Sourced from github.com/aquasecurity/table's releases.

v1.10.0

What's Changed

• feat: add rows count by @​ajunior in aquasecurity/table#32
• fix: Support footers with no row lines by @​owenrumney in aquasecurity/table#33

Full Changelog: aquasecurity/table@v1.9.0...v1.10.0

v1.9.0

What's Changed

• feat(table): add method to check if the table is empty by @​ajunior in aquasecurity/table#29

New Contributors

• @​ajunior made their first contribution in aquasecurity/table#29

Full Changelog: aquasecurity/table@v1.8.0...v1.9.0

• 54db229 fix: Support footers with no row lines (#33)
• 0961fdc feat: add rows count (#32)
• 0852ecf feat(table): add method to check if the table is empty (#29)
• See full diff in compare view

• 6e064fa Release 2025-04-30
• 8e12cb0 Regenerated Clients
• a3de4a9 Update endpoints model
• 0494db3 Update API model
• dfcc3bc support for json to/from types.AttributeValue (#3071)
• 67a3bbf Release 2025-04-29
• cf43fe6 Regenerated Clients
• 128385d Update endpoints model
• 30477ef Update API model
• ac8da7e fix breakfix dataexchange updaterevision finalized (#3076)
• Additional commits viewable in compare view

• ac2c871 Update API model
• 03c6858 deprecate v4.SignHTTPRequestMiddleware (#2375)
• 0be05fa Release 2023-11-17
• d0c9d42 Regenerated Clients
• e2ede40 Update endpoints model
• 7720f87 Update API model
• 4bd06b9 Merge customizations for service s3
• 24bd514 Merge pull request #2373 from aws/deprecate-macie
• ce87b84 Add changelog for last commit
• ea520b6 Remove macie service
• Additional commits viewable in compare view

• cfef7b8 Release 2025-04-28
• 6de0aa4 Regenerated Clients
• c2224b2 Update endpoints model
• 6f897c6 Update API model
• 977ee1d don't perform checksum validation in non-200 responses (#3075)
• b06fd66 Release 2025-04-25
• 989866c Regenerated Clients
• 5a3a3df Update endpoints model
• aa132cc Update API model
• 3aace41 Transfer Manager v2 downloader concurrency fix and version control (#3058)
• Additional commits viewable in compare view

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.0.5

Welcome to the v2.0.5 release of containerd!

The fifth patch release for containerd 2.0 includes various bug fixes and updates.

Highlights

Build and Release Toolchain

• Update go to 1.23.8 (#11717)

Container Runtime Interface (CRI)

• Update ImageService to delete images synchronously (#11599)

Image Distribution

• Prevent panic on zero length push (#11698)
• Set default differ for the default unpack config of transfer service (#11688)

Runtime

• Remove invalid error log when stopping container after containerd restart (#11621)
• Update taskOptions based on runtimeOptions when creating a task (#11618)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Akhil Mohan
• Derek McGowan
• Phil Estes
• Wei Fu
• Iceber Gu
• Austin Vazquez
• Maksym Pavlenko
• Cesar Talledo
• Henry Wang
• Jin Dong
• Krisztian Litkey
• Yang Yang

Changes

• Update go to 1.23.8 (#11717)
  • 5bcf0a95e use go1.23.8 as the default go version

... (truncated)

• fb4c30d Merge pull request #11717 from dmcgowan/backport-go-1.23.8
• d60230c Merge pull request #11713 from dmcgowan/prepare-v2.0.5
• 5bcf0a9 use go1.23.8 as the default go version
• 4838f33 update to go 1.24.2, 1.23.8
• a8082cd Prepare release notes for v2.0.5
• ab513cd Merge pull request #11710 from dmcgowan/backport-11707
• 58b715a Disable arm64 criu testing in GH Actions
• b4a53e8 disable portmap test in ubuntu-22 to make CI happy
• 4bcf472 add option to skip tests in critest
• ea7be04 Merge pull request #11698 from k8s-infra-cherrypick-robot/cherry-pick-11670-t...
• Additional commits viewable in compare view

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.0

What's Changed

• [v5] plumbing: support mTLS for HTTPS protocol by @​hiddeco in go-git/go-git#1510
• v5: plumbing: transport, Reintroduce SetHostKeyCallback. Fix #1514 by @​pjbgf in go-git/go-git#1515

Full Changelog: go-git/go-git@v5.15.0...v5.16.0

• 6d4a5c6 Merge pull request #1515 from pjbgf/regre
• beedd6b plumbing: transport, Reintroduce SetHostKeyCallback. Fix #1514
• 763ce2e Merge pull request #1510 from hiddeco/mtls-support
• 5320e1b plumbing: surface transport configuration errors
• 9bbc93b plumbing: fix unintended pointer mutation in test
• f3783f4 plumbing: support mTLS for HTTPS protocol
• See full diff in compare view

Sourced from github.com/moby/buildkit's releases.

v0.21.1

Welcome to the v0.21.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• Akihiro Suda
• Gleb Nebolyubov

Notable Changes

• Builtin Dockerfile frontend has been updated to v1.15.1.
• Fix buildctl --tlsdir for non-cert-manager.io tls certificate naming. #5950
• Fix panic when null cache options were sent using solve grpc API. #5925

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.21.0

• 66735c6 Merge pull request #5952 from jsternberg/v0.21.1-picks
• 73bda6d buildctl: fix tlsdir handling logic for cert-manager.io
• f0c85bf dockerui: update platforms key calculation
• 869d97b frontend/dockerui/build: fix "no scan targets for linux/arm64/v8"
• ebd9734 frontend/dockerui/build.go: split normalizePlatform()
• 0ded51e control: make sure sending nil cache options does not panic
• See full diff in compare view

Sourced from github.com/open-policy-agent/opa's releases.

v1.4.2

This is a bug fix release addressing the missing capabilities/v1.4.1.json in the v1.4.1 release.

v1.4.1

⚠️ Please skip this release and go straight to v1.4.2 ⚠️ This release is broken due to a mistake during the release process and the artifacts are missing a crucial capabilities file. Sorry for any inconvenience.

---

This is a security fix release for the fixes published in Go 1.24.1 and 1.24.2

• build: bump go to 1.24.2 (#7544) (authored by @​sspaink) Addressing CVE-2025-22870 and CVE-2025-22871 vulnerabilities in the Go runtime.

v1.4.0

This release contains a security fix addressing CVE-2025-46569. It also includes a mix of new features, bugfixes, and dependency updates.

Security Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (GHSA-6m8w-jc87-6cr7)

A vulnerability in the OPA server's Data API allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.
The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results. Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.

Users are only impacted if all of the following apply:

• OPA is deployed as a standalone server (rather than being used as a Go library)
• The OPA server is exposed outside of the local host in an untrusted environment.
• The configured authorization policy does not do exact matching of the input.path attribute when deciding if the request should be allowed.

or, if all of the following apply:

• OPA is deployed as a standalone server.
• The service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.

Note: With no Authorization Policy configured for restricting API access (the default configuration), the RESTful Data API provides access for managing Rego policies; and the RESTful Query API facilitates advanced queries. Full access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate. As such, OPA servers exposed to a network are not considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.

This issue affects all versions of OPA prior to 1.4.0.

See the Security Advisory for more details.

Reported by @​GamrayW, @​HyouKash, @​AdrienIT, authored by @​johanfylling

Runtime, Tooling, SDK

... (truncated)

Sourced from github.com/open-policy-agent/opa's changelog.

1.4.2

This is a bug fix release addressing the missing capabilities/v1.4.1.json in the v1.4.1 release.

1.4.1

This is a security fix release for the fixes published in Go 1.24.1 and 1.24.2

• build: bump go to 1.24.2 (#7544) (authored by @​sspaink) Addressing CVE-2025-22870 and CVE-2025-22871 vulnerabilities in the Go runtime.

1.4.0

This release contains a security fix addressing CVE-2025-46569. It also includes a mix of new features, bugfixes, and dependency updates.

Security Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (GHSA-6m8w-jc87-6cr7)

A vulnerability in the OPA server's Data API allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.
The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results. Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.

Users are only impacted if all of the following apply:

• OPA is deployed as a standalone server (rather than being used as a Go library)
• The OPA server is exposed outside of the local host in an untrusted environment.
• The configured authorization policy does not do exact matching of the input.path attribute when deciding if the request should be allowed.

or, if all of the following apply:

• OPA is deployed as a standalone server.
• The service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.

Note: With no Authorization Policy configured for restricting API access (the default configuration), the RESTful Data API provides access for managing Rego policies; and the RESTful Query API facilitates advanced queries. Full access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate. As such, OPA servers exposed to a network are not considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.

This issue affects all versions of OPA prior to 1.4.0.

See the Security Advisory for more details.

Reported by @​GamrayW, @​HyouKash, @​AdrienIT, authored by @​johanfylling

Runtime, Tooling, SDK

• ast: Adding rego_v1 feature to --v0-compatible capabilities (#7474) authored by @​johanfylling
• executable: Add version and icon to OPA windows executable (#3171) authored by @​sspaink reported by @​christophwille
• format: Don't panic on format due to unexpected comments (#6330) authored by @​sspaink reported by @​sirpi
• format: Avoid modifying strings when formatting (#6220) authored by @​sspaink reported by @​zregvart
• plugins/status: FIFO buffer channel for status events to prevent slow status API blocking (#7522) authored by @​sspaink

... (truncated)

• 5e4582b Prepare v1.4.2 release (#7547)
• 3b64aff Patch release v1.4.1 (#7545)
• 8b07202 Prepare v1.4.0 release (#7541)
• ad20632 Merge commit from fork
• 24ff9cf fix: return the raw strings when formatting (#7525)
• 254f3bf fix(status plugin): make sure the latest status is read before manually trigg...
• 9b5f601 docs: fix post merge badge (#7532)
• e490277 docs: Point path versioned requests to new sites (#7531)
• d65888c plugins/status: FIFO buffer channel for status events to prevent slow status ...
• eb77d10 docs: update edge links to use /docs/edge/ path (#7529)
• Additional commits viewable in compare view

Sourced from github.com/spf13/cast's releases.

v1.8.0

What's Changed

• Updates by @​sagikazarmark in spf13/cast#237
• Bump actions/setup-go from 4.0.1 to 4.1.0 by @​dependabot in spf13/cast#193
• Generic by @​sagikazarmark in spf13/cast#238
• Add unsigned integer support in ToStringSliceE function by @​nicklaus-dev in spf13/cast#200
• Add function to cast interface{} to []float64 by @​ste93cry in spf13/cast#179
• Add cast methods ToUintSlice by @​nmvalera in spf13/cast#236
• build(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 by @​dependabot in spf13/cast#240
• build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by @​dependabot in spf13/cast#239
• build(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by @​dependabot in spf13/cast#242
• Add ToInt64Slice() and ToInt64SliceE() by @​arui1628 in spf13/cast#234

New Contributors

• @​nicklaus-dev made their first contribution in spf13/cast#200
• @​ste93cry made their first contribution in spf13/cast#179
• @​nmvalera made their first contribution in spf13/cast#236
• @​arui1628 made their first contribution in spf13/cast#234

Full Changelog: spf13/cast@v1.7.1...v1.8.0

• 01004f2 Merge pull request #234 from arui1628/master
• 4f997d9 refactor: use generic toSlice for ToInt64SliceE
• 76b8370 Merge pull request #242 from spf13/dependabot/github_actions/github/codeql-ac...
• 0af7fb9 build(deps): bump github/codeql-action from 3.28.15 to 3.28.17
• 929f138 Add ToInt64Slice() and ToInt64SliceE()
• ac031ef Merge pull request #239 from spf13/dependabot/github_actions/github/codeql-ac...
• 79b62f3 Merge pull request #240 from spf13/dependabot/github_actions/actions/dependen...
• 1bd7e4f build(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0
• 0c806f9 build(deps): bump github/codeql-action from 2.13.4 to 3.28.15
• e929a71 Merge pull request #236 from nmvalera/master
• Additional commits viewable in compare view

Sourced from github.com/testcontainers/testcontainers-go/modules/localstack's releases.

v0.37.0

What's Changed

🔒 Security

• chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.35.0 in /modules/aerospike (#3105) @dependabot[bot]
• chore(pulsar): bump github.com/apache/pulsar-client-go from 0.10.0 to 0.14.0 in /modules/pulsar (#3100) @​mdelapenya
• chore(clickhouse): bump github.com/ClickHouse/clickhouse-go/v2 from 2.20.0 to 2.34.0 in /modules/clickhouse (#3099) @dependabot[bot]
• security(compose): upgrade github.com/docker/compose/v2 to fix security vulnerability (#3095) @​sigi-glovebox

🚀 Features

• feat(gcloud): add option to run firestore in datastore mode (#3009) @​Zarux
• feat: support for mounting images (#3044) @​mdelapenya
• feat(influxdb): support for influxdbv2 (#3072) @​xBlaz3kx
• feat: add WithReuseByName for modifying Generic Container Requests (#3064) @​jm96441n
• feat(postgres): add WithOrderedInitScripts for Postgres testcontainers (#3121) @​AlisCode
• feat(redis): add TLS support (#3115) @​mdelapenya
• feat: add Docker Model Runner module (#3106) @​mdelapenya
• feat: add toxiproxy module (#3092) @​mdelapenya
• feat(aerospike): add Aerospike module (#3094) @​MitulShah1
• feat: add more functional options to the modules API (#3070) @​mdelapenya
• feat: add arangodb module (#3083) @​mdelapenya
• feat: add socat container (#3071) @​mdelapenya

🐛 Bug Fixes

• fix: handle stopped containers more gracefully when reuse is enabled (#3062) @​georgespalding
• fix(mongodb): replica set initialization & connection handling (#2984) @​ttruongatl
• fix(dind): use docker image load (#3073) @​acouvreur
• fix(portforward): stop port-forward from the beforeStop container hook to the afterStop (#3047) @​prashantv
• fix: skip nil strategies in wait.ForAll (#3032) @​mdelapenya

📖 Documentation

• docs(socat): add missing version marker for new options (#3111) @​mdelapenya
• docs: fix reference to container types in Run function (#3102) @​mdelapenya
• docs: add dependabot configuration (#3074) @​acouvreur

🧹 Housekeeping

• chore(ci): close PR if it was sent from main (#3123) @​mdelapenya
• chore(ci): exclude more files for a full-blown build (#3122) @​mdelapenya
• chore(ci): run core tests on Testcontainers Cloud (#3117) @​mdelapenya
• chore(ci): revert codeql improvements for CI resiliency (#3112) @​mdelapenya
• chore(ci): reduce GH runners usage by calling codeql in the lint stage (#3108) @​mdelapenya
• chore(ci): run codeql on the modified modules (#3103) @​mdelapenya
• fix(mssql): reduce flakiness in tests (#3084) @​mdelapenya
• chore: bump golangci-lint to v2 (#3082) @​mdelapenya
• chore(gcloud): deprecate old gcp containers, creating subpackages for them (#3063) @​mdelapenya

... (truncated)

• 08e7b58 chore: use new version (v0.37.0) in modules and examples
• 9da8340 fix: handle stopped containers more gracefully when reuse is enabled (#3062)
• 37ce316 feat(gcloud): add option to run firestore in datastore mode (#3009)
• 224da6d feat: support for mounting images (#3044)
• 92b9255 chore(ci): close PR if it was sent from main (#3123)
• 8a498b7 feat: add WithReuseByName for modifying Generic Container Requests (#3064)
• 1c9b01b chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 (#3120)
• d7c1a2f chore(deps): bump mkdocs-include-markdown-plugin from 6.2.2 to 7.1.5 (#3119)
• c71d5c9 chore(deps): bump github.com/magiconair/properties from 1.8.9 to 1.8.10 (#3118)
• 7c6278f chore(ci): exclude more files for a full-blown build (#3122)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions