lifubang
34e84588af
downgrade github.com/cyphar/filepath-securejoin from v0.6.0 to v0.5.2
...
The dependency was initially slated for an upgrade from v0.6.0 to v0.6.1
to address an fd leak. However, due to compatibility constraints, we
instead downgrade to v0.5, using v0.5.2 which includes a backported fix
for the same issue.
Signed-off-by: lifubang <lifubang@acmcoder.com >
2025-11-20 11:52:35 +00:00
lifubang
ae8839acc2
bump github.com/opencontainers/s
...
elinux from v1.13.0 to v1.13.1
Signed-off-by: lifubang <lifubang@acmcoder.com >
2025-11-20 11:52:35 +00:00
Aleksa Sarai
b9df996b68
deps: update to github.com/opencontainers/selinux@v0.13.0
...
This new version includes the fixes for CVE-2025-52881, so we can remove
the internal/third_party copy of the library we added in commit
ed6b1693b8 ("selinux: use safe procfs API for labels") as well as the
"replace" directive in go.mod (which is problematic for "go get"
installs).
Fixes: ed6b1693b8 ("selinux: use safe procfs API for labels")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
(cherry picked from commit 96f1962f91 )
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-11-08 02:18:50 +11:00
Aleksa Sarai
aca52c4690
openat2: improve resilience on busy systems
...
Previously, we would see a ~3% failure rate when starting containers
with mounts that contain ".." (which can trigger -EAGAIN). To counteract
this, filepath-securejoin v0.5.1 includes a bump of the internal retry
limit from 32 to 128, which lowers the failure rate to 0.12%.
However, there is still a risk of spurious failure on regular systems.
In order to try to provide more resilience (while avoiding DoS attacks),
this patch also includes an additional retry loop that terminates based
on a deadline rather than retry count. The deadline is 2ms, as my
testing found that ~800us for a single pathrs operation was the longest
latency due to -EAGAIN retries, and that was an outlier compared to the
more common ~400us latencies -- so 2ms should be more than enough for
any real system.
The failure rates above were based on more 50k runs of runc with an
attack script (from libpathrs) running a rename attack on all cores of a
16-core system, which is arguably a worst-case but heavily utilised
servers could likely approach similar results.
Tested-by: Phil Estes <estesp@gmail.com >
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-11-05 19:54:30 +11:00
Aleksa Sarai
2c5356e73f
selinux: use safe procfs API for labels
...
Due to the sensitive nature of these fixes, it was not possible to
submit these upstream and vendor the upstream library. Instead, this
patch uses a fork of github.com/opencontainers/selinux, branched at
commit opencontainers/selinux@879a755db5 .
In order to permit downstreams to build with this patched version, a
snapshot of the forked version has been included in
internal/third_party/selinux. Note that since we use "go mod vendor",
the patched code is usable even without being "go get"-able. Once the
embargo for this issue is lifted we can submit the patches upstream and
switch back to a proper upstream go.mod entry.
Also, this requires us to temporarily disable the CI job we have that
disallows "replace" directives.
Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-10-16 11:29:35 +11:00
Aleksa Sarai
ed55d5b5bf
go.mod: update to github.com/cyphar/filepath-securejoin@v0.5.0
...
In order to avoid lint errors due to the deprecation of the top-level
securejoin methods ported from libpathrs, we need to adjust
internal/pathrs to use the new pathrs-lite subpackage instead.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-10-16 11:29:32 +11:00
Aleksa Sarai
e34a0a0936
console: verify /dev/pts/ptmx before use
...
This is primarily done out of an abudance of caution against runc exec
being attacked by a container where /dev/pts/ptmx has been replaced with
some other bad inode (a disconnected NFS handle, a symlink that goes
through a leaked runc file descriptor to reference a host ptmx, etc).
Unfortunately, we cannot trivially verify that /dev/pts/ptmx is actually
the /dev/pts from the container without storing stuff like the fsid in
the runc state.json, which is probably not worth the extra effort. This
should at least avoid the most concerning cases.
Reported-by: Aleksa Sarai <cyphar@cyphar.com >
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-10-16 11:29:32 +11:00
dependabot[bot]
2845c532f9
build(deps): bump github.com/opencontainers/cgroups from 0.0.3 to 0.0.4
...
Bumps [github.com/opencontainers/cgroups](https://github.com/opencontainers/cgroups ) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/opencontainers/cgroups/releases )
- [Changelog](https://github.com/opencontainers/cgroups/blob/main/RELEASES.md )
- [Commits](https://github.com/opencontainers/cgroups/compare/v0.0.3...v0.0.4 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/cgroups
dependency-version: 0.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-24 17:04:09 -04:00
Kir Kolyshkin
3764d6e888
deps: bump cgroups to v0.0.3, fix tests
...
For changelog, see https://github.com/opencontainers/cgroups/releases/tag/v0.0.3
This fixes two runc issues:
1. JSON incompatibility introduced in cgroups v0.0.2 (see
https://github.com/opencontainers/cgroups/pull/22 ).
2. Bad CPU shares to CPU weight conversion (see
https://github.com/opencontainers/runc/issues/4772 ).
Due to item 2, modify some tests accordingly.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-09-23 13:12:41 -04:00
Kir Kolyshkin
f5e8c63fdc
deps: bump opencontainers/cgroups to v0.0.2
...
For changes, see https://github.com/opencontainers/cgroups/releases/tag/v0.0.2
Fix integration tests according to changes in [1] (now the CPU quota value set
is rounded the same way systemd does it).
[1]: https://github.com/opencontainers/cgroups/pull/4
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-09-23 13:11:26 -04:00
Kir Kolyshkin
a75076b4a4
Switch to opencontainers/cgroups
...
This removes libcontainer/cgroups packages and starts
using those from github.com/opencontainers/cgroups repo.
Mostly generated by:
git rm -f libcontainer/cgroups
find . -type f -name "*.go" -exec sed -i \
's|github.com/opencontainers/runc/libcontainer/cgroups|github.com/opencontainers/cgroups|g' \
{} +
go get github.com/opencontainers/cgroups@v0.0.1
make vendor
gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-02-28 15:20:33 -08:00
dependabot[bot]
537a2276bb
build(deps): bump github.com/opencontainers/runtime-spec
...
Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec ) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/opencontainers/runtime-spec/releases )
- [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog )
- [Commits](https://github.com/opencontainers/runtime-spec/compare/v1.2.0...v1.2.1 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runtime-spec
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-02-28 04:52:38 +00:00
Kir Kolyshkin
79a4ac0553
deps: bump cilium/ebpf to v0.17.3
...
It has a fix for runc issue 4594.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-02-13 00:07:01 -08:00
dependabot[bot]
13277b2017
build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.34.0 to 0.35.0.
- [Commits](https://github.com/golang/net/compare/v0.34.0...v0.35.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-02-11 04:09:22 +00:00
dependabot[bot]
8529591ccb
build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5
...
Bumps google.golang.org/protobuf from 1.36.4 to 1.36.5.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-02-07 04:09:32 +00:00
dependabot[bot]
a274d27598
build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/sys/compare/v0.29.0...v0.30.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-02-05 04:18:02 +00:00
Kir Kolyshkin
8e5bb0d8c4
deps: roll back to cilium/ebpf v0.16.0
...
Also, exclude v0.17.x until there is a fix for runc issue 4594.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-01-31 16:59:54 -08:00
Akihiro Suda
f1c0e63252
Merge pull request #4590 from cyphar/securejoin-0.4.0
...
deps: update to github.com/cyphar/filepath-securejoin@v0.4.1
2025-01-29 16:56:12 +09:00
Aleksa Sarai
70e500e7d1
deps: update to github.com/cyphar/filepath-securejoin@v0.4.1
...
This release includes a minor breaking API change that requires us to
rework the types of our wrappers, but there is no practical behaviour
change.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-01-28 22:33:16 +11:00
dependabot[bot]
24ec764a09
build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4
...
Bumps google.golang.org/protobuf from 1.36.3 to 1.36.4.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-01-27 04:55:54 +00:00
dependabot[bot]
9af7952249
build(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3
...
Bumps google.golang.org/protobuf from 1.36.2 to 1.36.3.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-01-16 04:05:13 +00:00
dependabot[bot]
a69d289ffd
build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2
...
Bumps google.golang.org/protobuf from 1.36.1 to 1.36.2.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-01-08 04:16:24 +00:00
dependabot[bot]
061483b62a
build(deps): bump golang.org/x/net from 0.33.0 to 0.34.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.33.0 to 0.34.0.
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.34.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-01-07 04:35:23 +00:00
dependabot[bot]
48ad17f4c6
build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.28.0 to 0.29.0.
- [Commits](https://github.com/golang/sys/compare/v0.28.0...v0.29.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-01-06 04:55:38 +00:00
dependabot[bot]
f848304994
build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1
...
Bumps google.golang.org/protobuf from 1.36.0 to 1.36.1.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-12-25 23:29:14 +08:00
dependabot[bot]
5855ba5303
build(deps): bump github.com/cilium/ebpf from 0.17.0 to 0.17.1
...
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf ) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/cilium/ebpf/releases )
- [Commits](https://github.com/cilium/ebpf/compare/v0.17.0...v0.17.1 )
---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-12-20 04:10:23 +00:00
dependabot[bot]
e809db842f
build(deps): bump github.com/cilium/ebpf from 0.16.0 to 0.17.0
...
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf ) from 0.16.0 to 0.17.0.
- [Release notes](https://github.com/cilium/ebpf/releases )
- [Commits](https://github.com/cilium/ebpf/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-12-20 00:07:03 +00:00
Kir Kolyshkin
5239b05129
Merge pull request #4564 from opencontainers/dependabot/go_modules/golang.org/x/net-0.33.0
...
build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
2024-12-19 16:05:57 -08:00
dependabot[bot]
c2b11a6353
build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.32.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.32.0...v0.33.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-12-19 04:09:48 +00:00
dependabot[bot]
71327d7fcd
build(deps): bump github.com/cyphar/filepath-securejoin
...
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin ) from 0.3.5 to 0.3.6.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases )
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md )
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.3.5...v0.3.6 )
---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-12-19 01:42:44 +00:00
dependabot[bot]
705382ac66
build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0
...
Bumps google.golang.org/protobuf from 1.35.2 to 1.36.0.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-12-17 04:53:16 +00:00
Aleksa Sarai
2f1b6626f3
deps: update to github.com/cyphar/filepath-securejoin@v0.3.5
...
This fixes a regression in use of securejoin.MkdirAll, where multiple
runc processes racing to create the same mountpoint in a shared rootfs
would result in spurious EEXIST errors. In particular, this regression
caused issues with BuildKit.
Fixes: dd827f7b71 ("utils: switch to securejoin.MkdirAllHandle")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-12-06 19:38:46 +11:00
dependabot[bot]
d5694eed7c
build(deps): bump golang.org/x/net from 0.31.0 to 0.32.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.31.0 to 0.32.0.
- [Commits](https://github.com/golang/net/compare/v0.31.0...v0.32.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-12-05 09:28:56 +00:00
dependabot[bot]
ec7e90b308
build(deps): bump golang.org/x/sys from 0.27.0 to 0.28.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.27.0 to 0.28.0.
- [Commits](https://github.com/golang/sys/compare/v0.27.0...v0.28.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-12-05 04:47:30 +00:00
Kir Kolyshkin
66969827c0
Switch to github.com/moby/sys/capability v0.4.0
...
This removes the last unversioned package in runc's direct dependencies.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2024-12-02 13:18:10 -08:00
dependabot[bot]
b7da16731c
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
...
Bumps google.golang.org/protobuf from 1.35.1 to 1.35.2.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-11-18 12:11:47 +08:00
dependabot[bot]
ca4a7a86f8
build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.30.0 to 0.31.0.
- [Commits](https://github.com/golang/net/compare/v0.30.0...v0.31.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-11-11 04:11:55 +00:00
dependabot[bot]
ec5e7eb70a
build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.26.0 to 0.27.0.
- [Commits](https://github.com/golang/sys/compare/v0.26.0...v0.27.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-11-08 04:29:56 +00:00
dependabot[bot]
80c46d31c4
build(deps): bump golang.org/x/net from 0.24.0 to 0.30.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.24.0 to 0.30.0.
- [Commits](https://github.com/golang/net/compare/v0.24.0...v0.30.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-11-02 00:36:10 +00:00
dependabot[bot]
4df7b1b199
build(deps): bump golang.org/x/sys from 0.22.0 to 0.26.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.22.0 to 0.26.0.
- [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.26.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-23 07:56:22 +00:00
dependabot[bot]
69b3be763a
build(deps): bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0
...
Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink ) from 1.1.0 to 1.3.0.
- [Release notes](https://github.com/vishvananda/netlink/releases )
- [Commits](https://github.com/vishvananda/netlink/compare/v1.1.0...v1.3.0 )
---
updated-dependencies:
- dependency-name: github.com/vishvananda/netlink
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-23 06:49:47 +00:00
Kir Kolyshkin
d123e56739
Merge pull request #4467 from opencontainers/dependabot/go_modules/google.golang.org/protobuf-1.35.1
...
build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1
2024-10-22 23:49:04 -07:00
dependabot[bot]
f20f273aff
build(deps): bump github.com/opencontainers/selinux
...
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux ) from 1.11.0 to 1.11.1.
- [Release notes](https://github.com/opencontainers/selinux/releases )
- [Commits](https://github.com/opencontainers/selinux/compare/v1.11.0...v1.11.1 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-23 04:20:54 +00:00
dependabot[bot]
139789f1bd
build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1
...
Bumps google.golang.org/protobuf from 1.33.0 to 1.35.1.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-23 04:20:52 +00:00
Akihiro Suda
e98851de36
Merge pull request #4464 from opencontainers/dependabot/go_modules/github.com/urfave/cli-1.22.16
...
build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
2024-10-23 10:46:42 +09:00
dependabot[bot]
93db63ab52
build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
...
Bumps [github.com/urfave/cli](https://github.com/urfave/cli ) from 1.22.14 to 1.22.16.
- [Release notes](https://github.com/urfave/cli/releases )
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md )
- [Commits](https://github.com/urfave/cli/compare/v1.22.14...v1.22.16 )
---
updated-dependencies:
- dependency-name: github.com/urfave/cli
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-22 13:23:32 +00:00
dependabot[bot]
af024b6c2b
build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2
...
Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys ) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/moby/sys/releases )
- [Commits](https://github.com/moby/sys/compare/signal/v0.7.1...mountinfo/v0.7.2 )
---
updated-dependencies:
- dependency-name: github.com/moby/sys/mountinfo
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-22 13:23:25 +00:00
Sebastiaan van Stijn
9b60a93cf3
libcontainer/userns: migrate to github.com/moby/sys/userns
...
The userns package was moved to the moby/sys/userns module
at commit 3778ae603c .
This patch deprecates the old location, and adds it as an alias
for the moby/sys/userns package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2024-10-09 22:20:25 +08:00
Aleksa Sarai
1623cde125
go: update github.com/cyphar/filepath-securejoin to v0.3.4
...
This includes a fix to avoid doing import "testing" in non-_test.go
code.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-10-09 15:13:28 +11:00
Aleksa Sarai
b096459a07
vendor: update github.com/cyphar/filepath-securejoin to v0.3.3
...
This fixes issues we had with spurious MkdirAll failures.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-09-30 16:26:42 +02:00