Skip to content

Bump github.com/containers/buildah from 1.42.0 to 1.43.2#385

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/containers/buildah-1.43.2
Open

Bump github.com/containers/buildah from 1.42.0 to 1.43.2#385
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/containers/buildah-1.43.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/containers/buildah from 1.42.0 to 1.43.2.

Release notes

Sourced from github.com/containers/buildah's releases.

v1.43.2

What's Changed

Notable changes

Full Changelog: podman-container-tools/buildah@v1.43.1...v1.43.2

v1.43.1

What's Changed

Notable changes

Full Changelog: podman-container-tools/buildah@v1.43.0...v1.43.1

v1.43.0

What's Changed

Notable changes

Full Changelog: podman-container-tools/buildah@v1.42.2...v1.43.0

v1.42.2

What's Changed

Notable changes

Full Changelog: podman-container-tools/buildah@v1.42.1...v1.42.2

... (truncated)

Changelog

Sourced from github.com/containers/buildah's changelog.

v1.43.2 (2026-05-29)

Bump opencontainers/cgroups to v0.0.6
bud with ADD with git repository source integration test: go local
Add changes to tests/serve/serve.go from 68b29e6
Add bare-podman-repo.tar.gz for testing
TEMPORARY: Skip a newly-added test
Revert urlsource changes in define/types.go
Restore the previous TempDirForURL API
TempDirForURL: return absolute context path instead of relative subdir
TempDirForURL: refactor if-chain into switch statement
Prevent symlink-based path traversal in build contexts
tests: remove dependencies on online apt repositories
Cite go module change

v1.43.1 (2026-04-07)

[release-1.43] Bump c/common v0.67.1, c/image v5.39.2
update module github.com/go-jose/go-jose/v4 to v4.1.4 [security]
ignore ErrLayerUnknown in cache lookup
fix setting of gid
fix call to chown

v1.43.0 (2026-02-05)

[release-1.43] Bump common 0.67.0, image 5.39.1, storage 1.62.0
[release-1.43] Bump dest branch in cirrus to 1.43
fix(build): make --tag oci-archive:xxx.tar work with simple images
test: do not untar archive into fs when checking file names
tests: use cached images instead of fedoraproject.org
chroot.bats(chroot with overlay root): ensure we can overlay
Run: don't try to encode SystemContext with json

v1.42.2 (2025-12-02)

[release-1.42] Bump runc to v1.3.4

v1.42.1 (2025-11-06)

[release-1.42] bump runc to v1.3.3 - CVE-2025-52881
RPM: build with sequoia on F43+
Commits
  • d7efdbc Bump to Buildah v1.43.2
  • f7d3bdb Bump opencontainers/cgroups to v0.0.6
  • e647894 bud with ADD with git repository source integration test: go local
  • 74f93b9 Add changes to tests/serve/serve.go from 68b29e6
  • 1fd9e91 Add bare-podman-repo.tar.gz for testing
  • 851f1f6 TEMPORARY: Skip a newly-added test
  • c5cef27 Revert urlsource changes in define/types.go
  • a419fc4 Restore the previous TempDirForURL API
  • f1ef762 TempDirForURL: return absolute context path instead of relative subdir
  • 0d4633d TempDirForURL: refactor if-chain into switch statement
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump github.com/containers/buildah from 1.42.0 to 1.43.2
65ff70d 
Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.42.0 to 1.43.2.
- [Release notes](https://github.com/containers/buildah/releases)
- [Changelog](https://github.com/podman-container-tools/buildah/blob/v1.43.2/CHANGELOG.md)
- [Commits](podman-container-tools/buildah@v1.42.0...v1.43.2)

---
updated-dependencies:
- dependency-name: github.com/containers/buildah
  dependency-version: 1.43.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants