Skip to content

chore: release 2.18.3#10042

Merged
ChrisGe4 merged 6 commits intoGoogleContainerTools:release/v2.18from
ChrisGe4:cherrypick
Apr 8, 2026
Merged

chore: release 2.18.3#10042
ChrisGe4 merged 6 commits intoGoogleContainerTools:release/v2.18from
ChrisGe4:cherrypick

Conversation

@ChrisGe4
Copy link
Copy Markdown
Contributor

@ChrisGe4 ChrisGe4 commented Apr 7, 2026

Fixes: #nnn
Related: Relevant tracking issues, for context
Merge before/after: Dependent or prerequisite PRs

Description

User facing changes (remove if N/A)

Follow-up Work (remove if N/A)

dependabot Bot added 6 commits April 7, 2026 18:07
@dependabot @ChrisGe4
chore: bump github.com/moby/buildkit from 0.28.0 to 0.28.1 (GoogleCon…
4f158fa 
…tainerTools#10028)

Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.28.0 to 0.28.1.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.28.0...v0.28.1)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-version: 0.28.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 357f3a2)
@dependabot @ChrisGe4
chore: bump github.com/go-git/go-git/v5 from 5.17.0 to 5.17.1 (Google…
95a78d3 
…ContainerTools#10032)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.17.0 to 5.17.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.17.0...v5.17.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.17.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit fdf5579)
@dependabot @ChrisGe4
chore: bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /exa…
399d528 
…mples/grpc-e2e-tests/service (GoogleContainerTools#10038)

chore: bump github.com/go-jose/go-jose/v4

Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](go-jose/go-jose@v4.1.3...v4.1.4)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit b7d1897)
@dependabot @ChrisGe4
chore: bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (Google…
1e62c3e 
…ContainerTools#10037)

Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](go-jose/go-jose@v4.1.3...v4.1.4)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 2db86cf)
@dependabot @ChrisGe4
chore: bump rack from 2.2.22 to 2.2.23 in /integration/examples/ruby/…
8c71a16 
…backend (GoogleContainerTools#10036)

chore: bump rack in /integration/examples/ruby/backend

Bumps [rack](https://github.com/rack/rack) from 2.2.22 to 2.2.23.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@v2.2.22...v2.2.23)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 2.2.23
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 501d6a5)
@dependabot @ChrisGe4
chore: bump rack from 2.2.22 to 2.2.23 in /examples/ruby/backend (Goo…
6a5839d 
…gleContainerTools#10035)

Bumps [rack](https://github.com/rack/rack) from 2.2.22 to 2.2.23.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@v2.2.22...v2.2.23)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 2.2.23
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 4363f11)
@ChrisGe4 ChrisGe4 marked this pull request as ready for review April 7, 2026 22:14
@ChrisGe4 ChrisGe4 requested a review from a team as a code owner April 7, 2026 22:14
@ChrisGe4 ChrisGe4 requested a review from menahyouyeah April 7, 2026 22:16
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates several dependencies, including go-git, go-jose, buildkit, and patternmatcher, and includes several bug fixes and improvements in the vendor directory, specifically addressing index file decoding, V4 index name compression, and JWE key decryption safety. I have reviewed the changes and provided a suggestion to simplify the padding calculation logic in the index decoder for better readability.

Comment thread vendor/github.com/go-git/go-git/v5/plumbing/format/index/decoder.go
Comment on lines 231 to +233
entrySize := read + len(e.Name)
padLen := 8 - entrySize%8
_, err := io.CopyN(io.Discard, d.r, int64(padLen))
return err
padLen -= nameConsumed - len(e.Name)
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The logic for calculating the padding length is functionally correct but difficult to follow. It can be simplified for better readability and maintainability by directly calculating the padding based on the total bytes consumed so far.

Suggested change
entrySize := read + len(e.Name)
padLen := 8 - entrySize%8
_, err := io.CopyN(io.Discard, d.r, int64(padLen))
return err
padLen -= nameConsumed - len(e.Name)
consumed := read + nameConsumed
// The entry is padded with one or more NULs to align to an 8-byte boundary.
padLen := 8 - (consumed % 8)

@ChrisGe4 ChrisGe4 merged commit 122e791 into GoogleContainerTools:release/v2.18 Apr 8, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattsanta mattsanta mattsanta approved these changes

@menahyouyeah menahyouyeah Awaiting requested review from menahyouyeah

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@menahyouyeah menahyouyeah

Labels

size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ChrisGe4 @mattsanta @menahyouyeah