Switch containers/[image,storage,common] to go.podman.io monorepo and update libhvee dependency

[redbeam]

Follow-up of #4902, with the addition of an update of the github.com/containers/libhvee package.

This is needed because after the migration, we were getting this error during build:

Error: 437.8 pkg/drivers/libhvee/libhvee_windows.go:295:16: invalid operation: newSize == currentSize.ToBytes() (mismatched types "go.podman.io/common/pkg/strongunits".B and "github.com/containers/common/pkg/strongunits".B)

due to using v.0.10.0 of libhvee that doesn't contain the repo switch and is thus causing problems.

Summary by CodeRabbit

• New Features

  • Windows Hyper‑V: optional DVD image support for VMs (e.g., cloud‑init).
  • GPG: added key fingerprint accessor.

• Refactor

  • Image/container libraries migrated to the go.podman.io namespace; vendoring updated.

• Chores

  • Go toolchain bumped to 1.24.2; wide dependency and indirect-module updates.

• Breaking Changes

  • TLS: encrypted-PEM passphrase support removed (encrypted keys now yield an error).
  • SQLite: bundled user-authentication deprecated; SQLite headers updated with new locking-timeout support and version bump.

[coderabbitai]

Walkthrough

Mass migration of imports to go.podman.io (including strongunits and image packages), add vendored strongunits and LICENSE, bump Go toolchain and module versions, add optional DVDDiskPath to libhvee VM config, and apply assorted vendor refactors (tlsconfig, sqlite3, pprof, gpgme, etc.).

Changes

Cohort / File(s)	Summary of Changes
Strongunits import migration (app & tests) cmd/crc/cmd/start.go, cmd/crc/cmd/status.go, pkg/crc/api/api_client_test.go, pkg/crc/api/client/types.go, pkg/crc/api/handlers.go, pkg/crc/cluster/cluster.go, pkg/crc/config/validations.go, pkg/crc/config/settings_test.go, pkg/crc/constants/constants.go, pkg/crc/machine/config/config.go, pkg/crc/machine/driver.go, pkg/crc/machine/start.go, pkg/crc/machine/start_test.go, pkg/crc/machine/status.go, pkg/crc/machine/status_test.go, pkg/crc/machine/types/types.go, pkg/crc/validation/validation.go, pkg/drivers/libhvee/libhvee_windows.go, test/e2e/testsuite/testsuite.go	Switched strongunits imports from github.com/containers/common/pkg/strongunits to go.podman.io/common/pkg/strongunits; no logic changes.
Vendored strongunits added vendor/go.podman.io/common/LICENSE, vendor/go.podman.io/common/pkg/strongunits/config.go	Add Apache-2.0 LICENSE and new strongunits package (types B/KiB/MiB/GiB and conversion helpers).
Podman image vendor migration vendor/go.podman.io/image/v5/** (many files)	Mass replacement of imports from github.com/containers/image/v5/... to go.podman.io/image/v5/...; import-only changes preserving behavior.
Application image imports pkg/crc/image/image.go	Replace github.com/containers/image/v5/... imports with go.podman.io/image/v5/...; import-only changes.
Go modules / toolchain & build go.mod, tools/go.mod, Makefile, update-go-version.sh	Bump Go toolchain minor versions (1.24.x → .2), update replace/indirect module entries and tidy/vendor invocation, propagate version changes to scripts and CI/devcontainer references.
Libhvee / Hyper‑V updates vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go, vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go, vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go, vendor/github.com/containers/libhvee/pkg/wmiext/array.go, vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go	Add HardwareConfig.DVDDiskPath and refactor VM drive-builder to optionally append a DVD drive; minor stylistic and small API/import tweaks in vendor code.
TLS / tlsconfig vendor changes vendor/github.com/docker/go-connections/tlsconfig/config.go, (deleted vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go)	Remove Passphrase/encrypted-PEM decryption path (now returns sentinel error), centralize default TLS config creation and cipher suites, consolidate client/server defaults.
SQLite3 vendor changes vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h, vendor/github.com/mattn/go-sqlite3/sqlite3ext.h, vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go, vendor/github.com/mattn/go-sqlite3/README.md	Bump SQLite version constants, add sqlite3_setlk_timeout and macro, rename a changeset flag, and deprecate user-auth APIs to return sentinel error; README note added.
pprof, gpgme & misc vendor refactors vendor/github.com/google/pprof/profile/*.go, vendor/github.com/proglottis/gpgme/gpgme.go, and assorted vendor files	Replace manual loops with slices.Contains/ContainsFunc, add Key.Fingerprint() to gpgme, and apply minor style/import refactors across vendor code.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant CRC as CRC CLI
  participant libhvee as libhvee (vendor)
  participant VM as VM Builder

  User->>CRC: crc start
  CRC->>libhvee: NewVirtualMachine(hwConfig)
  libhvee->>VM: build controller & drives
  alt DVDDiskPath provided
    libhvee->>VM: append DVD drive using DVDDiskPath
  else
    Note right of VM: no DVD drive appended
  end
  libhvee->>VM: finish/complete
  libhvee-->>CRC: VM object / result
  CRC-->>User: started / error

Loading

sequenceDiagram
  autonumber
  participant Caller
  participant TLS as tlsconfig

  Caller->>TLS: Request Client/Server tls.Config
  TLS->>Caller: return defaultConfig (standard cipher suites)
  Note right of TLS: encrypted PEM passphrase path removed\ngetPrivateKey now errors on encrypted PEM blocks

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Focus areas for review:

• TLS/tlsconfig changes and any call-sites that expected passphrase/decryption behavior.
• libhvee VM drive-builder refactor and new HardwareConfig.DVDDiskPath (vendor API surface change).
• go.mod replace/indirect changes and the Makefile/CI Go-version propagation.
• Spot-check major vendored modules after import-path migration (image/docker and storage-related imports).

Possibly related PRs

• CI: Update images from rhel-8-release-golang tag to rhel-9-release-golag #4886 — similar Go toolchain and CI/devcontainer Go version bumps.

Suggested labels

ok-to-test

Suggested reviewers

• cfergeau

Poem

I nibble imports, hop and mend,
Strongunits now from Podman, friend.
A tiny DVD slips into the VM,
TLS tucks secrets—quiet as them.
Rabbit cheers — vendoring fixed with vim. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description lacks required sections from the template including Type of change, Proposed changes, Testing, and Contribution Checklist completeness.	Complete all template sections: mark the appropriate type of change, list all proposed changes, describe testing steps, and fill out the contribution checklist with specific details.
Docstring Coverage	⚠️ Warning	Docstring coverage is 69.57% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: migrating container-related dependencies to go.podman.io monorepo and updating libhvee.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch monorepo

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 19bdb31 and 2abfba0.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (107)

• Makefile (1 hunks)
• cmd/crc/cmd/start.go (1 hunks)
• cmd/crc/cmd/status.go (1 hunks)
• go.mod (10 hunks)
• pkg/crc/api/api_client_test.go (1 hunks)
• pkg/crc/api/client/types.go (1 hunks)
• pkg/crc/api/handlers.go (1 hunks)
• pkg/crc/cluster/cluster.go (1 hunks)
• pkg/crc/config/settings_test.go (1 hunks)
• pkg/crc/config/validations.go (1 hunks)
• pkg/crc/constants/constants.go (1 hunks)
• pkg/crc/image/image.go (1 hunks)
• pkg/crc/machine/config/config.go (1 hunks)
• pkg/crc/machine/driver.go (1 hunks)
• pkg/crc/machine/start.go (1 hunks)
• pkg/crc/machine/start_test.go (1 hunks)
• pkg/crc/machine/status.go (1 hunks)
• pkg/crc/machine/status_test.go (1 hunks)
• pkg/crc/machine/types/types.go (1 hunks)
• pkg/crc/validation/validation.go (1 hunks)
• pkg/drivers/libhvee/libhvee_windows.go (1 hunks)
• test/e2e/testsuite/testsuite.go (1 hunks)
• tools/go.mod (1 hunks)
• update-go-version.sh (1 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go (2 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/wmiext/array.go (2 hunks)
• vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go (2 hunks)
• vendor/github.com/docker/go-connections/tlsconfig/config.go (7 hunks)
• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go (0 hunks)
• vendor/github.com/google/pprof/profile/merge.go (2 hunks)
• vendor/github.com/google/pprof/profile/profile.go (3 hunks)
• vendor/github.com/google/pprof/profile/prune.go (2 hunks)
• vendor/github.com/mattn/go-sqlite3/README.md (1 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h (71 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go (10 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3ext.h (2 hunks)
• vendor/github.com/proglottis/gpgme/gpgme.go (1 hunks)
• vendor/go.podman.io/common/LICENSE (1 hunks)
• vendor/go.podman.io/common/pkg/strongunits/config.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/blob.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/compression.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/copy.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/encryption.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/multiple.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/progress_bars.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/progress_channel.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/sign.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/single.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_dest.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_src.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_transport.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/explicitfilepath/path.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/cache.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_client.go (2 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image_dest.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image_src.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_transport.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/policyconfiguration/naming.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/reference/regexp.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/registries_d.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/blobinfocache/blobinfocache.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/blobinfocache/types.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_schema1.go (3 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_schema2.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/memory.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/oci.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/sourced.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/unparsed.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/compat.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/helpers.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/properties.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/stubs/put_blob_partial.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/stubs/signatures.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/compat.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/layer_infos.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/signatures.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/stubs/get_blob_at.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/docker_schema2_list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/pkg/platform/platform_matcher.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/private/private.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/putblobdigest/put_blob_digest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/signer/signer.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/streamdigest/stream_digest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/unparsedimage/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/useragent/useragent.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/common.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema1.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema2.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema2_list.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/list.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/oci.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/pkg/blobinfocache/default.go (1 hunks)

⛔ Files not processed due to max files limit (64)

• vendor/go.podman.io/image/v5/pkg/blobinfocache/internal/prioritize/prioritize.go
• vendor/go.podman.io/image/v5/pkg/blobinfocache/memory/memory.go
• vendor/go.podman.io/image/v5/pkg/blobinfocache/none/none.go
• vendor/go.podman.io/image/v5/pkg/blobinfocache/sqlite/sqlite.go
• vendor/go.podman.io/image/v5/pkg/compression/compression.go
• vendor/go.podman.io/image/v5/pkg/compression/types/types.go
• vendor/go.podman.io/image/v5/pkg/docker/config/config.go
• vendor/go.podman.io/image/v5/pkg/sysregistriesv2/shortnames.go
• vendor/go.podman.io/image/v5/pkg/sysregistriesv2/system_registries_v2.go
• vendor/go.podman.io/image/v5/signature/docker.go
• vendor/go.podman.io/image/v5/signature/fulcio_cert.go
• vendor/go.podman.io/image/v5/signature/internal/json.go
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.c
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.h
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoiafuncs.h
• vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.go
• vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.h
• vendor/go.podman.io/image/v5/signature/internal/sigstore_payload.go
• vendor/go.podman.io/image/v5/signature/mechanism.go
• vendor/go.podman.io/image/v5/signature/mechanism_gpgme.go
• vendor/go.podman.io/image/v5/signature/mechanism_gpgme_only.go
• vendor/go.podman.io/image/v5/signature/mechanism_openpgp.go
• vendor/go.podman.io/image/v5/signature/mechanism_sequoia.go
• vendor/go.podman.io/image/v5/signature/pki_cert.go
• vendor/go.podman.io/image/v5/signature/policy_config.go
• vendor/go.podman.io/image/v5/signature/policy_config_sigstore.go
• vendor/go.podman.io/image/v5/signature/policy_eval.go
• vendor/go.podman.io/image/v5/signature/policy_eval_baselayer.go
• vendor/go.podman.io/image/v5/signature/policy_eval_signedby.go
• vendor/go.podman.io/image/v5/signature/policy_eval_sigstore.go
• vendor/go.podman.io/image/v5/signature/policy_eval_simple.go
• vendor/go.podman.io/image/v5/signature/policy_reference_match.go
• vendor/go.podman.io/image/v5/signature/signer/signer.go
• vendor/go.podman.io/image/v5/signature/sigstore/internal/signer.go
• vendor/go.podman.io/image/v5/signature/sigstore/signer.go
• vendor/go.podman.io/image/v5/signature/simple.go
• vendor/go.podman.io/image/v5/signature/simplesigning/signer.go
• vendor/go.podman.io/image/v5/transports/stub.go
• vendor/go.podman.io/image/v5/transports/transports.go
• vendor/go.podman.io/image/v5/types/types.go
• vendor/go.podman.io/image/v5/version/version.go
• vendor/go.podman.io/storage/pkg/archive/archive.go
• vendor/go.podman.io/storage/pkg/archive/archive_linux.go
• vendor/go.podman.io/storage/pkg/archive/archive_unix.go
• vendor/go.podman.io/storage/pkg/archive/archive_windows.go
• vendor/go.podman.io/storage/pkg/archive/changes.go
• vendor/go.podman.io/storage/pkg/archive/changes_linux.go
• vendor/go.podman.io/storage/pkg/archive/changes_other.go
• vendor/go.podman.io/storage/pkg/archive/changes_unix.go
• vendor/go.podman.io/storage/pkg/archive/changes_windows.go
• vendor/go.podman.io/storage/pkg/archive/copy.go
• vendor/go.podman.io/storage/pkg/archive/diff.go
• vendor/go.podman.io/storage/pkg/archive/fflags_bsd.go
• vendor/go.podman.io/storage/pkg/chunked/compressor/compressor.go
• vendor/go.podman.io/storage/pkg/chunked/internal/minimal/compression.go
• vendor/go.podman.io/storage/pkg/chunked/toc/toc.go
• vendor/go.podman.io/storage/pkg/homedir/homedir_unix.go
• vendor/go.podman.io/storage/pkg/idtools/idtools.go
• vendor/go.podman.io/storage/pkg/idtools/idtools_unix.go
• vendor/go.podman.io/storage/pkg/idtools/usergroupadd_linux.go
• vendor/go.podman.io/storage/pkg/ioutils/temp_windows.go
• vendor/go.podman.io/storage/pkg/lockfile/lockfile.go
• vendor/go.podman.io/storage/pkg/lockfile/lockfile_unix.go
• vendor/go.podman.io/storage/pkg/pools/pools.go

💤 Files with no reviewable changes (1)

• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go

✅ Files skipped from review due to trivial changes (3)

• pkg/crc/config/settings_test.go
• vendor/go.podman.io/image/v5/docker/docker_image_dest.go
• pkg/crc/machine/start.go

🚧 Files skipped from review as they are similar to previous changes (59)

• vendor/go.podman.io/image/v5/internal/imagedestination/impl/helpers.go
• vendor/go.podman.io/image/v5/internal/manifest/oci_index.go
• pkg/crc/constants/constants.go
• vendor/go.podman.io/image/v5/manifest/docker_schema2_list.go
• vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go
• vendor/go.podman.io/image/v5/internal/putblobdigest/put_blob_digest.go
• vendor/go.podman.io/image/v5/internal/image/sourced.go
• vendor/go.podman.io/image/v5/internal/blobinfocache/types.go
• vendor/go.podman.io/image/v5/docker/policyconfiguration/naming.go
• vendor/go.podman.io/image/v5/internal/image/unparsed.go
• vendor/go.podman.io/image/v5/manifest/manifest.go
• vendor/go.podman.io/image/v5/internal/image/docker_list.go
• cmd/crc/cmd/start.go
• pkg/crc/machine/types/types.go
• vendor/go.podman.io/image/v5/internal/imagesource/stubs/get_blob_at.go
• pkg/crc/machine/status.go
• test/e2e/testsuite/testsuite.go
• pkg/crc/validation/validation.go
• vendor/github.com/containers/libhvee/pkg/wmiext/array.go
• vendor/go.podman.io/image/v5/directory/explicitfilepath/path.go
• tools/go.mod
• pkg/crc/api/api_client_test.go
• pkg/crc/machine/start_test.go
• vendor/go.podman.io/image/v5/copy/progress_channel.go
• vendor/go.podman.io/image/v5/internal/blobinfocache/blobinfocache.go
• vendor/go.podman.io/image/v5/copy/progress_bars.go
• vendor/go.podman.io/image/v5/copy/encryption.go
• vendor/github.com/proglottis/gpgme/gpgme.go
• vendor/go.podman.io/image/v5/docker/reference/regexp.go
• vendor/go.podman.io/image/v5/internal/image/memory.go
• vendor/go.podman.io/image/v5/directory/directory_transport.go
• vendor/go.podman.io/image/v5/docker/docker_image.go
• vendor/go.podman.io/image/v5/manifest/list.go
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go
• vendor/go.podman.io/image/v5/manifest/docker_schema1.go
• vendor/go.podman.io/image/v5/internal/useragent/useragent.go
• pkg/crc/api/client/types.go
• vendor/go.podman.io/image/v5/internal/unparsedimage/wrapper.go
• vendor/go.podman.io/image/v5/internal/image/docker_schema1.go
• pkg/crc/config/validations.go
• vendor/go.podman.io/image/v5/internal/pkg/platform/platform_matcher.go
• pkg/crc/api/handlers.go
• vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go
• vendor/go.podman.io/image/v5/docker/registries_d.go
• vendor/go.podman.io/image/v5/copy/multiple.go
• vendor/go.podman.io/image/v5/internal/imagedestination/stubs/put_blob_partial.go
• vendor/github.com/google/pprof/profile/profile.go
• vendor/github.com/mattn/go-sqlite3/sqlite3ext.h
• vendor/go.podman.io/image/v5/docker/docker_image_src.go
• vendor/go.podman.io/image/v5/internal/private/private.go
• vendor/go.podman.io/image/v5/internal/manifest/manifest.go
• pkg/drivers/libhvee/libhvee_windows.go
• pkg/crc/machine/config/config.go
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/properties.go
• update-go-version.sh
• vendor/go.podman.io/image/v5/internal/manifest/list.go
• vendor/go.podman.io/common/pkg/strongunits/config.go
• Makefile
• pkg/crc/cluster/cluster.go

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-11-13T05:47:33.559Z

Learnt from: praveenkumar
Repo: crc-org/crc PR: 4954
File: update-go-version.sh:12-13
Timestamp: 2025-11-13T05:47:33.559Z
Learning: The `go` directive in go.mod accepts patch versions (e.g., go 1.24.2) and is valid syntax for `go mod edit -go` command. For Go ≥1.21, this declares the minimum Go toolchain required.

Applied to files:

• go.mod

🧬 Code graph analysis (1)

vendor/github.com/google/pprof/profile/merge.go (1)

vendor/github.com/google/pprof/profile/profile.go (2)

• Sample (75-98)
• Profile (35-63)

🪛 ast-grep (0.39.9)

vendor/go.podman.io/image/v5/docker/docker_client.go

[warning] 229-236: MinVersionis missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. AddMinVersion: tls.VersionTLS13' to the TLS configuration to bump the minimum version to TLS 1.3.
Context: tls.Config{
// As of 2025-08, tlsconfig.ClientDefault() differs from Go 1.23 defaults only in CipherSuites;
// so, limit us to only using that value. If go-connections/tlsconfig changes its policy, we
// will want to consider that and make a decision whether to follow suit.
// There is some chance that eventually the Go default will be to require TLS 1.3, and that point
// we might want to drop the dependency on go-connections entirely.
CipherSuites: tlsconfig.ClientDefault().CipherSuites,
}
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
https://owasp.org/Top10/A02_2021-Cryptographic_Failures

(missing-ssl-minversion-go)

🪛 markdownlint-cli2 (0.18.1)

vendor/github.com/mattn/go-sqlite3/README.md

354-354: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

---

354-354: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Konflux kflux-prd-rh02 / crc-binary-on-pull-request

🔇 Additional comments (55)

vendor/go.podman.io/image/v5/internal/streamdigest/stream_digest.go (1)

8-10: LGTM! Import paths successfully migrated to monorepo.

The import path updates from github.com/containers/image/v5/... to go.podman.io/image/v5/... are consistent with the PR's monorepo migration objectives. Since this is a vendored file with no functional changes, the migration is straightforward.

vendor/go.podman.io/image/v5/pkg/blobinfocache/default.go (1)

9-12: LGTM: Import paths correctly updated for monorepo migration.

The import path updates from github.com/containers/image/v5/* to go.podman.io/image/v5/* are consistent and align with the PR's objective to migrate to the Podman monorepo structure. Since this is vendored code, these changes reflect the upstream dependency update.

vendor/go.podman.io/image/v5/internal/imagesource/impl/signatures.go (1)

7-7: LGTM! Import path correctly updated for monorepo migration.

The import path has been properly updated from github.com/containers/image/v5/internal/signature to go.podman.io/image/v5/internal/signature, consistent with the containers ecosystem migration to the go.podman.io monorepo. This is a mechanical refactoring with no functional changes.

vendor/go.podman.io/image/v5/internal/image/oci.go (1)

13-18: LGTM! Import paths correctly updated for monorepo migration.

These import path changes from github.com/containers/image/v5/* to go.podman.io/image/v5/* align with the PR objective to migrate to the Podman monorepo. Since this is vendored code, the changes reflect the upstream dependency update and address the strongunits type mismatch mentioned in the PR description.

vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go (1)

104-106: Vendored libhvee code is correctly synchronized with upstream source.

Verification confirms that the DVDDiskPath field addition in the vendored file matches the upstream libhvee repository at commit a85aab2976a4 (pulled via the dependency update in go.mod). The field documentation and location are consistent between the vendor directory and the upstream source. This is a legitimate change from the intentional dependency update, not a local modification.

vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go (2)

29-33: LGTM: Clear deprecation message.

The new sentinel error provides a clear explanation of why the feature is no longer supported and links to the upstream issue for additional context.

---

48-166: No action required—vendor changes are safe and appropriate.

This change is part of a legitimate dependency update. CRC's analysis shows:

1. go-sqlite3 v1.14.32 is an indirect dependency only (marked in go.mod)
2. CRC codebase contains no usage of the sqlite_userauth build tag
3. CRC codebase contains no calls to any of these authentication functions
4. The no-op implementation is the correct approach for the deprecated SQLite userauth extension

The vendor file exists as part of the dependency tree and poses no risk to CRC.

vendor/github.com/mattn/go-sqlite3/README.md (1)

354-355: LGTM - Deprecation notice from upstream.

This deprecation notice originates from the upstream go-sqlite3 dependency and correctly warns users about the deprecated User Authentication feature.

vendor/go.podman.io/image/v5/copy/sign.go (1)

7-13: LGTM - Vendor file updated for monorepo migration.

Import paths have been correctly updated to the go.podman.io namespace as part of the vendored dependency update.

vendor/go.podman.io/image/v5/internal/imagedestination/stubs/signatures.go (1)

8-8: LGTM - Import path correctly updated.

The internal signature import has been updated to the go.podman.io namespace.

vendor/go.podman.io/image/v5/internal/imagesource/impl/layer_infos.go (1)

7-7: LGTM - Types import updated correctly.

The types import path has been migrated to the go.podman.io namespace.

vendor/go.podman.io/image/v5/internal/imagedestination/impl/compat.go (1)

8-11: LGTM - Internal imports migrated correctly.

All four internal imports have been consistently updated to the go.podman.io/image/v5 namespace.

vendor/go.podman.io/image/v5/docker/cache.go (1)

4-5: LGTM - Docker cache imports updated.

Both the reference and types imports have been correctly migrated to go.podman.io.

vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go (2)

7-7: LGTM - Types import updated.

The types import has been correctly migrated to go.podman.io.

---

12-12: LGTM - Build-time ldflags reference updated.

Good attention to detail updating the ldflags comment to reference the new module path. This ensures the documentation remains accurate for users who may need to override this value at build time.

pkg/crc/image/image.go (1)

20-23: Import migration verified - no issues found.

The import path updates from github.com/containers/image/v5/* to go.podman.io/image/v5/* are correctly applied. File inspection confirms all four imports in pkg/crc/image/image.go (copy, directory, docker, signature) use the new paths, and no active code references the old import path.

vendor/go.podman.io/image/v5/copy/manifest.go (1)

12-16: LGTM! Import paths correctly updated for monorepo migration.

The import paths have been consistently updated from github.com/containers/image/v5/* to go.podman.io/image/v5/* as part of the vendor update. These are auto-generated changes from go mod vendor following the go.mod dependency updates.

vendor/go.podman.io/image/v5/internal/manifest/docker_schema2_list.go (1)

10-12: LGTM! Import paths correctly updated.

Consistent with the monorepo migration pattern.

vendor/go.podman.io/image/v5/internal/signer/signer.go (1)

6-7: LGTM! Import paths correctly updated.

vendor/go.podman.io/image/v5/manifest/oci.go (1)

13-15: LGTM! Import paths correctly updated.

vendor/go.podman.io/image/v5/internal/image/docker_schema2.go (1)

16-20: LGTM! Import paths correctly updated.

vendor/go.podman.io/image/v5/internal/imagedestination/wrapper.go (1)

8-11: LGTM! Import paths correctly updated.

vendor/go.podman.io/image/v5/copy/blob.go (1)

10-12: LGTM! Import paths correctly updated.

vendor/go.podman.io/image/v5/internal/image/manifest.go (1)

8-10: LGTM! Import paths correctly updated.

All vendor files in this review show consistent import path migration from github.com/containers/image/v5/* to go.podman.io/image/v5/*. These are auto-generated vendoring updates that correctly reflect the monorepo migration described in the PR objectives.

vendor/go.podman.io/image/v5/copy/single.go (1)

20-30: LGTM! Import path migration is clean and consistent.

The imports have been successfully migrated from github.com/containers/image/v5/* to go.podman.io/image/v5/* and from github.com/containers/storage/pkg/chunked/toc to go.podman.io/storage/pkg/chunked/toc. No logic changes detected.

vendor/go.podman.io/image/v5/copy/compression.go (1)

11-16: LGTM! Import path migration is consistent.

The imports have been successfully updated to use the go.podman.io namespace, consistent with the broader monorepo migration in this PR.

vendor/go.podman.io/image/v5/copy/copy.go (1)

15-28: LGTM! Comprehensive import path migration.

All github.com/containers/image/v5/* imports have been consistently migrated to go.podman.io/image/v5/*. No logic changes detected.

vendor/go.podman.io/common/LICENSE (1)

1-201: LGTM! Standard Apache 2.0 license.

The Apache License Version 2.0 is appropriate for the vendored go.podman.io/common module and is properly formatted with all required sections.

vendor/go.podman.io/image/v5/docker/docker_transport.go (1)

9-12: LGTM! Docker transport imports successfully migrated.

The imports have been consistently updated to use the go.podman.io/image/v5 namespace.

go.mod (3)

3-3: LGTM! Go toolchain updated to 1.24.2.

The toolchain version bump from 1.24.0 to 1.24.2 is valid. Based on learnings.

---

14-14: LGTM! Monorepo migration and libhvee update successfully implemented.

The key changes resolve the strongunits type mismatch issue described in the PR:

• libhvee updated to v0.10.1-0.20250902114412-a85aab2976a4` - this version includes the monorepo migration, fixing the strongunits type conflict
• New direct dependencies added: go.podman.io/common and go.podman.io/image/v5
• go.podman.io/storage added as indirect dependency

The migration from github.com/containers/* to go.podman.io/* is now complete in go.mod.

Also applies to: 55-56, 179-179

---

81-81: Dual dependency is safe—migration to go.podman.io/common is complete.

The codebase has successfully migrated from github.com/containers/common to go.podman.io/common. All source files use only the new package (go.podman.io/common/pkg/strongunits is imported in 19+ files), and no code imports from the old github.com/containers/common package. The indirect containers/common v0.62.2 is a transitive dependency from a library (not directly from project code) and poses no runtime conflict since the codebase uses only the new package. This is a normal, safe state after a dependency migration.

vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h (4)

1167-1172: New file-control: SQLITE_FCNTL_BLOCK_ON_CONNECT (44).

Looks fine as a new opcode. Please check:

• No numeric collision with any locally added custom opcodes.
• No downstream code assumes a smaller max FCNTL value. If you probe this control, ensure graceful fallback on older SQLite.

Also applies to: 1269-1269

---

3026-3063: New API sqlite3_setlk_timeout() and flag SQLITE_SETLK_BLOCK_ON_CONNECT.

This function is only effective for builds with SQLITE_ENABLE_SETLK_TIMEOUT and a VFS that supports blocking locks. Two asks:

• Confirm sqlite3-binding.c includes the implementation for sqlite3_setlk_timeout at this version, or the build will fail at link.
• If you intend to use this from Go, ensure the amalgamation is built with SQLITE_ENABLE_SETLK_TIMEOUT; otherwise the call will be a no-op and may mislead callers.

---

11778-11778: Start-v2 invert flag added (SQLITE_CHANGESETSTART_INVERT).

Good to see parity with SQLITE_CHANGESETAPPLY_INVERT. Please verify any callers using sqlite3changeset_start_v2/_strm are updated to use the new START flag (and not the APPLY flag) and that older lib users gate this via feature-detection.

---

150-152: The header and C source are already synchronized at version 3.50.4, and all new API symbols (sqlite3_setlk_timeout, SQLITE_FCNTL_BLOCK_ON_CONNECT, SQLITE_CHANGESETSTART_INVERT) are defined in sqlite3-binding.c. No header/source mismatch or linker/runtime risks exist.

Likely an incorrect or invalid review comment.

vendor/go.podman.io/image/v5/manifest/oci_index.go (1)

5-5: LGTM! Import path migration looks correct.

The import path has been correctly updated to the go.podman.io monorepo namespace as part of the broader migration effort.

pkg/crc/machine/status_test.go (1)

7-7: LGTM! Strongunits import path updated correctly.

The strongunits package import has been correctly migrated to go.podman.io, resolving the type mismatch issues described in the PR.

cmd/crc/cmd/status.go (1)

14-14: LGTM! Import path correctly updated.

The strongunits import has been correctly migrated to the go.podman.io namespace, consistent with the repository-wide migration.

pkg/crc/machine/driver.go (1)

6-6: LGTM! Import migration applied correctly.

The strongunits package import has been successfully migrated to go.podman.io without affecting the function signatures or logic.

vendor/go.podman.io/image/v5/internal/imagesource/impl/compat.go (1)

7-8: LGTM! Vendored imports updated correctly.

The internal package imports have been correctly updated to the go.podman.io namespace as part of the vendored dependencies migration.

vendor/go.podman.io/image/v5/internal/image/oci_index.go (1)

7-8: LGTM! Import paths correctly migrated.

The internal imports have been successfully updated to go.podman.io in this vendored file.

vendor/go.podman.io/image/v5/manifest/common.go (1)

7-8: LGTM! Vendored imports aligned with monorepo.

The compression types and image types imports have been correctly updated to the go.podman.io namespace.

vendor/github.com/google/pprof/profile/prune.go (1)

22-22: LGTM! Vendored dependency updated with idiomatic improvement.

The vendored pprof package now uses the standard library slices.Contains instead of manual iteration, which is a cleaner and more idiomatic approach. This is an upstream vendor update with no behavioral changes.

Also applies to: 44-44

vendor/github.com/google/pprof/profile/merge.go (1)

20-20: LGTM: Idiomatic refactor using standard library.

The use of slices.ContainsFunc to detect zero samples is more concise and idiomatic than an explicit loop. This is a vendor update from upstream pprof, and the change improves readability without altering functionality.

Also applies to: 82-86

vendor/go.podman.io/image/v5/directory/directory_src.go (1)

10-15: LGTM: Import path migration completed correctly.

The import paths have been successfully migrated from github.com/containers/image/v5/... to go.podman.io/image/v5/... with no functional changes. This aligns with the PR objective to switch to the go.podman.io monorepo.

vendor/go.podman.io/image/v5/manifest/docker_schema2.go (1)

9-12: LGTM: Import paths updated consistently.

The import paths have been correctly migrated to the go.podman.io namespace, maintaining consistency with the broader module namespace migration across the PR.

vendor/go.podman.io/image/v5/directory/directory_dest.go (1)

14-21: LGTM: Import namespace migration applied correctly.

The import paths have been successfully updated to go.podman.io for both image and storage modules, maintaining the same functionality while aligning with the new module structure.

vendor/go.podman.io/image/v5/docker/docker_client.go (2)

26-38: LGTM: Import paths migrated successfully.

The import paths have been correctly updated from github.com/containers/... to go.podman.io/... namespaces, covering image, storage, and related modules. This aligns with the PR's objective of switching to the go.podman.io monorepo.

---

230-237: TLS MinVersion consideration - acknowledge the compatibility tradeoff.

The code intentionally limits TLS configuration to only CipherSuites from tlsconfig.ClientDefault(), relying on Go's default MinVersion (currently TLS 1.2 for clients). While static analysis flags the missing explicit MinVersion: tls.VersionTLS13, the current approach prioritizes compatibility with a broader range of Docker registries, including older ones that may not support TLS 1.3.

The detailed comments show awareness of this tradeoff and potential future evolution. Since this is a vendor file from the go.podman.io/image module, any policy change regarding minimum TLS version should be coordinated upstream.

For awareness, you may want to confirm that the upstream go.podman.io/image project has considered the TLS version policy for registry clients, especially if there are organizational security requirements for TLS 1.3.

vendor/go.podman.io/image/v5/internal/imagesource/wrapper.go (1)

7-10: LGTM! Import paths correctly migrated to monorepo.

The import path updates from github.com/containers/image/v5/* to go.podman.io/image/v5/* are consistent with the PR objective to switch to the go.podman.io monorepo.

vendor/github.com/docker/go-connections/tlsconfig/config.go (4)

42-50: Cipher suites unified between client and server.

The vendor update consolidates cipher suites through defaultCipherSuites, which is now shared by both DefaultServerAcceptedCiphers and the client/server configs. The selected suites (ECDHE with AES-GCM) provide strong security.

---

53-75: LGTM! Unified TLS configuration approach.

The refactoring consolidates client and server TLS config creation through defaultConfig, ensuring consistent secure defaults (TLS 1.2 minimum, GCM cipher suites) across both.

---

78-99: LGTM! Improved local variable naming.

The certPool function now uses a local pool variable for clarity, with no functional changes.

---

133-218: No codebase impact from breaking changes—safe to approve.

Verification confirms the vendor update is safe:

• go-connections is an indirect dependency (transitive only), not directly used by the codebase
• No application code imports tlsconfig or uses Options, Passphrase, or IsErrEncryptedKey
• Breaking changes are isolated to the vendor directory
• The security improvement (removing insecure RFC 1423 PEM encryption) has no negative impact

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

vendor/go.podman.io/image/v5/internal/useragent/useragent.go (1)

6-6: User agent string still references old path.

The DefaultUserAgent string includes "github.com/containers/image" while the import now uses go.podman.io/image/v5. This is likely intentional for backward compatibility or branding, but worth noting since this is a vendored file and the decision is upstream's.

vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go (1)

433-458: LGTM! Clean builder pattern with conditional DVD drive.

The refactor correctly uses the builder pattern to conditionally add a DVD drive when DVDDiskPath is provided:

• The builder variable enables conditional modification while maintaining proper chain completion
• Using separate indices (0 for disk, 1 for DVD) prevents device conflicts
• Error handling is consistent with the existing pattern

The implementation aligns with the PR objective of enabling optional DVD drive support for scenarios like cloud-init.

Optional: Consider validating DVDDiskPath before use.

While the current implementation is consistent with how DiskPath is handled, you could add basic validation to fail fast with a clear error message if the DVD path doesn't exist:

if config.DVDDiskPath != "" {
    if _, err := os.Stat(config.DVDDiskPath); err != nil {
        return fmt.Errorf("DVD disk path is invalid: %w", err)
    }
    // Add a DVD drive if the DVDDiskPath is set
    // This is useful for cloud-init or other bootable media
    builder = builder.
        AddSyntheticDvdDrive(1).
        DefineVirtualDvdDisk(config.DVDDiskPath).
        Finish(). // disk
        Finish()  // drive
}

This is a low-priority suggestion since the Hyper-V API will likely return its own error for invalid paths, and the existing DiskPath doesn't perform this validation either.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8eaccbd and 6ac8b79.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (107)

• cmd/crc/cmd/start.go (1 hunks)
• cmd/crc/cmd/status.go (1 hunks)
• go.mod (10 hunks)
• pkg/crc/api/api_client_test.go (1 hunks)
• pkg/crc/api/client/types.go (1 hunks)
• pkg/crc/api/handlers.go (1 hunks)
• pkg/crc/cluster/cluster.go (1 hunks)
• pkg/crc/config/settings_test.go (1 hunks)
• pkg/crc/config/validations.go (1 hunks)
• pkg/crc/constants/constants.go (1 hunks)
• pkg/crc/image/image.go (1 hunks)
• pkg/crc/machine/config/config.go (1 hunks)
• pkg/crc/machine/driver.go (1 hunks)
• pkg/crc/machine/start.go (1 hunks)
• pkg/crc/machine/start_test.go (1 hunks)
• pkg/crc/machine/status.go (1 hunks)
• pkg/crc/machine/status_test.go (1 hunks)
• pkg/crc/machine/types/types.go (1 hunks)
• pkg/crc/validation/validation.go (1 hunks)
• pkg/drivers/libhvee/libhvee_windows.go (1 hunks)
• test/e2e/testsuite/testsuite.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go (2 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/wmiext/array.go (2 hunks)
• vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go (2 hunks)
• vendor/github.com/docker/go-connections/tlsconfig/config.go (7 hunks)
• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go (0 hunks)
• vendor/github.com/google/pprof/profile/merge.go (2 hunks)
• vendor/github.com/google/pprof/profile/profile.go (3 hunks)
• vendor/github.com/google/pprof/profile/prune.go (2 hunks)
• vendor/github.com/mattn/go-sqlite3/README.md (1 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h (71 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go (10 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3ext.h (2 hunks)
• vendor/github.com/proglottis/gpgme/gpgme.go (1 hunks)
• vendor/go.podman.io/common/LICENSE (1 hunks)
• vendor/go.podman.io/common/pkg/strongunits/config.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/blob.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/compression.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/copy.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/encryption.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/multiple.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/progress_bars.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/progress_channel.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/sign.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/single.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_dest.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_src.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_transport.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/explicitfilepath/path.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/cache.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_client.go (2 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image_dest.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image_src.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_transport.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/policyconfiguration/naming.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/reference/regexp.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/registries_d.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/blobinfocache/blobinfocache.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/blobinfocache/types.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_schema1.go (3 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_schema2.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/memory.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/oci.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/sourced.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/unparsed.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/compat.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/helpers.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/properties.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/stubs/put_blob_partial.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/stubs/signatures.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/compat.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/layer_infos.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/signatures.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/stubs/get_blob_at.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/docker_schema2_list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/pkg/platform/platform_matcher.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/private/private.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/putblobdigest/put_blob_digest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/signer/signer.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/streamdigest/stream_digest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/unparsedimage/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/useragent/useragent.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/common.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema1.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema2.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema2_list.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/list.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/oci.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/pkg/blobinfocache/default.go (1 hunks)
• vendor/go.podman.io/image/v5/pkg/blobinfocache/internal/prioritize/prioritize.go (1 hunks)
• vendor/go.podman.io/image/v5/pkg/blobinfocache/memory/memory.go (1 hunks)
• vendor/go.podman.io/image/v5/pkg/blobinfocache/none/none.go (1 hunks)

⛔ Files not processed due to max files limit (61)

• vendor/go.podman.io/image/v5/pkg/blobinfocache/sqlite/sqlite.go
• vendor/go.podman.io/image/v5/pkg/compression/compression.go
• vendor/go.podman.io/image/v5/pkg/compression/types/types.go
• vendor/go.podman.io/image/v5/pkg/docker/config/config.go
• vendor/go.podman.io/image/v5/pkg/sysregistriesv2/shortnames.go
• vendor/go.podman.io/image/v5/pkg/sysregistriesv2/system_registries_v2.go
• vendor/go.podman.io/image/v5/signature/docker.go
• vendor/go.podman.io/image/v5/signature/fulcio_cert.go
• vendor/go.podman.io/image/v5/signature/internal/json.go
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.c
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.h
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoiafuncs.h
• vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.go
• vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.h
• vendor/go.podman.io/image/v5/signature/internal/sigstore_payload.go
• vendor/go.podman.io/image/v5/signature/mechanism.go
• vendor/go.podman.io/image/v5/signature/mechanism_gpgme.go
• vendor/go.podman.io/image/v5/signature/mechanism_gpgme_only.go
• vendor/go.podman.io/image/v5/signature/mechanism_openpgp.go
• vendor/go.podman.io/image/v5/signature/mechanism_sequoia.go
• vendor/go.podman.io/image/v5/signature/pki_cert.go
• vendor/go.podman.io/image/v5/signature/policy_config.go
• vendor/go.podman.io/image/v5/signature/policy_config_sigstore.go
• vendor/go.podman.io/image/v5/signature/policy_eval.go
• vendor/go.podman.io/image/v5/signature/policy_eval_baselayer.go
• vendor/go.podman.io/image/v5/signature/policy_eval_signedby.go
• vendor/go.podman.io/image/v5/signature/policy_eval_sigstore.go
• vendor/go.podman.io/image/v5/signature/policy_eval_simple.go
• vendor/go.podman.io/image/v5/signature/policy_reference_match.go
• vendor/go.podman.io/image/v5/signature/signer/signer.go
• vendor/go.podman.io/image/v5/signature/sigstore/internal/signer.go
• vendor/go.podman.io/image/v5/signature/sigstore/signer.go
• vendor/go.podman.io/image/v5/signature/simple.go
• vendor/go.podman.io/image/v5/signature/simplesigning/signer.go
• vendor/go.podman.io/image/v5/transports/stub.go
• vendor/go.podman.io/image/v5/transports/transports.go
• vendor/go.podman.io/image/v5/types/types.go
• vendor/go.podman.io/image/v5/version/version.go
• vendor/go.podman.io/storage/pkg/archive/archive.go
• vendor/go.podman.io/storage/pkg/archive/archive_linux.go
• vendor/go.podman.io/storage/pkg/archive/archive_unix.go
• vendor/go.podman.io/storage/pkg/archive/archive_windows.go
• vendor/go.podman.io/storage/pkg/archive/changes.go
• vendor/go.podman.io/storage/pkg/archive/changes_linux.go
• vendor/go.podman.io/storage/pkg/archive/changes_other.go
• vendor/go.podman.io/storage/pkg/archive/changes_unix.go
• vendor/go.podman.io/storage/pkg/archive/changes_windows.go
• vendor/go.podman.io/storage/pkg/archive/copy.go
• vendor/go.podman.io/storage/pkg/archive/diff.go
• vendor/go.podman.io/storage/pkg/archive/fflags_bsd.go
• vendor/go.podman.io/storage/pkg/chunked/compressor/compressor.go
• vendor/go.podman.io/storage/pkg/chunked/internal/minimal/compression.go
• vendor/go.podman.io/storage/pkg/chunked/toc/toc.go
• vendor/go.podman.io/storage/pkg/homedir/homedir_unix.go
• vendor/go.podman.io/storage/pkg/idtools/idtools.go
• vendor/go.podman.io/storage/pkg/idtools/idtools_unix.go
• vendor/go.podman.io/storage/pkg/idtools/usergroupadd_linux.go
• vendor/go.podman.io/storage/pkg/ioutils/temp_windows.go
• vendor/go.podman.io/storage/pkg/lockfile/lockfile.go
• vendor/go.podman.io/storage/pkg/lockfile/lockfile_unix.go
• vendor/go.podman.io/storage/pkg/pools/pools.go

💤 Files with no reviewable changes (1)

• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go

🧰 Additional context used

🧬 Code graph analysis (3)

vendor/github.com/google/pprof/profile/merge.go (1)

vendor/github.com/google/pprof/profile/profile.go (2)

• Sample (75-98)
• Profile (35-63)

vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go (1)

vendor/github.com/go-ole/go-ole/variant.go (1)

• NewVariant (6-8)

vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go (2)

vendor/github.com/containers/libhvee/pkg/hypervctl/drive_settings_builder.go (1)

• NewDriveSettingsBuilder (41-43)

vendor/github.com/containers/libhvee/pkg/hypervctl/vhd_storage_settings.go (1)

• VirtualHardDiskStorageSettings (8-13)

🪛 ast-grep (0.39.5)

vendor/go.podman.io/image/v5/docker/docker_client.go

[warning] 229-236: MinVersionis missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. AddMinVersion: tls.VersionTLS13' to the TLS configuration to bump the minimum version to TLS 1.3.
Context: tls.Config{
// As of 2025-08, tlsconfig.ClientDefault() differs from Go 1.23 defaults only in CipherSuites;
// so, limit us to only using that value. If go-connections/tlsconfig changes its policy, we
// will want to consider that and make a decision whether to follow suit.
// There is some chance that eventually the Go default will be to require TLS 1.3, and that point
// we might want to drop the dependency on go-connections entirely.
CipherSuites: tlsconfig.ClientDefault().CipherSuites,
}
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
https://owasp.org/Top10/A02_2021-Cryptographic_Failures

(missing-ssl-minversion-go)

🪛 markdownlint-cli2 (0.18.1)

vendor/github.com/mattn/go-sqlite3/README.md

354-354: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

---

354-354: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (18)

• GitHub Check: build (macOS-14, 1.24)
• GitHub Check: build (macOS-13, 1.24)
• GitHub Check: verify-devcontainer
• GitHub Check: Run OKD bundle with crc (1.24)
• GitHub Check: build-qe (linux, amd64)
• GitHub Check: build-qe (windows, amd64)
• GitHub Check: build-qe (darwin, arm64)
• GitHub Check: build-qe (linux, arm64)
• GitHub Check: build (windows-2022, 1.24)
• GitHub Check: build-qe (darwin, amd64)
• GitHub Check: Konflux kflux-prd-rh02 / crc-binary-on-pull-request
• GitHub Check: build (ubuntu-latest, 1.24)
• GitHub Check: build-installer (windows-2022, 1.24)
• GitHub Check: build (windows-2022, 1.24)
• GitHub Check: build (macOS-14, 1.24)
• GitHub Check: build (macOS-13, 1.24)
• GitHub Check: build (ubuntu-latest, 1.24)
• GitHub Check: build (ubuntu-22.04, 1.24)

🔇 Additional comments (128)

vendor/go.podman.io/image/v5/manifest/oci_index.go (1)

5-5: Import migration looks correct.

Switching to the go.podman.io path keeps the manifest wrapper aligned with the monorepo move and preserves existing behavior.

pkg/crc/image/image.go (1)

20-23: Import path migration looks correct.

The go.podman.io paths expose the same APIs, so this aligns with the monorepo switch without changing behavior.

vendor/go.podman.io/image/v5/internal/image/sourced.go (1)

9-9: LGTM! Import path correctly updated for monorepo migration.

The import path change from github.com/containers/image/v5/types to go.podman.io/image/v5/types is correct and aligns with the PR's objective to migrate to the go.podman.io monorepo. This change resolves the strongunits type mismatch issue mentioned in the PR description while maintaining API compatibility.

vendor/go.podman.io/image/v5/manifest/docker_schema2_list.go (1)

4-4: LGTM! Import path migration is correct.

The import path update from github.com/containers/image/v5/internal/manifest to go.podman.io/image/v5/internal/manifest correctly reflects the monorepo migration described in the PR objectives. The relative package structure is preserved, and all type aliases and wrapper functions continue to work without modification.

vendor/github.com/containers/libhvee/pkg/wmiext/array.go (2)

44-44: LGTM: Appropriate linter suppression for Windows API interop.

The nolint:govet directive is justified here. Converting the uintptr return value from procSafeArrayCreateVector.Call() to *ole.SafeArray requires unsafe.Pointer, which govet flags. This pattern is standard for Windows COM/OLE API calls in Go, and the code includes a NULL check before the conversion.

---

150-155: LGTM: Improved readability with explicit conditional.

The refactored implementation makes the intent clearer by explicitly returning false for VT_RECORD and VT_VARIANT types, then true for all others. The logic is functionally identical to the previous version but more readable.

vendor/go.podman.io/image/v5/internal/useragent/useragent.go (1)

3-3: LGTM! Import path correctly updated to monorepo.

The import path change from github.com/containers/image/v5/version to go.podman.io/image/v5/version correctly implements the monorepo migration objective.

vendor/go.podman.io/image/v5/internal/image/unparsed.go (1)

8-13: LGTM – import path migration complete. No remaining github.com/containers/image/v5 imports in vendor/, and go.mod references the correct go.podman.io modules.

vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go (1)

104-106: LGTM! Well-documented field addition.

The new DVDDiskPath field is clearly documented and follows the existing struct field patterns. This addition enables optional DVD drive functionality for scenarios like cloud-init, which aligns with the PR objectives.

vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go (1)

221-221: LGTM! More idiomatic string replacement.

Using strings.ReplaceAll is the preferred way to replace all occurrences of a substring in Go, making the intent clearer than using strings.Replace with -1.

vendor/github.com/proglottis/gpgme/gpgme.go (1)

880-884: LGTM! Correctly implemented method addition.

The new Fingerprint() method follows the established pattern in this file: it accesses the C fingerprint field, converts it to a Go string, and properly calls runtime.KeepAlive(k) to prevent premature garbage collection. The implementation is consistent with other similar accessor methods like IssuerSerial() and ChainID().

vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go (4)

48-50: Public API now returns unsupported errors.

All public authentication methods (Authenticate, AuthUserAdd, AuthUserChange, AuthUserDelete) now immediately return errUserAuthNoLongerSupported, and AuthEnabled returns false. This correctly implements the deprecation of SQLite's user authentication extension.

The implementation is consistent and aligns with the upstream removal of this feature as documented in the referenced GitHub issue #1341.

Also applies to: 73-75, 100-102, 130-132, 151-153

---

61-63: Internal methods return error codes.

The internal authenticate* and authEnabled functions now return appropriate error/disabled codes (1 for SQLITE_ERROR, 0 for disabled) instead of performing actual authentication. This matches the expected behavior when the feature is no longer supported.

Also applies to: 91-93, 121-123, 146-148, 164-166

---

1-168: Document the SQLite user authentication deprecation.

This vendor update reflects upstream go-sqlite3's removal of user authentication support. Since this is a breaking change in the vendored dependency:

1. Verify that the sqlite_userauth build tag is not used in your project's build configuration
2. Consider documenting this breaking change in the PR description or release notes if this update is part of a release
3. If user authentication was previously used, you'll need to implement an alternative authentication mechanism

Based on the PR objectives, this appears to be a side effect of broader dependency updates related to the go.podman.io monorepo migration. If SQLite user authentication is not used in the project, this change should be safe.

---

30-32: Ensure no usage of deprecated sqlite_userauth functions
This update removes SQLite user authentication support and introduces errUserAuthNoLongerSupported. Our automated search found no calls to Authenticate, AuthUser*, or AuthEnabled, but please manually verify that no code relies on these methods before merging.

vendor/go.podman.io/image/v5/internal/manifest/docker_schema2_list.go (1)

10-12: LGTM: Import migration complete. No remaining github.com/containers/{image,storage,common} imports in non-vendored code; legacy references in vendored comments are expected.

vendor/go.podman.io/image/v5/internal/putblobdigest/put_blob_digest.go (1)

7-7: LGTM: Import path correctly migrated to go.podman.io monorepo.

The import path change from github.com/containers/image/v5/types to go.podman.io/image/v5/types is correct and aligns with the PR's objective of migrating to the Podman monorepo structure. No functional changes were made.

vendor/go.podman.io/image/v5/copy/progress_bars.go (1)

12-13: LGTM: Import paths correctly migrated to go.podman.io monorepo.

Both import path changes are correct:

• go.podman.io/image/v5/internal/private
• go.podman.io/image/v5/types

These align with the PR's objective of migrating to the Podman monorepo structure. No functional changes were made.

vendor/go.podman.io/image/v5/internal/image/memory.go (1)

7-7: LGTM: Import path correctly migrated to go.podman.io monorepo.

The import path change from github.com/containers/image/v5/types to go.podman.io/image/v5/types is correct and consistent with the monorepo migration. No functional changes were made.

vendor/go.podman.io/image/v5/docker/policyconfiguration/naming.go (1)

8-8: LGTM: Import path correctly migrated to go.podman.io monorepo.

The import path change from github.com/containers/image/v5/docker/reference to go.podman.io/image/v5/docker/reference is correct and aligns with the monorepo migration. No functional changes were made.

vendor/go.podman.io/image/v5/docker/cache.go (1)

4-5: LGTM: Import paths correctly migrated to go.podman.io monorepo.

Both import path changes are correct:

• go.podman.io/image/v5/docker/reference
• go.podman.io/image/v5/types

These align with the PR's objective of migrating to the Podman monorepo structure. No functional changes were made.

vendor/go.podman.io/image/v5/manifest/oci.go (1)

13-15: LGTM: Import paths correctly migrated to go.podman.io monorepo.

All three import path changes are correct:

• go.podman.io/image/v5/internal/manifest
• go.podman.io/image/v5/pkg/compression/types
• go.podman.io/image/v5/types

These align with the PR's objective of migrating to the Podman monorepo structure. No functional changes were made.

vendor/go.podman.io/image/v5/docker/reference/regexp.go (1)

7-7: LGTM: Import path correctly migrated to go.podman.io monorepo.

The import path change from github.com/containers/storage/pkg/regexp to go.podman.io/storage/pkg/regexp is correct. This extends the monorepo migration to the storage module, which aligns with the PR's objective of migrating containers/{image,storage,common} packages. No functional changes were made.

vendor/go.podman.io/image/v5/internal/pkg/platform/platform_matcher.go (1)

29-29: LGTM: Import path correctly migrated to go.podman.io monorepo.

The import path change from github.com/containers/image/v5/types to go.podman.io/image/v5/types is correct and consistent with the monorepo migration. No functional changes were made.

vendor/go.podman.io/common/LICENSE (1)

1-201: LGTM! Standard Apache 2.0 license.

This is a standard Apache License, Version 2.0 text file added for the new go.podman.io/common vendor module.

vendor/go.podman.io/image/v5/internal/imagesource/impl/signatures.go (1)

7-7: LGTM! Import path successfully migrated to monorepo.

The import path has been correctly updated from github.com/containers/image/v5/internal/signature to go.podman.io/image/v5/internal/signature, consistent with the PR's goal of switching to the Podman monorepo.

vendor/go.podman.io/image/v5/internal/manifest/oci_index.go (1)

15-17: LGTM! Import paths correctly updated to monorepo.

All three import paths have been properly migrated from github.com/containers/image/v5 to go.podman.io/image/v5, maintaining consistency with the broader import path refactoring in this PR.

vendor/go.podman.io/image/v5/internal/imagedestination/stubs/signatures.go (1)

8-8: LGTM! Import path updated correctly.

The import has been successfully migrated to go.podman.io/image/v5/internal/signature, consistent with the monorepo migration.

vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go (2)

7-7: LGTM! Import path migrated correctly.

The import has been updated to go.podman.io/image/v5/types.

---

12-12: LGTM! Documentation updated to reflect new import path.

The ldflags comment has been correctly updated to reference the new monorepo path: go.podman.io/image/v5/internal/tmpdir.unixTempDirForBigFiles.

vendor/go.podman.io/image/v5/docker/docker_image.go (1)

14-17: LGTM! All Docker image imports migrated to monorepo.

All four import paths have been successfully updated from github.com/containers/image/v5 to go.podman.io/image/v5, maintaining consistency with the monorepo migration.

vendor/github.com/google/pprof/profile/merge.go (2)

20-20: LGTM! Added slices import for standard library usage.

The slices package import is added to support the refactored zero-sample check below.

---

82-86: LGTM! Cleaner implementation using standard library.

The code has been refactored to use slices.ContainsFunc instead of a manual loop, which is more idiomatic and maintains the same behavior: re-merging the profile if any zero samples are detected.

vendor/go.podman.io/image/v5/docker/docker_client.go (2)

26-38: LGTM! Import paths successfully migrated to monorepo.

All import paths have been correctly updated from github.com/containers/* and related packages to go.podman.io/image/v5 and go.podman.io/storage, consistent with the PR's monorepo migration goals.

---

231-236: Note static analysis finding on TLS configuration.

The TLS configuration now explicitly sets CipherSuites from tlsconfig.ClientDefault(). The static analysis tool correctly identifies that MinVersion is not set, which means it will default to TLS 1.2 for clients.

Since this is vendor code from upstream go.podman.io/image/v5, and the comment indicates the developers are aware of TLS version considerations, this is acceptable for this PR. If the missing MinVersion is a concern for your security requirements, consider reporting it upstream to the go.podman.io maintainers.

Based on static analysis hints.

vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go (2)

350-350: LGTM - naming improvement.

The rename from daySeconds to dayTime better reflects that this constant represents a time.Duration value rather than a raw integer count of seconds.

Also applies to: 356-357

---

438-438: LGTM - safe type inference.

Using type inference (var stamp = secs) is safe here since secs is already uint64 from parseUintChain.

vendor/github.com/google/pprof/profile/profile.go (2)

738-738: LGTM - good simplification.

Replacing the explicit loop with slices.Contains is more concise and idiomatic for Go 1.24+.

---

849-862: Vendor modification: confirm Unsymbolizable behavior and update upstream

• Avoid editing vendor/github.com/google/pprof/profile/profile.go directly; propose this change upstream in google/pprof and re-vendor.
• Verify that treating m.File == "" and all /memfd: prefixes as unsymbolizable is intentional.
• Add unit tests for these edge cases and a code comment explaining why they’re unsymbolizable.

vendor/github.com/google/pprof/profile/prune.go (1)

44-44: LGTM - consistent modernization.

Good use of slices.Contains consistent with the changes in profile.go.

go.mod (4)

3-5: LGTM - Go version updates.

The Go version bump to 1.24.2 and toolchain to 1.24.6 align with using modern stdlib features like the slices package used in the pprof vendor updates.

---

57-58: LGTM - Podman monorepo migration.

The addition of go.podman.io/common and go.podman.io/image/v5 modules correctly replaces the previous containers/* imports, aligning with the PR objective to switch to the Podman monorepo.

---

95-97: Verify dependency updates for breaking changes.

Several dependencies have been updated to newer versions:

• docker/docker → v28.4.0
• docker/go-connections → v0.6.0 (new dependency)
• google/go-containerregistry → v0.20.4
• google/pprof → latest snapshot
• mattn/go-sqlite3 → v1.14.32
• Security-related packages (gpgme, go-securesystemslib, fulcio)
• google.golang.org/protobuf → v1.36.8

While these appear to be minor/patch updates, please verify:

1. The docker/go-connections v0.6.0 addition doesn't introduce new TLS or connection handling behavior that could affect registry operations.
2. The protobuf v1.36.8 update maintains compatibility with the existing codebase.

Based on learnings: The retrieved context indicates these are standard dependency updates in the Podman ecosystem. The docker/go-connections update includes TLS-related changes, so extra testing of registry connectivity would be prudent.

Also applies to: 119-122, 140-140, 158-164, 189-192

---

17-17: Verify strongunits import path migration in libhvee update
Confirm that [email protected] replaces all imports of "github.com/containers/common/pkg/strongunits" with "go.podman.io/common/pkg/strongunits".

vendor/github.com/docker/go-connections/tlsconfig/config.go (1)

1-245: LGTM! Vendor update aligns with security best practices.

This vendor update removes support for password-protected private keys, which aligns with Go's deprecation of legacy PEM encryption (RFC 1423) due to its vulnerability to padding oracle attacks. The consolidation of cipher suite defaults and TLS configuration via defaultConfig improves consistency between client and server configurations.

Key changes:

• Removed Passphrase field and IsErrEncryptedKey function (breaking API change in vendor)
• Encrypted keys now return errEncryptedKeyDeprecated with clear guidance
• Shared defaultCipherSuites for both client and server
• Centralized TLS config creation via defaultConfig

pkg/crc/validation/validation.go (1)

12-12: LGTM! Import path migration is correct.

The import path update from github.com/containers/common/pkg/strongunits to go.podman.io/common/pkg/strongunits aligns with the PR's objective to migrate to the Podman monorepo. No functional changes are introduced.

vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go (1)

10-10: LGTM! Vendor update reflects upstream libhvee changes.

The import path update in the vendored libhvee package aligns with the PR's objective to update the libhvee dependency. This change resolves the mismatched strongunits types mentioned in the PR description.

pkg/drivers/libhvee/libhvee_windows.go (1)

15-15: LGTM! Import path migration resolves compilation error.

The import path update from github.com/containers/common/pkg/strongunits to go.podman.io/common/pkg/strongunits fixes the compilation error mentioned in the PR description (mismatched types at Line 295). Both newSize and currentSize.ToBytes() now use the same strongunits.B type from the unified module path.

pkg/crc/machine/start_test.go (1)

10-10: LGTM! Import path migration is correct.

The import path update maintains test compatibility while migrating to the Podman monorepo. No test logic changes are introduced.

pkg/crc/config/validations.go (1)

8-8: LGTM! Import path migration is correct.

The import path update from github.com/containers/common/pkg/strongunits to go.podman.io/common/pkg/strongunits is consistent with the repository-wide migration to the Podman monorepo. No functional changes are introduced.

pkg/crc/api/handlers.go (1)

7-7: LGTM! Import path migration is correct.

The import path update maintains API compatibility while migrating to the Podman monorepo. The strongunits.MiB and strongunits.GiB usage in getStartConfig (Lines 126-127) remains functionally identical.

vendor/go.podman.io/image/v5/manifest/list.go (1)

5-5: LGTM!

Import path correctly updated to use the go.podman.io monorepo structure.

cmd/crc/cmd/start.go (1)

13-13: LGTM!

Strongunits import correctly migrated to go.podman.io module path, resolving the type mismatch issue described in the PR.

vendor/go.podman.io/image/v5/internal/unparsedimage/wrapper.go (1)

6-8: LGTM!

Import paths consistently updated to go.podman.io/image/v5 module structure.

vendor/go.podman.io/image/v5/copy/manifest.go (1)

12-16: LGTM!

Import paths consistently migrated to go.podman.io/image/v5 module, preserving aliases.

pkg/crc/machine/status.go (1)

9-9: LGTM!

Strongunits import correctly updated to go.podman.io module path.

pkg/crc/api/api_client_test.go (1)

10-10: LGTM!

Strongunits import correctly updated in test file.

pkg/crc/constants/constants.go (1)

10-10: LGTM!

Strongunits import correctly migrated to go.podman.io module path.

pkg/crc/cluster/cluster.go (1)

18-18: LGTM!

Strongunits import correctly updated to go.podman.io module path, maintaining all existing functionality.

vendor/go.podman.io/image/v5/directory/directory_transport.go (1)

11-15: LGTM! Import path migration is correct.

The import paths have been successfully migrated from github.com/containers/image/v5/... to go.podman.io/image/v5/... as intended by the PR. No functional changes introduced.

vendor/go.podman.io/image/v5/internal/imagesource/wrapper.go (1)

7-10: LGTM! Import path migration is correct.

The import paths have been successfully migrated from github.com/containers/image/v5/... to go.podman.io/image/v5/... as intended by the PR. No functional changes introduced.

vendor/go.podman.io/image/v5/copy/copy.go (1)

15-28: LGTM! Import path migration is correct.

All import paths have been successfully migrated from github.com/containers/image/v5/... to go.podman.io/image/v5/... across multiple subpackages. No functional changes introduced.

test/e2e/testsuite/testsuite.go (1)

22-22: LGTM! Import path migration resolves type mismatch.

The import path has been successfully migrated from github.com/containers/common/pkg/strongunits to go.podman.io/common/pkg/strongunits. This aligns with the PR objective and resolves the build error caused by mismatched strongunits types.

pkg/crc/machine/status_test.go (1)

7-7: LGTM! Import path migration is correct.

The import path has been successfully migrated from github.com/containers/common/pkg/strongunits to go.podman.io/common/pkg/strongunits, consistent with the monorepo migration.

pkg/crc/machine/driver.go (1)

6-6: LGTM! Import path migration is correct.

The import path has been successfully migrated from github.com/containers/common/pkg/strongunits to go.podman.io/common/pkg/strongunits, consistent with the monorepo migration.

pkg/crc/machine/types/types.go (1)

8-8: LGTM! Import path migration is correct.

The import path has been successfully migrated from github.com/containers/common/pkg/strongunits to go.podman.io/common/pkg/strongunits. All strongunits type usages (MiB, GiB, B) in the file remain unchanged and compatible.

vendor/go.podman.io/image/v5/internal/blobinfocache/types.go (1)

5-6: LGTM! Import path migration is correct.

The import paths have been successfully migrated from github.com/containers/image/v5/... to go.podman.io/image/v5/... as intended by the PR. No functional changes introduced.

vendor/go.podman.io/image/v5/pkg/blobinfocache/memory/memory.go (1)

10-13: LGTM! Import paths correctly migrated to go.podman.io monorepo.

The import paths have been successfully updated from github.com/containers/image/v5 to go.podman.io/image/v5 for internal dependencies. This aligns with the PR objective of migrating to the Podman monorepo structure.

vendor/go.podman.io/image/v5/internal/manifest/list.go (1)

8-9: LGTM! Import paths correctly migrated to go.podman.io monorepo.

The compression types and image types imports have been properly updated to reference the Podman monorepo namespace.

vendor/go.podman.io/image/v5/pkg/blobinfocache/internal/prioritize/prioritize.go (1)

12-15: LGTM! Import paths correctly migrated to go.podman.io monorepo.

All four image-related imports have been successfully migrated to the Podman monorepo namespace, maintaining consistency with the broader migration effort.

vendor/go.podman.io/image/v5/internal/imagedestination/wrapper.go (1)

8-11: LGTM! Import paths correctly migrated to go.podman.io monorepo.

The imagedestination internal dependencies have been properly migrated to the Podman monorepo structure.

vendor/go.podman.io/image/v5/internal/image/manifest.go (1)

8-10: LGTM! Import paths correctly migrated to go.podman.io monorepo.

The docker reference, manifest, and types imports have been successfully updated to the Podman monorepo namespace.

vendor/go.podman.io/image/v5/internal/manifest/manifest.go (1)

10-10: LGTM! Import path correctly migrated to go.podman.io monorepo.

The compression types import has been properly updated to reference the Podman monorepo.

vendor/go.podman.io/image/v5/pkg/blobinfocache/none/none.go (1)

6-7: LGTM! Import paths correctly migrated to go.podman.io monorepo.

The blobinfocache internal and types imports have been successfully updated to the Podman monorepo namespace.

vendor/go.podman.io/image/v5/pkg/blobinfocache/default.go (1)

9-12: LGTM! Import paths correctly migrated to go.podman.io monorepo.

All four imports including rootless, memory cache, SQLite cache, and types have been properly migrated to the Podman monorepo namespace. The default cache behavior remains unchanged.

pkg/crc/machine/start.go (1)

14-14: LGTM! Clean import path migration.

The import path has been correctly updated from github.com/containers/common/pkg/strongunits to go.podman.io/common/pkg/strongunits. The usage of strongunits.MiB(14336) at line 44 remains unchanged, confirming backward compatibility.

vendor/go.podman.io/image/v5/internal/image/docker_list.go (1)

7-8: LGTM! Vendor file correctly updated.

Import paths successfully migrated from containers/image/v5/* to go.podman.io/image/v5/*. As a vendor file, this should be auto-generated by go mod vendor, which aligns with the module updates in go.mod.

vendor/go.podman.io/image/v5/manifest/common.go (1)

7-8: LGTM! Import aliases preserved correctly.

The import paths have been updated to go.podman.io/image/v5/* while preserving the import aliases (compressiontypes and types), ensuring all references throughout the file remain valid.

vendor/go.podman.io/image/v5/internal/imagedestination/impl/helpers.go (1)

4-5: LGTM! Internal import paths correctly migrated.

Import paths successfully updated to go.podman.io/image/v5/internal/*. The function OriginalCandidateMatchesTryReusingBlobOptions remains functionally unchanged.

vendor/go.podman.io/image/v5/internal/image/docker_schema2.go (1)

16-20: LGTM! Comprehensive import path migration.

All image-related imports successfully migrated to the go.podman.io/image/v5/* module namespace. The function signatures and logic throughout the file remain unchanged, confirming a clean mechanical refactor.

vendor/go.podman.io/image/v5/copy/encryption.go (1)

11-11: LGTM! Targeted import update.

The types import has been correctly updated to go.podman.io/image/v5/types while appropriately preserving other external dependencies like github.com/containers/ocicrypt.

vendor/go.podman.io/image/v5/internal/blobinfocache/blobinfocache.go (1)

5-5: LGTM! Interface definitions preserved.

The types import has been updated to go.podman.io/image/v5/types. All type references like types.BlobInfoCache remain valid, preserving the interface definitions.

pkg/crc/config/settings_test.go (1)

8-8: LGTM – strongunits import updated correctly. Test logic is unchanged; failures arise from the missing GPGMe cgo dependency. Please verify tests pass in a CGO‐enabled environment (e.g. CGO_ENABLED=1).

vendor/go.podman.io/image/v5/copy/blob.go (1)

10-12: Import path migration looks good.

Namespaces now align with the go.podman.io monorepo without touching logic.

vendor/go.podman.io/image/v5/directory/directory_dest.go (1)

14-20: Directory transport imports updated correctly.

The switch to go.podman.io modules keeps the build aligned with the new monorepo.

pkg/crc/machine/config/config.go (1)

5-5: Strongunits import matches the podman monorepo.

This resolves the cross-module type mismatch introduced by the upstream move.

vendor/go.podman.io/image/v5/internal/image/oci_index.go (1)

7-8: Manifest/types import switch verified.

The file now consistently targets go.podman.io/image/v5 packages; behavior unchanged.

cmd/crc/cmd/status.go (1)

14-14: Status command now imports strongunits from go.podman.io.

Keeps the CLI in sync with the module migration.

vendor/go.podman.io/image/v5/manifest/docker_schema2.go (1)

9-12: LGTM! Import paths correctly migrated to monorepo.

The import paths have been successfully updated from github.com/containers/image/v5/* to go.podman.io/image/v5/*, aligning with the PR's objective to migrate to the Podman monorepo.

vendor/go.podman.io/image/v5/copy/sign.go (1)

7-13: LGTM! Import paths correctly migrated to monorepo.

All signature-related imports have been successfully updated to use the Podman monorepo paths.

vendor/go.podman.io/image/v5/manifest/docker_schema1.go (1)

13-18: LGTM! Import paths correctly migrated to monorepo.

The imports have been updated to use both go.podman.io/image/v5/* and go.podman.io/storage/* paths, which is consistent with the broader monorepo migration.

vendor/go.podman.io/image/v5/internal/image/oci.go (1)

13-18: LGTM! Import paths correctly migrated to monorepo.

The internal image handling imports have been successfully updated to use the Podman monorepo paths.

vendor/go.podman.io/image/v5/manifest/manifest.go (1)

9-10: LGTM! Import paths correctly migrated to monorepo.

The manifest package imports have been successfully updated to use the Podman monorepo paths.

vendor/go.podman.io/image/v5/internal/imagedestination/impl/compat.go (1)

8-11: LGTM! Import paths correctly migrated to monorepo.

The image destination compatibility layer imports have been successfully updated to use the Podman monorepo paths.

vendor/go.podman.io/image/v5/copy/single.go (1)

20-30: LGTM! Import paths correctly migrated to monorepo.

All copy-related imports have been successfully updated to use both go.podman.io/image/v5/* and go.podman.io/storage/* paths, which is consistent with the broader monorepo migration.

vendor/go.podman.io/image/v5/internal/imagesource/impl/compat.go (1)

7-8: LGTM! Import paths correctly migrated to monorepo.

The image source compatibility layer imports have been successfully updated to use the Podman monorepo paths.

vendor/go.podman.io/image/v5/directory/directory_src.go (1)

10-15: LGTM! Import path migration is correct.

The import paths have been successfully updated from github.com/containers/image/v5/* to go.podman.io/image/v5/*, consistent with the Podman monorepo migration objective.

vendor/go.podman.io/image/v5/internal/private/private.go (1)

10-14: LGTM! Import paths correctly migrated.

All import paths have been updated to use go.podman.io/image/v5/*, maintaining compatibility with existing interface definitions.

vendor/go.podman.io/image/v5/copy/compression.go (1)

11-16: LGTM! Dual package migration is correct.

Import paths have been successfully updated for both the image library (go.podman.io/image/v5/*) and the storage library (go.podman.io/storage/*), consistent with the monorepo migration.

vendor/go.podman.io/image/v5/internal/image/docker_schema1.go (2)

9-11: LGTM! Import paths correctly updated.

Import paths successfully migrated to go.podman.io/image/v5/*.

---

205-205: Nice improvement: Using constants instead of hardcoded strings.

Replacing hardcoded media type strings with manifest.DockerV2Schema2LayerMediaType and manifest.DockerV2Schema2ConfigMediaType constants improves maintainability and reduces the risk of typos.

Also applies to: 220-220

vendor/go.podman.io/image/v5/copy/multiple.go (1)

16-21: LGTM! Import migration is correct.

All import paths successfully updated to go.podman.io/image/v5/*, with the internalManifest alias properly preserved.

pkg/crc/api/client/types.go (1)

7-7: LGTM! strongunits import correctly migrated.

The import path has been updated to go.podman.io/common/pkg/strongunits, which resolves the type mismatch issue mentioned in the PR description (after the corresponding libhvee update).

vendor/go.podman.io/image/v5/internal/imagesource/impl/layer_infos.go (1)

7-7: LGTM—all github.com/containers/image/v5/types imports have been replaced.

vendor/github.com/mattn/go-sqlite3/sqlite3ext.h (2)

709-710: LGTM!

The macro definition correctly maps the public API function to the function pointer in the sqlite3_api_routines struct, following the established pattern for all SQLite extension APIs.

---

374-375: LGTM – Verified that setlk_timeout matches the SQLite 3.50.0 API signature (int sqlite3_setlk_timeout(sqlite3*,int ms,int flags)).

vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h (22)

137-137: Doc-only change.

---

150-152: SQLite core bumped to 3.50.4 — verify downstream cgo/build flags compatibility

The header now declares 3.50.4. Please confirm:

• the amalgamation source compiled by go-sqlite3 matches this header version, and
• any custom SQLite compile options (threading, mutex, extensions) are consistent.

This avoids ODR/symbol drift when linking statically vs. system lib.

---

1167-1172: Doc-only addition: new file-control (BLOCK_ON_CONNECT) description.

---

1269-1269: New file-control opcode SQLITE_FCNTL_BLOCK_ON_CONNECT (44)

Looks good and sequential after 43. Please verify no internal usages assumed old opcode values and that any VFS hooks (if you have custom VFS) ignore unknown opcodes by returning SQLITE_NOTFOUND as required.

---

1988-2009: Doc-only edits around SQLITE_CONFIG_LOOKASIDE.

---

2246-2290: Doc-only edits around SQLITE_DBCONFIG_LOOKASIDE.

---

3026-3063: New API sqlite3_setlk_timeout() and flag SQLITE_SETLK_BLOCK_ON_CONNECT

• Declaration is always present; behavior depends on SQLITE_ENABLE_SETLK_TIMEOUT and VFS support. If you plan to call this, guard usage (e.g., check sqlite3_compileoption_used("ENABLE_SETLK_TIMEOUT")) or tolerate SQLITE_OK no-op on builds without support.
• Ensure any WAL usage with connect-block semantics is deliberate when passing SQLITE_SETLK_BLOCK_ON_CONNECT.

No ABI concerns spotted; good addition.

---

4083-4094: Doc-only tweak (create_filename param wording).

---

5180-5185: Doc-only note.

---

5815-5832: Doc-only: new SQLITE_SELFORDER1 flag docs.

---

11778-11778: New flag SQLITE_CHANGESETSTART_INVERT (0x0002) for sqlite3changeset_start_v2

Good to see parity with apply_v2’s INVERT flag. If any code inverted at start using the apply flag previously, switch to this START_INVERT for correctness and clarity.

---

6762-6775: Doc-only (Win32 directory helpers).

---

6839-6868: Doc-only.

---

9989-10004: Doc-only (vtab config).

---

10101-10102: Doc-only (vtab_nochange).

---

10136-10137: Doc-only (vtab collation).

---

10230-10231: Doc-only (vtab distinct).

---

10303-10304: Doc-only (vtab IN constraints).

---

10350-10352: Doc-only (vtab IN iterators).

---

10393-10394: Doc-only (vtab rhs value).

---

10682-10701: Doc-only (pre-update hook).

---

11752-11754: Doc-only (API experimental note).

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h (1)

13709-13718: Document the new FTS5 API version.

The new xColumnLocale / xTokenize_v2 entries mean fts5_api.iVersion is now at least 4, but the comment on Line 13713 still states “Currently always set to 3”. Extension authors rely on that comment to gate new functionality; leaving it stale will cause them to skip the new fields altogether. Please update the version note (and any related docs) to advertise the bumped version.

♻️ Duplicate comments (1)

vendor/go.podman.io/common/pkg/strongunits/config.go (1)

57-60: Naming inconsistency already noted in previous review.

The function ToMib (line 58) should be ToMiB to match the naming convention of ToKiB (line 53) and ToGiB (line 63), and to align with the MiB type name (line 12).

Since this is a vendored file from the go.podman.io monorepo, this inconsistency should be addressed upstream in the Podman project rather than in this PR.

🧹 Nitpick comments (10)

vendor/github.com/mattn/go-sqlite3/README.md (1)

354-354: Fix markdown emphasis style for consistency.

The static analysis tool flags the emphasis style as inconsistent. Per MD049 rules, use underscores instead of asterisks for emphasis.

Apply this diff to align with markdown style conventions:

-***This is deprecated***
+___This is deprecated___

vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go (9)

30-33: Make the unsupported state easy to detect and surface deprecation in docs.

Consider exporting the sentinel and adding Deprecated: notices to the affected APIs for clearer errors.Is matching and godoc visibility.

 var (
-	ErrUnauthorized              = errors.New("SQLITE_AUTH: Unauthorized")
-	ErrAdminRequired             = errors.New("SQLITE_AUTH: Unauthorized; Admin Privileges Required")
-	errUserAuthNoLongerSupported = errors.New("sqlite3: the sqlite_userauth tag is no longer supported as the userauth extension is no longer supported by the SQLite authors, see https://github.com/mattn/go-sqlite3/issues/1341")
+	ErrUnauthorized              = errors.New("SQLITE_AUTH: Unauthorized")
+	ErrAdminRequired             = errors.New("SQLITE_AUTH: Unauthorized; Admin Privileges Required")
+	// ErrUserAuthNoLongerSupported is returned when sqlite_userauth is enabled but unsupported.
+	ErrUserAuthNoLongerSupported = errors.New("sqlite3: the sqlite_userauth tag is no longer supported as the userauth extension is no longer supported by the SQLite authors, see https://github.com/mattn/go-sqlite3/issues/1341")
 )

And update call sites below to return ErrUserAuthNoLongerSupported.

---

62-63: Prefer named constants over magic numbers.

Return SQLite error via named constant for readability.

-func (c *SQLiteConn) authenticate(username, password string) int {
-	return 1
+func (c *SQLiteConn) authenticate(username, password string) int {
+	return int(C.SQLITE_ERROR)
 }

---

74-75: AuthUserAdd: unsupported error is fine; add Deprecated: to doc.

Mark this API as deprecated to avoid misleading IDE/tooling hints.

---

92-93: Prefer named constants over magic numbers.

Use int(C.SQLITE_ERROR) instead of 1.

-func (c *SQLiteConn) authUserAdd(username, password string, admin int) int {
-	return 1
+func (c *SQLiteConn) authUserAdd(username, password string, admin int) int {
+	return int(C.SQLITE_ERROR)
 }

---

101-102: AuthUserChange: unsupported error is fine; add Deprecated: to doc.

Same deprecation note suggestion as above.

---

122-123: Prefer named constants over magic numbers.

Use int(C.SQLITE_ERROR).

-func (c *SQLiteConn) authUserChange(username, password string, admin int) int {
-	return 1
+func (c *SQLiteConn) authUserChange(username, password string, admin int) int {
+	return int(C.SQLITE_ERROR)
 }

---

131-132: AuthUserDelete: unsupported error is fine; add Deprecated: to doc.

Keep behavior but surface deprecation in comments.

---

147-148: Prefer named constants over magic numbers.

Use int(C.SQLITE_ERROR) for clarity.

-func (c *SQLiteConn) authUserDelete(username string) int {
-	return 1
+func (c *SQLiteConn) authUserDelete(username string) int {
+	return int(C.SQLITE_ERROR)
 }

---

152-153: AuthEnabled always false: LGTM.

Consistent with de-supported feature. Consider a // Deprecated: always returns false. doc note.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9e24244 and 0b844b5.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (107)

• cmd/crc/cmd/start.go (1 hunks)
• cmd/crc/cmd/status.go (1 hunks)
• go.mod (10 hunks)
• pkg/crc/api/api_client_test.go (1 hunks)
• pkg/crc/api/client/types.go (1 hunks)
• pkg/crc/api/handlers.go (1 hunks)
• pkg/crc/cluster/cluster.go (1 hunks)
• pkg/crc/config/settings_test.go (1 hunks)
• pkg/crc/config/validations.go (1 hunks)
• pkg/crc/constants/constants.go (1 hunks)
• pkg/crc/image/image.go (1 hunks)
• pkg/crc/machine/config/config.go (1 hunks)
• pkg/crc/machine/driver.go (1 hunks)
• pkg/crc/machine/start.go (1 hunks)
• pkg/crc/machine/start_test.go (1 hunks)
• pkg/crc/machine/status.go (1 hunks)
• pkg/crc/machine/status_test.go (1 hunks)
• pkg/crc/machine/types/types.go (1 hunks)
• pkg/crc/validation/validation.go (1 hunks)
• pkg/drivers/libhvee/libhvee_windows.go (1 hunks)
• test/e2e/testsuite/testsuite.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go (2 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/wmiext/array.go (2 hunks)
• vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go (2 hunks)
• vendor/github.com/docker/go-connections/tlsconfig/config.go (7 hunks)
• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go (0 hunks)
• vendor/github.com/google/pprof/profile/merge.go (2 hunks)
• vendor/github.com/google/pprof/profile/profile.go (3 hunks)
• vendor/github.com/google/pprof/profile/prune.go (2 hunks)
• vendor/github.com/mattn/go-sqlite3/README.md (1 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h (71 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go (10 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3ext.h (2 hunks)
• vendor/github.com/proglottis/gpgme/gpgme.go (1 hunks)
• vendor/go.podman.io/common/LICENSE (1 hunks)
• vendor/go.podman.io/common/pkg/strongunits/config.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/blob.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/compression.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/copy.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/encryption.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/multiple.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/progress_bars.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/progress_channel.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/sign.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/single.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_dest.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_src.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_transport.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/explicitfilepath/path.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/cache.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_client.go (2 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image_dest.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image_src.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_transport.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/policyconfiguration/naming.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/reference/regexp.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/registries_d.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/blobinfocache/blobinfocache.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/blobinfocache/types.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_schema1.go (3 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_schema2.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/memory.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/oci.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/sourced.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/unparsed.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/compat.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/helpers.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/properties.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/stubs/put_blob_partial.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/stubs/signatures.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/compat.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/layer_infos.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/signatures.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/stubs/get_blob_at.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/docker_schema2_list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/pkg/platform/platform_matcher.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/private/private.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/putblobdigest/put_blob_digest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/signer/signer.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/streamdigest/stream_digest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/unparsedimage/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/useragent/useragent.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/common.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema1.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema2.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema2_list.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/list.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/oci.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/pkg/blobinfocache/default.go (1 hunks)
• vendor/go.podman.io/image/v5/pkg/blobinfocache/internal/prioritize/prioritize.go (1 hunks)
• vendor/go.podman.io/image/v5/pkg/blobinfocache/memory/memory.go (1 hunks)
• vendor/go.podman.io/image/v5/pkg/blobinfocache/none/none.go (1 hunks)

⛔ Files not processed due to max files limit (61)

• vendor/go.podman.io/image/v5/pkg/blobinfocache/sqlite/sqlite.go
• vendor/go.podman.io/image/v5/pkg/compression/compression.go
• vendor/go.podman.io/image/v5/pkg/compression/types/types.go
• vendor/go.podman.io/image/v5/pkg/docker/config/config.go
• vendor/go.podman.io/image/v5/pkg/sysregistriesv2/shortnames.go
• vendor/go.podman.io/image/v5/pkg/sysregistriesv2/system_registries_v2.go
• vendor/go.podman.io/image/v5/signature/docker.go
• vendor/go.podman.io/image/v5/signature/fulcio_cert.go
• vendor/go.podman.io/image/v5/signature/internal/json.go
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.c
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.h
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoiafuncs.h
• vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.go
• vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.h
• vendor/go.podman.io/image/v5/signature/internal/sigstore_payload.go
• vendor/go.podman.io/image/v5/signature/mechanism.go
• vendor/go.podman.io/image/v5/signature/mechanism_gpgme.go
• vendor/go.podman.io/image/v5/signature/mechanism_gpgme_only.go
• vendor/go.podman.io/image/v5/signature/mechanism_openpgp.go
• vendor/go.podman.io/image/v5/signature/mechanism_sequoia.go
• vendor/go.podman.io/image/v5/signature/pki_cert.go
• vendor/go.podman.io/image/v5/signature/policy_config.go
• vendor/go.podman.io/image/v5/signature/policy_config_sigstore.go
• vendor/go.podman.io/image/v5/signature/policy_eval.go
• vendor/go.podman.io/image/v5/signature/policy_eval_baselayer.go
• vendor/go.podman.io/image/v5/signature/policy_eval_signedby.go
• vendor/go.podman.io/image/v5/signature/policy_eval_sigstore.go
• vendor/go.podman.io/image/v5/signature/policy_eval_simple.go
• vendor/go.podman.io/image/v5/signature/policy_reference_match.go
• vendor/go.podman.io/image/v5/signature/signer/signer.go
• vendor/go.podman.io/image/v5/signature/sigstore/internal/signer.go
• vendor/go.podman.io/image/v5/signature/sigstore/signer.go
• vendor/go.podman.io/image/v5/signature/simple.go
• vendor/go.podman.io/image/v5/signature/simplesigning/signer.go
• vendor/go.podman.io/image/v5/transports/stub.go
• vendor/go.podman.io/image/v5/transports/transports.go
• vendor/go.podman.io/image/v5/types/types.go
• vendor/go.podman.io/image/v5/version/version.go
• vendor/go.podman.io/storage/pkg/archive/archive.go
• vendor/go.podman.io/storage/pkg/archive/archive_linux.go
• vendor/go.podman.io/storage/pkg/archive/archive_unix.go
• vendor/go.podman.io/storage/pkg/archive/archive_windows.go
• vendor/go.podman.io/storage/pkg/archive/changes.go
• vendor/go.podman.io/storage/pkg/archive/changes_linux.go
• vendor/go.podman.io/storage/pkg/archive/changes_other.go
• vendor/go.podman.io/storage/pkg/archive/changes_unix.go
• vendor/go.podman.io/storage/pkg/archive/changes_windows.go
• vendor/go.podman.io/storage/pkg/archive/copy.go
• vendor/go.podman.io/storage/pkg/archive/diff.go
• vendor/go.podman.io/storage/pkg/archive/fflags_bsd.go
• vendor/go.podman.io/storage/pkg/chunked/compressor/compressor.go
• vendor/go.podman.io/storage/pkg/chunked/internal/minimal/compression.go
• vendor/go.podman.io/storage/pkg/chunked/toc/toc.go
• vendor/go.podman.io/storage/pkg/homedir/homedir_unix.go
• vendor/go.podman.io/storage/pkg/idtools/idtools.go
• vendor/go.podman.io/storage/pkg/idtools/idtools_unix.go
• vendor/go.podman.io/storage/pkg/idtools/usergroupadd_linux.go
• vendor/go.podman.io/storage/pkg/ioutils/temp_windows.go
• vendor/go.podman.io/storage/pkg/lockfile/lockfile.go
• vendor/go.podman.io/storage/pkg/lockfile/lockfile_unix.go
• vendor/go.podman.io/storage/pkg/pools/pools.go

💤 Files with no reviewable changes (1)

• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go

✅ Files skipped from review due to trivial changes (4)

• vendor/go.podman.io/image/v5/internal/imagedestination/stubs/put_blob_partial.go
• pkg/crc/config/validations.go
• pkg/crc/machine/start_test.go
• vendor/go.podman.io/image/v5/internal/imagesource/impl/layer_infos.go

🚧 Files skipped from review as they are similar to previous changes (67)

• pkg/crc/api/handlers.go
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go
• vendor/go.podman.io/image/v5/internal/imagesource/impl/compat.go
• pkg/crc/machine/types/types.go
• pkg/crc/api/api_client_test.go
• pkg/crc/machine/driver.go
• vendor/github.com/mattn/go-sqlite3/sqlite3ext.h
• vendor/go.podman.io/image/v5/internal/image/unparsed.go
• pkg/crc/machine/config/config.go
• vendor/go.podman.io/image/v5/manifest/docker_schema1.go
• vendor/go.podman.io/image/v5/internal/blobinfocache/blobinfocache.go
• pkg/crc/machine/status_test.go
• vendor/go.podman.io/image/v5/manifest/oci_index.go
• vendor/go.podman.io/image/v5/pkg/blobinfocache/none/none.go
• vendor/go.podman.io/image/v5/manifest/docker_schema2_list.go
• vendor/github.com/containers/libhvee/pkg/wmiext/array.go
• vendor/go.podman.io/image/v5/copy/progress_bars.go
• vendor/go.podman.io/image/v5/internal/manifest/manifest.go
• vendor/go.podman.io/image/v5/internal/signer/signer.go
• cmd/crc/cmd/status.go
• pkg/crc/constants/constants.go
• vendor/go.podman.io/image/v5/internal/imagedestination/wrapper.go
• vendor/go.podman.io/image/v5/internal/manifest/docker_schema2_list.go
• vendor/github.com/google/pprof/profile/profile.go
• vendor/go.podman.io/image/v5/internal/unparsedimage/wrapper.go
• pkg/drivers/libhvee/libhvee_windows.go
• vendor/go.podman.io/image/v5/manifest/docker_schema2.go
• vendor/go.podman.io/image/v5/docker/reference/regexp.go
• vendor/go.podman.io/image/v5/manifest/list.go
• vendor/go.podman.io/image/v5/internal/imagesource/wrapper.go
• vendor/go.podman.io/image/v5/copy/single.go
• vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go
• pkg/crc/machine/start.go
• test/e2e/testsuite/testsuite.go
• vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go
• vendor/go.podman.io/image/v5/internal/image/sourced.go
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go
• vendor/go.podman.io/image/v5/internal/image/docker_schema1.go
• vendor/go.podman.io/image/v5/internal/streamdigest/stream_digest.go
• pkg/crc/cluster/cluster.go
• vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go
• pkg/crc/validation/validation.go
• vendor/go.podman.io/image/v5/internal/imagesource/stubs/get_blob_at.go
• vendor/go.podman.io/image/v5/internal/pkg/platform/platform_matcher.go
• vendor/go.podman.io/image/v5/pkg/blobinfocache/default.go
• vendor/github.com/google/pprof/profile/merge.go
• vendor/go.podman.io/image/v5/internal/useragent/useragent.go
• vendor/go.podman.io/image/v5/copy/encryption.go
• vendor/go.podman.io/image/v5/copy/copy.go
• pkg/crc/config/settings_test.go
• cmd/crc/cmd/start.go
• vendor/go.podman.io/image/v5/manifest/manifest.go
• vendor/go.podman.io/image/v5/docker/registries_d.go
• vendor/go.podman.io/image/v5/internal/imagesource/impl/signatures.go
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/properties.go
• vendor/go.podman.io/image/v5/docker/policyconfiguration/naming.go
• pkg/crc/image/image.go
• vendor/go.podman.io/image/v5/manifest/common.go
• vendor/go.podman.io/image/v5/internal/image/oci_index.go
• vendor/go.podman.io/image/v5/copy/manifest.go
• vendor/go.podman.io/image/v5/internal/blobinfocache/types.go
• vendor/go.podman.io/image/v5/internal/image/oci.go
• vendor/go.podman.io/image/v5/pkg/blobinfocache/memory/memory.go
• vendor/go.podman.io/image/v5/copy/multiple.go
• vendor/go.podman.io/image/v5/internal/image/manifest.go
• vendor/go.podman.io/image/v5/internal/putblobdigest/put_blob_digest.go
• pkg/crc/machine/status.go

🧰 Additional context used

🪛 ast-grep (0.39.6)

vendor/go.podman.io/image/v5/docker/docker_client.go

[warning] 229-236: MinVersionis missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. AddMinVersion: tls.VersionTLS13' to the TLS configuration to bump the minimum version to TLS 1.3.
Context: tls.Config{
// As of 2025-08, tlsconfig.ClientDefault() differs from Go 1.23 defaults only in CipherSuites;
// so, limit us to only using that value. If go-connections/tlsconfig changes its policy, we
// will want to consider that and make a decision whether to follow suit.
// There is some chance that eventually the Go default will be to require TLS 1.3, and that point
// we might want to drop the dependency on go-connections entirely.
CipherSuites: tlsconfig.ClientDefault().CipherSuites,
}
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
https://owasp.org/Top10/A02_2021-Cryptographic_Failures

(missing-ssl-minversion-go)

🪛 markdownlint-cli2 (0.18.1)

vendor/github.com/mattn/go-sqlite3/README.md

354-354: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

---

354-354: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Konflux kflux-prd-rh02 / crc-binary-on-pull-request

🔇 Additional comments (39)

vendor/github.com/mattn/go-sqlite3/README.md (1)

352-356: Clarify why a vendored file is being modified.

Vendored files typically remain unchanged; modifications should be applied upstream in the original repository. This change adds a deprecation marker to the User Authentication section, but the PR objectives focus on migrating imports to the go.podman.io monorepo and updating libhvee, with no mention of go-sqlite3 documentation changes.

Please confirm whether this modification is intentional and how it relates to the stated PR objectives.

vendor/github.com/proglottis/gpgme/gpgme.go (1)

880-884: LGTM! Well-implemented accessor method.

The new Fingerprint() method correctly follows the established pattern for accessor methods in this file, properly converting the C field to a Go string and ensuring the Key remains alive during the operation. This provides helpful API consistency with the existing SubKey.Fingerprint() method.

vendor/go.podman.io/image/v5/internal/image/docker_schema2.go (1)

16-20: LGTM! Import paths correctly migrated to the monorepo.

The import paths have been successfully updated from github.com/containers/image/v5 to go.podman.io/image/v5, with all five imports consistently using the new monorepo path. No functional changes were made to the code logic, which is appropriate for this vendor dependency update.

vendor/go.podman.io/image/v5/internal/imagedestination/impl/helpers.go (1)

4-5: LGTM! Import paths correctly updated for monorepo migration.

The import paths have been properly updated from github.com/containers/image/v5 to go.podman.io/image/v5, aligning with the PR's objective to migrate to the Podman monorepo. This vendor update ensures type consistency across the codebase.

vendor/github.com/google/pprof/profile/prune.go (1)

22-22: LGTM! Clean refactor from upstream.

The addition of the slices import and the use of slices.Contains to replace the manual loop is a good improvement. This vendored update from google/pprof simplifies the code while maintaining identical semantics.

Also applies to: 44-44

vendor/go.podman.io/image/v5/internal/imagedestination/stubs/signatures.go (1)

8-8: LGTM! Import path correctly updated for monorepo migration.

The import path change from github.com/containers/image/v5/internal/signature to go.podman.io/image/v5/internal/signature is correct and aligns with the PR objectives. This vendored file reflects the upstream migration to the Podman monorepo, with no functional changes.

vendor/go.podman.io/image/v5/directory/explicitfilepath/path.go (1)

8-8: LGTM! Import path correctly migrated to monorepo.

The import path change from github.com/containers/storage/pkg/fileutils to go.podman.io/storage/pkg/fileutils is consistent with the PR's objective to migrate to the go.podman.io monorepo. Since this is a vendored dependency file and no code logic changed beyond the import, the API remains compatible.

vendor/go.podman.io/image/v5/docker/docker_transport.go (1)

9-12: LGTM! Import migration to monorepo is correct.

The import paths have been correctly updated from github.com/containers/image/v5/... to go.podman.io/image/v5/... as part of the vendored dependency update. All four imports are consistently using the new module path with the /v5 major version, and no logic changes are present in the file.

vendor/go.podman.io/image/v5/pkg/blobinfocache/internal/prioritize/prioritize.go (1)

12-15: LGTM! Import paths correctly updated for monorepo migration—migration is complete and consistent.

The import changes from github.com/containers/image/v5/* to go.podman.io/image/v5/* are correct. The verification confirms no old import paths remain in non-vendored code, indicating the migration is complete across the codebase.

All four internal imports updated correctly:

• internal/blobinfocache
• internal/manifest
• pkg/compression
• types

External dependencies (opencontainers, logrus) correctly remain unchanged.

vendor/go.podman.io/image/v5/internal/private/private.go (1)

10-14: Import paths correctly updated for monorepo migration.

The vendored imports have been mechanically updated from github.com/containers/image/v5 to go.podman.io/image/v5. Verification confirms no lingering old import paths in the source code, and all go.podman.io imports (including the relocated strongunits from go.podman.io/common/pkg/strongunits) are active throughout the codebase, resolving the type mismatch mentioned in the PR.

vendor/go.podman.io/image/v5/internal/image/docker_list.go (1)

7-8: LGTM! Import paths correctly updated for monorepo migration.

The import path changes from github.com/containers/image/v5/* to go.podman.io/image/v5/* on lines 7-8 are correct and verified. The vendor directory has been properly regenerated with the new go.podman.io/image/v5 v5.37.0 dependency, and no old import references remain in non-vendor code.

vendor/go.podman.io/image/v5/manifest/oci.go (1)

13-15: Import migration to go.podman.io verified, but strongunits type resolution claim is unverified.

The import path updates from github.com/containers/image/v5/* to go.podman.io/image/v5/* are correct and consistent. No references to old paths remain in non-vendor code, and the new imports are in use throughout the codebase.

However, strongunits.B originates from separate dependencies (libhvee, vfkit), not the image package being migrated. Whether this PR actually resolves the libhvee v0.10.0 type mismatch requires build verification.

Please confirm:

1. Build succeeds with these changes
2. The strongunits.B type mismatch error is resolved (verify compile/test output)

vendor/go.podman.io/image/v5/internal/imagedestination/impl/compat.go (1)

8-11: Import path migration looks good.

The import paths have been correctly updated from github.com/containers/image/v5 to go.podman.io/image/v5, consistent with the monorepo migration.

vendor/go.podman.io/image/v5/internal/image/memory.go (1)

7-7: LGTM.

Import path correctly updated to the Podman monorepo module.

vendor/go.podman.io/image/v5/directory/directory_transport.go (1)

11-15: LGTM.

All import paths correctly migrated to go.podman.io/image/v5 namespace.

vendor/go.podman.io/image/v5/docker/cache.go (1)

4-5: LGTM.

Import paths properly updated for the monorepo migration.

vendor/go.podman.io/image/v5/internal/manifest/list.go (1)

8-9: LGTM.

Import paths correctly updated to Podman monorepo structure.

vendor/go.podman.io/image/v5/internal/manifest/oci_index.go (1)

15-17: LGTM.

Import path updates are consistent with the monorepo migration.

vendor/go.podman.io/image/v5/directory/directory_src.go (1)

10-15: LGTM.

All internal import paths correctly migrated to the Podman monorepo namespace.

vendor/go.podman.io/image/v5/docker/docker_client.go (2)

26-37: LGTM.

Import paths correctly updated to use the Podman monorepo modules.

---

230-237: Note TLS MinVersion configuration.

Static analysis correctly identifies that MinVersion is not set in the TLS config. The current Go default for clients is TLS 1.2, but TLS 1.3 is recommended. The inline comment acknowledges awareness of this issue and suggests it may be addressed when Go's defaults change.

Since this is vendored code from go.podman.io/image/v5, any fix would need to come from upstream. The current configuration restricts only CipherSuites per the tlsconfig.ClientDefault() policy.

As per static analysis hints

vendor/go.podman.io/common/LICENSE (1)

1-201: LGTM: Standard Apache 2.0 license for new vendor dependency.

This is the expected license file for the new go.podman.io/common module being vendored as part of the monorepo migration.

vendor/go.podman.io/image/v5/copy/compression.go (1)

11-16: LGTM: Import path migration to Podman monorepo.

These import path updates from github.com/containers/image/v5/* to go.podman.io/image/v5/* are the expected mechanical changes for the monorepo migration. No logic changes.

vendor/go.podman.io/image/v5/copy/blob.go (1)

10-12: LGTM: Import path migration to Podman monorepo.

Mechanical import path updates consistent with the broader monorepo migration.

go.mod (3)

3-5: LGTM: Go toolchain version updates.

Minor Go version bump to 1.24.2 with explicit toolchain 1.24.6. These updates are appropriate for dependency compatibility.

---

16-16: LGTM: Critical libhvee update fixes strongunits type mismatch.

This libhvee version update to v0.10.1-0.20250902114412-a85aab2976a4 is essential to resolve the build failure mentioned in the PR description:

invalid operation: newSize == currentSize.ToBytes() (mismatched types "go.podman.io/common/pkg/strongunits".B and "github.com/containers/common/pkg/strongunits".B)

The updated libhvee version includes the monorepo migration, ensuring type compatibility.

---

59-60: LGTM: Podman monorepo modules added.

The addition of go.podman.io/common and go.podman.io/image/v5 modules completes the migration from containers/* to the Podman monorepo, as intended by this PR.

vendor/github.com/docker/go-connections/tlsconfig/config.go (2)

42-50: Verify: Consolidated default cipher suites.

The DefaultServerAcceptedCiphers now references a new shared defaultCipherSuites variable. This consolidates cipher suite configuration between client and server. The cipher suite list itself appears unchanged, maintaining the same secure ciphers.

---

133-162: No actionable concerns found—breaking change has no impact on this codebase.

Verification confirms that the removed APIs (Options.Passphrase, IsErrEncryptedKey) are not used anywhere in the codebase. The docker/go-connections library is only an indirect dependency, and the codebase does not directly use the tlsconfig package. Additionally, the only private key file in the repository (test/extended/util/rootCA.key) is unencrypted PKCS8 format, not the legacy encrypted PEM format being deprecated by the vendor library. The codebase uses its own TLS and SSH abstractions independent of the tlsconfig implementation.

vendor/go.podman.io/image/v5/copy/progress_channel.go (1)

7-7: LGTM: Import path migration to Podman monorepo.

Mechanical import path update consistent with the monorepo migration.

vendor/go.podman.io/image/v5/copy/sign.go (1)

7-13: LGTM: Import path migration to Podman monorepo.

Mechanical import path updates for multiple image-related packages, consistent with the broader monorepo migration.

vendor/go.podman.io/image/v5/docker/docker_image_src.go (1)

22-32: LGTM: Import path migration to Podman monorepo.

Comprehensive import path updates from github.com/containers/image/v5/* and github.com/containers/storage/* to go.podman.io/image/v5/* and go.podman.io/storage/* respectively. These mechanical changes are consistent with the monorepo migration objectives.

vendor/go.podman.io/image/v5/docker/docker_image_dest.go (1)

24-38: LGTM! Import paths successfully migrated to go.podman.io monorepo.

The import path updates from containers/image/v5 to go.podman.io/image/v5 are consistent and complete. This vendored file correctly reflects the upstream monorepo migration.

vendor/go.podman.io/image/v5/directory/directory_dest.go (1)

14-21: LGTM! Import paths correctly updated.

The migration from containers/image/v5 and containers/storage to their go.podman.io equivalents is complete and consistent with the broader monorepo migration.

vendor/go.podman.io/image/v5/docker/docker_image.go (1)

14-17: LGTM! Imports correctly migrated.

The import path updates are consistent with the monorepo migration across all image-related packages.

pkg/crc/api/client/types.go (1)

7-7: LGTM! Import migration resolves the strongunits type mismatch.

This import path update from github.com/containers/common/pkg/strongunits to go.podman.io/common/pkg/strongunits is essential for resolving the build error mentioned in the PR description. The strongunits.B type usage in ClusterStatusResult (lines 27-32) remains compatible with the new import path.

vendor/go.podman.io/common/pkg/strongunits/config.go (1)

1-65: LGTM! New vendored strongunits package successfully integrated.

This vendored file introduces the strongunits package under the new go.podman.io/common import path, which is necessary for the monorepo migration. The implementation provides proper type definitions and conversion utilities for storage units (B, KiB, MiB, GiB).

vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go (2)

165-166: authEnabled returns 0 (disabled): LGTM.

Matches documented return contract (0 disabled / 1 enabled).

---

49-50: No project callers affected—change is safe.

Verification confirms the project has no dependencies on the userauth functionality: no build tags enable sqlite_userauth, no code calls the userauth APIs, and no error sentinels are referenced. The behavior change to return a hard error is safe.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b9bc3d9 and 93aedbb.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (9)

• Makefile (1 hunks)
• go.mod (10 hunks)
• tools/go.mod (1 hunks)
• update-go-version.sh (1 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go (2 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/wmiext/array.go (2 hunks)
• vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go (2 hunks)

✅ Files skipped from review due to trivial changes (1)

• tools/go.mod

🚧 Files skipped from review as they are similar to previous changes (5)

• vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go
• vendor/github.com/containers/libhvee/pkg/wmiext/array.go
• vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go
• Makefile

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (17)

• GitHub Check: Konflux kflux-prd-rh02 / crc-binary-on-pull-request
• GitHub Check: verify-devcontainer
• GitHub Check: Run OKD bundle with crc (1.24)
• GitHub Check: build-qe (linux, arm64)
• GitHub Check: build-qe (linux, amd64)
• GitHub Check: build-qe (windows, amd64)
• GitHub Check: build-qe (darwin, arm64)
• GitHub Check: build (ubuntu-22.04, 1.24)
• GitHub Check: build-installer (windows-2022, 1.24)
• GitHub Check: build-qe (darwin, amd64)
• GitHub Check: build (ubuntu-latest, 1.24)
• GitHub Check: build (macOS-13, 1.24)
• GitHub Check: build (macOS-14, 1.24)
• GitHub Check: build (windows-2022, 1.24)
• GitHub Check: build (macOS-13, 1.24)
• GitHub Check: build (macOS-14, 1.24)
• GitHub Check: build (ubuntu-latest, 1.24)

🔇 Additional comments (6)

update-go-version.sh (1)

12-13: Go version propagation correctly updated to .2 suffix.

The script changes consistently apply the .2 patch version across both go.mod and tools/go.mod, aligning with the version bump shown in the go.mod file.

go.mod (5)

16-16: libhvee update addresses the type mismatch issue.

The update from v0.10.0 to v0.10.1-0.20250902114412-a85aab2976a4 directly addresses the PR objective by including the go.podman.io repository switch, which resolves the mismatched strongunits types error.

---

3-3: Verify toolchain version is intentional.

The toolchain directive (go1.24.6) is set higher than the Go version directive (1.24.2). While this is valid Go module syntax, confirm this is intentional. The toolchain version represents the minimum required toolchain version, and Go will auto-upgrade if needed.

Also applies to: 5-5

---

83-83: containers/common moved to indirect dependency after migration.

After the migration, containers/common v0.62.2 is now an indirect dependency, likely pulled transitively by go.podman.io/common. This is expected, but verify there are no version constraint issues or conflicts between the old containers/common and new go.podman.io/common packages.

---

95-95: Multiple transitive dependency version bumps—verify no breaking changes.

Numerous indirect dependencies have been updated across multiple families:

• Docker: v28.4.0+incompatible
• Google tools: go-containerregistry, pprof, genproto, protobuf
• Sigstore/fulcio: v1.7.1
• sqlite3: v1.14.32
• gpgme, securesystemslib, storage, yaml

While these appear to be routine updates, ensure that any breaking changes in these transitive dependencies don't affect the codebase (e.g., protobuf API changes, Docker client API changes).

Also applies to: 97-97, 119-119, 122-122, 140-140, 158-158, 162-162, 164-164, 181-181, 188-191, 201-201

---

57-58: Migration from containers/ to go.podman.io dependencies verified and complete.*

The verification confirms:

• No remaining github.com/containers/common, containers/image, or containers/storage imports found
• New go.podman.io/common and go.podman.io/image/v5 imports are properly in place across 13+ source files

The go.mod changes align with actual usage in the codebase.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

vendor/go.podman.io/image/v5/docker/docker_client.go (1)

230-236: Consider explicitly setting MinVersion for TLS security.

The comments acknowledge that TLS 1.3 may eventually become the default requirement. For security best practices, consider explicitly setting MinVersion: tls.VersionTLS13 now rather than relying on Go's defaults.

Based on learnings

Apply this diff to explicitly set the minimum TLS version:

 	tlsClientConfig := &tls.Config{
+		MinVersion: tls.VersionTLS12, // Or tls.VersionTLS13 if legacy client support is not required
 		// As of 2025-08, tlsconfig.ClientDefault() differs from Go 1.23 defaults only in CipherSuites;
 		// so, limit us to only using that value. If go-connections/tlsconfig changes its policy, we
 		// will want to consider that and make a decision whether to follow suit.
 		// There is some chance that eventually the Go default will be to require TLS 1.3, and that point
 		// we might want to drop the dependency on go-connections entirely.
 		CipherSuites: tlsconfig.ClientDefault().CipherSuites,
 	}

Note: Use tls.VersionTLS13 if you can drop support for legacy clients, otherwise tls.VersionTLS12 as a minimum.

vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h (2)

13778-13780: USE_LIBSQLITE3 fallback block

The no-op branch for USE_LIBSQLITE3 is fine. Please ensure our Go build either consistently uses the bundled amalgamation (this header) or defines USE_LIBSQLITE3 when linking the system lib, to avoid mixed symbol sets.

Consider adding a build-tag guard or CI job that builds both modes (bundled vs system sqlite) to catch mismatches early.

---

150-152: SQLite version bump to 3.50.4 verified

Header version constants are correct (3.50.4 → 3050004). Build configuration supports both bundled (default) and system library modes via USE_LIBSQLITE3 conditional compilation. Consider adding a runtime version assertion to CI to catch accidental mismatches when linking against system libraries, as no existing libversion checks were found in tests.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 93aedbb and 3615ce4.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (107)

• Makefile (1 hunks)
• cmd/crc/cmd/start.go (1 hunks)
• cmd/crc/cmd/status.go (1 hunks)
• go.mod (10 hunks)
• pkg/crc/api/api_client_test.go (1 hunks)
• pkg/crc/api/client/types.go (1 hunks)
• pkg/crc/api/handlers.go (1 hunks)
• pkg/crc/cluster/cluster.go (1 hunks)
• pkg/crc/config/settings_test.go (1 hunks)
• pkg/crc/config/validations.go (1 hunks)
• pkg/crc/constants/constants.go (1 hunks)
• pkg/crc/image/image.go (1 hunks)
• pkg/crc/machine/config/config.go (1 hunks)
• pkg/crc/machine/driver.go (1 hunks)
• pkg/crc/machine/start.go (1 hunks)
• pkg/crc/machine/start_test.go (1 hunks)
• pkg/crc/machine/status.go (1 hunks)
• pkg/crc/machine/status_test.go (1 hunks)
• pkg/crc/machine/types/types.go (1 hunks)
• pkg/crc/validation/validation.go (1 hunks)
• pkg/drivers/libhvee/libhvee_windows.go (1 hunks)
• test/e2e/testsuite/testsuite.go (1 hunks)
• tools/go.mod (1 hunks)
• update-go-version.sh (1 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go (2 hunks)
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go (1 hunks)
• vendor/github.com/containers/libhvee/pkg/wmiext/array.go (2 hunks)
• vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go (2 hunks)
• vendor/github.com/docker/go-connections/tlsconfig/config.go (7 hunks)
• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go (0 hunks)
• vendor/github.com/google/pprof/profile/merge.go (2 hunks)
• vendor/github.com/google/pprof/profile/profile.go (3 hunks)
• vendor/github.com/google/pprof/profile/prune.go (2 hunks)
• vendor/github.com/mattn/go-sqlite3/README.md (1 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h (71 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go (10 hunks)
• vendor/github.com/mattn/go-sqlite3/sqlite3ext.h (2 hunks)
• vendor/github.com/proglottis/gpgme/gpgme.go (1 hunks)
• vendor/go.podman.io/common/LICENSE (1 hunks)
• vendor/go.podman.io/common/pkg/strongunits/config.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/blob.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/compression.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/copy.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/encryption.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/multiple.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/progress_bars.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/progress_channel.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/sign.go (1 hunks)
• vendor/go.podman.io/image/v5/copy/single.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_dest.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_src.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/directory_transport.go (1 hunks)
• vendor/go.podman.io/image/v5/directory/explicitfilepath/path.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/cache.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_client.go (2 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image_dest.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_image_src.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/docker_transport.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/policyconfiguration/naming.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/reference/regexp.go (1 hunks)
• vendor/go.podman.io/image/v5/docker/registries_d.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/blobinfocache/blobinfocache.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/blobinfocache/types.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_schema1.go (3 hunks)
• vendor/go.podman.io/image/v5/internal/image/docker_schema2.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/memory.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/oci.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/sourced.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/image/unparsed.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/compat.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/helpers.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/properties.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/stubs/put_blob_partial.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/stubs/signatures.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagedestination/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/compat.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/layer_infos.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/impl/signatures.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/stubs/get_blob_at.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/imagesource/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/docker_schema2_list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/list.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/manifest/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/pkg/platform/platform_matcher.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/private/private.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/putblobdigest/put_blob_digest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/signer/signer.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/streamdigest/stream_digest.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/unparsedimage/wrapper.go (1 hunks)
• vendor/go.podman.io/image/v5/internal/useragent/useragent.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/common.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema1.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema2.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/docker_schema2_list.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/list.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/manifest.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/oci.go (1 hunks)
• vendor/go.podman.io/image/v5/manifest/oci_index.go (1 hunks)
• vendor/go.podman.io/image/v5/pkg/blobinfocache/default.go (1 hunks)

⛔ Files not processed due to max files limit (64)

• vendor/go.podman.io/image/v5/pkg/blobinfocache/internal/prioritize/prioritize.go
• vendor/go.podman.io/image/v5/pkg/blobinfocache/memory/memory.go
• vendor/go.podman.io/image/v5/pkg/blobinfocache/none/none.go
• vendor/go.podman.io/image/v5/pkg/blobinfocache/sqlite/sqlite.go
• vendor/go.podman.io/image/v5/pkg/compression/compression.go
• vendor/go.podman.io/image/v5/pkg/compression/types/types.go
• vendor/go.podman.io/image/v5/pkg/docker/config/config.go
• vendor/go.podman.io/image/v5/pkg/sysregistriesv2/shortnames.go
• vendor/go.podman.io/image/v5/pkg/sysregistriesv2/system_registries_v2.go
• vendor/go.podman.io/image/v5/signature/docker.go
• vendor/go.podman.io/image/v5/signature/fulcio_cert.go
• vendor/go.podman.io/image/v5/signature/internal/json.go
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.c
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.h
• vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoiafuncs.h
• vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.go
• vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.h
• vendor/go.podman.io/image/v5/signature/internal/sigstore_payload.go
• vendor/go.podman.io/image/v5/signature/mechanism.go
• vendor/go.podman.io/image/v5/signature/mechanism_gpgme.go
• vendor/go.podman.io/image/v5/signature/mechanism_gpgme_only.go
• vendor/go.podman.io/image/v5/signature/mechanism_openpgp.go
• vendor/go.podman.io/image/v5/signature/mechanism_sequoia.go
• vendor/go.podman.io/image/v5/signature/pki_cert.go
• vendor/go.podman.io/image/v5/signature/policy_config.go
• vendor/go.podman.io/image/v5/signature/policy_config_sigstore.go
• vendor/go.podman.io/image/v5/signature/policy_eval.go
• vendor/go.podman.io/image/v5/signature/policy_eval_baselayer.go
• vendor/go.podman.io/image/v5/signature/policy_eval_signedby.go
• vendor/go.podman.io/image/v5/signature/policy_eval_sigstore.go
• vendor/go.podman.io/image/v5/signature/policy_eval_simple.go
• vendor/go.podman.io/image/v5/signature/policy_reference_match.go
• vendor/go.podman.io/image/v5/signature/signer/signer.go
• vendor/go.podman.io/image/v5/signature/sigstore/internal/signer.go
• vendor/go.podman.io/image/v5/signature/sigstore/signer.go
• vendor/go.podman.io/image/v5/signature/simple.go
• vendor/go.podman.io/image/v5/signature/simplesigning/signer.go
• vendor/go.podman.io/image/v5/transports/stub.go
• vendor/go.podman.io/image/v5/transports/transports.go
• vendor/go.podman.io/image/v5/types/types.go
• vendor/go.podman.io/image/v5/version/version.go
• vendor/go.podman.io/storage/pkg/archive/archive.go
• vendor/go.podman.io/storage/pkg/archive/archive_linux.go
• vendor/go.podman.io/storage/pkg/archive/archive_unix.go
• vendor/go.podman.io/storage/pkg/archive/archive_windows.go
• vendor/go.podman.io/storage/pkg/archive/changes.go
• vendor/go.podman.io/storage/pkg/archive/changes_linux.go
• vendor/go.podman.io/storage/pkg/archive/changes_other.go
• vendor/go.podman.io/storage/pkg/archive/changes_unix.go
• vendor/go.podman.io/storage/pkg/archive/changes_windows.go
• vendor/go.podman.io/storage/pkg/archive/copy.go
• vendor/go.podman.io/storage/pkg/archive/diff.go
• vendor/go.podman.io/storage/pkg/archive/fflags_bsd.go
• vendor/go.podman.io/storage/pkg/chunked/compressor/compressor.go
• vendor/go.podman.io/storage/pkg/chunked/internal/minimal/compression.go
• vendor/go.podman.io/storage/pkg/chunked/toc/toc.go
• vendor/go.podman.io/storage/pkg/homedir/homedir_unix.go
• vendor/go.podman.io/storage/pkg/idtools/idtools.go
• vendor/go.podman.io/storage/pkg/idtools/idtools_unix.go
• vendor/go.podman.io/storage/pkg/idtools/usergroupadd_linux.go
• vendor/go.podman.io/storage/pkg/ioutils/temp_windows.go
• vendor/go.podman.io/storage/pkg/lockfile/lockfile.go
• vendor/go.podman.io/storage/pkg/lockfile/lockfile_unix.go
• vendor/go.podman.io/storage/pkg/pools/pools.go

💤 Files with no reviewable changes (1)

• vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go

🚧 Files skipped from review as they are similar to previous changes (62)

• cmd/crc/cmd/status.go
• pkg/crc/api/api_client_test.go
• vendor/go.podman.io/image/v5/internal/unparsedimage/wrapper.go
• vendor/go.podman.io/image/v5/docker/reference/regexp.go
• pkg/crc/constants/constants.go
• pkg/crc/machine/driver.go
• vendor/go.podman.io/image/v5/docker/docker_image_src.go
• pkg/crc/machine/status.go
• vendor/go.podman.io/image/v5/manifest/list.go
• vendor/go.podman.io/image/v5/internal/blobinfocache/types.go
• vendor/go.podman.io/image/v5/internal/manifest/oci_index.go
• vendor/go.podman.io/image/v5/internal/streamdigest/stream_digest.go
• cmd/crc/cmd/start.go
• pkg/crc/machine/config/config.go
• pkg/crc/config/settings_test.go
• vendor/github.com/containers/libhvee/pkg/hypervctl/vhd.go
• vendor/go.podman.io/image/v5/copy/progress_channel.go
• vendor/go.podman.io/image/v5/docker/docker_image_dest.go
• vendor/go.podman.io/image/v5/internal/imagedestination/stubs/put_blob_partial.go
• vendor/go.podman.io/image/v5/manifest/oci_index.go
• vendor/go.podman.io/image/v5/copy/manifest.go
• vendor/go.podman.io/image/v5/internal/imagesource/impl/signatures.go
• vendor/github.com/google/pprof/profile/profile.go
• vendor/go.podman.io/image/v5/internal/image/unparsed.go
• test/e2e/testsuite/testsuite.go
• vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go
• vendor/go.podman.io/image/v5/copy/compression.go
• pkg/crc/validation/validation.go
• vendor/go.podman.io/image/v5/internal/image/memory.go
• vendor/go.podman.io/image/v5/docker/docker_transport.go
• pkg/crc/cluster/cluster.go
• vendor/go.podman.io/image/v5/copy/multiple.go
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/properties.go
• vendor/go.podman.io/image/v5/internal/manifest/docker_schema2_list.go
• vendor/go.podman.io/image/v5/copy/sign.go
• vendor/go.podman.io/image/v5/copy/blob.go
• vendor/github.com/google/pprof/profile/merge.go
• vendor/go.podman.io/image/v5/internal/imagesource/stubs/get_blob_at.go
• vendor/go.podman.io/image/v5/docker/docker_image.go
• pkg/crc/api/client/types.go
• vendor/go.podman.io/image/v5/internal/putblobdigest/put_blob_digest.go
• vendor/go.podman.io/image/v5/internal/image/sourced.go
• vendor/go.podman.io/image/v5/internal/manifest/manifest.go
• pkg/crc/config/validations.go
• pkg/crc/machine/status_test.go
• vendor/go.podman.io/common/LICENSE
• vendor/go.podman.io/image/v5/internal/signer/signer.go
• vendor/go.podman.io/image/v5/manifest/common.go
• pkg/crc/api/handlers.go
• vendor/go.podman.io/image/v5/docker/cache.go
• vendor/go.podman.io/image/v5/internal/image/manifest.go
• vendor/github.com/containers/libhvee/pkg/wmiext/conversion.go
• vendor/go.podman.io/image/v5/manifest/oci.go
• vendor/go.podman.io/image/v5/internal/image/docker_schema2.go
• vendor/go.podman.io/image/v5/internal/imagedestination/impl/helpers.go
• pkg/drivers/libhvee/libhvee_windows.go
• tools/go.mod
• vendor/github.com/mattn/go-sqlite3/sqlite3ext.h
• vendor/go.podman.io/image/v5/internal/imagesource/wrapper.go
• vendor/github.com/containers/libhvee/pkg/hypervctl/vm.go
• vendor/go.podman.io/image/v5/manifest/manifest.go
• vendor/go.podman.io/image/v5/internal/image/oci.go

🧰 Additional context used

🪛 ast-grep (0.39.9)

vendor/go.podman.io/image/v5/docker/docker_client.go

[warning] 229-236: MinVersionis missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. AddMinVersion: tls.VersionTLS13' to the TLS configuration to bump the minimum version to TLS 1.3.
Context: tls.Config{
// As of 2025-08, tlsconfig.ClientDefault() differs from Go 1.23 defaults only in CipherSuites;
// so, limit us to only using that value. If go-connections/tlsconfig changes its policy, we
// will want to consider that and make a decision whether to follow suit.
// There is some chance that eventually the Go default will be to require TLS 1.3, and that point
// we might want to drop the dependency on go-connections entirely.
CipherSuites: tlsconfig.ClientDefault().CipherSuites,
}
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
https://owasp.org/Top10/A02_2021-Cryptographic_Failures

(missing-ssl-minversion-go)

🪛 markdownlint-cli2 (0.18.1)

vendor/github.com/mattn/go-sqlite3/README.md

354-354: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

---

354-354: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (18)

• GitHub Check: Konflux kflux-prd-rh02 / crc-binary-on-pull-request
• GitHub Check: build-qe (linux, arm64)
• GitHub Check: build (ubuntu-latest, 1.24)
• GitHub Check: build-qe (linux, amd64)
• GitHub Check: verify-devcontainer
• GitHub Check: build-qe (windows, amd64)
• GitHub Check: build-qe (darwin, amd64)
• GitHub Check: build-qe (darwin, arm64)
• GitHub Check: build-installer (windows-2022, 1.24)
• GitHub Check: build (windows-2022, 1.24)
• GitHub Check: build (macOS-14, 1.24)
• GitHub Check: build (macOS-14, 1.24)
• GitHub Check: build (macOS-13, 1.24)
• GitHub Check: Run OKD bundle with crc (1.24)
• GitHub Check: build (macOS-13, 1.24)
• GitHub Check: build (windows-2022, 1.24)
• GitHub Check: build (ubuntu-22.04, 1.24)
• GitHub Check: build (ubuntu-latest, 1.24)

🔇 Additional comments (50)

vendor/go.podman.io/image/v5/internal/image/oci_index.go (1)

7-8: LGTM! Import paths correctly updated for monorepo migration.

The import path updates correctly reflect the migration from github.com/containers/image/v5 to go.podman.io/image/v5, which aligns with the PR's objective. Since this is a vendored file, these changes were properly generated through dependency management.

vendor/go.podman.io/image/v5/internal/imagedestination/stubs/signatures.go (1)

8-8: LGTM! Import path correctly updated for monorepo migration.

The import path has been properly updated from github.com/containers/image/v5/internal/signature to go.podman.io/image/v5/internal/signature, consistent with the PR's objective of migrating to the go.podman.io monorepo. This is a vendored file reflecting the upstream namespace change with no functional modifications.

vendor/go.podman.io/image/v5/internal/imagesource/impl/layer_infos.go (1)

7-7: LGTM! Import path correctly updated for monorepo migration.

The import path has been successfully updated from github.com/containers/image/v5/types to go.podman.io/image/v5/types, which aligns with the PR's objective to migrate to the go.podman.io monorepo.

vendor/go.podman.io/image/v5/internal/blobinfocache/blobinfocache.go (1)

5-5: LGTM! Import path successfully migrated to monorepo.

The import path change from github.com/containers/image/v5/types to go.podman.io/image/v5/types is consistent with the PR objectives to migrate to the go.podman.io monorepo. This mechanical change in the vendored file addresses the type mismatch issues mentioned in the PR description.

vendor/go.podman.io/image/v5/directory/explicitfilepath/path.go (1)

8-8: LGTM: Vendored dependency import path updated for monorepo migration.

The import path change from github.com/containers/storage/pkg/fileutils to go.podman.io/storage/pkg/fileutils is consistent with the monorepo migration objective. This is a standard vendored dependency update with no functional changes.

vendor/go.podman.io/image/v5/internal/imagedestination/impl/compat.go (1)

8-11: Import path migration looks correct.

The migration from containers/image/v5/internal/... to go.podman.io/image/v5/internal/... is consistent across all four imports, with no logic changes. This aligns with the PR's objective to resolve the build error caused by mismatched strongunits types.

vendor/github.com/google/pprof/profile/prune.go (2)

19-24: LGTM: Standard library import added for refactor.

The slices import is appropriately added to support the refactored containment check at line 44.

---

43-49: LGTM: Idiomatic refactor using slices.Contains.

The replacement of manual iteration with slices.Contains is correct and improves readability. This vendored update from upstream google/pprof follows Go best practices.

vendor/github.com/containers/libhvee/pkg/hypervctl/vm_config.go (1)

104-106: LGTM! Vendored dependency update is properly integrated.

The new DVDDiskPath field is well-documented and provides a clean way to optionally attach a DVD drive to the VM (useful for cloud-init scenarios). The field addition is backward compatible since the zero value (empty string) will maintain existing behavior.

vendor/github.com/containers/libhvee/pkg/wmiext/array.go (2)

44-44: LGTM: Appropriate linter suppression for COM interop.

The nolint:govet directive is justified here. Unsafe pointer conversions are necessary for Windows COM/OLE API interop, and this pattern is standard and correct for working with SafeArray structures.

---

151-154: LGTM: Clearer logic with explicit branching.

The refactor from an implicit boolean expression to explicit if-else branching improves readability while maintaining identical behavior. The explicit rejection of VT_RECORD and VT_VARIANT types is clearer than the previous negated conjunction.

vendor/github.com/proglottis/gpgme/gpgme.go (1)

880-884: LGTM! The new method follows established patterns.

The implementation correctly accesses the C structure, converts the fingerprint to a Go string, and ensures proper lifetime management with runtime.KeepAlive(k). This matches the pattern used by other Key methods in the file.

vendor/github.com/mattn/go-sqlite3/README.md (1)

354-355: LGTM! Deprecation notice added for User Authentication.

This deprecation notice appropriately warns users about the User Authentication feature. Since this is a vendored file, the markdown emphasis style flagged by static analysis should be addressed upstream if needed.

vendor/go.podman.io/image/v5/manifest/docker_schema2_list.go (1)

4-4: LGTM! Import path correctly updated to go.podman.io monorepo.

The import path migration from github.com/containers/image/v5/internal/manifest to go.podman.io/image/v5/internal/manifest aligns with the PR objectives.

vendor/go.podman.io/image/v5/docker/policyconfiguration/naming.go (1)

8-8: LGTM! Import path correctly updated to go.podman.io monorepo.

The import path migration from github.com/containers/image/v5/docker/reference to go.podman.io/image/v5/docker/reference is consistent with the monorepo migration.

vendor/go.podman.io/image/v5/internal/imagesource/impl/compat.go (1)

7-8: LGTM! Import paths correctly updated to go.podman.io monorepo.

Both import path migrations align with the monorepo migration objectives:

• github.com/containers/image/v5/internal/private → go.podman.io/image/v5/internal/private
• github.com/containers/image/v5/internal/signature → go.podman.io/image/v5/internal/signature

vendor/go.podman.io/image/v5/copy/encryption.go (1)

11-11: LGTM! Import path correctly updated to go.podman.io monorepo.

The import path migration from github.com/containers/image/v5/types to go.podman.io/image/v5/types is consistent with the monorepo migration.

vendor/go.podman.io/image/v5/internal/pkg/platform/platform_matcher.go (1)

29-29: LGTM! Import path correctly updated to go.podman.io monorepo.

The import path migration from github.com/containers/image/v5/types to go.podman.io/image/v5/types aligns with the monorepo migration.

vendor/go.podman.io/image/v5/internal/imagedestination/wrapper.go (1)

8-11: LGTM! Import paths correctly updated to go.podman.io monorepo.

All four import path migrations align with the monorepo migration objectives:

• imagedestination/stubs → go.podman.io/image/v5/internal/imagedestination/stubs
• private → go.podman.io/image/v5/internal/private
• signature → go.podman.io/image/v5/internal/signature
• types → go.podman.io/image/v5/types

vendor/go.podman.io/image/v5/copy/progress_bars.go (1)

12-13: LGTM! Import paths correctly updated to go.podman.io monorepo.

Both import path migrations align with the monorepo migration objectives:

• github.com/containers/image/v5/internal/private → go.podman.io/image/v5/internal/private
• github.com/containers/image/v5/types → go.podman.io/image/v5/types

vendor/go.podman.io/image/v5/internal/private/private.go (1)

10-14: LGTM! Import path migration is correct.

The import paths have been properly updated from github.com/containers/image/v5 to go.podman.io/image/v5 as part of the monorepo migration. No functional changes.

vendor/go.podman.io/image/v5/internal/useragent/useragent.go (1)

3-3: LGTM! Import path updated correctly.

The version package import has been properly migrated to the go.podman.io namespace.

vendor/go.podman.io/image/v5/directory/directory_transport.go (1)

11-15: LGTM! Import paths migrated correctly.

All directory transport imports have been properly updated to the go.podman.io/image/v5 namespace.

vendor/go.podman.io/image/v5/directory/directory_src.go (1)

10-15: LGTM! Import paths updated correctly.

All internal package imports have been properly migrated to go.podman.io/image/v5.

vendor/go.podman.io/image/v5/internal/manifest/list.go (1)

8-9: LGTM! Import paths migrated correctly.

Compression types and types packages have been properly updated to the go.podman.io namespace.

vendor/go.podman.io/image/v5/copy/single.go (1)

20-30: LGTM! Import paths updated correctly.

All imports have been properly migrated to the go.podman.io namespace, including both image/v5 and storage packages.

vendor/go.podman.io/image/v5/copy/copy.go (1)

15-28: LGTM! Import paths migrated correctly.

All copy package imports have been properly updated to the go.podman.io/image/v5 namespace.

vendor/go.podman.io/image/v5/docker/docker_client.go (1)

26-37: LGTM! Import paths migrated correctly.

All docker client imports have been properly updated to the go.podman.io namespace, including both image/v5 and storage packages.

Makefile (1)

78-78: LGTM! Makefile aligns with Go toolchain update.

The vendor target correctly uses $(GOVERSION).2, which resolves to 1.24.2 and aligns with the Go toolchain update in go.mod.

pkg/crc/machine/start.go (1)

14-14: LGTM! Import path successfully migrated to Podman monorepo.

The strongunits import has been updated from github.com/containers/common to go.podman.io/common as part of the monorepo migration. No functional changes.

pkg/crc/machine/start_test.go (1)

10-10: LGTM! Test import aligned with source file.

The strongunits import path has been updated consistently with the changes in pkg/crc/machine/start.go.

vendor/go.podman.io/image/v5/manifest/docker_schema1.go (1)

13-19: LGTM! Vendor imports updated for monorepo migration.

Import paths have been updated to use the go.podman.io/image/v5 module namespace. This is standard vendor code synchronization.

vendor/go.podman.io/image/v5/internal/image/docker_list.go (1)

7-9: LGTM! Vendor imports updated consistently.

Import paths migrated to go.podman.io/image/v5 module namespace.

vendor/go.podman.io/image/v5/manifest/docker_schema2.go (1)

9-13: LGTM! Vendor imports aligned with monorepo structure.

Import paths updated to use go.podman.io/image/v5 module paths.

vendor/go.podman.io/image/v5/internal/image/docker_schema1.go (2)

9-12: LGTM! Vendor imports migrated to monorepo.

Import paths updated to go.podman.io/image/v5 module namespace.

---

205-205: LGTM! Using predefined constants improves maintainability.

The code now uses manifest.DockerV2Schema2LayerMediaType and manifest.DockerV2Schema2ConfigMediaType constants instead of hardcoded media type strings, which is a good refactoring practice.

Also applies to: 220-220

go.mod (4)

3-3: LGTM! Go toolchain updated to 1.24.2.

The Go version bump is consistent with the corresponding change in the Makefile vendor target.

---

14-14: LGTM! Critical libhvee update resolves build error.

The libhvee update from v0.10.0 to v0.10.1-0.20250902114412-a85aab2976a4 is essential for resolving the strongunits type mismatch error mentioned in the PR description:

Error: 437.8 pkg/drivers/libhvee/libhvee_windows.go:295:16: invalid operation: newSize == currentSize.ToBytes() (mismatched types "go.podman.io/common/pkg/strongunits".B and "github.com/containers/common/pkg/strongunits".B)

This newer version of libhvee includes the monorepo migration, ensuring type compatibility.

---

55-56: LGTM! Module dependencies migrated to Podman monorepo.

The changes correctly introduce:

• go.podman.io/common (replacing containers/common)
• go.podman.io/image/v5 (replacing containers/image/v5)
• go.podman.io/storage (replacing containers/storage)

Note that containers/common v0.62.2 remains as an indirect dependency, likely for transitive compatibility during the migration period.

Also applies to: 81-81, 179-179

---

93-95: LGTM! Dependency versions updated.

Multiple dependencies have been bumped to newer versions:

• docker/docker: v28.3.3 → v28.4.0
• docker/go-connections: v0.5.0 → v0.6.0
• google/go-containerregistry: v0.20.3 → v0.20.4-0.20250225234217-098045d5e61f
• google/pprof: updated to v0.0.0-20250820193118-f64d9cf942d6
• mattn/go-sqlite3: v1.14.28 → v1.14.32
• proglottis/gpgme: v0.1.4 → v0.1.5
• secure-systems-lab/go-securesystemslib: v0.9.0 → v0.9.1
• sigstore/fulcio: v1.6.6 → v1.7.1
• google.golang.org/genproto/*: updated to 202504 versions
• google.golang.org/protobuf: v1.36.7 → v1.36.8
• sigs.k8s.io/yaml: v1.5.0 → v1.6.0

These updates are part of standard dependency maintenance.

Also applies to: 117-120, 138-138, 156-156, 160-160, 162-162, 186-189, 199-199

vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go (4)

48-50: Consistent deprecation pattern across all authentication methods.

All public authentication methods now consistently return the same sentinel error, clearly signaling that the feature is no longer supported. This is appropriate for a deprecated feature in a vendored dependency.

Also applies to: 73-75, 100-102, 130-132

---

61-63: Internal helpers appropriately return static error codes.

The internal authentication helpers consistently return 1 (C.SQLITE_ERROR) to indicate failure, which aligns with the disabled state of the authentication feature.

Also applies to: 91-93, 121-123, 146-148

---

151-153: Auth status methods correctly return disabled state.

Both AuthEnabled and authEnabled appropriately return false/0 to indicate that user authentication is disabled.

Also applies to: 164-166

---

30-32: Upstream deprecation verified; no breaking impact on codebase.

GitHub issue #1341 on mattn/go-sqlite3 documents that SQLite removed the ext/userauth code, confirming this is a legitimate upstream change. The script verification found zero usage of SQLite user authentication APIs (Authenticate, AuthUserAdd, AuthUserChange, AuthUserDelete, or ErrUnauthorized/ErrAdminRequired) in non-vendor code, so this deprecation poses no breaking change for this codebase.

vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h (6)

1167-1172: New FCNTL SQLITE_FCNTL_BLOCK_ON_CONNECT exposed

The addition of SQLITE_FCNTL_BLOCK_ON_CONNECT is ABI-safe and aligns with the new setlk timeout API. No issues spotted; ensure any usage handles E_NOTFOUND on VFS that don’t implement blocking locks.

Please confirm no call-sites assume this FCNTL exists on older SQLite, or gate by version/feature detection (sqlite3_libversion_number() or file-control return code).

Also applies to: 1269-1269

---

3026-3063: New API sqlite3_setlk_timeout() and SQLITE_SETLK_BLOCK_ON_CONNECT

Looks correct and matches upstream docs. Note:

• Behavior depends on SQLITE_ENABLE_SETLK_TIMEOUT; otherwise it’s a no-op by design.
• Callers should tolerate SQLITE_OK with no effect on platforms/VFS without blocking locks.

No code changes required here; just flagging integration expectations.

If we intend to rely on blocking-lock semantics, please verify our CGO build defines sqlite with SETLK timeout enabled, or otherwise ensure callers treat this as advisory.

---

1999-2010: LOOKASIDE config doc tweaks

Doc-only changes for SQLITE_CONFIG_LOOKASIDE defaults/readability. No behavioral impact; ok to proceed.

---

2246-2283: DBCONFIG_LOOKASIDE doc clarifications

Doc updates to lookaside behavior and constraints. No code impact; safe.

---

11066-11075: __wasi specific defaults (omit load_extension, threadsafe=0)

The WASI branch forces SQLITE_OMIT_LOAD_EXTENSION and SQLITE_THREADSAFE=0. If we ever target WASI with this vendor, expect:

• extensions unavailable,
• serialized/multi-threaded safety off (single-thread mode).

Surface this to consumers if WASI becomes a target; otherwise no action.

Confirm our build matrix doesn’t inadvertently pick up wasi and change behavior unnoticed.

---

9718-9737: sqlite3_strlike() docs — case-insensitive note

Minor doc update; no action needed.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign praveenkumar for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@redbeam: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/security	2abfba0	link	false	/test security
ci/prow/e2e-crc	2abfba0	link	true	/test e2e-crc

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.