chore(deps): update dependency concourse/concourse to v8

[renovate]

This PR contains the following updates:

Package	Update	Change
concourse/concourse	major	7.14.3 → 8.1.1

---

Release Notes

concourse/concourse (concourse/concourse)

v8.1.1

Compare Source

What's Changed

🐞 Bug Fixes

• return BreakoutError when symlink does not link to a path inside the destination by @​taylorsilva #​9486

🛠️ Misc. Changes

• use statically built versions of containerd binaries by @​taylorsilva concourse/ci#429

📦 Bundled Resource Types

Details

• bosh-io-release: v1.3.3
• bosh-io-stemcell: v1.5.3
• docker-image: v1.12.4
• git: v1.22.0
• github-release: v1.13.2
• hg: v1.5.2
• mock: v0.14.4
• pool: v1.7.2
• registry-image: v1.16.0
• s3: v2.5.3
• semver: v1.11.2
• time: v1.11.2

Full Changelog: concourse/concourse@v8.1.0...v8.1.1

v8.1.0

Compare Source

What's Changed

✈️ Features

• feat: allow glob patterning for get.passed by @​kcbimonte in #​9418
• Add metadata from get steps to the local build var by @​PentaHelix in #​9419
• Make container selection for fly intercept interactive and searchable by @​taylorsilva in #​9438
• Implement disable_reruns property for jobs by @​ceco556 in #​9463
• Add --containerd-allowed-device flag for cgroup device rules by @​mariash in #​9465
• Implement SearchBar for jobs in pipelines by @​ceco556 in #​9459

🐞 Bug Fixes

• fix(skymarshal): use HMAC-signed stateless OAuth state tokens by @​analytically in #​9387
• Fix down migration cleanup for resource_config_versions_version_md5 index by @​IvanChalukov in #​9426
• Fix down migration to fully restore rerun_of indexes by @​IvanChalukov in #​9428
• fix BUILD_URL when a pipeline has instance vars by @​taylorsilva in #​9431
• Ensure strings passed to containerd container properties only contain UTF8 runes by @​taylorsilva in #​9430
• Fix bugs related to baggageclaim logging not producing logs by @​geofffranks in #​9383
• Handle json null values in the resource_config_versions table during the sha256 migration by @​taylorsilva in #​9436
• fly: skip destroy confirmation when pipeline does not exist by @​railgun-0402 in #​9440
• fix: use JSON log format for containerd to match Concourse log format by @​railgun-0402 in #​9442
• Validate unknown fields in inline task configs by @​railgun-0402 in #​9445
• Improve error handling for async XHR during fly login by @​IvanChalukov in #​9450
• Fix some ways that overlay volumes leak and add more logging by @​taylorsilva in #​9451
• Volume sweeper removes orphaned volume artifacts by @​taylorsilva in #​9458

🛠️ Misc. Changes

• Refactor 9419 to have AsMap() as a func on []MetadataField by @​taylorsilva in #​9435
• Charm fly: port all fly user input interactions to charmbracelet/bubbletea by @​taylorsilva in #​9439
• Make error helpful when failing to stream rootfs metadata file by @​taylorsilva in #​9456
• Use @​lydell/elm to support building concourse on arm by @​akshaymankar in #​9452
• Run go fix on the project by @​taylorsilva in #​9461

❗ Known Issues

• There's a regression in the latest lib/pq release that we indirectly use via Dex. If you're using a Client key and certificate to connect to Postgresql, make sure the file permissions are set to 0640 or 0600. Any other setting (higher or lower) will result in the error error: failed to perform migrations: creating migration table: pq: private key has world access; permissions should be u=rw,g=r (0640) if owned by root, or u=rw (0600), or less
  • If you're using the Helm chart to deploy Concourse, the latest version 20.1.0 changes the file permissions of the Client key and cert to 0600. Previously it was 0400, which is how we discovered this issue.
  • lib/pq issue: lib/pq#1257

📦 Bundled Resource Types

Details

• bosh-io-release: v1.3.3
• bosh-io-stemcell: v1.5.3
• docker-image: v1.12.4
• git: v1.22.0
• github-release: v1.13.2
• hg: v1.5.2
• mock: v0.14.4
• pool: v1.7.2
• registry-image: v1.16.0
• s3: v2.5.3
• semver: v1.11.2
• time: v1.11.2

New Contributors

• @​kcbimonte made their first contributihttps://github.com/concourse/concourse/pull/9418l/9418
• @​geofffranks made their first contributihttps://github.com/concourse/concourse/pull/9383l/9383
• @​PentaHelix made their first contributihttps://github.com/concourse/concourse/pull/9419l/9419
• @​railgun-0402 made their first contributihttps://github.com/concourse/concourse/pull/9440l/9440
• @​akshaymankar made their first contributihttps://github.com/concourse/concourse/pull/9452l/9452

Full Changelog: concourse/concourse@v8.0.2...v8.1.0

v8.0.2

Compare Source

What's Changed

• We updated our build process to bring in newly compiled versions of the Linux container runtime dependencies (containerd, runc, CNI plugins, etc.). We grab most of these from Wolfi's APK repository. For runc, we needed a statically compiled version, so we compile that ourselves (pipeline here). The motivation for this was to clear out CVE's related to the version of Go that each of those binaries were compiled with. If you scan the Linux tarball in this release you should find no CVE's (at the time of publishing at least)
• Fix task caches by reverting #​9330 but keep using sha256 instead of sha1 by @​taylorsilva #​9429
  • As a side-note, you can define absolute paths for your task caches. See concourse/docs#583 for details

📦 Bundled Resource Types

Details

• bosh-io-release: v1.3.3
• bosh-io-stemcell: v1.5.3
• docker-image: v1.12.2
• git: v1.22.0
• github-release: v1.13.1
• hg: v1.5.1
• mock: v0.14.3
• pool: v1.7.1
• registry-image: v1.15.3
• s3: v2.5.2
• semver: v1.11.1
• time: v1.11.1

Full Changelog: concourse/concourse@v8.0.1...v8.0.2

v8.0.1

Compare Source

What's Changed

• Handle json null values in the resource_config_versions table during the sha256 migration by @​taylorsilva #​9436
• Fix down migration by @​IvanChalukov #​9426, #​9428
• Add flag to disable secret redaction CONCOURSE_DISABLE_REDACT_SECRETS by @​taylorsilva #​9433

📦 Bundled Resource Types

Details

• bosh-io-release: v1.3.2
• bosh-io-stemcell: v1.5.2
• docker-image: v1.12.0
• git: v1.21.0
• github-release: v1.13.0
• hg: v1.5.0
• mock: v0.14.2
• pool: v1.7.0
• registry-image: v1.15.2
• s3: v2.5.1
• semver: v1.11.0
• time: v1.11.0

Full Changelog: concourse/concourse@v8.0.0...v8.0.1

v8.0.0

Compare Source

Thank you to all the people that contributed to this release! You can read this blog post for an overview of the changes:

https://concourse-ci.org/blog/2026-01-15-v8---new-year-new-concourse-release/

What's Changed

🚨 Breaking Changes

• fly: drop support for deprecated {{old_style}} var resolution by @​vlfig in #​9194
• Switch use of md5 hashing to sha256 by @​IvanChalukov in #​9165
• Prevent resources from emitting empty versions by @​IvanChalukov in #​9293
• set containerd as the default runtime for linux workers by @​taylorsilva in #​9372
• Make pipeline instances always enabled by @​taylorsilva in #​9373
• Make across step always enabled by @​taylorsilva in #​9375
• change put.inputs to default to detect inputs by @​taylorsilva in #​9374
• redact secrets is always enabled by @​taylorsilva in #​9378

✈️ Features

• fly: harmonize strictness for set and validate by @​vlfig in #​9197
• Add --team flag to clear-versions command by @​mstandley-tempus in #​9334
• Add --non-interactive flag to clear-versions command by @​mstandley-tempus in #​9335
• driver: use -R flag for recursive btrfs subvolume deletion by @​analytically in #​9288
• Add broadcast message to Concourse cluster by @​ceco556 in #​9273
• Add support for setting containerd log-level (default to info) by @​analytically in #​9290
• add back the retrying sql driver by @​taylorsilva in #​9361
• add --oidc-issuer-url flag to decouple OIDC issuer from external URL by @​b1n9s in #​9358
• Add Go runtime memory and GC metrics by @​analytically in #​9331
• Add BUILD_URL and BUILD_URL_SHORT in StepMetadata.Env() by @​analytically in #​9296
• Scale job badges to fit custom titles of any length by @​analytically in #​9317
• feat: display team name in set_pipeline step header by @​analytically in #​9318
• Bump concourse/flag to v2.4.0 - Adds CONCOURSE_POSTGRES_APPLICATION_NAME to web command by @​taylorsilva in #​9370
• Add S2 compression option for streaming container volumes by @​analytically in #​9340
• Show pipeline last updated tooltip on pipeline name hover by @​analytically in #​9381
• Add SameSite attribute to authentication and CSRF cookies by @​Kump3r in #​9389
• worker: add fallback to ATC streaming when P2P fails by @​kurtmc in #​9390
• Have task steps fallback to the container's ENTRYPOINT/CMD if run.path is not specified by @​taylorsilva in #​9410
• feat(web): show red/orange background on group tabs when jobs fail or error by @​analytically in #​9407

🐞 Bug Fixes

• Fix error logging level for missing resource in ListJobInputs by @​analytically in #​9285
• Fix active_tasks going negative when MaxTasks == 0 by @​analytically in #​9320
• Fix fly validate-pipeline for idtoken var_source #​9310 by @​dbaumgarten in #​9319
• Fix time-based filtering returning incorrect builds by @​analytically in #​9298
• fix: use tolerance for scroll bottom detection to prevent auto-scrolling breaking by @​analytically in #​9303
• Fix Elm encoding bugs by @​analytically in #​9333
• fix: prevent panic in teams cache when notification listener fails by @​analytically in #​9311
• fix: only set scrolledToCurrentBuild flag when actually scrolling to current build by @​analytically in #​9322
• fix: correct LockTypeBuildTracking to factoryBuildTracking mapping by @​analytically in #​9308
• fix: vault userpass auth cannot be used by @​nouseforaname in #​9368
• fix(set_pipeline): evaluate InstanceVars ahead of other variables by @​aeijdenberg in #​9362
• Windows/baggageclaim: Retry initializing volumes on "Access is denied" errors by @​taylorsilva in #​9385
• Error on duplicate keys while not breaking pipelines that use yaml merge keys << by @​taylorsilva in #​9392
• fix issue where only one of max builds/days was set would result in the opposite value not being set all by @​taylorsilva in #​9393
• Windows: Ensure robocopy doesn't retry on errors for 347 days by @​taylorsilva in #​9395
• Replace rerun_of column with new bigint version by @​taylorsilva in #​9401
• fix: across step showing failed when nested retry succeeds by @​analytically in #​9406

🛠️ Misc. Changes

• nit: Typo, strategerizer to strategizer. by @​analytically in #​9141
• chore: correct spelling of 'CLI' throughout the codebase by @​analytically in #​9286
• Update TLS/SSH configs to prioritize Curve25519 by @​analytically in #​9289
• Add ptrace syscall to seccomp profile. Kernel requirement >= 4.8. by @​analytically in #​9297
• Nit: Remove sha1 usage and make task pwd less predictable by @​taylorsilva in #​9330
• Retry LoadProcess with fixed sleep for exec registration races by @​analytically in #​9337
• Remove unused minMaxIdQuery by @​taylorsilva in #​9339
• web: behaviour: use async XHR for fly login to fix browser shield blocking by @​ramonskie in #​9343
• allow CDN caching for hashed static assets by @​analytically in #​9326
• Fix inconsistent end time in inMemory Check Builds by @​analytically in #​9305
• replace left/right quotes in no builds message with straight quotes by @​analytically in #​9325
• Fix inconsistent time handling: standardize on PostgreSQL now() by @​analytically in #​9306
• fix: close SQL result sets immediately in JobsToSchedule loop by @​analytically in #​9309
• Organize the guardian and containerd flags for the worker command by @​taylorsilva in #​9377
• Migrate to go.yaml.in/yaml package by @​taylorsilva in #​9384
• Show deprecated warning message for pipelines that use job.build_logs_to_retain by @​taylorsilva in #​9409

📦 Bundled Resource Types

Details

• bosh-io-release: v1.3.2
• bosh-io-stemcell: v1.5.2
• docker-image: v1.12.0
• git: v1.21.0
• github-release: v1.13.0
• hg: v1.5.0
• mock: v0.14.2
• pool: v1.7.0
• registry-image: v1.15.2
• s3: v2.5.1
• semver: v1.11.0
• time: v1.11.0

New Contributors

• @​vlfig made their first contributihttps://github.com/concourse/concourse/pull/9194l/9194
• @​mstandley-tempus made their first contributihttps://github.com/concourse/concourse/pull/9334l/9334
• @​ceco556 made their first contributihttps://github.com/concourse/concourse/pull/9273l/9273
• @​b1n9s made their first contributihttps://github.com/concourse/concourse/pull/9358l/9358
• @​nouseforaname made their first contributihttps://github.com/concourse/concourse/pull/9368l/9368

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.