Assisted-Service RPM Lockfile Security Refresh: Critical Container Stack Updates

A security-focused pull request has triggered a mandatory refresh of core container runtime dependencies for the assisted-service project on RHEL8. The update, tagged with a [SECURITY] label, systematically bumps versions for nine critical packages, including the container runtime `runc`, container utilities `skopeo` and `containers-common`, and low-level components like `libslirp` and `fuse-overlayfs`. This is not a routine dependency bump; it's a coordinated security response targeting the foundational layers of the container stack.

The changes lock in new module streams from the RHEL 8.10 AppStream repository, moving all packages from the `+23963+b64d8032` module build to `+24081+a04d358a`. The update for `runc` is particularly notable, advancing from version `1.2.9-3` to `1.2.9-4`. This patch-level increment within the same minor version is a classic signature of a security fix, as similar updates have historically addressed critical container escape vulnerabilities. The synchronized refresh across `container-selinux`, `criu`, and `slirp4netns` indicates a broad remediation effort affecting container isolation, networking, and checkpoint/restore capabilities.

For any deployment relying on the `assisted-service-rhel8` image, this lockfile update is a direct signal to rebuild and redeploy. The changes pressure DevOps and security teams to validate that these new, secured module builds are integrated before the next release cycle. Failure to adopt these updates could leave containerized environments exposed to unpatched vulnerabilities in core containerization tools, with the assisted-service—often used in edge and bare-metal provisioning—being a high-value target. The PR's title, 'NO-ISSUE', belies the significant underlying security imperative it enforces.