Bump github.com/containers/podman/v4 from 4.7.2 to 4.8.0

[dependabot]

Bumps github.com/containers/podman/v4 from 4.7.2 to 4.8.0.

Release notes

Sourced from github.com/containers/podman/v4's releases.

v4.8.0

Features

• Podman machine now supports HyperV as a provider on Windows. This option can be set via the CONTAINERS_MACHINE_PROVIDER environment variable, or via containers.conf. HyperV requires Powershell to be run as Admin. Note that running WSL and HyperV machines at the same time is not supported.
• The podman build command now supports Containerfiles with heredoc syntax.
• The podman login and podman logout commands now support a new option, --compat-auth-file, which allows for editing Docker-compatible config files (#18617).
• The podman machine init and podman machine set commands now support a new option, --usb, which sets allows USB passthrough for the QEMU provider (#16707).
• The --ulimit option now supports setting -1 to indicate the maximum limit allowed for the current process (#19319).
• The podman play kube command now supports the BUILDAH_ISOLATION environment variable to change build isolation when the --build option is set (#20024).
• The podman volume create command now supports --opt o=size=XYZ on tmpfs file systems (#20449).
• The podman info command for remote calls now reports client information even if the remote connection is unreachable
• Added a new field, privileged, to containers.conf, which sets the defaults for the --privileged flag when creating, running or exec'ing into a container.
• The podman kube play command now supports setting DefaultMode for volumes (#19313).
• The --opt option to the podman network create command now accepts a new driver specific option, vrf, which assigns a VRF to the bridge interface.
• A new option --rdt-class=COS has been added to the podman create and podman run commands that enables assigning a container to a Class Of Service (COS). The COS has to be pre-configured based on a pseudo-filesystem created by the resctrl kernel driver that enables interacting with the Intel RDT CAT feature.
• The podman kube play command now supports a new option, --publish-all, which exposes all containerPorts on the host.
• The --filter option now supports label!=, which filters for containers without the specified label.

Upcoming Deprecations

• We are beginning development on Podman 5.0, which will include a number of breaking changes and deprecations. We are still finalizing what will be done, but a preliminary list is below. Please note that none of these changes are present in Podman 4.8; this is a preview of upcoming changes.
• Podman 5.0 will deprecate the BoltDB database backend. Exact details on the transition to SQLite are still being decided - expect more news here soon.
• The containers.conf configuration file will be broken up into multiple separate files, ensuring that it will never be rewritten by Podman.
• Support for the CNI network backend and Cgroups V1 are being deprecated and gated by build tags. They will not be enabled in Podman builds by default.
• A variety of small breaking changes to the REST API are planned, both to improve Docker compatibility and to better support containers.conf settings when creating and managing containers.

Changes

• Podman now defaults to sqlite as its database backend. For backwards compatibility, if a boltdb database already exists on the system, Podman will continue using it.
• RHEL Subscriptions from the host now flow through to quay.io/podman/* images.
• The --help option to the podman push command now shows the compression algorithm used.
• The remote Podman client’s commit command now shows progress messages (#19947).
• The podman kube play command now sets the pod hostname to the node/machine name when hostNetwork=true in k8s yaml (#19321).
• The --tty,-t option to the podman exec command now defines the TERM environment variable even if the container is not running with a terminal (#20334).
• Podman now also uses the helper_binaries_dir option in containers.conf to lookup the init binary (catatonit).
• Podman healthcheck events are now logged as notices.
• Podman machines no longer automatically update, preventing accidental service interruptions (#20122).
• The amount of CPUs a podman machine uses now defaults to available cores/2 (#17066).
• Podman machine now prohibits using provider names as machine names. applehv, qemu, wsl, and hyperv are no longer valid Podman machine names

Quadlet

• Quadlet now supports the UIDMap, GIDMap, SubUIDMap, and SubGIDMap options in .container files.
• Fixed a bug where symlinks were not resolved in search paths (#20504).
• Quadlet now supports the ReadOnlyTmpfs option.
• The VolatileTmpfs option is now deprecated.
• Quadlet now supports systemd specifiers in User and Group keys.
• Quadlet now supports ImageName for .image files.
• Quadlet now supports a new option, --force, to the stop command.
• Quadlet now supports the oneshot service type for .kube files, which allows yaml files without containers.
• Quadlet now supports podman level arguments (#20246).
• Fixed a bug where Quadlet would crash when specifying non key-value options (#20104).
• Quadlet now removes anonymous volumes when removing a container (#20070).

... (truncated)

Changelog

Sourced from github.com/containers/podman/v4's changelog.

4.8.0

Features

• Podman machine now supports HyperV as a provider on Windows. This option can be set via the CONTAINERS_MACHINE_PROVIDER environment variable, or via containers.conf. HyperV requires Powershell to be run as Admin. Note that running WSL and HyperV machines at the same time is not supported.
• The podman build command now supports Containerfiles with heredoc syntax.
• The podman login and podman logout commands now support a new option, --compat-auth-file, which allows for editing Docker-compatible config files (#18617).
• The podman machine init and podman machine set commands now support a new option, --usb, which sets allows USB passthrough for the QEMU provider (#16707).
• The --ulimit option now supports setting -1 to indicate the maximum limit allowed for the current process (#19319).
• The podman play kube command now supports the BUILDAH_ISOLATION environment variable to change build isolation when the --build option is set (#20024).
• The podman volume create command now supports --opt o=size=XYZ on tmpfs file systems (#20449).
• The podman info command for remote calls now reports client information even if the remote connection is unreachable
• Added a new field, privileged, to containers.conf, which sets the defaults for the --privileged flag when creating, running or exec'ing into a container.
• The podman kube play command now supports setting DefaultMode for volumes (#19313).
• The --opt option to the podman network create command now accepts a new driver specific option, vrf, which assigns a VRF to the bridge interface.
• A new option --rdt-class=COS has been added to the podman create and podman run commands that enables assigning a container to a Class Of Service (COS). The COS has to be pre-configured based on a pseudo-filesystem created by the resctrl kernel driver that enables interacting with the Intel RDT CAT feature.
• The podman kube play command now supports a new option, --publish-all, which exposes all containerPorts on the host.
• The --filter option now supports label!=, which filters for containers without the specified label.

Upcoming Deprecations

• We are beginning development on Podman 5.0, which will include a number of breaking changes and deprecations. We are still finalizing what will be done, but a preliminary list is below. Please note that none of these changes are present in Podman 4.8; this is a preview of upcoming changes.
• Podman 5.0 will deprecate the BoltDB database backend. Exact details on the transition to SQLite are still being decided - expect more news here soon.
• The containers.conf configuration file will be broken up into multiple separate files, ensuring that it will never be rewritten by Podman.
• Support for the CNI network backend and Cgroups V1 are being deprecated and gated by build tags. They will not be enabled in Podman builds by default.
• A variety of small breaking changes to the REST API are planned, both to improve Docker compatibility and to better support containers.conf settings when creating and managing containers.

Changes

• Podman now defaults to sqlite as its database backend. For backwards compatibility, if a boltdb database already exists on the system, Podman will continue using it.
• RHEL Subscriptions from the host now flow through to quay.io/podman/* images.
• The --help option to the podman push command now shows the compression algorithm used.
• The remote Podman client’s commit command now shows progress messages (#19947).
• The podman kube play command now sets the pod hostname to the node/machine name when hostNetwork=true in k8s yaml (#19321).
• The --tty,-t option to the podman exec command now defines the TERM environment variable even if the container is not running with a terminal (#20334).
• Podman now also uses the helper_binaries_dir option in containers.conf to lookup the init binary (catatonit).
• Podman healthcheck events are now logged as notices.
• Podman machines no longer automatically update, preventing accidental service interruptions (#20122).
• The amount of CPUs a podman machine uses now defaults to available cores/2 (#17066).
• Podman machine now prohibits using provider names as machine names. applehv, qemu, wsl, and hyperv are no longer valid Podman machine names

Quadlet

• Quadlet now supports the UIDMap, GIDMap, SubUIDMap, and SubGIDMap options in .container files.
• Fixed a bug where symlinks were not resolved in search paths (#20504).
• Quadlet now supports the ReadOnlyTmpfs option.
• The VolatileTmpfs option is now deprecated.
• Quadlet now supports systemd specifiers in User and Group keys.
• Quadlet now supports ImageName for .image files.
• Quadlet now supports a new option, --force, to the stop command.
• Quadlet now supports the oneshot service type for .kube files, which allows yaml files without containers.
• Quadlet now supports podman level arguments (#20246).
• Fixed a bug where Quadlet would crash when specifying non key-value options (#20104).
• Quadlet now removes anonymous volumes when removing a container (#20070).

... (truncated)

Commits

• c4dfcf1 Bump to v4.8.0
• 0efc6ea Update release notes for 4.8.0
• 01ecd17 Merge pull request #20791 from mheon/deprecations_upcoming
• 4b95c6c Add notes on upcoming deprecations to release notes
• 19ab233 Merge pull request #20782 from TomSweeneyRedHat/dev/tsweeney/1.33.2
• 1c1477d [v4.8] Bump to Buildah v1.33.2
• efc88e5 Merge pull request #20751 from ashley-cui/48relno
• f021551 [CI:DOCS] Update release notes
• 99039f8 Merge pull request #20741 from openshift-cherrypick-robot/cherry-pick-20739-t...
• 697e66c machine applehv: create better error on start failure
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #1765 (7d9274a) into main (268fa5e) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1765   +/-   ##
=======================================
  Coverage   51.86%   51.86%           
=======================================
  Files         144      144           
  Lines       13967    13967           
=======================================
  Hits         7244     7244           
  Misses       5907     5907           
  Partials      816      816