Skip to content

Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3#2

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/opencontainers/runc-1.0.3
Closed

Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3#2
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/opencontainers/runc-1.0.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 17, 2022

Copy link
Copy Markdown

Bumps github.com/opencontainers/runc from 1.0.2 to 1.0.3.

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.0.3] - 2021-12-06

If you were waiting for the opportune moment, that was it.

Security

  • A potential vulnerability was discovered in runc (related to an internal usage of netlink), however upon further investigation we discovered that while this bug was exploitable on the master branch of runc, no released version of runc could be exploited using this bug. The exploit required being able to create a netlink attribute with a length that would overflow a uint16 but this was not possible in any released version of runc. For more information, see GHSA-v95c-p5hm-xq8f and CVE-2021-43784.

Fixed

  • Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. (#3283, #3292)
  • Fixed inability to start when read-only /dev in set in spec (#3276, #3277)
  • Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. (#3226, #3297)
  • Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for Kubernetes). (#3233, #3295)
  • Improved an error message when dbus-user-session is not installed and rootless + cgroup2 + systemd are used (#3212)
Commits
  • f46b6ba VERSION: release v1.0.3
  • b8dbe46 runc init: avoid netlink message length overflows
  • 4f0bb00 Merge pull request #3299 from kolyshkin/1.0-go-1.17
  • e73ff66 [1.0] ci: add Go 1.17, drop Go 1.15
  • c0d6bdf Merge pull request #3298 from kolyshkin/1.0-backport-3200
  • 18457d8 Merge pull request #3297 from kolyshkin/1.0-3226
  • 2c30069 libct/cg/sd/v2: Destroy: remove cgroups recursively
  • 42bfc63 script/release.sh: fix for opensuse
  • 02d2e1f Merge pull request #3277 from kolyshkin/1.0-fix-ro-dev
  • 1505646 Merge pull request #3295 from AkihiroSuda/cherrypick-3233-1.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/main/CHANGELOG.md)
- [Commits](opencontainers/runc@v1.0.2...v1.0.3)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 17, 2022
@dependabot @github

dependabot Bot commented on behalf of github May 24, 2022

Copy link
Copy Markdown
Author

Superseded by #3.

@dependabot dependabot Bot closed this May 24, 2022
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/opencontainers/runc-1.0.3 branch May 24, 2022 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants