Skip to content

build(deps): bump github.com/containers/podman/v5 from 5.8.3 to 5.8.4#116

Merged
manusa merged 1 commit into
mainfrom
dependabot/go_modules/github.com/containers/podman/v5-5.8.4
Jun 27, 2026
Merged

build(deps): bump github.com/containers/podman/v5 from 5.8.3 to 5.8.4#116
manusa merged 1 commit into
mainfrom
dependabot/go_modules/github.com/containers/podman/v5-5.8.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/containers/podman/v5 from 5.8.3 to 5.8.4.

Release notes

Sourced from github.com/containers/podman/v5's releases.

v5.8.4

Security

  • This release addresses CVE-2026-57231, where a malicious image using malformed Env entries could cause host environment variables to leak into containers run based on the image, including the ability to use the * glob operator to leak large numbers of environment variables without knowing their exact names (GHSA-4hq8-gpf5-8p68).
  • The golang.org/x/crypto library has been updated to v0.53.0, addressing CVE-2026-39830 and CVE-2026-42508.

Bugfixes

  • Fixed a bug where the remote Podman client's podman save command would fail on Linux when using the -f oci-dir or -f docker-dir arguments.
Changelog

Sourced from github.com/containers/podman/v5's changelog.

5.8.4

Security

  • This release addresses CVE-2026-57231, where a malicious image using malformed Env entries could cause host environment variables to leak into containers run based on the image, including the ability to use the * glob operator to leak large numbers of environment variables without knowing their exact names (GHSA-4hq8-gpf5-8p68).
  • The golang.org/x/crypto library has been updated to v0.53.0, addressing CVE-2026-39830 and CVE-2026-42508.

Bugfixes

  • Fixed a bug where the remote Podman client's podman save command would fail on Linux when using the -f oci-dir or -f docker-dir arguments.
Commits
  • 5431df2 Bump to v5.8.4
  • f91e707 Update release notes for v5.8.4
  • 30a5433 Fix release email
  • 6eb839c Merge pull request #29040 from Luap99/v5.8
  • 38d3442 Windows installer tests: download v5.8.3 of the setup bundle
  • 6421567 build the swagger.yml on readthedocs
  • 5e36e30 Revert "docs: introduce custom version selector in api.html"
  • e489e00 Revert "docs: generate Reference version list from json file"
  • 0c6d54e readthedocs: update build env
  • b5fe1c5 Merge pull request #29027 from Luap99/v5.8
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/containers/podman/v5](https://github.com/containers/podman) from 5.8.3 to 5.8.4.
- [Release notes](https://github.com/containers/podman/releases)
- [Changelog](https://github.com/podman-container-tools/podman/blob/v5.8.4/RELEASE_NOTES.md)
- [Commits](podman-container-tools/podman@v5.8.3...v5.8.4)

---
updated-dependencies:
- dependency-name: github.com/containers/podman/v5
  dependency-version: 5.8.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 26, 2026
@manusa manusa added this to the 0.1.0 milestone Jun 27, 2026 — with automated-tasks

@manusa manusa left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thx!

@manusa manusa merged commit 35968a7 into main Jun 27, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/containers/podman/v5-5.8.4 branch June 27, 2026 04:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant