Bump github.com/containers/podman/v5 from 5.5.0 to 5.6.1 in /financial/polyglot-atm/go/bundb

[dependabot]

Bumps github.com/containers/podman/v5 from 5.5.0 to 5.6.1.

Release notes

Sourced from github.com/containers/podman/v5's releases.

v5.6.1

Security

• This release addresses CVE-2025-9566, where Kubernetes YAML run by podman play kube containing ConfigMap and Secret volumes can use crafted symlinks to overwrite content on the host.

Bugfixes

• Fixed a bug where network creation and removal events were displayed incorrectly when the journald events driver was in use.
• Fixed a bug where the --security-opt seccomp=unconfined option was broken on Windows (#26855).
• Fixed a bug where containers created with a name longer than 64 characters, no explicit hostname, the the container_name_as_hostname option in containers.conf set to true would fail to start.
• Fixed a bug where Podman would fail to start containers when runc 1.3.0 or later was used as the OCI runtime (#26938).

Misc

• Adjusted the systemd-tmpfiles script to recursively remove temporary files directories placed in /tmp, ensuring proper operation of Podman after a reboot if /tmp is not a tmpfs.
• Updated Buildah to v1.41.4
• Updated the containers/storage to v1.59.1
• Updated the containers/common library to v0.64.2

v5.6.0

Features

• A new set of commands for managing Quadlets has been added as podman quadlet install (install a new Quadlet for the current user), podman quadlet list (list installed Quadlets), podman quadlet print (print the contents of a Quadlet file), and podman quadlet rm (remove a Quadlet). These commands are presently not available with the remote Podman client - we expect support for this to arrive in a future release.
• Quadlet .container units can now specify environment variables without values in the Environment= key, retrieving the value from the host when the container is started (#26247).
• Quadlet .pod units now support two new keys, Label= (to set labels on the created pod) and ExitPolicy= (to set exit policy for the created pod) (#25961 and #25596).
• Quadlet .image units now support a new key, Policy=, to set pull policy for the image (e.g. pull always, pull only if newer version available) (#26446).
• Quadlet .network units now support a new key, InterfaceName=, to specify the name of the network interface created.
• The podman machine init command now supports a new option, --swap, enabling swap in the created virtual machine and setting it to a given size (in megabytes) (#15980).
• The --mount option to podman create and podman run now supports dest= as a valid alias for destination=.
• The podman kube play command can now restrict container execution to specific CPU cores and specific memory nodes using the io.podman.annotations.cpuset/$ctrname and io.podman.annotations.memory-nodes/$ctrname annotations (#26172).
• The podman kube play command now supports the lifecycle.stopSignal field in Pod YAML, allowing the signal used to stop containers to be specified (#25389).
• The podman artifact suite of commands for interacting with OCI artifacts is now available in the remote Podman client and the bindings for the REST API.
• The podman volume import and podman volume export commands are now available in the remote Podman client (#26049).
• The --build-context option to podman build is now supported by the remote Podman client (#23433).
• The podman volume create command now accepts two new options, --uid and --gid, to set the UID and GID the volume will be created with.
• The podman secret create command now has a new option, --ignore, causing the command to succeed even if a secret with the given name already exists.
• The podman pull command now has a new option, --policy, to configure pull policy.
• The --mount type=artifact option to podman create, podman run, and podman pod create now allows the filename of the artifact in the container to be set using the name= option (e.g. podman run --mount type=artifact,name=$NAME,...).
• The --tmpfs option to podman create and podman run now allows a new option, noatime, to be passed (e.g. podman run --tmpfs /run:noatime ...) (#26102).
• The podman update command now has a new option, --latest, to update the latest container instead of specifying a specific container (#26380).
• A new command, podman buildx inspect, has been added to improve Docker compatibility (#13014).

Breaking Changes

• Rosetta support in podman machine VMs has been disabled by default due to issues with newer Linux kernels. These issues have been addressed in the Tahoe beta, and we plan on re-enabling support for Rosetta in a future Podman release once the fix is in wider circulation. You can find more details here.

Changes

• In preparation for a planned removal of the BoltDB database in Podman 6.0, a warning has been added for installations still using BoltDB. These warnings are presently not visible by default, which will happen in Podman 5.7.
• The podman artifact suite of commands for interacting with OCI artifacts is now considered stable.
• For users running podman machine VMs using the libkrun provider on an M3 or newer host running macOS 15+, nested virtualization is enabled by default.
• When creating podman machine VMs on Windows using the WSL v2 provider, images are now pulled as artifacts from quay.io/podman/machine-os, matching the behavior of other VM providers.
• Signal forwarding done by the --sig-proxy option to podman run and podman attach is now more robust to races and no longer forwards the SIGSTOP signal.
• The podman system check --quick command now skips checking layer digests.
• Podman on Windows using the WSLv2 provider now prefers the WSL executable in C:\Program Files\Windows Subsystem for Linux\wsl.exe over the one in WindowsApps, avoiding common “access denied” issues (#25787).
• The --mount type=artifact option to podman create, podman run, and podman pod create now mounts artifacts containing a only a single blob as a file at the given destination path if the path does not exist in the image.

... (truncated)

Changelog

Sourced from github.com/containers/podman/v5's changelog.

5.6.1

Security

• This release addresses CVE-2025-9566, where Kubernetes YAML run by podman play kube containing ConfigMap and Secret volumes can use crafted symlinks to overwrite content on the host.

Bugfixes

• Fixed a bug where network creation and removal events were displayed incorrectly when the journald events driver was in use.
• Fixed a bug where the --security-opt seccomp=unconfined option was broken on Windows (#26855).
• Fixed a bug where containers created with a name longer than 64 characters, no explicit hostname, the the container_name_as_hostname option in containers.conf set to true would fail to start.
• Fixed a bug where Podman would fail to start containers when runc 1.3.0 or later was used as the OCI runtime (#26938).

Misc

• Adjusted the systemd-tmpfiles script to recursively remove temporary files directories placed in /tmp, ensuring proper operation of Podman after a reboot if /tmp is not a tmpfs.
• Updated Buildah to v1.41.4
• Updated the containers/storage to v1.59.1
• Updated the containers/common library to v0.64.2

5.6.0

Features

• A new set of commands for managing Quadlets has been added as podman quadlet install (install a new Quadlet for the current user), podman quadlet list (list installed Quadlets), podman quadlet print (print the contents of a Quadlet file), and podman quadlet rm (remove a Quadlet). These commands are presently not available with the remote Podman client - we expect support for this to arrive in a future release.
• Quadlet .container units can now specify environment variables without values in the Environment= key, retrieving the value from the host when the container is started (#26247).
• Quadlet .pod units now support two new keys, Label= (to set labels on the created pod) and ExitPolicy= (to set exit policy for the created pod) (#25961 and #25596).
• Quadlet .image units now support a new key, Policy=, to set pull policy for the image (e.g. pull always, pull only if newer version available) (#26446).
• Quadlet .network units now support a new key, InterfaceName=, to specify the name of the network interface created.
• The podman machine init command now supports a new option, --swap, enabling swap in the created virtual machine and setting it to a given size (in megabytes) (#15980).
• The --mount option to podman create and podman run now supports dest= as a valid alias for destination=.
• The podman kube play command can now restrict container execution to specific CPU cores and specific memory nodes using the io.podman.annotations.cpuset/$ctrname and io.podman.annotations.memory-nodes/$ctrname annotations (#26172).
• The podman kube play command now supports the lifecycle.stopSignal field in Pod YAML, allowing the signal used to stop containers to be specified (#25389).
• The podman artifact suite of commands for interacting with OCI artifacts is now available in the remote Podman client and the bindings for the REST API.
• The podman volume import and podman volume export commands are now available in the remote Podman client (#26049).
• The --build-context option to podman build is now supported by the remote Podman client (#23433).
• The podman volume create command now accepts two new options, --uid and --gid, to set the UID and GID the volume will be created with.
• The podman secret create command now has a new option, --ignore, causing the command to succeed even if a secret with the given name already exists.
• The podman pull command now has a new option, --policy, to configure pull policy.
• The --mount type=artifact option to podman create, podman run, and podman pod create now allows the filename of the artifact in the container to be set using the name= option (e.g. podman run --mount type=artifact,name=$NAME,...).
• The --tmpfs option to podman create and podman run now allows a new option, noatime, to be passed (e.g. podman run --tmpfs /run:noatime ...) (#26102).
• The podman update command now has a new option, --latest, to update the latest container instead of specifying a specific container (#26380).
• A new command, podman buildx inspect, has been added to improve Docker compatibility (#13014).

Breaking Changes

• Rosetta support in podman machine VMs has been disabled by default due to issues with newer Linux kernels. These issues have been addressed in the Tahoe beta, and we plan on re-enabling support for Rosetta in a future Podman release once the fix is in wider circulation. You can find more details here.

Changes

• In preparation for a planned removal of the BoltDB database in Podman 6.0, a warning has been added for installations still using BoltDB. These warnings are presently not visible by default, which will happen in Podman 5.7.
• The podman artifact suite of commands for interacting with OCI artifacts is now considered stable.
• For users running podman machine VMs using the libkrun provider on an M3 or newer host running macOS 15+, nested virtualization is enabled by default.
• When creating podman machine VMs on Windows using the WSL v2 provider, images are now pulled as artifacts from quay.io/podman/machine-os, matching the behavior of other VM providers.
• Signal forwarding done by the --sig-proxy option to podman run and podman attach is now more robust to races and no longer forwards the SIGSTOP signal.
• The podman system check --quick command now skips checking layer digests.
• Podman on Windows using the WSLv2 provider now prefers the WSL executable in C:\Program Files\Windows Subsystem for Linux\wsl.exe over the one in WindowsApps, avoiding common “access denied” issues (#25787).
• The --mount type=artifact option to podman create, podman run, and podman pod create now mounts artifacts containing a only a single blob as a file at the given destination path if the path does not exist in the image.

... (truncated)

Commits

• 1e2b231 Bump to v5.6.1
• 75c78eb Merge pull request #26990 from mheon/final_backports_561
• 9812c1f Final release notes for v5.6.1
• dcdaaf2 update tests duo to CRUN#1767 to support both values
• f93cad5 Fix a locking bug in that could cause a double-unlock
• bd0386f Add R! to systemd-tmpfiles script for all /tmp dirs
• 2a1a4df Merge pull request #26987 from TomSweeneyRedHat/dev/tsweeney/b1.41.4_v5.6
• aaf8b9d Merge commit from fork
• f532f36 [v5.6] Bump c/buildah v1.41.4, c/storage 1.59.1, and ...
• ca99418 kube play: don't follow volume symlinks onto the host
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.