Bump github.com/opencontainers/runc from 1.0.0-rc10 to 1.0.3

[dependabot[bot]]

Bumps github.com/opencontainers/runc from 1.0.0-rc10 to 1.0.3.

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc 1.0 -- "A wizard is never late, nor is he early, he arrives precisely when he means to."

This release has quite a few last-minute bug-fixes and various correctness and performance improvements (almost all of which are related to cgroup handling), and is the first non-rc release of runc in 5 years (v1.0.0-rc1 was released in 2016). It's been a very long road, and we thank the many contributors and maintainers that helped us get to this point (approximately 422 people in total).

As runc follows Semantic Versioning, we will endeavor to not make any breaking changes without bumping the major version number of runc.

However, it should be noted that Go API usage of runc's internal implementation (libcontainer) is not covered by this policy -- for historical reasons, this code was not moved into an "internal" package (this feature did not exist in Go at the time) and because certain projects currently depend on this, we have not yet moved this code into an internal package. Despite this, we reserve the right to make breaking changes in our Go APIs (though we will note such changes in our changelog, and will try to avoid needless disruption if possible).

Breaking changes:

• Removed libcontainer/configs.Device* identifiers (deprecated since rc94, use libcontainer/devices) (#2999)
• Removed libcontainer/system.RunningInUserNS function (deprecated since rc94, use libcontainer/userns) (#2999)

Deprecations:

• The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). (#2917, #3004)

Bugfixes:

• cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). (#2951)
• cgroupv2: correctly convert "number of IOs" statistics in a cgroupv1-compatible way. (#2965, #2967, #2968, #2964)
• cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
• cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. (#2955)
• cgroups/systemd: fixed "retry on dbus disconnect" logic introduced in rc94
• cgroups/systemd: fixed returning "unit already exists" error from a systemd cgroup manager (regression in rc94) (#2997, #2996)

Improvements:

... (truncated)

Commits

• f46b6ba VERSION: release v1.0.3
• b8dbe46 runc init: avoid netlink message length overflows
• 4f0bb00 Merge pull request #3299 from kolyshkin/1.0-go-1.17
• e73ff66 [1.0] ci: add Go 1.17, drop Go 1.15
• c0d6bdf Merge pull request #3298 from kolyshkin/1.0-backport-3200
• 18457d8 Merge pull request #3297 from kolyshkin/1.0-3226
• 2c30069 libct/cg/sd/v2: Destroy: remove cgroups recursively
• 42bfc63 script/release.sh: fix for opensuse
• 02d2e1f Merge pull request #3277 from kolyshkin/1.0-fix-ro-dev
• 1505646 Merge pull request #3295 from AkihiroSuda/cherrypick-3233-1.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gravitational/planet/network/alerts).

[wadells]

Thanks, but no thanks dependabot. Vetting this is a big change, and we'd rather to that in house. Also, planet is in maintenance mode, so I'm not sure 80k diffs (even if in dependencies) are what we're looking for right now.

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.