Bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90

[dependabot-preview]

Bumps github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90.

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc 1.0-rc90 -- "We Have To Go Back!"

This release is identical to v1.0.0-rc10 (and thus the version string in the binary will be v1.0.0-rc10).

The purpose of this release is to resolve an issue with our versioning scheme (in particular, the format we've used under SemVer means that the "-rcNN" string suffix is sorted lexicographically rather than in the classic sort -V order).

Because we cannot do a post-1.0 release yet, this is a workaround to make sure that systems such as Go modules correctly update to the latest runc release. See #2399 for more details.

The next release (which would've originally been called -rc11) will be 1.0.0-rc91. I'm sorry.

Signed-off-by: Aleksa Sarai asarai@suse.de

runc 1.0-rc10 -- "Procfs Strikes Back"

This is a hot-fix for v1.0.0~rc9, primarily fixing CVE-2019-19921. Given that the relevant runtime-spec PR which was considered a blocker has been merged the next rc release of runc should be the last one before 1.0.0.

Other notable changes include:

• Fixing an exec-fifo race that could be triggered under Kubernetes (Fix race checking for process exit and waiting for exec fifo opencontainers/runc#2185).
• Partial cgroupv2 support (cgroup2: TODO list opencontainers/runc#2209 for remaining issues).

Thanks to the following people who made this release possible:

• Akihiro Suda akihiro.suda.cz@hco.ntt.co.jp
• Aleksa Sarai asarai@suse.de
• James Peach jpeach@apache.org
• Jordan Liggitt liggitt@google.com
• Julia Nedialkova julianedialkova@hotmail.com
• Julio Montes julio.montes@intel.com
• Kevin Kelani kkelani@gmail.com
• Kurnia D Win kurnia.d.win@gmail.com
• Manuel Rüger manuel@rueg.eu
• Michael Crosby crosbymichael@gmail.com
• Mrunal Patel mrunal@me.com
• Qiang Huang h.huangqiang@huawei.com
• Radostin Stoyanov rstoyanov1@gmail.com
• Sascha Grunert sgrunert@suse.com
• tianye15 tianye15@yq01-ps-www007cc6e83.yq01.baidu.com

Vote: +4 -0 [#1](https://github.com/opencontainers/runc/issues/1) Signed-off-by: Aleksa Sarai asarai@suse.de

... (truncated)

Commits

• dc9208a VERSION: update to 1.0.0~rc10
• 2fc03cc Merge pull request #2207 from cyphar/fix-double-volume-attack
• 3291d66 rootfs: do not permit /proc mounts to non-directories
• f6fb7a0 merge branch 'pr-2133'
• 709377c Merge pull request #2198 from AkihiroSuda/criu-master
• 55f8c25 temporarily disable CRIU tests
• 5c20ea1 fix merging #2177 and #2169
• 5cc0dea Merge pull request #2169 from AkihiroSuda/split-fs
• 2b52db7 Merge pull request #2177 from devimc/topic/libcontainer/kata-containers
• a88592a Merge pull request #2185 from liggitt/exec-race
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/173127747

The labels on this github issue will be updated when the story is started.

[dependabot-preview]

Superseded by #91.