dockertest icon indicating copy to clipboard operation
dockertest copied to clipboard

Published 20 hours ago verified publisher icon ory

chore(deps): bump github.com/opencontainers/runc from 1.2.6 to 1.3.0

Open dependabot[bot] opened this issue 6 months ago • 0 comments
trafficstars

Bumps github.com/opencontainers/runc from 1.2.6 to 1.3.0.

Changelog

Sourced from github.com/opencontainers/runc's changelog.

Changelog

This file documents all notable changes made to this project since runc 1.0.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[1.3.0-rc.1] - 2025-03-04

No tengo miedo al invierno, con tu recuerdo lleno de sol.

libcontainer API

  • configs.CommandHook struct has changed, Command is now a pointer. Also, configs.NewCommandHook now accepts a *Command. (#4325)
  • The Process struct has User string field replaced with numeric UID and GID fields, and AdditionalGroups changed its type from []string to []int. Essentially, resolution of user and group names to IDs is no longer performed by libcontainer, so if a libcontainer user previously relied on this feature, now they have to convert names to IDs before calling libcontainer; it is recommended to use Go package github.com/moby/sys/user for that. (#3999)
  • Move libcontainer/cgroups to a separate repository. (#4618)

Fixed

  • runc exec -p no longer ignores specified ioPriority and scheduler settings. Similarly, libcontainer's Container.Start and Container.Run methods no longer ignore Process.IOPriority and Process.Scheduler settings. (#4585)
  • We no longer use F_SEAL_FUTURE_WRITE when sealing the runc binary, as it turns out this had some unfortunate bugs in older kernel versions and was never necessary in the first place. (#4641, #4640)
  • runc now uses a more flexible method of joining namespaces, which better matches the behaviour of nsenter(8). This is mainly useful for users that create a container with a runc-managed user namespace but want the container to join some externally-managed namespace as well. (#4492)
  • runc now properly handles joining time namespaces (such as with runc exec). Previously we would attempt to set the time offsets when joining, which would fail. (#4635, #4636)
  • Handle EINTR retries correctly for socket-related direct golang.org/x/sys/unix system calls. (#4637)
  • Handle close_range(2) errors more gracefully. (#4596)
  • Fix a stall issue that would happen if setting O_CLOEXEC with CloseExecFrom failed (#4599).
  • Handle errors on older kernels when resetting ambient capabilities more gracefully. (#4597)

Changed

  • runc now has an official release policy to help provide more consistency around our release schedules and better define our support policy for old

... (truncated)

Commits
  • 4ca628d VERSION: release v1.3.0
  • 889b4bd Merge pull request #4749 from rata/release-1.3
  • 60e2125 go.mod: Delete exclude directives
  • 8d2e095 Merge pull request #4744 from kolyshkin/1.3-4718
  • 7031f31 runc: embed version from VERSION file
  • 51b5267 runc --version: use a function
  • 3ffa349 Merge pull request #4745 from lifubang/1.3-golangcilint-2.0
  • 7b2b95d ci: bump to golangci-lint v2.0
  • 6a39b49 libct/intelrdt: fix staticcheck ST1020 warnings
  • 1ceca37 Fix staticcheck ST1020/ST1021 warnings
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar May 05 '25 14:05 dependabot[bot]