runtime-rs: Update containerd-shim / containerd-shim-protos

Let's bump those to their 0.10.0 releases, which contain fixes for the
CVE-2025-53605.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>

src/runtime-rs/Cargo.lock

@@ -549,16 +549,6 @@ dependencies = [
  "cc",
 ]
 
-[[package]]
-name = "command-fds"
-version = "0.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f190f3c954f7bca3c6296d0ec561c739bdbe6c7e990294ed168d415f6e1b5b01"
-dependencies = [
- "nix 0.27.1",
- "thiserror 1.0.69",
-]
-
 [[package]]
 name = "common"
 version = "0.1.0"
@@ -629,45 +619,45 @@ checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2"
 
 [[package]]
 name = "containerd-shim"
-version = "0.6.0"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "063d0e137d508846210c2f8b6c6dc3db9f1abd4c20b0a9aecdb962385dcb7899"
+checksum = "3b16da01f5ea209d00a0a53342a748491e2b50b1d8cfa96e0c5c5f262f3dd270"
 dependencies = [
  "async-trait",
  "cgroups-rs 0.3.4",
- "command-fds",
  "containerd-shim-protos",
  "futures 0.3.28",
  "go-flag",
  "lazy_static",
  "libc",
  "log",
- "mio 0.8.11",
+ "mio 1.0.3",
- "nix 0.27.1",
+ "nix 0.29.0",
- "oci-spec 0.6.8",
+ "oci-spec 0.7.1",
- "os_pipe",
  "page_size",
  "prctl",
  "serde",
  "serde_json",
+ "sha2 0.10.9",
  "signal-hook",
- "signal-hook-tokio",
+ "tempfile",
- "thiserror 1.0.69",
+ "thiserror 2.0.11",
  "time",
  "tokio",
- "windows-sys 0.48.0",
+ "which 7.0.3",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
 name = "containerd-shim-protos"
-version = "0.6.0"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "967dbd2804aceb398bd7d867410342d68b9d74c1fead823ad8353b3ab5f23eb7"
+checksum = "de174e763d62b6b1aaed7d9ec7f21369e18d4f4098ae1f11f2ea1a3eb4a31c61"
 dependencies = [
  "async-trait",
  "protobuf 3.7.2",
  "ttrpc",
- "ttrpc-codegen 0.4.2",
+ "ttrpc-codegen 0.6.0",
 ]
 
 [[package]]
@@ -1188,7 +1178,7 @@ dependencies = [
  "log",
  "nix 0.24.3",
  "procfs 0.12.0",
- "prometheus",
+ "prometheus 0.14.0",
  "seccompiler",
  "serde",
  "serde_derive",
@@ -1219,6 +1209,12 @@ dependencies = [
  "cfg-if 1.0.0",
 ]
 
+[[package]]
+name = "env_home"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c7f84e12ccf0a7ddc17a6c41c93326024c42920d7ee630d04950e6926645c0fe"
+
 [[package]]
 name = "epoll"
 version = "4.3.1"
@@ -1745,7 +1741,7 @@ dependencies = [
  "httpdate",
  "itoa",
  "pin-project-lite",
- "socket2 0.4.9",
+ "socket2 0.5.7",
  "tokio",
  "tower-service",
  "tracing",
@@ -2236,6 +2232,12 @@ version = "0.3.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519"
 
+[[package]]
+name = "linux-raw-sys"
+version = "0.4.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
+
 [[package]]
 name = "linux-raw-sys"
 version = "0.9.4"
@@ -2386,6 +2388,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd"
 dependencies = [
  "libc",
+ "log",
  "wasi 0.11.0+wasi-snapshot-preview1",
  "windows-sys 0.52.0",
 ]
@@ -2568,18 +2571,6 @@ dependencies = [
  "pin-utils",
 ]
 
-[[package]]
-name = "nix"
-version = "0.27.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053"
-dependencies = [
- "bitflags 2.9.0",
- "cfg-if 1.0.0",
- "libc",
- "memoffset 0.9.0",
-]
-
 [[package]]
 name = "nix"
 version = "0.29.0"
@@ -2590,6 +2581,7 @@ dependencies = [
  "cfg-if 1.0.0",
  "cfg_aliases",
  "libc",
+ "memoffset 0.9.0",
 ]
 
 [[package]]
@@ -2755,19 +2747,18 @@ dependencies = [
 
 [[package]]
 name = "oci-spec"
-version = "0.6.8"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f5a3fe998d50101ae009351fec56d88a69f4ed182e11000e711068c2f5abf72"
+checksum = "da406e58efe2eb5986a6139626d611ce426e5324a824133d76367c765cf0b882"
 dependencies = [
  "derive_builder",
  "getset",
- "once_cell",
  "regex",
  "serde",
  "serde_json",
  "strum 0.26.3",
  "strum_macros 0.26.4",
- "thiserror 1.0.69",
+ "thiserror 2.0.11",
 ]
 
 [[package]]
@@ -2964,16 +2955,6 @@ dependencies = [
  "hashbrown 0.12.3",
 ]
 
-[[package]]
-name = "os_pipe"
-version = "1.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57119c3b893986491ec9aa85056780d3a0f3cf4da7cc09dd3650dbd6c6738fb9"
-dependencies = [
- "libc",
- "windows-sys 0.52.0",
-]
-
 [[package]]
 name = "overload"
 version = "0.1.1"
@@ -3292,6 +3273,28 @@ dependencies = [
  "rustix 0.36.17",
 ]
 
+[[package]]
+name = "procfs"
+version = "0.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cc5b72d8145275d844d4b5f6d4e1eef00c8cd889edb6035c21675d1bb1f45c9f"
+dependencies = [
+ "bitflags 2.9.0",
+ "hex",
+ "procfs-core",
+ "rustix 0.38.44",
+]
+
+[[package]]
+name = "procfs-core"
+version = "0.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "239df02d8349b06fc07398a3a1697b06418223b1c7725085e801e7c0fc6a12ec"
+dependencies = [
+ "bitflags 2.9.0",
+ "hex",
+]
+
 [[package]]
 name = "prometheus"
 version = "0.13.3"
@@ -3309,6 +3312,23 @@ dependencies = [
  "thiserror 1.0.69",
 ]
 
+[[package]]
+name = "prometheus"
+version = "0.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3ca5326d8d0b950a9acd87e6a3f94745394f62e4dae1b1ee22b2bc0c394af43a"
+dependencies = [
+ "cfg-if 1.0.0",
+ "fnv",
+ "lazy_static",
+ "libc",
+ "memchr",
+ "parking_lot",
+ "procfs 0.17.0",
+ "protobuf 3.7.2",
+ "thiserror 2.0.11",
+]
+
 [[package]]
 name = "prost"
 version = "0.8.0"
@@ -3334,7 +3354,7 @@ dependencies = [
  "prost",
  "prost-types",
  "tempfile",
- "which",
+ "which 4.4.0",
 ]
 
 [[package]]
@@ -3414,7 +3434,7 @@ dependencies = [
  "protobuf-support",
  "tempfile",
  "thiserror 1.0.69",
- "which",
+ "which 4.4.0",
 ]
 
 [[package]]
@@ -3436,7 +3456,7 @@ dependencies = [
  "serde",
  "serde_json",
  "ttrpc",
- "ttrpc-codegen 0.5.0",
+ "ttrpc-codegen 0.6.0",
 ]
 
 [[package]]
@@ -3850,7 +3870,7 @@ dependencies = [
  "opentelemetry-jaeger",
  "persist",
  "procfs 0.12.0",
- "prometheus",
+ "prometheus 0.13.3",
  "resource",
  "runtime-spec",
  "serde_json",
@@ -3926,6 +3946,19 @@ dependencies = [
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "rustix"
+version = "0.38.44"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
+dependencies = [
+ "bitflags 2.9.0",
+ "errno",
+ "libc",
+ "linux-raw-sys 0.4.15",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "rustix"
 version = "1.0.7"
@@ -4311,18 +4344,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "signal-hook-tokio"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "213241f76fb1e37e27de3b6aa1b068a2c333233b59cca6634f634b80a27ecf1e"
-dependencies = [
- "futures-core",
- "libc",
- "signal-hook",
- "tokio",
-]
-
 [[package]]
 name = "simdutf8"
 version = "0.1.5"
@@ -5005,15 +5026,14 @@ dependencies = [
 
 [[package]]
 name = "ttrpc-codegen"
-version = "0.5.0"
+version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cdc0529f65223eca94fc5830e7d552d0d152ff42b74aff5c641edac39592f41f"
+checksum = "0e5c657ef5cea6f6c6073c1be0787ba4482f42a569d4821e467daec795271f86"
 dependencies = [
- "home",
+ "protobuf 3.7.2",
- "protobuf 2.28.0",
  "protobuf-codegen 3.7.2",
  "protobuf-support",
- "ttrpc-compiler 0.7.0",
+ "ttrpc-compiler 0.8.0",
 ]
 
 [[package]]
@@ -5033,17 +5053,16 @@ dependencies = [
 
 [[package]]
 name = "ttrpc-compiler"
-version = "0.7.0"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9be3fb2fe509cb9c0099b3b5551b759ae714f2dde56dfc713f2a5bda8c16064a"
+checksum = "3aa71f4a44711b3b9cc10ed0c7e239ff0fe4b8e6c900a142fb3bb26401385718"
 dependencies = [
  "derive-new",
- "home",
  "prost",
  "prost-build",
  "prost-types",
- "protobuf 2.28.0",
+ "protobuf 3.7.2",
- "protobuf-codegen 2.28.0",
+ "protobuf-codegen 3.7.2",
  "tempfile",
 ]
 
@@ -5423,6 +5442,18 @@ dependencies = [
  "once_cell",
 ]
 
+[[package]]
+name = "which"
+version = "7.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "24d643ce3fd3e5b54854602a080f34fb10ab75e0b813ee32d00ca2b44fa74762"
+dependencies = [
+ "either",
+ "env_home",
+ "rustix 1.0.7",
+ "winsafe",
+]
+
 [[package]]
 name = "winapi"
 version = "0.3.9"
@@ -5746,6 +5777,12 @@ dependencies = [
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "winsafe"
+version = "0.0.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d135d17ab770252ad95e9a872d365cf3090e3be864a34ab46f48555993efc904"
+
 [[package]]
 name = "wit-bindgen-rt"
 version = "0.39.0"

src/runtime-rs/Cargo.toml

@@ -49,8 +49,8 @@ dbs-utils = { path = "../dragonball/dbs_utils" }
 actix-rt = "2.7.0"
 anyhow = "1.0"
 async-trait = "0.1.48"
-containerd-shim = { version = "0.6.0", features = ["async"] }
+containerd-shim = { version = "0.10.0", features = ["async"] }
-containerd-shim-protos = { version = "0.6.0", features = ["async"] }
+containerd-shim-protos = { version = "0.10.0", features = ["async"] }
 go-flag = "0.1.0"
 hyper = "0.14.20"
 hyperlocal = "0.8.0"

src/runtime-rs/crates/service/src/manager.rs

@@ -139,12 +139,12 @@ impl ServiceManager {
 
     fn registry_service(&mut self) -> Result<()> {
         if let Some(s) = self.server.take() {
-            let sandbox_service = Arc::new(Box::new(SandboxService::new(self.handler.clone()))
+            let sandbox_service: Arc<dyn sandbox_async::Sandbox + Send + Sync> =
-                as Box<dyn sandbox_async::Sandbox + Send + Sync>);
+                Arc::new(SandboxService::new(self.handler.clone()));
             let s = s.register_service(sandbox_async::create_sandbox(sandbox_service));
 
-            let task_service = Arc::new(Box::new(TaskService::new(self.handler.clone()))
+            let task_service: Arc<dyn shim_async::Task + Send + Sync> =
-                as Box<dyn shim_async::Task + Send + Sync>);
+                Arc::new(TaskService::new(self.handler.clone()));
             let s = s.register_service(shim_async::create_task(task_service));
             self.server = Some(s);
         }