Skip to content

Bump opencontainers/runc to v1.4.0 #6749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 1, 2025
Merged

Bump opencontainers/runc to v1.4.0 #6749

merged 1 commit into from
Dec 1, 2025
+1 −1

Conversation

@k0s-bot
Copy link
Contributor

@k0s-bot k0s-bot commented Nov 28, 2025
edited
Loading

This PR contains the following updates:

Package Update Change
opencontainers/runc minor 1.3.3 -> 1.4.0

Release Notes

opencontainers/runc (opencontainers/runc)

v1.4.0

Compare Source

路漫漫其修远兮,吾将上下而求索!

Deprecated
  • Deprecate cgroup v1. (#​4956)
  • Deprecate CleanPath, StripRoot, WithProcfd, and WithProcfdFile from
    libcontainer/utils. (#​4985)
Breaking
  • The handling of pids.limit has been updated to match the newer guidance
    from the OCI runtime specification. In particular, now a maximum limit value
    of 0 will be treated as an actual limit (due to limitations with systemd,
    it will be treated the same as a limit value of 1). We only expect users
    that explicitly set pids.limit to 0 will see a behaviour change.
    (opencontainers/cgroups#48, #​4949)
Fixed
  • cgroups: provide iocost statistics for cgroupv2. (opencontainers/cgroups#43)
  • cgroups: retry DBus connection when it fails with EAGAIN.
    (opencontainers/cgroups#45)
  • cgroups: improve cpuacct.usage_all resilience when parsing data from
    patched kernels (such as the Tencent kernels). (opencontainers/cgroups#46,
    opencontainers/cgroups#50)
  • libct: close child fds on prepareCgroupFD error. (#​4936)
  • libct: fix mips compilation. (#​4962, #​4967)
  • When configuring a tmpfs mount, only set the mode= argument if the target
    path already existed. This fixes a regression introduced in our
    CVE-2025-52881 mitigation patches. (#​4971, #​4976)
  • Fix various file descriptor leaks and add additional tests to detect them as
    comprehensively as possible. (#​5007, #​5021, #​5034)
  • The "hallucination" helpers added as part of the CVE-2025-52881
    mitigation have been made more generic and now apply to all of our pathrs
    helper functions, which should ensure we will not regress dangling symlink
    users. (#​4985)
Changed
  • libct: switch to (*CPUSet).Fill. (#​4927)
  • docs/spec-conformance.md: update for spec v1.3.0. (#​4948)

v1.3.4

Compare Source

Take me to your heart, take me to your soul.

Fixed
  • libct: fix mips compilation. (#​4962, #​4966)
  • When configuring a tmpfs mount, only set the mode= argument if the
    target path already existed. This fixes a regression introduced in our
    CVE-2025-52881 mitigation patches. (#​4971, #​4976)
  • Fix various file descriptor leaks and add additional tests to detect them as
    comprehensively as possible. (#​5007, #​5021, #​5034)
Changed
  • Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2,
    which should make it easier for some downstreams to import runc without
    pulling in too many extra packages. (#​5028)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@k0s-bot k0s-bot added the dependencies Pull requests that update a dependency file label Nov 28, 2025
@k0s-bot k0s-bot requested review from a team as code owners November 28, 2025 00:43
@k0s-bot k0s-bot requested review from jnummelin and makhov November 28, 2025 00:43
@k0s-bot k0s-bot enabled auto-merge November 28, 2025 00:43
@k0s-bot k0s-bot merged commit 7df5e38 into main Dec 1, 2025
108 checks passed
@k0s-bot k0s-bot deleted the renovate/main-opencontainers-runc-1.x branch December 1, 2025 11:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@twz123 twz123 twz123 approved these changes

@makhov makhov Awaiting requested review from makhov makhov is a code owner automatically assigned from k0sproject/k0s-maintainers

@jnummelin jnummelin Awaiting requested review from jnummelin jnummelin is a code owner automatically assigned from k0sproject/k0s-maintainers

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@k0s-bot @twz123 @renovate-bot