fix(deps): update module github.com/crc-org/crc/v2 to v2.42.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/crc-org/crc/v2	v2.38.0 -> v2.42.0

---

Release Notes

crc-org/crc (github.com/crc-org/crc/v2)

v2.42.0

Compare Source

v2.41.0: 2.41.0-4.16.7

Compare Source

Downloads are available at: https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/crc/2.41.0
To use these binaries follow the instructions at https://console.redhat.com/openshift/create/local to obtain the needed pull-secret.

---

Notable Changes

• OpenShift 4.16.7
• Podman
• OKD 4.15.0-0.okd-2024-02-23-163410
• Display Persistent volumes usage in the output for crc status for the MicroShift preset #​4265
• Use UEFI bootloader for crc instances on macOS #​4309
• Fixes a bug for podman-desktop by switching to using ed25519 keys for SSH to the crc instances #​4304

git shortlog

e6495fe cut v2.41.0
70535de build(deps): bump github.com/containers/gvisor-tap-vsock
80dcac9 test: fix ssh key path in podman tests
e222fc9 Update Openshift/microshift version to 4.16.7 (stable channel)
8bcc1b9 Revert "build(deps): bump github.com/golangci/golangci-lint in /tools"
ee36371 Rename GetRsaPrivateKeyPath to GetECDSAPrivateKeyPath for backward compatibility
7bb32ee ssh: Use ed25519 algorithm instead ECDSA
831c5f9 build(deps): bump github.com/golangci/golangci-lint in /tools
7b042f7 build(deps): bump golang.org/x/tools from 0.23.0 to 0.24.0 in /tools
8a88ac7 Fix: go-lint fixes for go tools 0.24.0 update
ab63fcd macos: Remove no longer needed code
896d7f4 macos: Boot the VM using UEFI
5c2c473 build(deps): bump github.com/containers/image/v5 from 5.32.0 to 5.32.1
a732394 build(deps): bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0
540c261 build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0
3e3c88c build(deps): bump libvirt.org/go/libvirtxml from 1.10005.0 to 1.10006.0
4ab724b build(deps): bump github.com/spf13/cast from 1.6.0 to 1.7.0
0f161e3 build(deps): bump golang.org/x/net from 0.27.0 to 0.28.0
9ebd0ec build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0
e28d25f Display PersistentVolumeUsage in crc status
7c63a82 build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0

v2.40.0: 2.40.0-4.16.4

Compare Source

Downloads are available at: https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/crc/2.40.0
To use these binaries follow the instructions at https://console.redhat.com/openshift/create/local to obtain the needed pull-secret.

---

Notable Changes

• OpenShift 4.16.4
• MicroShift 4.16.4
• OKD 4.15.0-0.okd-2024-02-23-163410

git shortlog

a14925b cut v2.40.0
759713f Doc: update macOS supported version requirement
75851ab update openshift and microshift bundles to 4.16.4
095b397 build(deps): bump github.com/onsi/gomega from 1.34.0 to 1.34.1
8c3504a build: Use $@​ in macos-amd64 target
3ed82fc build: Add go.mod/go.sum and Makefile to SOURCES
16cf22d build: Ensure binaries are rebuilt on any source change
0b5de9b build(deps): bump github.com/containers/image/v5 from 5.31.1 to 5.32.0
c24c448 update-go: Update script to get go major and minor version
ef819b2 Update libvirt driver to 0.13.9
6af4fb9 Add WaitForKubeAPIServerCertRenewal helper
b88f1e1 cluster: Update the location of aggregator-client certificate
beca62f start: Remove workaround to delete apiserver pod in case of aggregator-client-ca regenerated
e3d5e47 build(deps): bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1
db4810b build(deps): bump github.com/containers/gvisor-tap-vsock
ec24d65 Issue #​4279 Fix case sensitive WSL2 validation check
71b8eb6 new action that push qe images for new tag
2fa7958 build(deps): bump github.com/ProtonMail/go-crypto
56367f1 build(deps): bump github.com/ProtonMail/go-crypto
d93b545 clusteroperator: Ignore EvaluationConditionsDetected condition
54882f6 Show MicroShift version as part of 'version' command
1a915c7 build: replace amd64 with GOARCH in make target 'release'

v2.39.0: 2.39.0-4.16.0

Compare Source

Downloads are available at: https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/crc/2.39.0
To use these binaries follow the instructions at https://console.redhat.com/openshift/create/local to obtain the needed pull-secret.

---

Notable Changes

• OpenShift 4.16.0
• MicroShift 4.16.0
• OKD 4.15.0-0.okd-2024-02-23-163410
• Fixes a bug on windows where usernames with umlaut would cause crc setup to fail #​4249

NOTE: This release contains tech preview of arm64 for Linux

git shortlog

0849cb8 cut v2.39.0
a0fa656 e2e: update config feature to work with new libvirt driver name
aa46dad libvirt: Fix machine driver command name
c66f5d3 build(deps): bump libvirt.org/go/libvirtxml from 1.10003.0 to 1.10005.0
5ff9c5e windows: set text encodig for powershell to utf-8
d40cdbd build(deps): bump golang.org/x/tools from 0.22.0 to 0.23.0 in /tools
e6046ed build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0
16568b1 build(deps): bump golang.org/x/crypto from 0.24.0 to 0.25.0
6f668ef build(deps): bump golang.org/x/term from 0.21.0 to 0.22.0
142a009 build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0
d3534af Update openshift/microshift version to 4.16.0 (stable channel)
b3cf378 build: Update k8s and openshift go modules to sync with openshift-4.16
0dee66e [qe]e2e: wait longer for monitoring operator to avoid failures, pulling images delay may due to networking
22a112d [QE] fix not catch error for oc loginhttps://github.com/crc-org/crc/issues/41011
77c0f1f Spec: Append arch info for admin-helper and libvirt driver
926c78e libvirt/constants.go: Add arch info to download machine-driver-libvirt binary
589e152 constants/constants.go: Add arch info to admin-helper linux binary
66f9143 packaging: Don't build rpm for ppc64le arch
9c3edd3 Makefile: Use GOARCH for linux-release target
5b4318e Add support to generate aarch64 bits for Linux
9a55385 build(deps): bump github.com/ProtonMail/go-crypto
41beb85 build(deps): bump github.com/containers/image/v5 from 5.31.0 to 5.31.1

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/containers/common	v0.60.1-0.20241018183244-7e6f2b4d6de7 -> v0.60.3

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: renovate[bot]
Once this PR has been reviewed and has the lgtm label, please assign edsantiago for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[packit-as-a-service]

Ephemeral COPR build failed. @containers/packit-build please check.

[github-actions]

A friendly reminder that this PR had no activity for 30 days.

[Honny1]

/LGTM

[openshift-ci]

New changes are detected. LGTM label has been removed.

[mtrmac]

@Luap99 FYI As expected, Renovate is now unhappy with the hard-coded 1.21 in https://github.com/containers/automation/blob/4739c8921cc52a1c046c2d5248d88e6f8b8755de/renovate/defaults.json5#L126 .

Do we manually update every project before switching that?

[Luap99]

@Luap99 FYI As expected, Renovate is now unhappy with the hard-coded 1.21 in https://github.com/containers/automation/blob/4739c8921cc52a1c046c2d5248d88e6f8b8755de/renovate/defaults.json5#L126 .

Do we manually update every project before switching that?

If we update the version there then renovate starts proposing go 1.22 upgrades to projects on 1.21 with a toolchain version we do not want right? And these likely pass CI and someone might merge them because of that without knowing that we dislike toolchain. But then without it all the projects on 1.22 are broken so I guess we should just switch it there

I do wonder though if we can set the "constraints": {"go": "1.21"}, in the per project config file instead, then we do not have to update all at once.

[mtrmac]

@Luap99 FYI As expected, Renovate is now unhappy with the hard-coded 1.21 in https://github.com/containers/automation/blob/4739c8921cc52a1c046c2d5248d88e6f8b8755de/renovate/defaults.json5#L126 .
Do we manually update every project before switching that?

If we update the version there then renovate starts proposing go 1.22 upgrades to projects on 1.21 with a toolchain version we do not want right?

Do you mean that we want Go 1.22 on Podman but not on some of the other projects? (If so, we probably need to move the constraint from the shared file.) Or that we do want Go 1.22 everywhere, but if we let Renovate do it, it will use a high version in the toolchain directive? (If so, we can update to Go 1.22 in all projects manually, and then update the Renovate config.)

I do wonder though if we can set the "constraints": {"go": "1.21"}, in the per project config file instead, then we do not have to update all at once.

That’s almost certainly possible; this file is included in the various projects’ .github/renovate.json5.

[mtrmac]

without knowing that we dislike toolchain.

(BTW I now see projects requiring specific X.Y.Z. versions of go, e.g. go 1.22.5 in one dependency of c/image. That might be harder to avoid than the toolchain dependency.)

[Luap99]

but if we let Renovate do it, it will use a high version in the toolchain directive?

this

we can update to Go 1.22 in all projects manually

Right that is needed for the most projects anyway to fix CI configs to not run on f39 on cirrus and packit which makes this a PITA

Here are the other updates I did, I am not planning to work on the other repos migration bu happy to review
containers/common#2148
containers/buildah#5715

[Luap99]

If so, we can update to Go 1.22 in all projects manually, and then update the Renovate config

Right but until this is done the renovate PRs in the projects with go 1.22 will fail, so depending on how long the process takes this may not be wanted.
I think having this in the per project config is better as we can switch it together with the go.mod bump and not have to deal with broken renovate PRs

[mtrmac]

For the record, the other updates:
containers/skopeo#2417
containers/image#2550

---

I mostly tend to prefer having these settings shared and managed centrally; I think we can get the updates done in a small number of days — it’s very easy to ignore Renovate PRs for a few days, but creating those PRs to move the configuration is immediate work and an ongoing commitment.

[Luap99]

(BTW I now see projects requiring specific X.Y.Z. versions of go, e.g. go 1.22.5 in one dependency of c/image. That might be harder to avoid than the toolchain dependency.)

Do you know if this is intentionally on their end? This will suck big time.... What is even the point of forcing all consumers on a specific minor version? Just to ensure they build with specific go std bug fixes?? This will make tracking the versions really a pain, it is not just like were are dealing with fedora/debian upstream. Centos stream, epel/RHEL builds and so on. Other packagers that try to build podman, etc... we really cannot move the version requirements to fast.

I mostly tend to prefer having these settings shared and managed centrally; I think we can get the updates done in a small number of days — it’s very easy to ignore Renovate PRs for a few days, but creating those PRs to move the configuration is immediate work and an ongoing commitment.

Yes fair enough, as long as it takes a few days only I can live with the shared config.

[mtrmac]

(BTW I now see projects requiring specific X.Y.Z. versions of go, e.g. go 1.22.5 in one dependency of c/image. That might be harder to avoid than the toolchain dependency.)

Do you know if this is intentionally on their end?

In this case it’s things like sigstore/sigstore#1786 .

What is even the point of forcing all consumers on a specific minor version? Just to ensure they build with specific go std bug fixes?

The design intends to allow that, yes — and that notably includes security fixes. 1.22.5 does advertise security fixes.

This will make tracking the versions really a pain, it is not just like were are dealing with fedora/debian upstream. Centos stream, epel/RHEL builds and so on. Other packagers that try to build podman, etc... we really cannot move the version requirements to fast.

It seems to me that the primary restriction is on the 1.Y streams; within these streams, at least Fedora tends to update to 1.Y.X updates for security fixes rather than backport. I don’t know what Debian does.