build(deps): bump the clap group across 1 directory with 1 update

Bumps the clap group with 1 update in the /src/tools/trace-forwarder directory: [clap](https://github.com/clap-rs/clap).


Updates `clap` from 4.5.40 to 4.6.0
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.40...clap_complete-v4.6.0)

Updates `clap` from 4.5.40 to 4.6.0
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.40...clap_complete-v4.6.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-version: 4.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
- dependency-name: clap
  dependency-version: 4.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: clap
...

Signed-off-by: dependabot[bot] <support@github.com>

Cargo.lock

@@ -4031,15 +4031,6 @@ dependencies = [
  "syn 2.0.117",
 ]
 
-[[package]]
-name = "msvc_spectre_libs"
-version = "0.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "29e871a9861f3664f18b7e04e9301d4edd55090c2dadb4b1c602e26ab32b1f5b"
-dependencies = [
- "cc",
-]
-
 [[package]]
 name = "multimap"
 version = "0.8.3"
@@ -5901,22 +5892,18 @@ checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a"
 
 [[package]]
 name = "regorus"
-version = "0.9.1"
+version = "0.2.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "656c9768f1d2113590ebc05e2e342a9f76baa97a445f2928f24eec9ae1fb14ac"
+checksum = "843c3d97f07e3b5ac0955d53ad0af4c91fe4a4f8525843ece5bf014f27829b73"
 dependencies = [
  "anyhow",
  "data-encoding",
  "lazy_static",
- "msvc_spectre_libs",
- "num-bigint",
- "num-traits",
- "rand 0.9.2",
+ "rand 0.8.5",
  "regex",
+ "scientific",
  "serde",
  "serde_json",
- "spin",
- "thiserror 2.0.18",
 ]
 
 [[package]]
@@ -6548,6 +6535,26 @@ dependencies = [
  "syn 2.0.117",
 ]
 
+[[package]]
+name = "scientific"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38a4b339a8de779ecb098a772ecbba2ace74e23ed959a5b4f30631d8bf1799a8"
+dependencies = [
+ "scientific-macro",
+]
+
+[[package]]
+name = "scientific-macro"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d2ee4885492bb655bfa05d039cd9163eb8fe9f79ddebf00ca23a1637510c2fd2"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
 [[package]]
 name = "scopeguard"
 version = "1.2.0"
@@ -7119,12 +7126,6 @@ dependencies = [
  "windows-sys 0.61.2",
 ]
 
-[[package]]
-name = "spin"
-version = "0.9.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
-
 [[package]]
 name = "stable_deref_trait"
 version = "1.2.1"

src/agent/policy/Cargo.toml

@@ -16,7 +16,7 @@ serde.workspace = true
 serde_json.workspace = true
 
 # Agent Policy
-regorus = { version = "0.9.1", default-features = false, features = [
+regorus = { version = "0.2.8", default-features = false, features = [
     "arc",
     "base64",
     "base64url",

src/runtime/Makefile

@@ -506,6 +506,8 @@ ifneq (,$(QEMUCMD))
     # Best practice for production is to set this to true
     DEFSANDBOXCGROUPONLY_NV = true
 
+    DEFENABLEVCPUPINNING_NV = true
+
     ifneq (,$(QEMUFW))
         FIRMWAREPATH := $(PREFIXDEPS)/share/$(EDK2_NAME)/$(QEMUFW)
     endif
@@ -679,6 +681,7 @@ USER_VARS += KERNELVERITYPARAMS_NV
 USER_VARS += KERNELVERITYPARAMS_CONFIDENTIAL_NV
 USER_VARS += DEFAULTTIMEOUT_NV
 USER_VARS += DEFSANDBOXCGROUPONLY_NV
+USER_VARS += DEFENABLEVCPUPINNING_NV
 USER_VARS += DEFROOTFSTYPE
 USER_VARS += MACHINETYPE
 USER_VARS += KERNELDIR

src/runtime/config/configuration-qemu-nvidia-gpu-snp.toml.in

@@ -645,7 +645,7 @@ disable_guest_seccomp = @DEFDISABLEGUESTSECCOMP@
 # vCPUs pinning settings
 # if enabled, each vCPU thread will be scheduled to a fixed CPU
 # qualified condition: num(vCPU threads) == num(CPUs in sandbox's CPUSet)
-enable_vcpus_pinning = false
+enable_vcpus_pinning = @DEFENABLEVCPUPINNING_NV@
 
 # Apply a custom SELinux security policy to the container process inside the VM.
 # This is used when you want to apply a type other than the default `container_t`,

src/runtime/config/configuration-qemu-nvidia-gpu-tdx.toml.in

@@ -622,7 +622,7 @@ disable_guest_seccomp = @DEFDISABLEGUESTSECCOMP@
 # vCPUs pinning settings
 # if enabled, each vCPU thread will be scheduled to a fixed CPU
 # qualified condition: num(vCPU threads) == num(CPUs in sandbox's CPUSet)
-enable_vcpus_pinning = false
+enable_vcpus_pinning = @DEFENABLEVCPUPINNING_NV@
 
 # Apply a custom SELinux security policy to the container process inside the VM.
 # This is used when you want to apply a type other than the default `container_t`,

src/runtime/config/configuration-qemu-nvidia-gpu.toml.in

@@ -624,7 +624,7 @@ disable_guest_seccomp = @DEFDISABLEGUESTSECCOMP@
 # vCPUs pinning settings
 # if enabled, each vCPU thread will be scheduled to a fixed CPU
 # qualified condition: num(vCPU threads) == num(CPUs in sandbox's CPUSet)
-enable_vcpus_pinning = false
+enable_vcpus_pinning = @DEFENABLEVCPUPINNING_NV@
 
 # Apply a custom SELinux security policy to the container process inside the VM.
 # This is used when you want to apply a type other than the default `container_t`,

src/runtime/virtcontainers/pkg/agent/protocols/grpc/agent.pb.go

@@ -3411,7 +3411,7 @@ type Storage struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Driver is used to define the way the storage is passed through the
-	// virtual machine. It can be "blk", or something else, but for
+	// virtual machine. It can be "9p", "blk", or something else, but for
 	// all cases, this will define if some extra steps are required before
 	// this storage gets mounted into the container.
 	Driver string `protobuf:"bytes,1,opt,name=driver,proto3" json:"driver,omitempty"`
@@ -3427,7 +3427,7 @@ type Storage struct {
 	Source string `protobuf:"bytes,3,opt,name=source,proto3" json:"source,omitempty"`
 	// Fstype represents the filesystem that needs to be used to mount the
 	// storage inside the VM. For instance, it could be "xfs" for block
-	// device, or "tmpfs" for shared /dev/shm.
+	// device, "9p" for shared filesystem, or "tmpfs" for shared /dev/shm.
 	Fstype string `protobuf:"bytes,4,opt,name=fstype,proto3" json:"fstype,omitempty"`
 	// Options describes the additional options that might be needed to
 	// mount properly the storage filesystem.

src/tools/agent-ctl/Cargo.toml

@@ -41,7 +41,7 @@ serde = { version = "1.0.131", features = ["derive"] }
 serde_json = "1.0.73"
 
 # Image pull/unpack
-image-rs = { git = "https://github.com/confidential-containers/guest-components", tag = "v0.18.0", features = [
+image-rs = { git = "https://github.com/confidential-containers/guest-components", rev = "de3f6ff62aa736619b80d99dfca5bc3d2c9a799d", features = [
     "oci-client-rustls",
     "signature-cosign-rustls",
 ] }

src/tools/trace-forwarder/Cargo.lock

@@ -19,9 +19,9 @@ dependencies = [
 
 [[package]]
 name = "anstream"
-version = "0.6.19"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "301af1932e46185686725e0fad2f8f2aa7da69dd70bf6ecc44d6b703844a3933"
+checksum = "824a212faf96e9acacdbd09febd34438f8f711fb84e09a8916013cd7815ca28d"
 dependencies = [
  "anstyle",
  "anstyle-parse",
@@ -34,15 +34,15 @@ dependencies = [
 
 [[package]]
 name = "anstyle"
-version = "1.0.11"
+version = "1.0.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "862ed96ca487e809f1c8e5a8447f6ee2cf102f846893800b20cebdf541fc6bbd"
+checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000"
 
 [[package]]
 name = "anstyle-parse"
-version = "0.2.7"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e7644824f0aa2c7b9384579234ef10eb7efb6a0deb83f9630a49594dd9c15c2"
+checksum = "52ce7f38b242319f7cabaa6813055467063ecdc9d355bbb4ce0c68908cd8130e"
 dependencies = [
  "utf8parse",
 ]
@@ -172,18 +172,18 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.40"
+version = "4.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "40b6887a1d8685cebccf115538db5c0efe625ccac9696ad45c409d96566e910f"
+checksum = "b193af5b67834b676abd72466a96c1024e6a6ad978a1f484bd90b85c94041351"
 dependencies = [
  "clap_builder",
 ]
 
 [[package]]
 name = "clap_builder"
-version = "4.5.40"
+version = "4.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e0c66c08ce9f0c698cbce5c0279d0bb6ac936d8674174fe48f736533b964f59e"
+checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f"
 dependencies = [
  "anstream",
  "anstyle",
@@ -193,9 +193,9 @@ dependencies = [
 
 [[package]]
 name = "clap_lex"
-version = "0.7.5"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b94f61472cee1439c0b966b47e3aca9ae07e45d070759512cd390ea2bebc6675"
+checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9"
 
 [[package]]
 name = "codespan-reporting"

src/tools/trace-forwarder/Cargo.toml

@@ -12,7 +12,7 @@ license = "Apache-2.0"
 
 [dependencies]
 futures = "0.3.15"
-clap = { version = "4.5.40", features = ["cargo"] }
+clap = { version = "4.6.0", features = ["cargo"] }
 vsock = "0.2.3"
 nix = { version = "0.30.1", features = ["fs", "user"] }
 libc = "0.2.94"

versions.yaml

@@ -292,7 +292,7 @@ externals:
   coco-guest-components:
     description: "Provides attested key unwrapping for image decryption"
     url: "https://github.com/confidential-containers/guest-components/"
-    version: "30b552e7841b10e656fa28cf643ed25b9d45e33f"
+    version: "de3f6ff62aa736619b80d99dfca5bc3d2c9a799d"
     toolchain: "1.90.0"
 
   coco-trustee: