Bump Buildah to v1.35.0

As the title says. This is the last step in the vendor dance for Podman v5.0. [NO NEW TESTS NEEDED] Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2025-05-22 01:27:07 +08:00 · 2024-03-07 07:49:49 -05:00
parent 15e508a639
commit b234bb55e4
41 changed files with 386 additions and 215 deletions
--- a/go.mod
+++ b/go.mod
@ -10,11 +10,11 @@ require (
 	github.com/checkpoint-restore/checkpointctl v1.1.0
 	github.com/checkpoint-restore/go-criu/v7 v7.0.0
 	github.com/containernetworking/plugins v1.4.0
-	github.com/containers/buildah v1.34.1-0.20240229193131-f5d7689ef4cd
+	github.com/containers/buildah v1.35.0
-	github.com/containers/common v0.57.1-0.20240304165751-a0d555c70d52
+	github.com/containers/common v0.58.0
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/gvisor-tap-vsock v0.7.3
-	github.com/containers/image/v5 v5.29.3-0.20240229213915-cdc68020a24f
+	github.com/containers/image/v5 v5.30.0
 	github.com/containers/libhvee v0.7.0
 	github.com/containers/ocicrypt v1.1.9
 	github.com/containers/psgo v1.9.0
@ -69,7 +69,7 @@ require (
 	github.com/vbauerster/mpb/v8 v8.7.2
 	github.com/vishvananda/netlink v1.2.1-beta.2
 	go.etcd.io/bbolt v1.3.9
-	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a
+	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
 	golang.org/x/net v0.22.0
 	golang.org/x/sync v0.6.0
 	golang.org/x/sys v0.18.0
@ -102,7 +102,7 @@ require (
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
 	github.com/containernetworking/cni v1.1.2 // indirect
 	github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
-	github.com/containers/luksy v0.0.0-20240129181507-b62d551ce6d8 // indirect
+	github.com/containers/luksy v0.0.0-20240212203526-ceb12d4fd50c // indirect
 	github.com/coreos/go-oidc/v3 v3.9.0 // indirect
 	github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect
@ -122,14 +122,14 @@ require (
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-openapi/analysis v0.21.4 // indirect
-	github.com/go-openapi/errors v0.21.0 // indirect
+	github.com/go-openapi/errors v0.21.1 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/loads v0.21.2 // indirect
 	github.com/go-openapi/runtime v0.26.0 // indirect
 	github.com/go-openapi/spec v0.20.9 // indirect
-	github.com/go-openapi/strfmt v0.22.1 // indirect
+	github.com/go-openapi/strfmt v0.22.2 // indirect
-	github.com/go-openapi/swag v0.22.9 // indirect
+	github.com/go-openapi/swag v0.22.10 // indirect
 	github.com/go-openapi/validate v0.22.1 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
@ -211,10 +211,10 @@ require (
 	go.opentelemetry.io/otel/trace v1.22.0 // indirect
 	golang.org/x/arch v0.7.0 // indirect
 	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/mod v0.15.0 // indirect
-	golang.org/x/oauth2 v0.17.0 // indirect
+	golang.org/x/oauth2 v0.18.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.17.0 // indirect
+	golang.org/x/tools v0.18.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
 	google.golang.org/grpc v1.61.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -74,22 +74,22 @@ github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl3
 github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
 github.com/containernetworking/plugins v1.4.0 h1:+w22VPYgk7nQHw7KT92lsRmuToHvb7wwSv9iTbXzzic=
 github.com/containernetworking/plugins v1.4.0/go.mod h1:UYhcOyjefnrQvKvmmyEKsUA+M9Nfn7tqULPpH0Pkcj0=
-github.com/containers/buildah v1.34.1-0.20240229193131-f5d7689ef4cd h1:4cHNzaywyyJsCAtwUKMZm8r/wqm/WuNC70GfnI3kh18=
+github.com/containers/buildah v1.35.0 h1:ayjY3TLmDG9mF/eqgub6TorEJbrR+H5UVcpWRlBLcas=
-github.com/containers/buildah v1.34.1-0.20240229193131-f5d7689ef4cd/go.mod h1:3fn5edBIPpIOPJYdnxBdTF7bjnBHhqZwYK5a6ApNdyk=
+github.com/containers/buildah v1.35.0/go.mod h1:vVSVUlTu8+99H5j43gBJscpkb/quZvdJg78+6X1HeTM=
-github.com/containers/common v0.57.1-0.20240304165751-a0d555c70d52 h1:+rq1qOOEv/2Sa1A9Tmv7yKuOzea8W2n6kFUH+bon61Y=
+github.com/containers/common v0.58.0 h1:iQuwMxDD4ubZ9s1tmgdsiaHxMU4TdVBpV6kctJc6Bk8=
-github.com/containers/common v0.57.1-0.20240304165751-a0d555c70d52/go.mod h1:h92alKzSekxVC+VDaX4gt7RJpXvJKF79a9TnULZ5ZDc=
+github.com/containers/common v0.58.0/go.mod h1:l3vMqanJGj7tZ3W/i76gEJ128VXgFUO1tLaohJXPvdk=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/gvisor-tap-vsock v0.7.3 h1:yORnf15sP+sLFhxLNLgmB5/lOhldn9dRMHx/tmYtSOQ=
 github.com/containers/gvisor-tap-vsock v0.7.3/go.mod h1:NI1fLMtKXQZoDrrOeqryGz7x7j/XSFWRmQILva7Fu9c=
-github.com/containers/image/v5 v5.29.3-0.20240229213915-cdc68020a24f h1:DEK6PaY5/B6CYXjtdfAQGCUltHEPaoXvLb+C0PH6HiE=
+github.com/containers/image/v5 v5.30.0 h1:CmHeSwI6W2kTRWnUsxATDFY5TEX4b58gPkaQcEyrLIA=
-github.com/containers/image/v5 v5.29.3-0.20240229213915-cdc68020a24f/go.mod h1:a48d1rhHBl2zb630MSf20QQo4eIlIQvhZTqTcVJhbpA=
+github.com/containers/image/v5 v5.30.0/go.mod h1:gSD8MVOyqBspc0ynLsuiMR9qmt8UQ4jpVImjmK0uXfk=
 github.com/containers/libhvee v0.7.0 h1:TDfidZOduYk0ZW0tigzqpJOl+CeynvHxIZCuH/ak7YM=
 github.com/containers/libhvee v0.7.0/go.mod h1:fRKB3AyIqHMvq6xaeYhTpckM2cdoq0oecolyoiuLP7M=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
-github.com/containers/luksy v0.0.0-20240129181507-b62d551ce6d8 h1:0p58QJRICjkRVCDix1nsnyrtJ3Qj4CWcGd1bOEY9sVY=
+github.com/containers/luksy v0.0.0-20240212203526-ceb12d4fd50c h1:6zalnZZODMOqNZBww9VAM1Mq5EZ3J+S8vYGCo2yg39M=
-github.com/containers/luksy v0.0.0-20240129181507-b62d551ce6d8/go.mod h1:oMhW1fWXz1FGN97rhycbuAwrkXXV1z5c/Bjbn0CSlFY=
+github.com/containers/luksy v0.0.0-20240212203526-ceb12d4fd50c/go.mod h1:A/RMGaYhtzfW6L3whYRU+0GGEFocTYyQBqlWSb2UNEM=
 github.com/containers/ocicrypt v1.1.9 h1:2Csfba4jse85Raxk5HIyEk8OwZNjRvfkhEGijOjIdEM=
 github.com/containers/ocicrypt v1.1.9/go.mod h1:dTKx1918d8TDkxXvarscpNVY+lyPakPNFN4jwA9GBys=
 github.com/containers/psgo v1.9.0 h1:eJ74jzSaCHnWt26OlKZROSyUyRcGDf+gYBdXnxrMW4g=
@ -180,8 +180,8 @@ github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9Qy
 github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.21.0 h1:FhChC/duCnfoLj1gZ0BgaBmzhJC2SL/sJr8a2vAobSY=
+github.com/go-openapi/errors v0.21.1 h1:rVisxQPdETctjlYntm0Ek4dKf68nAQocCloCT50vWuI=
-github.com/go-openapi/errors v0.21.0/go.mod h1:jxNTMUxRCKj65yb/okJGEtahVd7uvWnuWfj53bse4ho=
+github.com/go-openapi/errors v0.21.1/go.mod h1:LyiY9bgc7AVVh6wtVvMYEyoj3KJYNoRw92mmvnMWgj8=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
@ -202,14 +202,14 @@ github.com/go-openapi/spec v0.20.9/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6
 github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
 github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
 github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
-github.com/go-openapi/strfmt v0.22.1 h1:5Ky8cybT4576C6Ffc+8gYji/wRXCo6Ozm8RaWjPI6jc=
+github.com/go-openapi/strfmt v0.22.2 h1:DPYOrm6gexCfZZfXUaXFS4+Jw6HAaIIG0SZ5630f8yw=
-github.com/go-openapi/strfmt v0.22.1/go.mod h1:OfVoytIXJasDkkGvkb1Cceb3BPyMOwk1FgmyyEw7NYg=
+github.com/go-openapi/strfmt v0.22.2/go.mod h1:HB/b7TCm91rno75Dembc1dFW/0FPLk5CEXsoF9ReNc4=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE=
+github.com/go-openapi/swag v0.22.10 h1:4y86NVn7Z2yYd6pfS4Z+Nyh3aAUL3Nul+LMbhFKy0gA=
-github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE=
+github.com/go-openapi/swag v0.22.10/go.mod h1:Cnn8BYtRlx6BNE3DPN86f/xkapGIcLWzh3CLEb4C1jI=
 github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU=
 github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
@ -644,8 +644,8 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
-golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@ -654,8 +654,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8=
-golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -679,8 +679,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
 golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ=
+golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
-golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA=
+golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -775,8 +775,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
+golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ=
-golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
+golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/vendor/github.com/containers/buildah/CHANGELOG.md
+++ b/vendor/github.com/containers/buildah/CHANGELOG.md
@ -2,6 +2,90 @@
 # Changelog
 ## v1.35.0 (2024-03-06)
    fix(deps): update module github.com/stretchr/testify to v1.9.0
    cgroups: reuse version check from c/common
    Update vendor of containers/(common,image)
    fix(deps): update github.com/containers/storage digest to eadc620
    fix(deps): update github.com/containers/luksy digest to ceb12d4
    fix(deps): update github.com/containers/image/v5 digest to cdc6802
    manifest add: complain if we get artifact flags without --artifact
    Use retry logic from containers/common
    Vendor in containers/(storage,image,common)
    Update module golang.org/x/crypto to v0.20.0
    Add comment re: Total Success task name
    tests: skip_if_no_unshare(): check for --setuid
    Properly handle build --pull=false
    [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
    Update module go.etcd.io/bbolt to v1.3.9
    Revert "Reduce official image size"
    Update module github.com/opencontainers/image-spec to v1.1.0
    Reduce official image size
    Build with CNI support on FreeBSD
    build --all-platforms: skip some base "image" platforms
    Bump main to v1.35.0-dev
    Vendor in latest containers/(storage,image,common)
    Split up error messages for missing --sbom related flags
    `buildah manifest`: add artifact-related options
    cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
    cmd/buildah/manifest.go: don't make struct declarations aliases
    Use golang.org/x/exp/slices.Contains
    Disable loong64 again
    Fix a couple of typos in one-line comments
    egrep is obsolescent; use grep -E
    Try Cirrus with a newer VM version
    Set CONTAINERS_CONF in the chroot-mount-flags integration test
    Update to match dependency API update
    Update github.com/openshift/imagebuilder and containers/common
    docs: correct default authfile path
    fix(deps): update module github.com/containerd/containerd to v1.7.13
    tests: retrofit test for heredoc summary
    build, heredoc: show heredoc summary in build output
    manifest, push: add support for --retry and --retry-delay
    fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
    imagebuildah: fix crash with empty RUN
    fix(deps): update github.com/containers/luksy digest to b62d551
    fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
    fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
    Make buildah match podman for handling of ulimits
    docs: move footnotes to where they're applicable
    Allow users to specify no-dereference
    Run codespell on code
    Fix FreeBSD version parsing
    Fix a build break on FreeBSD
    Remove a bad FROM line
    fix(deps): update module github.com/onsi/gomega to v1.31.1
    fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
    docs: use reversed logo for dark theme in README
    build,commit: add --sbom to scan and produce SBOMs when committing
    commit: force omitHistory if the parent has layers but no history
    docs: fix a couple of typos
    internal/mkcw.Archive(): handle extra image content
    stage_executor,heredoc: honor interpreter in heredoc
    stage_executor,layers: burst cache if heredoc content is changed
    fix(deps): update module golang.org/x/crypto to v0.18.0
    Replace map[K]bool with map[K]struct{} where it makes sense
    fix(deps): update module golang.org/x/sync to v0.6.0
    fix(deps): update module golang.org/x/term to v0.16.0
    Bump CI VMs
    Replace strings.SplitN with strings.Cut
    fix(deps): update github.com/containers/storage digest to ef81e9b
    fix(deps): update github.com/containers/image/v5 digest to 1b221d4
    fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
    Document use of containers-transports values in buildah
    fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
    chore(deps): update dependency containers/automation_images to v20231208
    manifest: addCompression use default from containers.conf
    commit: add a --add-file flag
    mkcw: populate the rootfs using an overlay
    chore(deps): update dependency containers/automation_images to v20230517
    [skip-ci] Update actions/stale action to v9
    fix(deps): update module github.com/containernetworking/plugins to v1.4.0
    fix(deps): update github.com/containers/image/v5 digest to 7a40fee
    Bump to v1.34.1-dev
    Ignore errors if label.Relabel returns ENOSUP
 ## v1.34.0 (2023-12-11)
    vendor: update c/{common,image,storage}
--- a/vendor/github.com/containers/buildah/Makefile
+++ b/vendor/github.com/containers/buildah/Makefile
@ -14,6 +14,8 @@ BINDIR := $(PREFIX)/bin
 BASHINSTALLDIR = $(PREFIX)/share/bash-completion/completions
 BUILDFLAGS := -tags "$(BUILDTAGS)"
 BUILDAH := buildah
 SELINUXOPT ?= $(shell test -x /usr/sbin/selinuxenabled && selinuxenabled && echo -Z)
 SELINUXTYPE=container_runtime_exec_t
 GO := go
 GO_LDFLAGS := $(shell if $(GO) version|grep -q gccgo; then echo "-gccgoflags"; else echo "-ldflags"; fi)
@ -75,6 +77,7 @@ static:
 bin/buildah: $(SOURCES) cmd/buildah/*.go internal/mkcw/embed/entrypoint_amd64.gz
 	$(GO_BUILD) $(BUILDAH_LDFLAGS) $(GO_GCFLAGS) "$(GOGCFLAGS)" -o $@ $(BUILDFLAGS) ./cmd/buildah
 	test -z "${SELINUXOPT}" || chcon --verbose -t $(SELINUXTYPE) $@
 ifneq ($(shell as --version | grep x86_64),)
 internal/mkcw/embed/entrypoint_amd64.gz: internal/mkcw/embed/entrypoint_amd64
--- a/vendor/github.com/containers/buildah/changelog.txt
+++ b/vendor/github.com/containers/buildah/changelog.txt
@ -1,3 +1,86 @@
 - Changelog for v1.35.0 (2024-03-06)
  * fix(deps): update module github.com/stretchr/testify to v1.9.0
  * cgroups: reuse version check from c/common
  * Update vendor of containers/(common,image)
  * fix(deps): update github.com/containers/storage digest to eadc620
  * fix(deps): update github.com/containers/luksy digest to ceb12d4
  * fix(deps): update github.com/containers/image/v5 digest to cdc6802
  * manifest add: complain if we get artifact flags without --artifact
  * Use retry logic from containers/common
  * Vendor in containers/(storage,image,common)
  * Update module golang.org/x/crypto to v0.20.0
  * Add comment re: Total Success task name
  * tests: skip_if_no_unshare(): check for --setuid
  * Properly handle build --pull=false
  * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
  * Update module go.etcd.io/bbolt to v1.3.9
  * Revert "Reduce official image size"
  * Update module github.com/opencontainers/image-spec to v1.1.0
  * Reduce official image size
  * Build with CNI support on FreeBSD
  * build --all-platforms: skip some base "image" platforms
  * Bump main to v1.35.0-dev
  * Vendor in latest containers/(storage,image,common)
  * Split up error messages for missing --sbom related flags
  * `buildah manifest`: add artifact-related options
  * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
  * cmd/buildah/manifest.go: don't make struct declarations aliases
  * Use golang.org/x/exp/slices.Contains
  * Disable loong64 again
  * Fix a couple of typos in one-line comments
  * egrep is obsolescent; use grep -E
  * Try Cirrus with a newer VM version
  * Set CONTAINERS_CONF in the chroot-mount-flags integration test
  * Update to match dependency API update
  * Update github.com/openshift/imagebuilder and containers/common
  * docs: correct default authfile path
  * fix(deps): update module github.com/containerd/containerd to v1.7.13
  * tests: retrofit test for heredoc summary
  * build, heredoc: show heredoc summary in build output
  * manifest, push: add support for --retry and --retry-delay
  * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
  * imagebuildah: fix crash with empty RUN
  * fix(deps): update github.com/containers/luksy digest to b62d551
  * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
  * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
  * Make buildah match podman for handling of ulimits
  * docs: move footnotes to where they're applicable
  * Allow users to specify no-dereference
  * Run codespell on code
  * Fix FreeBSD version parsing
  * Fix a build break on FreeBSD
  * Remove a bad FROM line
  * fix(deps): update module github.com/onsi/gomega to v1.31.1
  * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
  * docs: use reversed logo for dark theme in README
  * build,commit: add --sbom to scan and produce SBOMs when committing
  * commit: force omitHistory if the parent has layers but no history
  * docs: fix a couple of typos
  * internal/mkcw.Archive(): handle extra image content
  * stage_executor,heredoc: honor interpreter in heredoc
  * stage_executor,layers: burst cache if heredoc content is changed
  * fix(deps): update module golang.org/x/crypto to v0.18.0
  * Replace map[K]bool with map[K]struct{} where it makes sense
  * fix(deps): update module golang.org/x/sync to v0.6.0
  * fix(deps): update module golang.org/x/term to v0.16.0
  * Bump CI VMs
  * Replace strings.SplitN with strings.Cut
  * fix(deps): update github.com/containers/storage digest to ef81e9b
  * fix(deps): update github.com/containers/image/v5 digest to 1b221d4
  * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
  * Document use of containers-transports values in buildah
  * fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
  * chore(deps): update dependency containers/automation_images to v20231208
  * manifest: addCompression use default from containers.conf
  * commit: add a --add-file flag
  * mkcw: populate the rootfs using an overlay
  * chore(deps): update dependency containers/automation_images to v20230517
  * [skip-ci] Update actions/stale action to v9
  * fix(deps): update module github.com/containernetworking/plugins to v1.4.0
  * fix(deps): update github.com/containers/image/v5 digest to 7a40fee
  * Bump to v1.34.1-dev
  * Ignore errors if label.Relabel returns ENOSUP
 - Changelog for v1.34.0 (2023-12-11)
  * vendor: update c/{common,image,storage}
  * run: Allow using just one jail per container on FreeBSD
--- a/vendor/github.com/containers/buildah/define/types.go
+++ b/vendor/github.com/containers/buildah/define/types.go
@ -29,7 +29,7 @@ const (
 	// identify working containers.
 	Package = "buildah"
 	// Version for the Package. Also used by .packit.sh for Packit builds.
-	Version = "1.35.0-dev"
+	Version = "1.35.0"
 	// DefaultRuntime if containers.conf fails.
 	DefaultRuntime = "runc"
--- a/vendor/github.com/containers/buildah/info.go
+++ b/vendor/github.com/containers/buildah/info.go
@ -12,6 +12,7 @@ import (
 	internalUtil "github.com/containers/buildah/internal/util"
 	putil "github.com/containers/buildah/pkg/util"
 	"github.com/containers/buildah/util"
 	"github.com/containers/common/pkg/cgroups"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/system"
 	"github.com/containers/storage/pkg/unshare"
@ -50,7 +51,7 @@ func hostInfo() map[string]interface{} {
 	info["cpus"] = runtime.NumCPU()
 	info["rootless"] = unshare.IsRootless()
-	unified, err := util.IsCgroup2UnifiedMode()
+	unified, err := cgroups.IsCgroup2UnifiedMode()
 	if err != nil {
 		logrus.Error(err, "err reading cgroups mode")
 	}
--- a/vendor/github.com/containers/buildah/util/util.go
+++ b/vendor/github.com/containers/buildah/util/util.go
@ -9,7 +9,6 @@ import (
 	"path/filepath"
 	"sort"
 	"strings"
 	"sync"
 	"syscall"
 	"github.com/containers/buildah/define"
@ -376,12 +375,6 @@ func TruncateString(str string, to int) string {
 	return newStr
 }
 var (
 	isUnifiedOnce sync.Once
 	isUnified     bool
 	isUnifiedErr  error
 )
 // fileExistsAndNotADir - Check to see if a file exists
 // and that it is not a directory.
 func fileExistsAndNotADir(path string) (bool, error) {
--- a/vendor/github.com/containers/buildah/util/util_linux.go
+++ b/vendor/github.com/containers/buildah/util/util_linux.go
@ -1,20 +0,0 @@
 package util
 import (
 	"syscall"
 	"golang.org/x/sys/unix"
 )
 // IsCgroup2UnifiedMode returns whether we are running in cgroup 2 cgroup2 mode.
 func IsCgroup2UnifiedMode() (bool, error) {
 	isUnifiedOnce.Do(func() {
 		var st syscall.Statfs_t
 		if err := syscall.Statfs("/sys/fs/cgroup", &st); err != nil {
 			isUnified, isUnifiedErr = false, err
 		} else {
 			isUnified, isUnifiedErr = st.Type == unix.CGROUP2_SUPER_MAGIC, nil
 		}
 	})
 	return isUnified, isUnifiedErr
 }
--- a/vendor/github.com/containers/common/libimage/copier.go
+++ b/vendor/github.com/containers/common/libimage/copier.go
@ -432,12 +432,12 @@ func (c *copier) copy(ctx context.Context, source, destination types.ImageRefere
 	// Sanity checks for Buildah.
 	if sourceInsecure != nil && *sourceInsecure {
 		if c.systemContext.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse {
-			return nil, fmt.Errorf("can't require tls verification on an insecured registry")
+			return nil, errors.New("can't require tls verification on an insecured registry")
 		}
 	}
 	if destinationInsecure != nil && *destinationInsecure {
 		if c.systemContext.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse {
-			return nil, fmt.Errorf("can't require tls verification on an insecured registry")
+			return nil, errors.New("can't require tls verification on an insecured registry")
 		}
 	}
--- a/vendor/github.com/containers/common/libimage/filters.go
+++ b/vendor/github.com/containers/common/libimage/filters.go
@ -4,6 +4,7 @@ package libimage
 import (
 	"context"
 	"errors"
 	"fmt"
 	"path"
 	"strconv"
@ -226,7 +227,7 @@ func (r *Runtime) containers(duplicate map[string]string, key, value string, ext
 	case "false", "true":
 	case "external":
 		if externalFunc == nil {
-			return fmt.Errorf("libimage error: external containers filter without callback")
+			return errors.New("libimage error: external containers filter without callback")
 		}
 	default:
 		return fmt.Errorf("unsupported value %q for containers filter", value)
--- a/vendor/github.com/containers/common/libimage/load.go
+++ b/vendor/github.com/containers/common/libimage/load.go
@ -4,6 +4,7 @@ package libimage
 import (
 	"context"
 	"errors"
 	"fmt"
 	"os"
 	"time"
@ -91,7 +92,7 @@ func (r *Runtime) Load(ctx context.Context, path string, options *LoadOptions) (
 	// Give a decent error message if nothing above worked.
 	// we want the colon here for the multiline error
 	//nolint:revive
-	loadError := fmt.Errorf("payload does not match any of the supported image formats:")
+	loadError := errors.New("payload does not match any of the supported image formats:")
 	for _, err := range loadErrors {
 		loadError = fmt.Errorf("%v\n * %v", loadError, err)
 	}
--- a/vendor/github.com/containers/common/libimage/manifests/manifests.go
+++ b/vendor/github.com/containers/common/libimage/manifests/manifests.go
@ -834,7 +834,7 @@ func (l *list) AddArtifact(ctx context.Context, sys *types.SystemContext, option
 	if configDescriptor.Size != 0 {
 		if len(configDescriptor.Data) == 0 {
 			if options.ConfigFile == "" {
-				return "", fmt.Errorf("needed config data file, but none was provided")
+				return "", errors.New("needed config data file, but none was provided")
 			}
 			filePath, err := filepath.Abs(options.ConfigFile)
 			if err != nil {
--- a/vendor/github.com/containers/common/libimage/pull.go
+++ b/vendor/github.com/containers/common/libimage/pull.go
@ -426,7 +426,7 @@ func (r *Runtime) copyFromRegistry(ctx context.Context, ref types.ImageReference
 	for _, tag := range tags {
 		select { // Let's be gentle with Podman remote.
 		case <-ctx.Done():
-			return nil, fmt.Errorf("pulling cancelled")
+			return nil, errors.New("pulling cancelled")
 		default:
 			// We can continue.
 		}
@ -466,7 +466,7 @@ func (r *Runtime) imagesIDsForManifest(manifestBytes []byte, sys *types.SystemCo
 	} else {
 		d, err := manifest.Digest(manifestBytes)
 		if err != nil {
-			return nil, fmt.Errorf("digesting manifest")
+			return nil, errors.New("digesting manifest")
 		}
 		imageDigest = d
 	}
--- a/vendor/github.com/containers/common/libimage/runtime.go
+++ b/vendor/github.com/containers/common/libimage/runtime.go
@ -690,7 +690,7 @@ func (r *Runtime) RemoveImages(ctx context.Context, names []string, options *Rem
 	}
 	if options.ExternalContainers && options.IsExternalContainerFunc == nil {
-		return nil, []error{fmt.Errorf("libimage error: cannot remove external containers without callback")}
+		return nil, []error{errors.New("libimage error: cannot remove external containers without callback")}
 	}
 	// The logic here may require some explanation.  Image removal is
--- a/vendor/github.com/containers/common/libimage/save.go
+++ b/vendor/github.com/containers/common/libimage/save.go
@ -53,7 +53,7 @@ func (r *Runtime) Save(ctx context.Context, names []string, format, path string,
 			return fmt.Errorf("unsupported format %q for saving multiple images (only docker-archive)", format)
 		}
 		if len(options.AdditionalTags) > 0 {
-			return fmt.Errorf("cannot save multiple images with multiple tags")
+			return errors.New("cannot save multiple images with multiple tags")
 		}
 	}
--- a/vendor/github.com/containers/common/libnetwork/internal/util/validate.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/util/validate.go
@ -93,15 +93,15 @@ func ValidateRoutes(routes []types.Route) error {
 func ValidateRoute(route types.Route) error {
 	if route.Destination.IP == nil {
-		return fmt.Errorf("route destination ip nil")
+		return errors.New("route destination ip nil")
 	}
 	if route.Destination.Mask == nil {
-		return fmt.Errorf("route destination mask nil")
+		return errors.New("route destination mask nil")
 	}
 	if route.Gateway == nil {
-		return fmt.Errorf("route gateway nil")
+		return errors.New("route gateway nil")
 	}
 	// Reparse to ensure destination is valid.
@ -112,7 +112,7 @@ func ValidateRoute(route types.Route) error {
 	// check that destination is a network and not an address
 	if !ip.Equal(ipNet.IP) {
-		return fmt.Errorf("route destination invalid")
+		return errors.New("route destination invalid")
 	}
 	return nil
--- a/vendor/github.com/containers/common/libnetwork/netavark/config.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/config.go
@ -309,7 +309,7 @@ func createIpvlanOrMacvlan(network *types.Network) error {
 			return errIpvlanNoDHCP
 		}
 		if len(network.Subnets) > 0 {
-			return fmt.Errorf("ipam driver dhcp set but subnets are set")
+			return errors.New("ipam driver dhcp set but subnets are set")
 		}
 	}
--- a/vendor/github.com/containers/common/libnetwork/pasta/pasta.go
+++ b/vendor/github.com/containers/common/libnetwork/pasta/pasta.go
@ -63,7 +63,7 @@ func Setup(opts *SetupOptions) error {
 			var addr string
 			if i.HostIP != "" {
-				addr = fmt.Sprintf("%s/", i.HostIP)
+				addr = i.HostIP + "/"
 			}
 			switch protocol {
--- a/vendor/github.com/containers/common/libnetwork/slirp4netns/slirp4netns.go
+++ b/vendor/github.com/containers/common/libnetwork/slirp4netns/slirp4netns.go
@ -210,7 +210,7 @@ func createBasicSlirpCmdArgs(options *networkOptions, features *slirpFeatures) (
 		cmdArgs = append(cmdArgs, "--disable-host-loopback")
 	}
 	if options.mtu > -1 && features.HasMTU {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--mtu=%d", options.mtu))
+		cmdArgs = append(cmdArgs, "--mtu="+strconv.Itoa(options.mtu))
 	}
 	if !options.noPivotRoot && features.HasEnableSandbox {
 		cmdArgs = append(cmdArgs, "--enable-sandbox")
@ -221,33 +221,33 @@ func createBasicSlirpCmdArgs(options *networkOptions, features *slirpFeatures) (
 	if options.cidr != "" {
 		if !features.HasCIDR {
-			return nil, fmt.Errorf("cidr not supported")
+			return nil, errors.New("cidr not supported")
 		}
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--cidr=%s", options.cidr))
+		cmdArgs = append(cmdArgs, "--cidr="+options.cidr)
 	}
 	if options.enableIPv6 {
 		if !features.HasIPv6 {
-			return nil, fmt.Errorf("enable_ipv6 not supported")
+			return nil, errors.New("enable_ipv6 not supported")
 		}
 		cmdArgs = append(cmdArgs, "--enable-ipv6")
 	}
 	if options.outboundAddr != "" {
 		if !features.HasOutboundAddr {
-			return nil, fmt.Errorf("outbound_addr not supported")
+			return nil, errors.New("outbound_addr not supported")
 		}
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--outbound-addr=%s", options.outboundAddr))
+		cmdArgs = append(cmdArgs, "--outbound-addr="+options.outboundAddr)
 	}
 	if options.outboundAddr6 != "" {
 		if !features.HasOutboundAddr || !features.HasIPv6 {
-			return nil, fmt.Errorf("outbound_addr6 not supported")
+			return nil, errors.New("outbound_addr6 not supported")
 		}
 		if !options.enableIPv6 {
-			return nil, fmt.Errorf("enable_ipv6=true is required for outbound_addr6")
+			return nil, errors.New("enable_ipv6=true is required for outbound_addr6")
 		}
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--outbound-addr6=%s", options.outboundAddr6))
+		cmdArgs = append(cmdArgs, "--outbound-addr6="+options.outboundAddr6)
 	}
 	return cmdArgs, nil
@ -300,7 +300,7 @@ func Setup(opts *SetupOptions) (*SetupResult, error) {
 	var apiSocket string
 	if havePortMapping && netOptions.isSlirpHostForward {
-		apiSocket = filepath.Join(opts.Config.Engine.TmpDir, fmt.Sprintf("%s.net", opts.ContainerID))
+		apiSocket = filepath.Join(opts.Config.Engine.TmpDir, opts.ContainerID+".net")
 		cmdArgs = append(cmdArgs, "--api-socket", apiSocket)
 	}
@ -610,7 +610,7 @@ func SetupRootlessPortMappingViaRLK(opts *SetupOptions, slirpSubnet *net.IPNet,
 		if stdoutStr != "" {
 			// err contains full debug log and too verbose, so return stdoutStr
 			logrus.Debug(err)
-			return fmt.Errorf("rootlessport " + strings.TrimSuffix(stdoutStr, "\n"))
+			return errors.New("rootlessport " + strings.TrimSuffix(stdoutStr, "\n"))
 		}
 		return err
 	}
--- a/vendor/github.com/containers/common/pkg/auth/auth.go
+++ b/vendor/github.com/containers/common/pkg/auth/auth.go
@ -285,7 +285,7 @@ func getUserAndPass(opts *LoginOptions, password, userFromAuthFile string) (user
 	username := opts.Username
 	if username == "" {
 		if opts.Stdin == nil {
-			return "", "", fmt.Errorf("cannot prompt for username without stdin")
+			return "", "", errors.New("cannot prompt for username without stdin")
 		}
 		if userFromAuthFile != "" {
--- a/vendor/github.com/containers/common/pkg/cgroups/cgroups_linux.go
+++ b/vendor/github.com/containers/common/pkg/cgroups/cgroups_linux.go
@ -103,7 +103,7 @@ func getAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool)
 			}
 			// userSlice already contains '/' so not adding here
 			basePath := cgroupRoot + userSlice
-			controllersFile = fmt.Sprintf("%s/cgroup.controllers", basePath)
+			controllersFile = basePath + "/cgroup.controllers"
 		}
 		controllersFileBytes, err := os.ReadFile(controllersFile)
 		if err != nil {
@ -389,7 +389,7 @@ func Load(path string) (*CgroupControl, error) {
 // CreateSystemdUnit creates the systemd cgroup
 func (c *CgroupControl) CreateSystemdUnit(path string) error {
 	if !c.systemd {
-		return fmt.Errorf("the cgroup controller is not using systemd")
+		return errors.New("the cgroup controller is not using systemd")
 	}
 	conn, err := systemdDbus.NewWithContext(context.TODO())
@ -404,7 +404,7 @@ func (c *CgroupControl) CreateSystemdUnit(path string) error {
 // CreateSystemdUserUnit creates the systemd cgroup for the specified user
 func (c *CgroupControl) CreateSystemdUserUnit(path string, uid int) error {
 	if !c.systemd {
-		return fmt.Errorf("the cgroup controller is not using systemd")
+		return errors.New("the cgroup controller is not using systemd")
 	}
 	conn, err := UserConnection(uid)
@ -678,7 +678,7 @@ func cpusetCopyFileFromParent(dir, file string, cgroupv2 bool) ([]byte, error) {
 	path := filepath.Join(dir, file)
 	parentPath := path
 	if cgroupv2 {
-		parentPath = fmt.Sprintf("%s.effective", parentPath)
+		parentPath += ".effective"
 	}
 	data, err := os.ReadFile(parentPath)
 	if err != nil {
--- a/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go
+++ b/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go
@ -25,7 +25,7 @@ func systemdCreate(resources *configs.Resources, path string, c *systemdDbus.Con
 	var lastError error
 	for i := 0; i < 2; i++ {
 		properties := []systemdDbus.Property{
-			systemdDbus.PropDescription(fmt.Sprintf("cgroup %s", name)),
+			systemdDbus.PropDescription("cgroup " + name),
 			systemdDbus.PropWants(slice),
 		}
 		var ioString string
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@ -531,13 +531,13 @@ func (c EngineConfig) EventsLogMaxSize() uint64 {
 func (c *Config) SecurityOptions() []string {
 	securityOpts := []string{}
 	if c.Containers.SeccompProfile != "" && c.Containers.SeccompProfile != SeccompDefaultPath {
-		securityOpts = append(securityOpts, fmt.Sprintf("seccomp=%s", c.Containers.SeccompProfile))
+		securityOpts = append(securityOpts, "seccomp="+c.Containers.SeccompProfile)
 	}
 	if apparmor.IsEnabled() && c.Containers.ApparmorProfile != "" {
-		securityOpts = append(securityOpts, fmt.Sprintf("apparmor=%s", c.Containers.ApparmorProfile))
+		securityOpts = append(securityOpts, "apparmor="+c.Containers.ApparmorProfile)
 	}
 	if selinux.GetEnabled() && !c.Containers.EnableLabeling {
-		securityOpts = append(securityOpts, fmt.Sprintf("label=%s", selinux.DisableSecOpt()[0]))
+		securityOpts = append(securityOpts, "label="+selinux.DisableSecOpt()[0])
 	}
 	return securityOpts
 }
--- a/vendor/github.com/containers/common/pkg/filters/filters.go
+++ b/vendor/github.com/containers/common/pkg/filters/filters.go
@ -2,6 +2,7 @@ package filters
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
 	"path/filepath"
@ -17,7 +18,7 @@ import (
 func ComputeUntilTimestamp(filterValues []string) (time.Time, error) {
 	invalid := time.Time{}
 	if len(filterValues) != 1 {
-		return invalid, fmt.Errorf("specify exactly one timestamp for until")
+		return invalid, errors.New("specify exactly one timestamp for until")
 	}
 	ts, err := timetype.GetTimestamp(filterValues[0], time.Now())
 	if err != nil {
--- a/vendor/github.com/containers/common/pkg/ssh/connection_golang.go
+++ b/vendor/github.com/containers/common/pkg/ssh/connection_golang.go
@ -291,7 +291,7 @@ func ValidateAndConfigure(uri *url.URL, iden string, insecureIsMachineConnection
 	}
 	if len(authMethods) == 0 {
 		authMethods = append(authMethods, ssh.PasswordCallback(func() (string, error) {
-			pass, err := ReadPassword(fmt.Sprintf("%s's login password:", uri.User.Username()))
+			pass, err := ReadPassword(uri.User.Username() + "'s login password:")
 			return string(pass), err
 		}))
 	}
--- a/vendor/github.com/containers/common/pkg/ssh/connection_native.go
+++ b/vendor/github.com/containers/common/pkg/ssh/connection_native.go
@ -35,7 +35,7 @@ func nativeConnectionCreate(options ConnectionCreateOptions) error {
 	// test connection
 	ssh, err := exec.LookPath("ssh")
 	if err != nil {
-		return fmt.Errorf("no ssh binary found")
+		return err
 	}
 	if strings.Contains(uri.Host, "/run") {
@ -109,7 +109,7 @@ func nativeConnectionExec(options ConnectionExecOptions, input io.Reader) (*Conn
 	ssh, err := exec.LookPath("ssh")
 	if err != nil {
-		return nil, fmt.Errorf("no ssh binary found")
+		return nil, err
 	}
 	output := &bytes.Buffer{}
@ -157,7 +157,7 @@ func nativeConnectionScp(options ConnectionScpOptions) (*ConnectionScpReport, er
 	scp, err := exec.LookPath("scp")
 	if err != nil {
-		return nil, fmt.Errorf("no scp binary found")
+		return nil, err
 	}
 	conf, err := config.Default()
--- a/vendor/github.com/containers/common/pkg/ssh/ssh.go
+++ b/vendor/github.com/containers/common/pkg/ssh/ssh.go
@ -1,7 +1,7 @@
 package ssh
 import (
-	"fmt"
+	"errors"
 	"io"
 	"golang.org/x/crypto/ssh"
@ -18,7 +18,7 @@ func Dial(options *ConnectionDialOptions, kind EngineMode) (*ssh.Client, error)
 	var rep *ConnectionDialReport
 	var err error
 	if kind == NativeMode {
-		return nil, fmt.Errorf("ssh dial failed: you cannot create a dial-able client with native ssh")
+		return nil, errors.New("ssh dial failed: you cannot create a dial-able client with native ssh")
 	}
 	rep, err = golangConnectionDial(*options)
 	if err != nil {
--- a/vendor/github.com/containers/common/pkg/ssh/utils.go
+++ b/vendor/github.com/containers/common/pkg/ssh/utils.go
@ -1,6 +1,7 @@
 package ssh
 import (
 	"errors"
 	"fmt"
 	"io"
 	"net"
@ -80,7 +81,7 @@ func ReadPassword(prompt string) (pw []byte, err error) {
 			pw = append(pw, b[0])
 			// limit size, so that a wrong input won't fill up the memory
 			if len(pw) > 1024 {
-				err = fmt.Errorf("password too long, 1024 byte limit")
+				err = errors.New("password too long, 1024 byte limit")
 			}
 		}
 		if err != nil {
@ -156,7 +157,7 @@ func ParseScpArgs(options ConnectionScpOptions) (string, string, string, bool, e
 	} else {
 		split = strings.Split(host, ":")
 		if len(split) != 2 {
-			return "", "", "", false, fmt.Errorf("no remote destination provided")
+			return "", "", "", false, errors.New("no remote destination provided")
 		}
 		host = split[0]
 		remotePath = split[1]
--- a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
+++ b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
@ -212,7 +212,7 @@ func MountsWithUIDGID(mountLabel, containerRunDir, mountFile, mountPoint string,
 }
 func rchown(chowndir string, uid, gid int) error {
-	return filepath.Walk(chowndir, func(filePath string, f os.FileInfo, err error) error {
+	return filepath.Walk(chowndir, func(filePath string, _ os.FileInfo, err error) error {
 		return os.Lchown(filePath, uid, gid)
 	})
 }
--- a/vendor/github.com/containers/common/pkg/supplemented/supplemented.go
+++ b/vendor/github.com/containers/common/pkg/supplemented/supplemented.go
@ -3,6 +3,7 @@ package supplemented
 import (
 	"container/list"
 	"context"
 	"errors"
 	"fmt"
 	"io"
@ -286,7 +287,7 @@ func (s *supplementedImageReference) NewImageSource(ctx context.Context, sys *ty
 }
 func (s *supplementedImageReference) DeleteImage(_ context.Context, _ *types.SystemContext) error {
-	return fmt.Errorf("deletion of images not implemented")
+	return errors.New("deletion of images not implemented")
 }
 func (s *supplementedImageSource) Close() error {
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@ -1,4 +1,4 @@
 package version
 // Version is the version of the build.
-const Version = "0.58.0-dev"
+const Version = "0.58.0"
--- a/vendor/github.com/containers/image/v5/version/version.go
+++ b/vendor/github.com/containers/image/v5/version/version.go
@ -11,7 +11,7 @@ const (
 	VersionPatch = 0
 	// VersionDev indicates development branch. Releases will be empty string.
-	VersionDev = "-dev"
+	VersionDev = ""
 )
 // Version is the specification version that the package types support.
--- a/vendor/github.com/go-openapi/swag/initialism_index.go
+++ b/vendor/github.com/go-openapi/swag/initialism_index.go
@ -176,7 +176,7 @@ func (m *indexOfInitialisms) add(key string) *indexOfInitialisms {
 func (m *indexOfInitialisms) sorted() (result []string) {
 	m.sortMutex.Lock()
 	defer m.sortMutex.Unlock()
-	m.index.Range(func(key, value interface{}) bool {
+	m.index.Range(func(key, _ interface{}) bool {
 		k := key.(string)
 		result = append(result, k)
 		return true
--- a/vendor/github.com/go-openapi/swag/yaml.go
+++ b/vendor/github.com/go-openapi/swag/yaml.go
@ -16,6 +16,7 @@ package swag
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"path/filepath"
 	"reflect"
@ -50,7 +51,7 @@ func BytesToYAMLDoc(data []byte) (interface{}, error) {
 		return nil, err
 	}
 	if document.Kind != yaml.DocumentNode || len(document.Content) != 1 || document.Content[0].Kind != yaml.MappingNode {
-		return nil, fmt.Errorf("only YAML documents that are objects are supported")
+		return nil, errors.New("only YAML documents that are objects are supported")
 	}
 	return &document, nil
 }
--- a/vendor/golang.org/x/tools/go/packages/doc.go
+++ b/vendor/golang.org/x/tools/go/packages/doc.go
@ -15,22 +15,10 @@ Load passes most patterns directly to the underlying build tool.
 The default build tool is the go command.
 Its supported patterns are described at
 https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns.
 Other build systems may be supported by providing a "driver";
 see [The driver protocol].
-Load may be used in Go projects that use alternative build systems, by
+All patterns with the prefix "query=", where query is a
 installing an appropriate "driver" program for the build system and
 specifying its location in the GOPACKAGESDRIVER environment variable.
 For example,
 https://github.com/bazelbuild/rules_go/wiki/Editor-and-tool-integration
 explains how to use the driver for Bazel.
 The driver program is responsible for interpreting patterns in its
 preferred notation and reporting information about the packages that
 they identify.
 (See driverRequest and driverResponse types for the JSON
 schema used by the protocol.
 Though the protocol is supported, these types are currently unexported;
 see #64608 for a proposal to publish them.)
 Regardless of driver, all patterns with the prefix "query=", where query is a
 non-empty string of letters from [a-z], are reserved and may be
 interpreted as query operators.
@ -86,7 +74,29 @@ for details.
 Most tools should pass their command-line arguments (after any flags)
 uninterpreted to [Load], so that it can interpret them
 according to the conventions of the underlying build system.
 See the Example function for typical usage.
 # The driver protocol
 [Load] may be used to load Go packages even in Go projects that use
 alternative build systems, by installing an appropriate "driver"
 program for the build system and specifying its location in the
 GOPACKAGESDRIVER environment variable.
 For example,
 https://github.com/bazelbuild/rules_go/wiki/Editor-and-tool-integration
 explains how to use the driver for Bazel.
 The driver program is responsible for interpreting patterns in its
 preferred notation and reporting information about the packages that
 those patterns identify. Drivers must also support the special "file="
 and "pattern=" patterns described above.
 The patterns are provided as positional command-line arguments. A
 JSON-encoded [DriverRequest] message providing additional information
 is written to the driver's standard input. The driver must write a
 JSON-encoded [DriverResponse] message to its standard output. (This
 message differs from the JSON schema produced by 'go list'.)
 */
 package packages // import "golang.org/x/tools/go/packages"
--- a/vendor/golang.org/x/tools/go/packages/external.go
+++ b/vendor/golang.org/x/tools/go/packages/external.go
@ -2,12 +2,11 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // This file enables an external tool to intercept package requests.
 // If the tool is present then its results are used in preference to
 // the go list command.
 package packages
 // This file defines the protocol that enables an external "driver"
 // tool to supply package metadata in place of 'go list'.
 import (
 	"bytes"
 	"encoding/json"
@ -17,31 +16,71 @@ import (
 	"strings"
 )
-// The Driver Protocol
+// DriverRequest defines the schema of a request for package metadata
 // from an external driver program. The JSON-encoded DriverRequest
 // message is provided to the driver program's standard input. The
 // query patterns are provided as command-line arguments.
 //
-// The driver, given the inputs to a call to Load, returns metadata about the packages specified.
+// See the package documentation for an overview.
-// This allows for different build systems to support go/packages by telling go/packages how the
+type DriverRequest struct {
 // packages' source is organized.
 // The driver is a binary, either specified by the GOPACKAGESDRIVER environment variable or in
 // the path as gopackagesdriver. It's given the inputs to load in its argv. See the package
 // documentation in doc.go for the full description of the patterns that need to be supported.
 // A driver receives as a JSON-serialized driverRequest struct in standard input and will
 // produce a JSON-serialized driverResponse (see definition in packages.go) in its standard output.
 // driverRequest is used to provide the portion of Load's Config that is needed by a driver.
 type driverRequest struct {
 	Mode LoadMode `json:"mode"`
 	// Env specifies the environment the underlying build system should be run in.
 	Env []string `json:"env"`
 	// BuildFlags are flags that should be passed to the underlying build system.
 	BuildFlags []string `json:"build_flags"`
 	// Tests specifies whether the patterns should also return test packages.
 	Tests bool `json:"tests"`
 	// Overlay maps file paths (relative to the driver's working directory) to the byte contents
 	// of overlay files.
 	Overlay map[string][]byte `json:"overlay"`
 }
 // DriverResponse defines the schema of a response from an external
 // driver program, providing the results of a query for package
 // metadata. The driver program must write a JSON-encoded
 // DriverResponse message to its standard output.
 //
 // See the package documentation for an overview.
 type DriverResponse struct {
 	// NotHandled is returned if the request can't be handled by the current
 	// driver. If an external driver returns a response with NotHandled, the
 	// rest of the DriverResponse is ignored, and go/packages will fallback
 	// to the next driver. If go/packages is extended in the future to support
 	// lists of multiple drivers, go/packages will fall back to the next driver.
 	NotHandled bool
 	// Compiler and Arch are the arguments pass of types.SizesFor
 	// to get a types.Sizes to use when type checking.
 	Compiler string
 	Arch     string
 	// Roots is the set of package IDs that make up the root packages.
 	// We have to encode this separately because when we encode a single package
 	// we cannot know if it is one of the roots as that requires knowledge of the
 	// graph it is part of.
 	Roots []string `json:",omitempty"`
 	// Packages is the full set of packages in the graph.
 	// The packages are not connected into a graph.
 	// The Imports if populated will be stubs that only have their ID set.
 	// Imports will be connected and then type and syntax information added in a
 	// later pass (see refine).
 	Packages []*Package
 	// GoVersion is the minor version number used by the driver
 	// (e.g. the go command on the PATH) when selecting .go files.
 	// Zero means unknown.
 	GoVersion int
 }
 // driver is the type for functions that query the build system for the
 // packages named by the patterns.
 type driver func(cfg *Config, patterns ...string) (*DriverResponse, error)
 // findExternalDriver returns the file path of a tool that supplies
 // the build system package structure, or "" if not found."
 // If GOPACKAGESDRIVER is set in the environment findExternalTool returns its
@ -64,8 +103,8 @@ func findExternalDriver(cfg *Config) driver {
 			return nil
 		}
 	}
-	return func(cfg *Config, words ...string) (*driverResponse, error) {
+	return func(cfg *Config, words ...string) (*DriverResponse, error) {
-		req, err := json.Marshal(driverRequest{
+		req, err := json.Marshal(DriverRequest{
 			Mode:       cfg.Mode,
 			Env:        cfg.Env,
 			BuildFlags: cfg.BuildFlags,
@ -92,7 +131,7 @@ func findExternalDriver(cfg *Config) driver {
 			fmt.Fprintf(os.Stderr, "%s stderr: <<%s>>\n", cmdDebugStr(cmd), stderr)
 		}
-		var response driverResponse
+		var response DriverResponse
 		if err := json.Unmarshal(buf.Bytes(), &response); err != nil {
 			return nil, err
 		}
--- a/vendor/golang.org/x/tools/go/packages/golist.go
+++ b/vendor/golang.org/x/tools/go/packages/golist.go
@ -35,23 +35,23 @@ type goTooOldError struct {
 	error
 }
-// responseDeduper wraps a driverResponse, deduplicating its contents.
+// responseDeduper wraps a DriverResponse, deduplicating its contents.
 type responseDeduper struct {
 	seenRoots    map[string]bool
 	seenPackages map[string]*Package
-	dr           *driverResponse
+	dr           *DriverResponse
 }
 func newDeduper() *responseDeduper {
 	return &responseDeduper{
-		dr:           &driverResponse{},
+		dr:           &DriverResponse{},
 		seenRoots:    map[string]bool{},
 		seenPackages: map[string]*Package{},
 	}
 }
-// addAll fills in r with a driverResponse.
+// addAll fills in r with a DriverResponse.
-func (r *responseDeduper) addAll(dr *driverResponse) {
+func (r *responseDeduper) addAll(dr *DriverResponse) {
 	for _, pkg := range dr.Packages {
 		r.addPackage(pkg)
 	}
@ -128,7 +128,7 @@ func (state *golistState) mustGetEnv() map[string]string {
 // goListDriver uses the go list command to interpret the patterns and produce
 // the build system package structure.
 // See driver for more details.
-func goListDriver(cfg *Config, patterns ...string) (*driverResponse, error) {
+func goListDriver(cfg *Config, patterns ...string) (_ *DriverResponse, err error) {
 	// Make sure that any asynchronous go commands are killed when we return.
 	parentCtx := cfg.Context
 	if parentCtx == nil {
@ -146,16 +146,18 @@ func goListDriver(cfg *Config, patterns ...string) (*driverResponse, error) {
 	}
 	// Fill in response.Sizes asynchronously if necessary.
 	var sizeserr error
 	var sizeswg sync.WaitGroup
 	if cfg.Mode&NeedTypesSizes != 0 || cfg.Mode&NeedTypes != 0 {
-		sizeswg.Add(1)
+		errCh := make(chan error)
 		go func() {
 			compiler, arch, err := packagesdriver.GetSizesForArgsGolist(ctx, state.cfgInvocation(), cfg.gocmdRunner)
 			sizeserr = err
 			response.dr.Compiler = compiler
 			response.dr.Arch = arch
-			sizeswg.Done()
+			errCh <- err
 		}()
 		defer func() {
 			if sizesErr := <-errCh; sizesErr != nil {
 				err = sizesErr
 			}
 		}()
 	}
@ -208,10 +210,7 @@ extractQueries:
 		}
 	}
-	sizeswg.Wait()
+	// (We may yet return an error due to defer.)
 	if sizeserr != nil {
 		return nil, sizeserr
 	}
 	return response.dr, nil
 }
@ -266,7 +265,7 @@ func (state *golistState) runContainsQueries(response *responseDeduper, queries
 // adhocPackage attempts to load or construct an ad-hoc package for a given
 // query, if the original call to the driver produced inadequate results.
-func (state *golistState) adhocPackage(pattern, query string) (*driverResponse, error) {
+func (state *golistState) adhocPackage(pattern, query string) (*DriverResponse, error) {
 	response, err := state.createDriverResponse(query)
 	if err != nil {
 		return nil, err
@ -357,7 +356,7 @@ func otherFiles(p *jsonPackage) [][]string {
 // createDriverResponse uses the "go list" command to expand the pattern
 // words and return a response for the specified packages.
-func (state *golistState) createDriverResponse(words ...string) (*driverResponse, error) {
+func (state *golistState) createDriverResponse(words ...string) (*DriverResponse, error) {
 	// go list uses the following identifiers in ImportPath and Imports:
 	//
 	// 	"p"			-- importable package or main (command)
@ -384,7 +383,7 @@ func (state *golistState) createDriverResponse(words ...string) (*driverResponse
 	pkgs := make(map[string]*Package)
 	additionalErrors := make(map[string][]Error)
 	// Decode the JSON and convert it to Package form.
-	response := &driverResponse{
+	response := &DriverResponse{
 		GoVersion: goVersion,
 	}
 	for dec := json.NewDecoder(buf); dec.More(); {
--- a/vendor/golang.org/x/tools/go/packages/packages.go
+++ b/vendor/golang.org/x/tools/go/packages/packages.go
@ -206,43 +206,6 @@ type Config struct {
 	Overlay map[string][]byte
 }
 // driver is the type for functions that query the build system for the
 // packages named by the patterns.
 type driver func(cfg *Config, patterns ...string) (*driverResponse, error)
 // driverResponse contains the results for a driver query.
 type driverResponse struct {
 	// NotHandled is returned if the request can't be handled by the current
 	// driver. If an external driver returns a response with NotHandled, the
 	// rest of the driverResponse is ignored, and go/packages will fallback
 	// to the next driver. If go/packages is extended in the future to support
 	// lists of multiple drivers, go/packages will fall back to the next driver.
 	NotHandled bool
 	// Compiler and Arch are the arguments pass of types.SizesFor
 	// to get a types.Sizes to use when type checking.
 	Compiler string
 	Arch     string
 	// Roots is the set of package IDs that make up the root packages.
 	// We have to encode this separately because when we encode a single package
 	// we cannot know if it is one of the roots as that requires knowledge of the
 	// graph it is part of.
 	Roots []string `json:",omitempty"`
 	// Packages is the full set of packages in the graph.
 	// The packages are not connected into a graph.
 	// The Imports if populated will be stubs that only have their ID set.
 	// Imports will be connected and then type and syntax information added in a
 	// later pass (see refine).
 	Packages []*Package
 	// GoVersion is the minor version number used by the driver
 	// (e.g. the go command on the PATH) when selecting .go files.
 	// Zero means unknown.
 	GoVersion int
 }
 // Load loads and returns the Go packages named by the given patterns.
 //
 // Config specifies loading options;
@ -291,7 +254,7 @@ func Load(cfg *Config, patterns ...string) ([]*Package, error) {
 // no external driver, or the driver returns a response with NotHandled set,
 // defaultDriver will fall back to the go list driver.
 // The boolean result indicates that an external driver handled the request.
-func defaultDriver(cfg *Config, patterns ...string) (*driverResponse, bool, error) {
+func defaultDriver(cfg *Config, patterns ...string) (*DriverResponse, bool, error) {
 	if driver := findExternalDriver(cfg); driver != nil {
 		response, err := driver(cfg, patterns...)
 		if err != nil {
@ -303,7 +266,10 @@ func defaultDriver(cfg *Config, patterns ...string) (*driverResponse, bool, erro
 	}
 	response, err := goListDriver(cfg, patterns...)
-	return response, false, err
+	if err != nil {
 		return nil, false, err
 	}
 	return response, false, nil
 }
 // A Package describes a loaded Go package.
@ -648,7 +614,7 @@ func newLoader(cfg *Config) *loader {
 // refine connects the supplied packages into a graph and then adds type
 // and syntax information as requested by the LoadMode.
-func (ld *loader) refine(response *driverResponse) ([]*Package, error) {
+func (ld *loader) refine(response *DriverResponse) ([]*Package, error) {
 	roots := response.Roots
 	rootMap := make(map[string]int, len(roots))
 	for i, root := range roots {
--- a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
+++ b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
@ -224,6 +224,7 @@ func iimportCommon(fset *token.FileSet, getPackages GetPackagesFunc, data []byte
 	// Gather the relevant packages from the manifest.
 	items := make([]GetPackagesItem, r.uint64())
 	uniquePkgPaths := make(map[string]bool)
 	for i := range items {
 		pkgPathOff := r.uint64()
 		pkgPath := p.stringAt(pkgPathOff)
@ -248,6 +249,12 @@ func iimportCommon(fset *token.FileSet, getPackages GetPackagesFunc, data []byte
 		}
 		items[i].nameIndex = nameIndex
 		uniquePkgPaths[pkgPath] = true
 	}
 	// Debugging #63822; hypothesis: there are duplicate PkgPaths.
 	if len(uniquePkgPaths) != len(items) {
 		reportf("found duplicate PkgPaths while reading export data manifest: %v", items)
 	}
 	// Request packages all at once from the client,
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -141,7 +141,7 @@ github.com/containernetworking/cni/pkg/version
 # github.com/containernetworking/plugins v1.4.0
 ## explicit; go 1.20
 github.com/containernetworking/plugins/pkg/ns
-# github.com/containers/buildah v1.34.1-0.20240229193131-f5d7689ef4cd
+# github.com/containers/buildah v1.35.0
 ## explicit; go 1.20
 github.com/containers/buildah
 github.com/containers/buildah/bind
@ -171,7 +171,7 @@ github.com/containers/buildah/pkg/sshagent
 github.com/containers/buildah/pkg/util
 github.com/containers/buildah/pkg/volumes
 github.com/containers/buildah/util
-# github.com/containers/common v0.57.1-0.20240304165751-a0d555c70d52
+# github.com/containers/common v0.58.0
 ## explicit; go 1.20
 github.com/containers/common/internal
 github.com/containers/common/internal/attributedstring
@ -243,7 +243,7 @@ github.com/containers/conmon/runner/config
 # github.com/containers/gvisor-tap-vsock v0.7.3
 ## explicit; go 1.20
 github.com/containers/gvisor-tap-vsock/pkg/types
-# github.com/containers/image/v5 v5.29.3-0.20240229213915-cdc68020a24f
+# github.com/containers/image/v5 v5.30.0
 ## explicit; go 1.19
 github.com/containers/image/v5/copy
 github.com/containers/image/v5/directory
@ -323,7 +323,7 @@ github.com/containers/libhvee/pkg/wmiext
 # github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01
 ## explicit
 github.com/containers/libtrust
-# github.com/containers/luksy v0.0.0-20240129181507-b62d551ce6d8
+# github.com/containers/luksy v0.0.0-20240212203526-ceb12d4fd50c
 ## explicit; go 1.20
 github.com/containers/luksy
 # github.com/containers/ocicrypt v1.1.9
@ -575,7 +575,7 @@ github.com/go-openapi/analysis/internal/flatten/operations
 github.com/go-openapi/analysis/internal/flatten/replace
 github.com/go-openapi/analysis/internal/flatten/schutils
 github.com/go-openapi/analysis/internal/flatten/sortref
-# github.com/go-openapi/errors v0.21.0
+# github.com/go-openapi/errors v0.21.1
 ## explicit; go 1.19
 github.com/go-openapi/errors
 # github.com/go-openapi/jsonpointer v0.19.6
@ -602,10 +602,10 @@ github.com/go-openapi/runtime/yamlpc
 # github.com/go-openapi/spec v0.20.9
 ## explicit; go 1.13
 github.com/go-openapi/spec
-# github.com/go-openapi/strfmt v0.22.1
+# github.com/go-openapi/strfmt v0.22.2
 ## explicit; go 1.19
 github.com/go-openapi/strfmt
-# github.com/go-openapi/swag v0.22.9
+# github.com/go-openapi/swag v0.22.10
 ## explicit; go 1.19
 github.com/go-openapi/swag
 # github.com/go-openapi/validate v0.22.1
@ -1182,12 +1182,12 @@ golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
 golang.org/x/crypto/ssh/knownhosts
 golang.org/x/crypto/twofish
 golang.org/x/crypto/xts
-# golang.org/x/exp v0.0.0-20240119083558-1b970713d09a
+# golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
 ## explicit; go 1.20
 golang.org/x/exp/constraints
 golang.org/x/exp/maps
 golang.org/x/exp/slices
-# golang.org/x/mod v0.14.0
+# golang.org/x/mod v0.15.0
 ## explicit; go 1.18
 golang.org/x/mod/semver
 golang.org/x/mod/sumdb/note
@ -1207,7 +1207,7 @@ golang.org/x/net/internal/socks
 golang.org/x/net/internal/timeseries
 golang.org/x/net/proxy
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.17.0
+# golang.org/x/oauth2 v0.18.0
 ## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
@ -1251,7 +1251,7 @@ golang.org/x/text/unicode/norm
 # golang.org/x/time v0.3.0
 ## explicit
 golang.org/x/time/rate
-# golang.org/x/tools v0.17.0
+# golang.org/x/tools v0.18.0
 ## explicit; go 1.18
 golang.org/x/tools/cmd/stringer
 golang.org/x/tools/cover