Packages changed:
  cri-o (1.21.2 -> 1.22.0)
  libzypp (17.28.2 -> 17.28.3)
  zypper (1.14.48 -> 1.14.49)

=== Details ===

==== cri-o ====
Version update (1.21.2 -> 1.22.0)
Subpackages: cri-o-kubeadm-criconfig

- Update to version 1.22.0:
    Dependency-Change
  * Update runc within static binary bundle to v1.0.1
  * Update static binary bundle runc version to v1.0.0-rc94.
  * Update static binary bundle runc version to v1.0.0-rc95.
  * Updated crun in static binary bundle to v0.20.1
    Deprecation
  * The internal_wipe option is now true by default.
    Further, it is being deprecated, and will be unconditionally true in the future.
    API Change
  * Update how the resources for a workload is specified. Now, to override a workload,
    the pod must have the annotation $prefix/$ctr_name = {"$resource_type": "$resource_value"}.
    The workloads feature has also been marked as experimental, which should have happened
    from the beginning.
    Feature
  * Added --metrics-collectors/metrics_collectors configuration to enable or disable certain metrics.
  * All metrics collectors are enabled per default.
  * Added crio_image_pulls_layer_size histogram metric to get insights about all pulled layer sizes.
  * Added build tags as well as AppArmor and seccomp status to crio version output.
  * Added generation of self-signed certificates for the secure metrics endpoint
  * if the provided cert and key paths are not available on disk.
  * Added secure metrics endpoint configuration options
  * Added structural logging of container ID, sandbox ID and process ID on container start.
  * Automatically reload metrics TLS certificate and key if any of those specified files change.
  * CNI plugins are now passed a K8S_POD_UID environment variable containing the pod UID
    this sandbox was started for.
  * Changed the logging behavior of klog messages to be included in the CRI-O logs.
  * The klog info verbositry is converted to CRI-O debug to lower the log verbosity.
  * Cri-o now does not limit the DNS search paths.
  * Enable the "volatile" option for the overlay drivers when it is supported by the underlying kernel.
  * Rootless: enable resource limit when cgroup v2 controllers are delegated.
  * Support io.kubernetes.cri.blockio-class container annotation for specifying blockio class.
  * Support blockio.resources.beta.kubernetes.io/pod pod annotation for specifying the default blockio
    class to all containers in the pod.
  * Support blockio.resources.beta.kubernetes.io/container.NAME pod annotation for specifying
    the blockio class of the NAME container in the pod.
  * Add blockio_config_file config file option (and corresponding --blockio-config-file for command line)
    for configuring blockio classes and their cgroups blockio controller parameters.
  * Support io.kubernetes.cri.rdt-class container annotation for specifying RDT class.
  * Add rdt_config_file config file option (and corresponding --rdt-config-file for command line)
    for configuring the resctrl pseudo-filesystem.
  * The config field drop_infra_ctr is now true by default
  * The runtime_config_path option, which allows to specify the path of the runtime configuration file,
    is now supported by CRI-O. This is specific to the VM runtime type.
  * Validate certificate dates for TLS metrics endpoint
    Design
  * Drop support for the crio.shutdown.
  * ExecSync requests now don't use conmon, instead calling the runtime directly, which reduces overhead.
    Bug or Regression
  * Add support for absent_mount_sources_to_reject, which allows admins to configure paths that,
    when mounted into a container despite not existing on the host, causes a container creation
    request to fail. This is useful for paths like /etc/hostname, which causes trouble as a directory,
    but possibly shouldn't be created as a file either (in the case of a dynamic hostname).
  * Add symlink /proc/mounts on /etc/mtab to container
  * Add the config field internal_wipe which moves the responsibility of wiping containers after a reboot
    and images after an upgrade from the external binary crio wipe to the main crio server.
    This has a handful of advantages, the main one being crio is now better able to cleanup CNI resources after a reboot.
  * Allow users to customize conmon's resources if a pod is in a workload.
  * CRI-O now logs when it is using cgroupv2
  * Fix a bug in internal_wipe that would mean CNI resources would be leaked across reboots.
  * Fix a bug where CRI-O can't work with runc 1.0.0-rc93 because of an incorrectly specified list of capabilities
  * Fix a bug where CRI-O would leak opened files for namespaces on a server restore
  * Fix a bug where crio config would print a string for privileged_without_host_devices, not a boolean
  * Fix a bug where a container exec process received a little less time than the timeout provided
  * Fix a bug where an exec sync timeout would fail to cleanup the runtime exec process
  * Fix a bug where cAdvisor couldn't read the disk usage of a pod with a dropped infra container
  * Fix a bug where duplicate requests would stall even if the pod or container was already created
  * Fix a bug where server startup was significantly slowed down by attempting to clean up CNI resources after a reboot.
  * Fix a performance regression with exec probes
  * Fix a segfault when CRI-O has takes more than 8 minutes to create a pod or container
  * Fix an RSS regression with exec sync requests
  * Fix an issue where a container started with a terminal fails on exec sync calls
  * Fix drop ALL and add back few caps behavior to not include the default configured capabilities
  * Fix potential panic when reopening a container's log
  * Fixed bug where it was not possible to run containers using the default or no seccomp profile on
  * seccomp disabled builds/machines
  * Fixed bug where runtime VM created containers never reach their completed state.
  * Fixed linkmode detection for on en_US systems crio version
  * Fixed runtime panic for layers lockfile if its parent directory does not exist.
  * Added support for repositories in auth.json
  * Re-attempt setting up conmon's cgroup if it fails on EAGAIN from dbus
  * Reduce the permission on the listen socket to 0660
  * Reuse connection when connecting to dbus, as well as reattempt the connection if it fails temporarily
  * The privileged_without_host_devices flag can now be given a an additional parameter to configure a runtime
  * Wait for CNI plugins to be ready before starting non-host-network pods, to allow pods that may run CNI
    plugins to start faster
    Other (Cleanup or Flake)
  * Add systemd After=crio.service to containers and conmon
  * Switched build artifacts to be published via the cri-o bucket.
  * Use build tag for linkmode detection on crio version.
    Uncategorized
  * Add Particule as adopters
  * Add --device-ownership-from-security-context which allows an admin to specify devices be configured
    to be owned by the container user and group, rather than unconditionally *   being root.
  * Added internal/process/defunct_processes.go and crio_processes_defunct metric to collect
    the total number of defunct/zombie processes in a node.
  * Raise a warning when creating a bind mount on the container root

==== libzypp ====
Version update (17.28.2 -> 17.28.3)

- CMake/spec: Add option to force SINGLE_RPMTRANS as default for
  zypper (fixes #340)
- Make sure singleTrans is zypper-only for now.
- Do not double check signatures and keys (bsc#1190059)
- version 17.28.3 (22)

==== zypper ====
Version update (1.14.48 -> 1.14.49)
Subpackages: zypper-needs-restarting

- Avoid calling 'su' to detect a too restrictive sudo user umask
  (bsc#1186602)
- Fix typo in German translation (fixes #395)
- BuildRequires:  libzypp-devel >= 17.28.3.
- version 1.14.49