug fixes and improvements in the vendor directory, specifically addressing index file decoding, V4 index name compression, and JWE key decryption safety. I have reviewed the changes and provided a suggestion to simplify the padding calculation logic in the index decoder for better readability.

Comment on lines 231 to +233
entrySize := read + len(e.Name)
padLen := 8 - entrySize%8
_, err := io.CopyN(io.Discard, d.r, int64(padLen))
return err
padLen -= nameConsumed - len(e.Name)
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The logic for calculating the padding length is functionally correct but difficult to follow. It can be simplified for better readability and maintainability by directly calculating the padding based on the total bytes consumed so far.

Suggested change
entrySize := read + len(e.Name)
padLen := 8 - entrySize%8
_, err := io.CopyN(io.Discard, d.r, int64(padLen))
return err
padLen -= nameConsumed - len(e.Name)
consumed := read + nameConsumed
// The entry is padded with one or more NULs to align to an 8-byte boundary.
padLen := 8 - (consumed % 8)

@ChrisGe4 ChrisGe4 merged commit 122e791 into GoogleContainerTools:release/v2.18 Apr 8, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants