Bump github.com/containers/buildah from 1.33.5 to 1.35.1

[dependabot]

Bumps github.com/containers/buildah from 1.33.5 to 1.35.1.

Release notes

Sourced from github.com/containers/buildah's releases.

v1.35.1

[release-1.35] CVE-2024-1753 fix, bump to v1.35.1, then v1.35.2-dev by @​TomSweeneyRedHat in containers/buildah#5416

Full Changelog: containers/buildah@v1.35.0...v1.35.1

v1.35.0

What's Changed

• fix(deps): update github.com/containers/image/v5 digest to 7a40fee by @​renovate in containers/buildah#5205
• Bump 1.34.0 by @​TomSweeneyRedHat in containers/buildah#5222
• fix(deps): update module github.com/containernetworking/plugins to v1.4.0 by @​renovate in containers/buildah#5211
• [skip-ci] Update actions/stale action to v9 by @​renovate in containers/buildah#5215
• Ignore errors if label.Relabel returns ENOSUP by @​rhatdan in containers/buildah#5197
• chore(deps): update dependency containers/automation_images to v20231208 by @​renovate in containers/buildah#5223
• mkcw: populate the rootfs using an overlay by @​nalind in containers/buildah#5224
• commit: add a --add-file flag by @​nalind in containers/buildah#5226
• chore(deps): update dependency containers/automation_images to v20231208 by @​renovate in containers/buildah#5229
• manifest: addCompression use default from containers.conf by @​rhatdan in containers/buildah#5228
• fix(deps): update module golang.org/x/crypto to v0.17.0 [security] by @​renovate in containers/buildah#5232
• [CI:DOCS] Document use of containers-transports values in buildah by @​rhatdan in containers/buildah#5230
• fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 by @​renovate in containers/buildah#5233
• fix(deps): update github.com/containers/image/v5 digest to 1b221d4 by @​renovate in containers/buildah#5240
• fix(deps): update github.com/containers/storage digest to ef81e9b by @​renovate in containers/buildah#5241
• Replace strings.SplitN with strings.Cut by @​serprex in containers/buildah#5239
• Bump CI VMs by @​edsantiago in containers/buildah#5246
• fix(deps): update module golang.org/x/term to v0.16.0 by @​renovate in containers/buildah#5249
• fix(deps): update module golang.org/x/sync to v0.6.0 by @​renovate in containers/buildah#5247
• Replace map[K]bool with map[K]struct{} where it makes sense by @​serprex in containers/buildah#5238
• fix(deps): update module golang.org/x/crypto to v0.18.0 by @​renovate in containers/buildah#5253
• stage_executor,layers: burst cache of layers if heredoc content is changed by @​flouthoc in containers/buildah#5261
• internal/mkcw.Archive(): handle extra image content by @​nalind in containers/buildah#5252
• commit: force omitHistory if the parent has layers but no history by @​nalind in containers/buildah#5276
• build,commit: add --sbom to scan and produce SBOMs when committing by @​nalind in containers/buildah#5279
• stage_executor,heredoc: honor interpreter in heredoc by @​flouthoc in containers/buildah#5255
• fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 by @​renovate in containers/buildah#5283
• fix(deps): update module github.com/onsi/gomega to v1.31.1 by @​renovate in containers/buildah#5278
• Use reversed logo for dark theme in README by @​Sea-n in containers/buildah#5287
• tests: Remove a bad FROM line by @​edsantiago in containers/buildah#5291
• Fix a build break on FreeBSD by @​dfr in containers/buildah#5293
• Fix FreeBSD version parsing by @​dfr in containers/buildah#5296
• Run codespell on code by @​rhatdan in containers/buildah#5297
• [CI:DOCS] move footnotes to where they're applicable by @​edsantiago in containers/buildah#5305
• Allow users to specify no-dereference by @​rhatdan in containers/buildah#5299
• fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] by @​renovate in containers/buildah#5308
• fix(deps): update github.com/containers/luksy digest to b62d551 by @​renovate in containers/buildah#5310
• fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] by @​renovate in containers/buildah#5309
• imagebuildah: fix crash with empty RUN by @​giuseppe in containers/buildah#5313
• fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 by @​renovate in containers/buildah#5311
• fix(deps): update module github.com/containerd/containerd to v1.7.13 by @​renovate in containers/buildah#5269
• manifest, push: add support for --retry and --retry-delay by @​flouthoc in containers/buildah#5315
• Make buildah match podman for handling of ulimits by @​rhatdan in containers/buildah#5275

... (truncated)

Changelog

Sourced from github.com/containers/buildah's changelog.

v1.35.1 (2024-03-18)

[release-1.35] CVE-2024-1753 container escape fix

v1.35.0 (2024-03-06)

fix(deps): update module github.com/stretchr/testify to v1.9.0
cgroups: reuse version check from c/common
Update vendor of containers/(common,image)
fix(deps): update github.com/containers/storage digest to eadc620
fix(deps): update github.com/containers/luksy digest to ceb12d4
fix(deps): update github.com/containers/image/v5 digest to cdc6802
manifest add: complain if we get artifact flags without --artifact
Use retry logic from containers/common
Vendor in containers/(storage,image,common)
Update module golang.org/x/crypto to v0.20.0
Add comment re: Total Success task name
tests: skip_if_no_unshare(): check for --setuid
Properly handle build --pull=false
[skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
Update module go.etcd.io/bbolt to v1.3.9
Revert "Reduce official image size"
Update module github.com/opencontainers/image-spec to v1.1.0
Reduce official image size
Build with CNI support on FreeBSD
build --all-platforms: skip some base "image" platforms
Bump main to v1.35.0-dev
Vendor in latest containers/(storage,image,common)
Split up error messages for missing --sbom related flags
`buildah manifest`: add artifact-related options
cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
cmd/buildah/manifest.go: don't make struct declarations aliases
Use golang.org/x/exp/slices.Contains
Disable loong64 again
Fix a couple of typos in one-line comments
egrep is obsolescent; use grep -E
Try Cirrus with a newer VM version
Set CONTAINERS_CONF in the chroot-mount-flags integration test
Update to match dependency API update
Update github.com/openshift/imagebuilder and containers/common
docs: correct default authfile path
fix(deps): update module github.com/containerd/containerd to v1.7.13
tests: retrofit test for heredoc summary
build, heredoc: show heredoc summary in build output
manifest, push: add support for --retry and --retry-delay
fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
imagebuildah: fix crash with empty RUN
fix(deps): update github.com/containers/luksy digest to b62d551
fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]

... (truncated)

Commits

• f0141c6 [release-1.35] Bump to v1.35.1
• 9de9c20 [release-1.35] CVE-2024-1753 container escape fix
• fedbd79 Bump v1.35.0
• 3164076 Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
• f90b0b4 Merge pull request #5386 from nalind/conformance-trailing-zeroes
• b2504c2 conformance tests: don't break on trailing zeroes in layer blobs
• 204cbdb Merge pull request #5375 from nalind/multistage-copyback-test
• a2f0ebe Add a conformance test for copying to a mounted prior stage
• 0e0676d Merge pull request #5367 from rhatdan/VENDOR
• 9116147 Merge pull request #5372 from containers/renovate/github.com-stretchr-testify...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Please rebase pull request.

[dependabot]

Superseded by #3483.