Skip to content

Bump dependencies to latest versions#349

Merged
openshift-merge-bot[bot] merged 1 commit intocri-o:mainfrom
saschagrunert:bump-dependencies
Mar 29, 2026
Merged

Bump dependencies to latest versions#349
openshift-merge-bot[bot] merged 1 commit intocri-o:mainfrom
saschagrunert:bump-dependencies

Conversation

@saschagrunert
Copy link
Copy Markdown
Member

@saschagrunert saschagrunert commented Mar 23, 2026
edited by coderabbitai Bot
Loading

What type of PR is this?

/kind dependency-change

What this PR does / why we need it:

Bumps all outdated dependencies to their latest versions:

  • shellcheck: v0.10.0 -> v0.11.0
  • shfmt: v3.11.0 -> v3.13.0
  • krel: v0.18.0 -> v0.20.1
  • osc: 1.16.0 -> 1.25.0
  • oras: 1.3.0 -> 1.3.1
  • cni-plugins: v1.8.0 -> v1.9.1
  • conmon: v2.1.13 -> v2.2.1
  • conmon-rs: v0.7.3 -> v0.8.0
  • runc: v1.4.0 -> v1.4.1
  • crun: 1.25.1 -> 1.26
  • debian-base: bookworm-v1.0.4 -> bookworm-v1.0.7

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

Does this PR introduce a user-facing change?

None

Summary by CodeRabbit

  • Chores
    • Updated multiple tool and component versions to their latest stable releases, including development tools, container runtime components, and base images.

@openshift-ci openshift-ci Bot added kind/dependency-change Categorizes issue or PR as related to changing dependencies release-note-none labels Mar 23, 2026
@openshift-ci openshift-ci Bot requested review from QiWang19 and hasan4791 March 23, 2026 08:50
@openshift-ci openshift-ci Bot added the dco-signoff: yes Indicates the PR's author has DCO signed all their commits. label Mar 23, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Mar 23, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Mar 23, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 23, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 385c3ee4-6624-4158-bcd3-87af4492a826

📥 Commits

Reviewing files that changed from the base of the PR and between 1233595 and 23dcb83.

📒 Files selected for processing (6)
  • .github/workflows/obs.yml
  • Makefile
  • dependencies.yaml
  • scripts/helpers
  • templates/latest/cri-o/bundle/versions
  • test/testdata/container.json
✅ Files skipped from review due to trivial changes (6)
  • test/testdata/container.json
  • .github/workflows/obs.yml
  • Makefile
  • dependencies.yaml
  • templates/latest/cri-o/bundle/versions
  • scripts/helpers
📝 Walkthrough

Walkthrough

This pull request updates multiple dependency and tool versions across configuration files, build scripts, and bundle specifications, including oras, shell formatting tools, OSC CLI, krel, and CRI-O components. No functional logic changes or new features are introduced.

Changes

Cohort / File(s) Summary
CI/Workflow Configuration
.github/workflows/obs.yml		 Bumped oras setup action from version 1.3.0 to 1.3.1.
Build Tool Versions
Makefile		 Updated SHFMT\_VERSION from v3.11.0 to v3.13.0 and SHELLCHECK\_VERSION from v0.10.0 to v0.11.0.
Dependency Registry
dependencies.yaml		 Bumped versions for 11 dependencies: OSC (1.16.0 → 1.25.0), shellcheck (v0.10.0 → v0.11.0), shellfmt (v3.11.0 → v3.13.0), krel (v0.18.0 → v0.20.1), oras (1.3.0 → 1.3.1), debian base (bookworm-v1.0.4 → bookworm-v1.0.7), cni-plugins (v1.8.0 → v1.9.1), conmon (v2.1.13 → v2.2.1), conmon-rs (v0.7.3 → v0.8.0), runc (v1.4.0 → v1.4.1), and crun (1.25.1 → 1.26).
Helper Scripts
scripts/helpers		 Updated OSC\_VERSION to 1.25.0 and KREL\_VERSION to v0.20.1 in installation functions.
CRI-O Bundle Versions
templates/latest/cri-o/bundle/versions		 Updated VERSIONS array entries for cni-plugins (v1.9.1), conmon (v2.2.1), conmon-rs (v0.8.0), crun (1.26), and runc (v1.4.1).
Test Data
test/testdata/container.json		 Updated debian-base container image tag from bookworm-v1.0.4 to bookworm-v1.0.7.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested labels

lgtm

Suggested reviewers

  • QiWang19
  • klihub

Poem

🐰 With versions new and tools so bright,
Each dependency takes its flight!
From shellfmt's touch to krel's embrace,
We update the pace—a swift, steady race! 🚀

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The pull request title 'Bump dependencies to latest versions' accurately summarizes the main objective of the changeset, which updates multiple project dependencies across various configuration and script files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 23, 2026
@saschagrunert saschagrunert force-pushed the bump-dependencies branch 2 times, most recently from 96d2a81 to d1ec43a Compare March 23, 2026 09:16
@saschagrunert
Bump dependencies to latest versions
23dcb83 
Update the following dependencies:
- shellcheck: v0.10.0 -> v0.11.0
- shfmt: v3.11.0 -> v3.13.0
- krel: v0.18.0 -> v0.20.1
- osc: 1.16.0 -> 1.25.0
- oras: 1.3.0 -> 1.3.1
- cni-plugins: v1.8.0 -> v1.9.1
- conmon: v2.1.13 -> v2.2.1
- conmon-rs: v0.7.3 -> v0.8.0
- runc: v1.4.0 -> v1.4.1
- crun: 1.25.1 -> 1.26
- debian-base: bookworm-v1.0.4 -> bookworm-v1.0.7

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
@saschagrunert
Copy link
Copy Markdown
Member Author

saschagrunert commented Mar 23, 2026

@cri-o/cri-o-maintainers PTAL

1 similar comment
@saschagrunert
Copy link
Copy Markdown
Member Author

saschagrunert commented Mar 25, 2026

@cri-o/cri-o-maintainers PTAL

@jrvaldes
Copy link
Copy Markdown

jrvaldes commented Mar 29, 2026

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Mar 29, 2026
@openshift-merge-bot openshift-merge-bot Bot merged commit b45adf3 into cri-o:main Mar 29, 2026
36 checks passed
@saschagrunert saschagrunert deleted the bump-dependencies branch March 30, 2026 07:18
@coderabbitai coderabbitai Bot mentioned this pull request Apr 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hasan4791 hasan4791 Awaiting requested review from hasan4791

@QiWang19 QiWang19 Awaiting requested review from QiWang19

Assignees

@jrvaldes jrvaldes

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/dependency-change Categorizes issue or PR as related to changing dependencies lgtm Indicates that a PR is ready to be merged. release-note-none

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@saschagrunert @jrvaldes