deps: update runc to 1.1.0

This updates vendored runc/libcontainer to 1.1.0,
and google/cadvisor to a version updated to runc 1.1.0
(google/cadvisor#3048).

Changes in vendor are generated by (roughly):

        ./hack/pin-dependency.sh github.com/google/cadvisor v0.44.0
        ./hack/pin-dependency.sh github.com/opencontainers/runc v1.1.0
        ./hack/update-vendor.sh
        ./hack/lint-dependencies.sh # And follow all its recommendations.
        ./hack/update-vendor.sh
        ./hack/update-internal-modules.sh
        ./hack/lint-dependencies.sh # Re-check everything again.

Co-Authored-By: Kir Kolyshkin <kolyshkin@gmail.com>

vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go

@@ -3,6 +3,7 @@ package systemd
 import (
 	"bufio"
 	"context"
+	"errors"
 	"fmt"
 	"math"
 	"os"
@@ -14,11 +15,11 @@ import (
 
 	systemdDbus "github.com/coreos/go-systemd/v22/dbus"
 	dbus "github.com/godbus/dbus/v5"
+	"github.com/sirupsen/logrus"
+
 	cgroupdevices "github.com/opencontainers/runc/libcontainer/cgroups/devices"
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/devices"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -92,7 +93,7 @@ func groupPrefix(ruleType devices.Type) (string, error) {
 	case devices.CharDevice:
 		return "char-", nil
 	default:
-		return "", errors.Errorf("device type %v has no group prefix", ruleType)
+		return "", fmt.Errorf("device type %v has no group prefix", ruleType)
 	}
 }
 
@@ -142,9 +143,9 @@ func findDeviceGroup(ruleType devices.Type, ruleMajor int64) (string, error) {
 		)
 		if n, err := fmt.Sscanf(line, "%d %s", &currMajor, &currName); err != nil || n != 2 {
 			if err == nil {
-				err = errors.Errorf("wrong number of fields")
+				err = errors.New("wrong number of fields")
 			}
-			return "", errors.Wrapf(err, "scan /proc/devices line %q", line)
+			return "", fmt.Errorf("scan /proc/devices line %q: %w", line, err)
 		}
 
 		if currMajor == ruleMajor {
@@ -152,7 +153,7 @@ func findDeviceGroup(ruleType devices.Type, ruleMajor int64) (string, error) {
 		}
 	}
 	if err := scanner.Err(); err != nil {
-		return "", errors.Wrap(err, "reading /proc/devices")
+		return "", fmt.Errorf("reading /proc/devices: %w", err)
 	}
 	// Couldn't find the device group.
 	return "", nil
@@ -192,12 +193,12 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err
 	configEmu := &cgroupdevices.Emulator{}
 	for _, rule := range r.Devices {
 		if err := configEmu.Apply(*rule); err != nil {
-			return nil, errors.Wrap(err, "apply rule for systemd")
+			return nil, fmt.Errorf("unable to apply rule for systemd: %w", err)
 		}
 	}
 	// systemd doesn't support blacklists. So we log a warning, and tell
 	// systemd to act as a deny-all whitelist. This ruleset will be replaced
-	// with our normal fallback code. This may result in spurrious errors, but
+	// with our normal fallback code. This may result in spurious errors, but
 	// the only other option is to error out here.
 	if configEmu.IsBlacklist() {
 		// However, if we're dealing with an allow-all rule then we can do it.
@@ -213,19 +214,19 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err
 	// whitelist which is the default for devices.Emulator.
 	finalRules, err := configEmu.Rules()
 	if err != nil {
-		return nil, errors.Wrap(err, "get simplified rules for systemd")
+		return nil, fmt.Errorf("unable to get simplified rules for systemd: %w", err)
 	}
 	var deviceAllowList []deviceAllowEntry
 	for _, rule := range finalRules {
 		if !rule.Allow {
 			// Should never happen.
-			return nil, errors.Errorf("[internal error] cannot add deny rule to systemd DeviceAllow list: %v", *rule)
+			return nil, fmt.Errorf("[internal error] cannot add deny rule to systemd DeviceAllow list: %v", *rule)
 		}
 		switch rule.Type {
 		case devices.BlockDevice, devices.CharDevice:
 		default:
 			// Should never happen.
-			return nil, errors.Errorf("invalid device type for DeviceAllow: %v", rule.Type)
+			return nil, fmt.Errorf("invalid device type for DeviceAllow: %v", rule.Type)
 		}
 
 		entry := deviceAllowEntry{
@@ -271,7 +272,7 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err
 			// "_ n:* _" rules require a device group from /proc/devices.
 			group, err := findDeviceGroup(rule.Type, rule.Major)
 			if err != nil {
-				return nil, errors.Wrapf(err, "find device '%v/%d'", rule.Type, rule.Major)
+				return nil, fmt.Errorf("unable to find device '%v/%d': %w", rule.Type, rule.Major, err)
 			}
 			if group == "" {
 				// Couldn't find a group.
@@ -350,7 +351,7 @@ func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Pr
 			// Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit
 			if s != "done" {
 				resetFailedUnit(cm, unitName)
-				return errors.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s)
+				return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s)
 			}
 		case <-timeout.C:
 			resetFailedUnit(cm, unitName)
@@ -449,10 +450,13 @@ func systemdVersionAtoi(verStr string) (int, error) {
 	re := regexp.MustCompile(`v?([0-9]+)`)
 	matches := re.FindStringSubmatch(verStr)
 	if len(matches) < 2 {
-		return 0, errors.Errorf("can't parse version %s: incorrect number of matches %v", verStr, matches)
+		return 0, fmt.Errorf("can't parse version %s: incorrect number of matches %v", verStr, matches)
 	}
 	ver, err := strconv.Atoi(matches[1])
-	return ver, errors.Wrapf(err, "can't parse version %s", verStr)
+	if err != nil {
+		return -1, fmt.Errorf("can't parse version: %w", err)
+	}
+	return ver, nil
 }
 
 func addCpuQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota int64, period uint64) {