Skip to content

fix(deps): update module github.com/opencontainers/runc to v1.4.0#502

Merged
mtrmac merged 1 commit into
mainfrom
renovate/github.com-opencontainers-runc-1.x
Nov 28, 2025
Merged

fix(deps): update module github.com/opencontainers/runc to v1.4.0#502
mtrmac merged 1 commit into
mainfrom
renovate/github.com-opencontainers-runc-1.x

Conversation

@renovate

@renovate renovate Bot commented Nov 28, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/opencontainers/runc v1.3.3 -> v1.4.0 age confidence

Release Notes

opencontainers/runc (github.com/opencontainers/runc)

v1.4.0

Compare Source

A wizard is never late, nor is he early, he arrives precisely when he means
to.

As runc follows Semantic Versioning, we will endeavour to not make any
breaking changes without bumping the major version number of runc.
However, it should be noted that Go API usage of runc's internal
implementation (libcontainer) is not covered by this policy.

Removed
  • Removed libcontainer/configs.Device* identifiers (deprecated since rc94,
    use libcontainer/devices). (#​2999)
  • Removed libcontainer/system.RunningInUserNS function (deprecated since
    rc94, use libcontainer/userns). (#​2999)
Deprecated
  • The usage of relative paths for mountpoints will now produce a warning
    (such configurations are outside of the spec, and in future runc will
    produce an error when given such configurations). (#​2917, #​3004)
Fixed
  • cgroupv2: devices: rework the filter generation to produce consistent
    results with cgroupv1, and always clobber any existing eBPF
    program(s) to fix runc update and avoid leaking eBPF programs
    (resulting in errors when managing containers). (#​2951)
  • cgroupv2: correctly convert "number of IOs" statistics in a
    cgroupv1-compatible way. (#​2965, #​2967, #​2968, #​2964)
  • cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
  • cgroupv2: wait for freeze to finish before returning from the freezing
    code, optimize the method for checking whether a cgroup is frozen. (#​2955)
  • cgroups/systemd: fixed "retry on dbus disconnect" logic introduced in rc94
  • cgroups/systemd: fixed returning "unit already exists" error from a systemd
    cgroup manager (regression in rc94). (#​2997, #​2996)
Added
  • cgroupv2: support SkipDevices with systemd driver. (#​2958, #​3019)
  • cgroup1: blkio: support BFQ weights. (#​3010)
  • cgroupv2: set per-device io weights if BFQ IO scheduler is available.
    (#​3022)
Changed
  • cgroup/systemd: return, not ignore, stop unit error from Destroy. (#​2946)
  • Fix all golangci-lint failures. (#​2781, #​2962)
  • Make runc --version output sane even when built with go get or
    otherwise outside of our build scripts. (#​2962)
  • cgroups: set SkipDevices during runc update (so we don't modify
    cgroups at all during runc update). (#​2994)

v1.3.4: runc v1.3.4 -- "Take me to your heart, take me to your soul."

Compare Source

This is the fourth patch release of the 1.3.z release series of runc,
and primarily contains a few fixes for some regressions introduced in
1.3.3.

Fixed
  • libct: fix mips compilation. (#​4962, #​4966)
  • When configuring a tmpfs mount, only set the mode= argument if the
    target path already existed. This fixes a regression introduced in our
    CVE-2025-52881 mitigation patches. (#​4971, #​4976)
  • Fix various file descriptor leaks and add additional tests to detect them as
    comprehensively as possible. (#​5007, #​5021, #​5034)
Changed
  • Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2,
    which should make it easier for some downstreams to import runc without
    pulling in too many extra packages. (#​5028)
Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to the following contributors for making this release possible:

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
fix(deps): update module github.com/opencontainers/runc to v1.4.0
14ec43b 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@github-actions github-actions Bot added the common Related to "common" package label Nov 28, 2025
@mtrmac mtrmac merged commit e80cbb3 into main Nov 28, 2025
16 of 17 checks passed
@renovate renovate Bot deleted the renovate/github.com-opencontainers-runc-1.x branch November 28, 2025 10:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtrmac mtrmac mtrmac approved these changes

Assignees

No one assigned

Labels

common Related to "common" package dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mtrmac