build(deps): bump golang.org/x/sys from 0.37.0 to 0.38.0

[dependabot]

Bumps golang.org/x/sys from 0.37.0 to 0.38.0.

Commits

• 15129aa cpu: also use MRS instruction in getmmfr1
• ed38ca2 unix: add SizeofNhmsg and SizeofNexthopGrp
• 3675c4c cpu: use MRS instruction to read arm64 system registers
• 2a15272 unix: add consts for ELF handling
• 6239615 cpu: add HPDS, LOR, PAN detection for arm64
• ea436ef windows: add iphlpapi routing functions
• 28c5bda unix: add SetMemPolicy and its mode/flag values
• b731f78 unix/linux: switch to ubuntu 25.04, Go 1.25.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cyphar]

Note to reviewers: This update includes unix.SetMemPolicy, so I've pushed a patch to switch to it.

[cyphar]

@dependabot merge

[dependabot]

Beginning January 27, 2026, Dependabot will no longer support the @dependabot merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

[dependabot]

Dependabot tried to merge this PR, but received the following error from GitHub:

At least 2 approving reviews are required by reviewers with write access.

[lifubang]

I’m sorry to say that I didn’t see your second commit when reviewing, maybe these lines also can be removed:

runc/libcontainer/configs/memorypolicy.go

Lines 5 to 20 in a0e809a

	// Memory policy modes and flags as defined in /usr/include/linux/mempolicy.h
	//nolint:revive,staticcheck,nolintlint // ignore ALL_CAPS errors in consts from numaif.h, will match unix.* in the future
	const (
	MPOL_DEFAULT = 0
	MPOL_PREFERRED = 1
	MPOL_BIND = 2
	MPOL_INTERLEAVE = 3
	MPOL_LOCAL = 4
	MPOL_PREFERRED_MANY = 5
	MPOL_WEIGHTED_INTERLEAVE = 6
	MPOL_F_STATIC_NODES = 1 << 15
	MPOL_F_RELATIVE_NODES = 1 << 14
	MPOL_F_NUMA_BALANCING = 1 << 13
	)

@cyphar

[cyphar]

Ah yes, I switched to the unix versions but forgot to remove them. I'll send a PR.

[kolyshkin]

I’m sorry to say that I didn’t see your second commit when reviewing, maybe these lines also can be removed:
Ah yes, I switched to the unix versions but forgot to remove them. I'll send a PR.

@lifubang @cyphar I guess it's too late to remove them now (as they are in v1.4.0 already), so we now have to deprecate them first and remove say in v1.5.0. Opened #5055.