dependabot[bot]
80c46d31c4
build(deps): bump golang.org/x/net from 0.24.0 to 0.30.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.24.0 to 0.30.0.
- [Commits](https://github.com/golang/net/compare/v0.24.0...v0.30.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-11-02 00:36:10 +00:00
dependabot[bot]
4df7b1b199
build(deps): bump golang.org/x/sys from 0.22.0 to 0.26.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.22.0 to 0.26.0.
- [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.26.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-23 07:56:22 +00:00
dependabot[bot]
69b3be763a
build(deps): bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0
...
Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink ) from 1.1.0 to 1.3.0.
- [Release notes](https://github.com/vishvananda/netlink/releases )
- [Commits](https://github.com/vishvananda/netlink/compare/v1.1.0...v1.3.0 )
---
updated-dependencies:
- dependency-name: github.com/vishvananda/netlink
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-23 06:49:47 +00:00
Kir Kolyshkin
d123e56739
Merge pull request #4467 from opencontainers/dependabot/go_modules/google.golang.org/protobuf-1.35.1
...
build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1
2024-10-22 23:49:04 -07:00
dependabot[bot]
f20f273aff
build(deps): bump github.com/opencontainers/selinux
...
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux ) from 1.11.0 to 1.11.1.
- [Release notes](https://github.com/opencontainers/selinux/releases )
- [Commits](https://github.com/opencontainers/selinux/compare/v1.11.0...v1.11.1 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-23 04:20:54 +00:00
dependabot[bot]
139789f1bd
build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1
...
Bumps google.golang.org/protobuf from 1.33.0 to 1.35.1.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-23 04:20:52 +00:00
Akihiro Suda
e98851de36
Merge pull request #4464 from opencontainers/dependabot/go_modules/github.com/urfave/cli-1.22.16
...
build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
2024-10-23 10:46:42 +09:00
dependabot[bot]
93db63ab52
build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
...
Bumps [github.com/urfave/cli](https://github.com/urfave/cli ) from 1.22.14 to 1.22.16.
- [Release notes](https://github.com/urfave/cli/releases )
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md )
- [Commits](https://github.com/urfave/cli/compare/v1.22.14...v1.22.16 )
---
updated-dependencies:
- dependency-name: github.com/urfave/cli
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-22 13:23:32 +00:00
dependabot[bot]
af024b6c2b
build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2
...
Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys ) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/moby/sys/releases )
- [Commits](https://github.com/moby/sys/compare/signal/v0.7.1...mountinfo/v0.7.2 )
---
updated-dependencies:
- dependency-name: github.com/moby/sys/mountinfo
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-22 13:23:25 +00:00
Sebastiaan van Stijn
9b60a93cf3
libcontainer/userns: migrate to github.com/moby/sys/userns
...
The userns package was moved to the moby/sys/userns module
at commit 3778ae603c .
This patch deprecates the old location, and adds it as an alias
for the moby/sys/userns package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2024-10-09 22:20:25 +08:00
Aleksa Sarai
1623cde125
go: update github.com/cyphar/filepath-securejoin to v0.3.4
...
This includes a fix to avoid doing import "testing" in non-_test.go
code.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-10-09 15:13:28 +11:00
Aleksa Sarai
b096459a07
vendor: update github.com/cyphar/filepath-securejoin to v0.3.3
...
This fixes issues we had with spurious MkdirAll failures.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-09-30 16:26:42 +02:00
Kir Kolyshkin
15904913c2
Merge pull request #4397 from rafaelroquetto/main
...
Upgrade Cilium's eBPF library version to 0.16
2024-09-13 18:22:49 -07:00
Aleksa Sarai
066b109e99
vendor: update to github.com/cyphar/filepath-securejoin@v0.3.2
...
This includes a fix for the handling of S_ISGID directories.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-09-13 23:34:33 +10:00
Rafael Roquetto
216175a9ca
Upgrade Cilium's eBPF library version to 0.16
...
Signed-off-by: Rafael Roquetto <rafael.roquetto@grafana.com >
2024-09-12 11:13:21 -06:00
Aleksa Sarai
1d308c7da4
vendor: update to github.com/cyphar/filepath-securejoin@v0.3.1
...
This includes the MkdirAll and OpenInRoot implementations which are
actually secure against races.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-09-03 23:05:59 +10:00
Aleksa Sarai
5ab5ef3dc3
deps: update to golang.org/x/sys@v0.22
...
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2024-09-03 23:03:39 +10:00
Kir Kolyshkin
6b2eb52fb0
go.mod,README: require Go 1.21
...
Go 1.20 was released in February 2023 and is no longer supported since
February 2024. Time to move on.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2024-06-07 10:18:59 -07:00
Austin Vazquez
6ab3d8ad1e
vendor: golang.org/x/net@v0.24.0
...
This change vendors golang.org/x/net@v0.24 .0 to silence security
warnings for https://pkg.go.dev/vuln/GO-2024-2687 .
runc takes a dependency on net/bpf only and would not be impacted by the
HTTP2 vulnerability reported.
Signed-off-by: Austin Vazquez <macedonv@amazon.com >
2024-05-14 13:16:18 +00:00
SuperQ
ab6788d307
Remove dependabot ignore
...
The referenced issue was fixed in `github.com/urfave/cli` v1.22.6. We
can now remove the dependabot ignore for this package.
Signed-off-by: SuperQ <superq@gmail.com >
2024-03-15 08:38:53 +01:00
dependabot[bot]
606251ab33
build(deps): bump github.com/opencontainers/runtime-spec
...
Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec ) from 1.1.1-0.20230823135140-4fec88fd00a4 to 1.2.0.
- [Release notes](https://github.com/opencontainers/runtime-spec/releases )
- [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog )
- [Commits](https://github.com/opencontainers/runtime-spec/commits/v1.2.0 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runtime-spec
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp >
2024-03-07 14:43:33 +09:00
Akihiro Suda
ee7100854c
Merge pull request #4216 from opencontainers/dependabot/go_modules/google.golang.org/protobuf-1.33.0
...
build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
2024-03-07 14:41:36 +09:00
dependabot[bot]
bb5673f265
build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/net/compare/v0.21.0...v0.22.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-03-06 12:59:33 +00:00
dependabot[bot]
7ab66b187c
build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
...
Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-03-06 12:59:30 +00:00
dependabot[bot]
6056ed2dd6
build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-03-05 04:18:12 +00:00
dependabot[bot]
afd90f44e8
build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-02-10 00:50:10 +08:00
dependabot[bot]
97632a6d1b
build(deps): bump github.com/containerd/console from 1.0.3 to 1.0.4
...
Bumps [github.com/containerd/console](https://github.com/containerd/console ) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/containerd/console/releases )
- [Commits](https://github.com/containerd/console/compare/v1.0.3...v1.0.4 )
---
updated-dependencies:
- dependency-name: github.com/containerd/console
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-02-09 15:20:19 +00:00
dependabot[bot]
174940a7eb
build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/sys/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-02-08 22:29:27 +00:00
dependabot[bot]
b1e3c3c75c
build(deps): bump golang.org/x/net from 0.19.0 to 0.20.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/net/compare/v0.19.0...v0.20.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-01-09 04:20:08 +00:00
dependabot[bot]
e1e3ca02d9
build(deps): bump golang.org/x/sys from 0.15.0 to 0.16.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/sys/compare/v0.15.0...v0.16.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-01-05 04:27:10 +00:00
dependabot[bot]
43306be3f0
build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0
...
Bumps google.golang.org/protobuf from 1.31.0 to 1.32.0.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-12-25 04:35:41 +00:00
Aleksa Sarai
a04d88ec73
vendor: update to github.com/moby/sys/mountinfo@v0.7.1
...
The primary change is a switch to using /proc/thread-self, which is
needed for when we add a CLONE_FS thread to runc.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2023-12-14 11:36:41 +11:00
dependabot[bot]
c25493fce4
build(deps): bump golang.org/x/net from 0.17.0 to 0.19.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.17.0 to 0.19.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.19.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-11-28 06:40:44 +00:00
dependabot[bot]
b278296513
build(deps): bump golang.org/x/sys
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.14.1-0.20231108175955-e4099bfacb8c to 0.15.0.
- [Commits](https://github.com/golang/sys/commits/v0.15.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-11-28 04:47:32 +00:00
lfbzhm
b2f7614afc
bump github.com/cilium/ebpf from 0.12.2 to 0.12.3
...
Signed-off-by: lfbzhm <lifubang@acmcoder.com >
2023-11-10 13:48:36 +00:00
dependabot[bot]
d60d17a6ec
build(deps): bump github.com/cilium/ebpf from 0.12.1 to 0.12.2
...
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf ) from 0.12.1 to 0.12.2.
- [Release notes](https://github.com/cilium/ebpf/releases )
- [Commits](https://github.com/cilium/ebpf/compare/v0.12.1...v0.12.2 )
---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-10-23 04:08:30 +00:00
dependabot[bot]
54d38c6143
build(deps): bump github.com/cilium/ebpf from 0.12.0 to 0.12.1
...
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf ) from 0.12.0 to 0.12.1.
- [Release notes](https://github.com/cilium/ebpf/releases )
- [Commits](https://github.com/cilium/ebpf/compare/v0.12.0...v0.12.1 )
---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-10-20 15:03:40 +08:00
dependabot[bot]
aec0dc7dcd
build(deps): bump github.com/cilium/ebpf from 0.11.0 to 0.12.0
...
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf ) from 0.11.0 to 0.12.0.
- [Release notes](https://github.com/cilium/ebpf/releases )
- [Commits](https://github.com/cilium/ebpf/compare/v0.11.0...v0.12.0 )
---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-10-12 04:42:12 +00:00
dependabot[bot]
2860708d73
build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-10-11 04:07:02 +00:00
dependabot[bot]
927a5836f9
build(deps): bump golang.org/x/net from 0.15.0 to 0.16.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-10-06 20:05:17 +00:00
dependabot[bot]
0ab58aa208
build(deps): bump golang.org/x/sys from 0.12.0 to 0.13.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/sys/compare/v0.12.0...v0.13.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-10-06 04:21:54 +00:00
Kir Kolyshkin
730bc84418
Fix directory perms vs umask for tmpcopyup
...
Bump fileutils to v0.5.1, which fixes permissions of newly created directories
to not depend on the value of umask.
Add a test case which fails like this before the fix:
mounts.bats
✗ runc run [tmpcopyup]
(in test file tests/integration/mounts.bats, line 28)
`[[ "${lines[0]}" == *'drwxrwxrwx'* ]]' failed
runc spec (status=0):
runc run test_busybox (status=0):
drwxr-xr-x 2 root root 40 Oct 4 22:35 /dir1/dir2
Fixes 3991.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2023-10-04 15:35:44 -07:00
Sebastiaan van Stijn
ca32014adb
migrate libcontainer/user to github.com/moby/sys/user
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2023-09-19 10:22:23 +02:00
dependabot[bot]
c7ad2749fd
build(deps): bump github.com/cyphar/filepath-securejoin
...
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin ) from 0.2.3 to 0.2.4.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases )
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4 )
---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-09-07 04:30:28 +00:00
dependabot[bot]
1fe9447f65
build(deps): bump golang.org/x/net from 0.14.0 to 0.15.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-09-06 04:09:10 +00:00
dependabot[bot]
5f05b96ead
build(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/sys/compare/v0.11.0...v0.12.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-09-04 04:09:40 +00:00
Rodrigo Campos
671e211ef8
vendor: Update runtime-spec to expose mountExtensions
...
Future commits will expose this info in the features sub-command.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com >
2023-08-23 16:17:02 +02:00
dependabot[bot]
61a454cc08
build(deps): bump golang.org/x/net from 0.13.0 to 0.14.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-07 04:19:31 +00:00
dependabot[bot]
c537cb3d59
build(deps): bump golang.org/x/net from 0.12.0 to 0.13.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/net/compare/v0.12.0...v0.13.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-02 04:55:22 +00:00
dependabot[bot]
11b6c9b638
build(deps): bump github.com/opencontainers/runtime-spec
...
Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec ) from 1.1.0-rc.3 to 1.1.0.
- [Release notes](https://github.com/opencontainers/runtime-spec/releases )
- [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog )
- [Commits](https://github.com/opencontainers/runtime-spec/compare/v1.1.0-rc.3...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runtime-spec
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp >
2023-07-22 13:03:35 +09:00