fix(deps): update all rthook go dependencies main (main) (patch)

[cilium-renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/containerd/containerd	require	patch	v1.7.22 -> v1.7.23
github.com/opencontainers/runc	require	patch	v1.1.14 -> v1.1.15

---

Release Notes

containerd/containerd (github.com/containerd/containerd)

v1.7.23: containerd 1.7.23

Compare Source

Welcome to the v1.7.23 release of containerd!

The twenty-third patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Add errdefs aliases (#​10792)
• Allow proxy plugins to have capabilities (#​10731)
• Revert errdefs package migration (#​10712)

Container Runtime Interface (CRI)

• Add check for CNI plugins before tearing down pod network (#​10767)

Image Distribution

• Fix the race condition during GC of snapshots when client retries (#​10763)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Austin Vazquez
• Phil Estes
• Akihiro Suda
• Samuel Karp
• Maksym Pavlenko
• Kern Walster
• Kir Kolyshkin
• Saket Jajoo
• Sameer
• Wei Fu
• Zou Nengren
• bo.jiang

Changes

37 commits

• Prepare release notes for v1.7.23 (#​10802)
  • 921f554af Prepare release notes for v1.7.23
• Revert "update runc binary to 1.1.15" (#​10826)
  • 8f16d6588 Revert "update runc binary to 1.1.15"
• Switch from actuated.dev to GH Action runners for arm64 (#​10822)
  • 41e8f24cd Switch from actuated.dev to GH Action runners for arm64
  • dd811f224 Update github actions ci to run on forks
• bump golangci/golangci-lint-action from 4 to 6 (#​10813)
  • 284484af4 bump golangci/golangci-lint-action from 4 to 6
• update to go1.23.2,go1.22.8 (#​10808)
  • 814c59ba5 update to go1.23.2,go1.22.8
• prow: allow ENABLE_CRI_SANDBOXES to be configured (#​10801)
  • ae11176fa prow: allow ENABLE_CRI_SANDBOXES to be configured
• TestNewBinaryIOCleanup: fix a comment, minor rewrite (#​10776)
  • 7fd794a7c TestNewBinaryIOCleanup: fix a comment, minor rewrite
• Add errdefs aliases (#​10792)
  • 0714a2952 Add errdefs aliases
• Update runc binary to 1.1.15 (#​10794)
  • 113a9f1fc update runc binary to 1.1.15
• Update runner images to macOS13 (#​10783)
  • 5305b03f2 Update runner images to macOS13
• Allow proxy plugins to have capabilities (#​10731)
  • 950740390 Allow proxy plugins to have capabilities
• Bump crun to 1.16.1 (#​10774)
  • e8aae7824 Bump crun to 1.16
  • ee1c39b79 CI: bump up crun to 1.15
• Fix the race condition during GC of snapshots when client retries (#​10763)
  • cb5e6a01a Fix the race condition during GC of snapshots when client retries
• Add check for CNI plugins before tearing down pod network (#​10767)
  • 278bd0f72 [release/1.7] Add check for CNI plugins before tearing down pod network
• Revert errdefs package migration (#​10712)
  • 18403239e Synchronize 1.7 error package with errdefs
  • d8d27205b Revert "migrate errdefs package to github.com/containerd/errdefs module"
  • e82d201b3 Revert "replace uses of github.com/containerd/containerd/errdefs"
  • 51939238f Revert "errdefs: denote deprecation as a godoc comment"
  • ae80077e8 Revert "golangci-lint: enable depguard for packages that moved"
  • 32675f983 Revert "remove imports of errdefs package"

Changes from containerd/errdefs

29 commits

• Add errdefs/pkg package (containerd/errdefs#19)
  • 46a6522 Add errdefs/pkg package
• Update GitHub Actions packages and runners (containerd/errdefs#20)
  • 303a6ea Update to Go 1.22.8 in CI
  • e70104e Upgrade to [email protected]
  • ffe5586 Upgrade to golangci/golangci-lint-action@v6
  • 908b04b Upgrade to actions/checkout@v4
  • 608b83c Upgrade to actions/setup-go@v5
  • 8e82ae4 Upgrade macOS runner image to macOS 13
• Complete interface definitions for errors (containerd/errdefs#18)
  • 41d12e1 Complete interface definitions for errors
• Add support for grpc error details and multiple errors (containerd/errdefs#7)
  • b9dce4d Add support for grpc error details
  • ffb0349 Update Resolve function to support Is interface
• Add support for custom error messages (containerd/errdefs#10)
  • dc9b20e Add support for custom error messages
• Add a resolve error function to return first error (containerd/errdefs#9)
  • 9f87502 Add a resolve error function to return first error
• Add stack support (containerd/errdefs#8)
  • f96dfda Add stack package for managing error stack traces
  • 70fd2d7 Add collapsible error type
  • 6022faf Add typeurl to go mod
• Fix Cancelled interface typo (containerd/errdefs#6)
  • 9564d8f Fix Cancelled interface typo
• Split gRPC and HTTP error utility into seperate packages (containerd/errdefs#5)
  • fd0e482 Split gRPC and HTTP error utility into seperate packages
• Add more grpc types (containerd/errdefs#3)
  • f727cdb Add HTTP status code and error type conversion
  • 9854dc7 Add more grpc error types

Dependency Changes

• github.com/containerd/errdefs v0.1.0 -> v0.3.0

Previous release can be found at v1.7.22

opencontainers/runc (github.com/opencontainers/runc)

v1.1.15: -- "How, dear sir, did you cross the flood? By not stopping, friend, and by not straining I crossed the flood."

Compare Source

This is the fifteenth patch release in the 1.1.z release branch of runc.
It fixes a few issues with seccomp, leaked mounts, and system performance.

• The -ENOSYS seccomp stub is now always generated for the native
  architecture that runc is running on. This is needed to work around some
  arguably specification-incompliant behaviour from Docker on architectures
  such as ppc64le, where the allowed architecture list is set to null. This
  ensures that we always generate at least one -ENOSYS stub for the native
  architecture even with these weird configs. (#​4391)
• On a system with older kernel, reading /proc/self/mountinfo may skip some
  entries, as a consequence runc may not properly set mount propagation,
  causing container mounts leak onto the host mount namespace. (#​2404, #​4425)
• In order to fix performance issues in the "lightweight" bindfd protection
  against [CVE-2019-5736], the temporary ro bind-mount of /proc/self/exe
  has been removed. runc now creates a binary copy in all cases. (#​4392, #​2532)

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

• libseccomp

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

---

Thanks to all of the contributors who made this release possible:

• Akihiro Suda [email protected]
• Aleksa Sarai [email protected]
• Kir Kolyshkin [email protected]
• lifubang [email protected]
• Rodrigo Campos [email protected]

---

Configuration

📅 Schedule: Branch creation - "on monday and friday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[cilium-renovate]

ℹ Artifact update notice

File name: contrib/tetragon-rthooks/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/containerd/errdefs	v0.1.0 -> v0.3.0