- Closes apple#1005.
- Adapt everything to use MACAddress type from containerization 0.20.0.
- Allocate MAC addresses for every container so that we have
deterministic IPv6 link local addresses.
- Add AAAA handling to ContainerDNSHandler.
- NOTE: Only works on Tahoe. On Sequoia, we don't have a good way to set
or determine the IPv6 network prefix when networks are created, so we
can't infer the IPv6 link local addresses for AAAA responses and we
instead return `NODATA`.

commit 69445b9
Author: jwhur <[email protected]>
Date:   Mon Jan 19 13:09:34 2026 -0800

    Throw error when starting a container with invalid virtiofs source (apple#1051)

    Run = Create + Start

    1) Mount source points to a valid directory
    - Run and Create + Start both correctly create the container with mount.

    2) Mount source points to a file
       - Run fails bootstrapping the container, thus container not created.
    - Create creates the container, but Start fails bootstrapping, removing
    the container. (Thus, both are the same.)

    3) Mount source deleted or replaced to file after container created
       - Start throw errors but do not delete the container.

commit 08f48d9
Author: Danny Canter <[email protected]>
Date:   Fri Jan 16 21:48:58 2026 -0800

    ContainerSvc: Handle unexpected sandbox svc exits (apple#1065)

    Closes apple#1050

    If the sandbox svc exits out of band of the usual stop (or regular exit)
    case the container svc's state is not properly updated for the
    container. This was due to the cleanup steps involving trying to send
    the shutdown rpc which cannot succeed as the sandbox svc does not exist
    to service it.

    To handle this, let's treat shutdown not returning successfully as
    non-fatal (as this is mostly best effort), log an error and continue the
    state cleanup.

commit b928e3f
Author: Amir Alperin <[email protected]>
Date:   Sat Jan 17 07:43:48 2026 +0200

    fix: performance warning should not output ANSI codes if stderr redirected (apple#1059)

commit 744e7f7
Author: J Logan <[email protected]>
Date:   Fri Jan 16 16:26:13 2026 -0800

    Update for containerization 0.21.0. (apple#1056)

    - Update image load and build to handle rejected paths during tar
    extraction. For the image load command there is now a `--force` function
    that fails extractions with rejected paths when false, and just warns
    about the rejected paths when true.
    - Update `container stats` for statistics API properties now all being
    optional.

    ## Type of Change
    - [x] Bug fix
    - [ ] New feature
    - [ ] Breaking change
    - [x] Documentation update

    ## Motivation and Context
    See above

    ## Testing
    - [x] Tested locally
    - [x] Added/updated tests
    - [x] Added/updated docs

commit b1577d8
Author: J Logan <[email protected]>
Date:   Fri Jan 16 15:50:47 2026 -0800

    Adds opt-in pre-commit hook for format and header checks. (apple#1062)

    - Closes apple#639.
    - Adds swift format configuration that removes lint checks so we can use
    `swift lint` to perform format-only tests.
    - Adds `check` target that invokes format and header checks.
    - Adds pre-commit script that runs `make check`.
    - Adds `pre-commit` target that installs the check script as a
    pre-commit hook.

    ## Type of Change
    - [ ] Bug fix
    - [x] New feature
    - [ ] Breaking change
    - [x] Documentation update

    ## Motivation and Context
    Avoids wasting time and commit rewrites.

    ## Testing
    - [x] Tested locally
    - [ ] Added/updated tests
    - [x] Added/updated docs

commit 3cf2c6a
Author: J Logan <[email protected]>
Date:   Fri Jan 16 13:41:32 2026 -0800

    Fix unstable integration tests. (apple#1060)

    - TestCLIRunCommand now run so many tests concurrently that the API
    server gets swamped and tests randomly time out.
    - The parallelism options on `swift test` only work for XCTest, not
    swift-testing.
    - Work around this while retaining some parallelism (good for stress
    testing) by breaking the tests into two suites.

commit 8897fcc
Author: Manu Schiller <[email protected]>
Date:   Wed Jan 14 04:39:08 2026 +0100

    fix: use pax instead of tar for pkg payload extraction (apple#1038)

    - It is common to have `gnu-tar` alongside other GNU tools
      installed and aliased for compatibility reasons. However, this
      breaks the current make build.
    - Use BSD-only binaries (no GNU equivalents that are
      commonly aliased), making the Makefile more portable.

commit dbec1db
Author: Ronit Sabhaya <[email protected]>
Date:   Mon Jan 12 20:34:25 2026 -0600

    Add support for aarch64 architecture alias (apple#1040)

    - Adds `aarch64` as an alias for `arm64` in the `Arch` enum. This
      addresses the maintainer's request to support this common architecture
      name, ensuring consistency with `x86_64` normalization and preventing
      failures for users expecting `aarch64` support.

commit 837aa5e
Author: jwhur <[email protected]>
Date:   Mon Jan 12 14:36:10 2026 -0800

    Fix the FS error when using Virtualization (apple#1041)

    - Fixes apple#614.
    - Use VZ cached mode instead of auto.

    Signed-off-by: jwhur <[email protected]>

commit e465b10
Author: 박성근 <[email protected]>
Date:   Tue Jan 13 03:30:51 2026 +0900

    Fix relative path resolution in entrypoint (apple#987)

    - Fixes apple#962.
    - Adds test to exercise apple/containerization#473.
    - Updates containerization to 0.20.1.

    Signed-off-by: ParkSeongGeun <[email protected]>

commit aa77928
Author: Ronit Sabhaya <[email protected]>
Date:   Mon Jan 12 12:04:46 2026 -0600

    Fix: Support x86_64 architecture alias to prevent silent pull failure… (apple#1036)

    - Adds architecture name normalization to accept
      `x86_64` and `x86-64` as aliases for `amd64`.

commit dc4682b
Author: Amir Alperin <[email protected]>
Date:   Fri Jan 9 21:10:53 2026 +0200

    fix: extract hostname from FQDN (apple#1011) (apple#1017)

    - Set the container hostname to the first DNS
      label derived from the container id, strip everything
      after the first dot.
    - Fixes apple#1011.

commit 4af1cc0
Author: Ronit Sabhaya <[email protected]>
Date:   Thu Jan 8 21:27:43 2026 -0600

    fix: improve error message when binding to privileged ports (fixes apple#978) (apple#1031)

    - The container fails to start with a generic "permission denied"
      error when attempting to publish privileged ports (ports below
      1024) without root privileges. This provides a confusing user
      experience as the error doesn't explain why permission was
      denied.

commit 21facf0
Author: J Logan <[email protected]>
Date:   Thu Jan 8 17:02:22 2026 -0800

    Add instructions for using locally built init filesystem. (apple#1032)

    - Closes apple#1030.

commit b671690
Author: Danny Canter <[email protected]>
Date:   Wed Jan 7 21:01:10 2026 -0800

    ProgressBar: Various fixes (apple#1025)

    There's a couple things I don't think are intuitive about this.

    1. Because of the internal task, render() can still be called even after
    finish() completes. Ideally async defers are supported and we could just
    await the final render completing after cancelling the task and setting
    .finished, but alas. To fix this we can just lock across the methods for
    now.
    2. We always clear the screen in the destructor, even if we don't use
    the
    progress bar. I don't think we should honestly do anything in the
    destructor.
    Feels a programmer error not to defer { bar.finish() } or call it
    somewhere.
    3. Our spaces based line clearing. Use the ansi escape sequence for
    clearing line;
    I think our calculations were slightly off and it would leave trailing
    output ( "s]" )
    in some cases.
    4. Shrinking the window until the output is smaller than the terminal
    window (and vice
    versa) is wonky on various term emulators. Truthfully, this is just a
    hard problem,
    but we can truncate our output and still provide some useful info.

    This fixes some single line output (cat /etc/hostname etc.) getting
    cleared in our atexit handler, as well as the need for the usleep.

commit 98410fd
Author: J Logan <[email protected]>
Date:   Wed Jan 7 18:23:31 2026 -0800

    Adds IPv6 port forwarding. (apple#1029)

    - Closes apple#1006.

commit 9d06475
Author: Saehej Kang <[email protected]>
Date:   Wed Jan 7 16:53:33 2026 -0800

    [container]: add startedDate field (apple#1018)

    - Closes apple#302.
    - Closes apple#336 (obsoletes this PR).

commit db8932a
Author: J Logan <[email protected]>
Date:   Wed Jan 7 15:35:35 2026 -0800

    Resolve IPv6 address queries for container names. (apple#1016)

    - Closes apple#1005.
    - Adapt everything to use MACAddress type from containerization 0.20.0.
    - Allocate MAC addresses for every container so that we have
    deterministic IPv6 link local addresses.
    - Add AAAA handling to ContainerDNSHandler.
    - NOTE: Only works on Tahoe. On Sequoia, we don't have a good way to set
    or determine the IPv6 network prefix when networks are created, so we
    can't infer the IPv6 link local addresses for AAAA responses and we
    instead return `NODATA`.

commit 5d6c750
Author: Danny Canter <[email protected]>
Date:   Wed Jan 7 14:48:58 2026 -0800

    CLI: Add read-only flag to run/create (apple#999)

    Closes apple#990

    Sets the rootfs for a container to read-only.

commit aac2457
Author: Danny Canter <[email protected]>
Date:   Wed Jan 7 13:46:26 2026 -0800

    Tests: Fix relative path mount tests (apple#1028)

    The tests are run in parallel on CI, and were split into three tests.
    They change the cwd, so it's kind of a gamble whether some of them pass.
    This just moves all the logic into one test mostly.

commit 9cd5397
Author: J Logan <[email protected]>
Date:   Wed Jan 7 10:35:19 2026 -0800

    Update to containerization 0.20.0. (apple#1027)

    - Use MACAddress for Attachment and CZ interfaces.
    - Move data validation closer to API surface.

commit 356c8d2
Author: J Logan <[email protected]>
Date:   Tue Jan 6 08:27:14 2026 -0800

    Reorganize client libraries. (apple#1020)

    - Closes apple#461.
    - Extract core types into ContainerResources target.
    - Extract ContainerNetworkServiceClient from ContainerNetworkService.
    - Relocate sandbox client from ContainerClient to
    ContainerSandboxServiceClient.
    - Relocate ContainerClient to ContainerAPIServiceClient.
    - Common structure from services and clients under Source/Services.

    Updated project hierarchy:

    ```
    Sources/CAuditToken - audit token access wrapper
    Sources/CLI - CLI executable
    Sources/ContainerBuild - builder
    Sources/ContainerCommands - CLI command implementations
    Sources/ContainerLog - logging helpers
    Sources/ContainerPersistence - persistent data and system property helpers
    Sources/ContainerPlugin - plugin system
    Sources/ContainerResource - resource (container, image, volume, network) types
    Sources/ContainerVersion - version helpers
    Sources/ContainerXPC - XPC helpers
    Sources/CVersion - injected project version
    Sources/DNSServer - container DNS resolver
    Sources/Helpers - service executables
    Sources/Services/*/Client - service clients
    Sources/Services/*/Server - service implementations
    Sources/SocketForwarder - port forwarding
    Sources/TerminalProgress - progress bar
    ```

    ## Type of Change
    - [ ] Bug fix
    - [ ] New feature
    - [x] Breaking change
    - [ ] Documentation update

    ## Motivation and Context
    The ContainerClient library was a bit of a grab bag. This refactor
    applies a more sensible project and library structure for resource data
    types, services, and clients.

    ## Testing
    - [x] Tested locally
    - [x] Added/updated tests
    - [ ] Added/updated docs

commit 8c439cd
Author: Danny Canter <[email protected]>
Date:   Mon Jan 5 13:50:57 2026 -0800

    makefile: Add cli target (apple#1022)

    Often times I'll be making a change that only touches the cli and I
    don't feel like sitting through the potential song and dance of the
    other components building/installing.

commit d6f052d
Author: Kathryn Baldauf <[email protected]>
Date:   Mon Jan 5 13:09:34 2026 -0800

    Update license header on all files to include the current year (apple#1024)

    ## Motivation and Context
    Now that we're in 2026, we need to update the license headers on all the
    files. Unfortunately, Hawkeye doesn't have an attribute for the current
    year to help us avoid this in the future. Instead, I had to work around
    this by doing the following:

    1. Update licenserc.toml with:
         ```
          [properties]
           ... (other properties)
           currentYear = "2026"
         ```
     
    2. Update scripts/license-header.txt with
        ```
    Copyright ©{{ " " }}{%- set created = attrs.git_file_created_year or
    attrs.disk_file_created_year -%}{%- set modified = props["currentYear"]
    -%}{%- if created != modified -%} {{created}}-{{modified}}{%- else
    -%}{{created}}{%- endif -%}{{ " " }}{{ props["copyrightOwner"] }}.
        ```

    Then I removed these two changes before committing. After this PR is
    merged, all files will have recently had git updates, so the existing
    code for setting the modified year should work as intended.

    Signed-off-by: Kathryn Baldauf <[email protected]>

commit 20dc0bc
Author: Danny Canter <[email protected]>
Date:   Sun Jan 4 11:11:09 2026 -0800

    Parser: Support relative paths for --volume (apple#1013)

commit 028e7e1
Author: Danny Canter <[email protected]>
Date:   Sun Jan 4 10:52:46 2026 -0800

    Deps: Bump Containerization to 0.19.0 (apple#1015)

    Has read-only rootfs support.

commit 020949e
Author: Danny Canter <[email protected]>
Date:   Sun Jan 4 10:51:20 2026 -0800

    CLI: Small fixups for implicit envvars (apple#1014)

    We should only inherit from the host if there's no =. Additionally
    document the flag a little more to show that we can inherit from the
    host.

commit df368b7
Author: Amir Alperin <[email protected]>
Date:   Sun Jan 4 20:49:22 2026 +0200

    Fix port validation to allow same port for different protocols (apple#992) (apple#1000)

    - Fixes: apple#992
    - Port validation previously rejected valid configurations
      when the same port number was used for different
      protocols (TCP and UDP). For example:
     `-p 1024:1024/udp -p 1024:1024/tcp`
      Although this is a valid and common use case, the
      validation logic treated it as a conflict.

    To fix this, I updated the validation key to include the protocol name.
    The validation now checks for overlapping port numbers only within the
    same protocol, rather than across all protocols.

    This change enables binding the same port number for both TCP and UDP,
    aligning the validation behavior with real-world networking
    requirements.

    ## Testing
    - [x] Tested locally
    - [x] Added/updated tests
    - [ ] Added/updated docs

commit cf64614
Author: J Logan <[email protected]>
Date:   Fri Jan 2 14:10:48 2026 -0800

    Update OSS header in Package.swift. (apple#1010)

commit 375ce16
Author: J Logan <[email protected]>
Date:   Fri Jan 2 12:09:12 2026 -0800

    Fix OSS header dates that break CI checks. (apple#1009)

commit 580d853
Author: c <[email protected]>
Date:   Fri Jan 2 00:19:57 2026 -0500

    Use full path for uninstall script in upgrade instructions (apple#983)

    - Makes the upgrade section consistent with the
      uninstall section by using the full path to the
      uninstall script.

commit 4cadc40
Author: c <[email protected]>
Date:   Thu Jan 1 22:53:56 2026 -0500

    Clarify uninstall script location in README (apple#982)

    - Clarifies where the `uninstall-container.sh` script is located after
    installation
    - Updates example commands to use the full path

commit 4e78e30
Author: c <[email protected]>
Date:   Thu Jan 1 20:57:47 2026 -0500

    Fix grammar in tutorial.md (apple#985)

    ## Summary
    - Fixes a grammar error in the tutorial's publish section

    ## Details
    Line 287 of `docs/tutorial.md` had "you need push images" which should
    be "you need to push images".

    This is a simple grammar fix to improve readability.

    ## Test plan
    - [x] Verified the sentence now reads correctly

commit 22dfd6e
Author: Danny Canter <[email protected]>
Date:   Thu Jan 1 17:57:00 2026 -0800

    CLI: Fix stop not signalling waiters (apple#972)

commit 4958cf2
Author: c <[email protected]>
Date:   Thu Jan 1 20:51:10 2026 -0500

    Fix bash completion source path in documentation (apple#981)

    - Corrects the source path for bash completion script
      when not using bash-completion package.

commit 25ac79a
Author: c <[email protected]>
Date:   Thu Jan 1 20:50:19 2026 -0500

    Fix MAC address option typo in how-to documentation (apple#980)

    - Corrects the MAC address example command in the
      how-to guide to use the correct `--network` flag syntax
      instead of the incorrect `--mac-address` flag.

commit edadf15
Author: Raj <[email protected]>
Date:   Thu Jan 1 15:10:39 2026 +0530

    Fix container auto-delete on rapid stop/start (apple#841)

    Fixes apple#833.

    Currently, when stopping and immediately restarting a container, it would fail with the error:
    `“container expected to be in created state, got: shuttingDown”` and then be automatically deleted.
    The `SandboxService` process waits five seconds before exiting after shutdown. During this interval, a rapid restart could reconnect to the still-terminating process in the `shuttingDown` state, triggering a state validation error.

    This fix forcefully terminates the `SandboxService` process with `SIGKILL` upon container exit, instead of waiting five seconds. The bootstrap now defensively checks for and cleans up any stale services before registering new ones, preventing reconnections to processes in the `shuttingDown` state.

commit 5064b0f
Author: J Logan <[email protected]>
Date:   Mon Dec 22 10:16:14 2025 -0800

    Adds network IPv6 configuration. (apple#975)

    - Part of work for apple#460.
    - Enable set/get of IPv6 network prefix in ReservedVmnetNetwork.
    - Show IPv6 prefix in `network list` full output.
    - Option for setting IPv6 prefix when creating a network.
    - System property for default IPv6 prefix.

    ## Type of Change
    - [ ] Bug fix
    - [x] New feature
    - [ ] Breaking change
    - [x] Documentation update

    ## Motivation and Context
    See apple#460.

    ## Testing
    - [x] Tested locally
    - [ ] Added/updated tests
    - [x] Added/updated docs

commit 9c239aa
Author: Volodymyr Bortniak <[email protected]>
Date:   Sat Dec 20 00:36:02 2025 +0100

    Add support for reading env from named pipes (apple#974)

    This is a fix for
    [issue#956](apple#956)

    `FileManager.default.contents(atPath:)` returns `nil` for named pipes
    (FIFOs)
    and process substitutions like `/dev/fd/XX` because:
    1. It expects regular files with a known size
    2. Named pipes are stream-based and block until data arrives

    ## Solution
    Use `FileHandle(forReadingFrom:)` instead, which:
    - Properly handles blocking I/O
    - Works with named pipes, process substitutions, and regular files
    (mentioned in the
    [doc](https://developer.apple.com/documentation/foundation/filehandle))

    Co-authored-by: Bortniak Volodymyr <[email protected]>

commit 3c3a83c
Author: Danny Canter <[email protected]>
Date:   Thu Dec 18 16:28:44 2025 -0800

    Turn on oops=panic kernel cmdline (apple#971)

commit b1b9980
Author: Michael Gathara <[email protected]>
Date:   Wed Dec 17 20:58:50 2025 -0600

    Fix: Kubes Cluster in Container Crashing Container (IS#923) (apple#930)

    - Fixes issue apple#923
    - I fixed a race condition in `ConnectHandler.swift` where
      an asynchronous network connection could complete
      after the handler had already been removed from the
      pipeline.
    - This prevents the EXC_BREAKPOINT crash in
      container-runtime-linux that occurred when kinc
      (Kubernetes in Container) created rapid connections.
    - The actual fix was inadvertently applied in apple#957, so this
      PR contains only the test code.

commit 9f4efe0
Author: Saehej Kang <[email protected]>
Date:   Wed Dec 17 00:30:33 2025 -0800

    [networks]: add prune command (apple#914)

    - Closes apple#893

commit 4f88725
Author: J Logan <[email protected]>
Date:   Tue Dec 16 16:34:13 2025 -0800

    Use new IP/CIDR types from Containerization. (apple#957)

    - Part of work for apple#460.
    - With CZ release 0.17.0, the IP and CIDR address
      types changed from String to IPv4Address and
      CIDRv4, respectively. This PR applies the corresponding
      adaptations to container.

commit 8e16bb2
Author: Salman Chishti <[email protected]>
Date:   Tue Dec 16 20:14:45 2025 +0000

    Upgrade GitHub Actions to latest versions (apple#959)

    - Upgrade GitHub Actions to their latest versions for
      improved features, bug fixes, and security updates.

    Signed-off-by: Salman Muin Kayser Chishti <[email protected]>

commit 0c7dca4
Author: Salman Chishti <[email protected]>
Date:   Tue Dec 16 19:23:31 2025 +0000

    Add Dependabot for GitHub Actions updates (apple#960)

    ## Summary

    Add Dependabot configuration to automatically keep GitHub Actions up to
    date.

    ## Changes

    Adds `.github/dependabot.yml` configured to:
    - Check for GitHub Actions updates weekly
    - Group all action updates together for easier review
    - Use `ci` prefix for commit messages

    ## Why

    As discussed in apple#958, this helps:
    - Keep actions up to date with security patches automatically
    - Handle Node runtime deprecations proactively (e.g., Node 20 → Node 24)
    - Reduce manual maintenance burden

    ## Reference

    Based on the pattern used in
    [swift-nio](https://github.com/apple/swift-nio/blob/main/.github/dependabot.yml).

commit 637c8f1
Author: Salman Chishti <[email protected]>
Date:   Tue Dec 16 18:15:42 2025 +0000

    Upgrade GitHub Actions for Node 24 compatibility (apple#958)

    ## Summary

    Upgrade GitHub Actions to their latest versions to ensure compatibility
    with Node 24, as Node 20 will reach end-of-life in April 2026.

    ## Changes

    | Action | Old Version(s) | New Version | SHA |
    |--------|---------------|-------------|-----|
    | `actions/checkout` | v4 | v6 | `8e8c483` |
    | `actions/download-artifact` | v4 | v7 | `37930b1` |
    | `actions/upload-artifact` | v4 | v6 | `b7c566a` |
    | `actions/labeler` | v5 | v6 | `634933e` |
    | `actions/configure-pages` | v5 | v5 | `983d773` |
    | `actions/upload-pages-artifact` | v3 | v3 | `56afc60` |
    | `softprops/action-gh-release` | v2 | v2 | `a06a81a` |

    ## Context

    Per [GitHub's
    announcement](https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/),
    Node 20 is being deprecated and runners will begin using Node 24 by
    default starting March 4th, 2026.

    ### Why this matters

    - **Node 20 EOL**: April 2026
    - **Node 24 default**: March 4th, 2026
    - **Action**: Update to latest action versions that support Node 24

    ### Security

    All actions are now **pinned to commit SHAs** instead of mutable version
    tags. This provides:
    - Protection against tag hijacking attacks
    - Immutable, reproducible builds
    - Version comments for readability

    ### Automated Updates

    A follow-up PR (apple#960) adds Dependabot configuration to automatically
    keep these actions updated with new SHA-pinned versions.

    ### Testing

    These changes only affect CI/CD workflow configurations and should not
    impact application functionality. The workflows should be tested by
    running them on a branch before merging.

    Signed-off-by: Salman Muin Kayser Chishti <[email protected]>

commit c22f128
Author: karen heckel <[email protected]>
Date:   Mon Dec 15 21:16:55 2025 -0800

    Feat: customize console output with env variable (apple#952)

    Fixes apple#915

    Added a new feature to support the passing of buildkit colors for
    customizing console output.

commit 9b7cfd8
Author: Saehej Kang <[email protected]>
Date:   Mon Dec 15 17:52:00 2025 -0800

    [images]: refactor prune command (apple#941)

    - Updates to `image prune` for consistency with how
      other `prune` commands are done. Added missing
      test cases as well for the command
    - Relates to the discussion from apple#914

commit 7d30720
Author: Danny Canter <[email protected]>
Date:   Thu Dec 11 05:36:15 2025 -0800

    CLI: Fix -it not being able to pipe stdout (apple#951)

    Fixes apple#949

    Typically if one fd is a tty, it's common for all 3 of stdio to be the
    same, but that is not always the case. In our case we were using our
    Terminal type from Containerization to comb through err/out/in and give
    us a type backed by one of the 3 if -t was supplied. It happens that
    stderr is the first we check, so our Terminal() is backed by fd 2. This
    change modifies things so that we always initialize our Terminal if
    asked for with fd 0, and out/err are backed by their corresponding
    correct fd number.

    ## Type of Change
    - [x] Bug fix
    - [ ] New feature
    - [ ] Breaking change
    - [ ] Documentation update

    ## Testing
    - [x] Tested locally
    - [ ] Added/updated tests
    - [ ] Added/updated docs

commit a2901e0
Author: wangxiaolei <[email protected]>
Date:   Wed Dec 10 10:04:40 2025 +0800

    feat: implement version sub command (apple#911)

    - closes apple#383
    - implement version sub command, give more info

    ---------

    Co-authored-by: fatelei <[email protected]>

commit 0cde1ef
Author: Danny Canter <[email protected]>
Date:   Tue Dec 9 13:24:45 2025 -0800

    Deps: Bump Containerization to 0.16.2 (apple#947)

    Closes apple#928

    Has a cgroup fix when stopping certain containers

commit 3896055
Author: Dmitry Kovba <[email protected]>
Date:   Tue Dec 9 12:32:28 2025 -0800

    Lowercase error messages (apple#945)

    ## Type of Change
    - [x] Bug fix
    - [ ] New feature
    - [ ] Breaking change
    - [ ] Documentation update

    ## Motivation and Context
    For consistency, all error messages are lowercased.

    ## Testing
    - [ ] Tested locally
    - [ ] Added/updated tests
    - [ ] Added/updated docs

    ---------

    Co-authored-by: J Logan <[email protected]>

commit 0733a81
Author: Saehej Kang <[email protected]>
Date:   Tue Dec 9 10:54:37 2025 -0800

    [volumes]: refactor prune command (apple#940)

    - Refactor the `volume prune` command to follow a client-side approach.
      The `volumeDiskUsage` is calculated in the service file, so it made
      sense to leave that there.
    - Relates to the discussion from apple#914

commit 42528e6
Author: Kathryn Baldauf <[email protected]>
Date:   Tue Dec 9 10:42:27 2025 -0800

    Update CONTRIBUTORS to MAINTAINERS and point at containerization (apple#942)

    ## Type of Change
    - [x] Documentation update

    ## Motivation and Context
    See apple/containerization#435 for more
    information on this change.

commit a64bd77
Author: J Logan <[email protected]>
Date:   Tue Dec 9 14:35:34 2025 -0300

    Fix broken image integration tests. (apple#944)

    - Fixes apple#943.
    - Use images other than alpine:3.20 for image concurrency test so as not
    to interfere with tests using that image.
    - Rename test files to match suite names.

commit ab92f39
Author: TTtie <[email protected]>
Date:   Mon Dec 8 18:17:10 2025 +0100

    fix(TerminalProgress): make the progress bar respect locale-specific decimal separator (apple#936)

    - The `ProgressBar#adjustFormattedSize` function currently expects a
      decimal dot when adding the additional ".0" to the size. This, however,
      breaks when a region with a non-dot decimal separator is used.

commit 420be74
Author: J Logan <[email protected]>
Date:   Mon Dec 8 03:00:02 2025 -0300

    Data integrity: bump to cz 0.16.1, adjust sync mode. (apple#939)

    - 0.16.1 changes an ext4 superblock setting that might have been causing
    problems.
    - apple#877 fixed an issue where the cache and sync settings for block
    filesystems weren't being passed down to the VZ virtual machine
    configuration. The default sync value getting passed down is `full`,
    which reduces I/O performance. Relax this to use `fsync` for now.

    ## Type of Change
    - [*] Bug fix
    - [ ] New feature
    - [ ] Breaking change
    - [ ] Documentation update

    ## Motivation and Context
    May address problems reported in apple#877.

    ## Testing
    - [x] Tested locally
    - [ ] Added/updated tests
    - [ ] Added/updated docs

commit f7bcb68
Author: Santosh Bhavani <[email protected]>
Date:   Sun Dec 7 10:56:50 2025 -0800

    Add --max-concurrent-downloads flag for parallel layer downloads (apple#716)

    Adds `--max-concurrent-downloads` flag to `container image pull` for
    configurable concurrent layer downloads.

    Fixes apple#715
    Depends on apple/containerization#311

    **Usage**:
    ```bash
    container image pull nginx:latest --max-concurrent-downloads 6
    ```

    **Changes**:
    - Add CLI flag (default: 3)
    - Thread parameter through XPC stack
    - Update to use forked containerization with configurable concurrency

    **Performance**: ~1.2-1.3x faster pulls for multi-layer images with
    higher concurrency

    **Tests**: Included standalone tests verify concurrency behavior and
    parameter flow

    ---------

    Co-authored-by: Claude <[email protected]>