[release-0.0.99.5] build: Bump github.com/sirupsen/logrus to 1.9.3 #1738
Conversation
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
Summary of ChangesHello @debarshiray, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request performs a crucial dependency upgrade for the Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request correctly bumps the github.com/sirupsen/logrus dependency to version 1.9.3, which mitigates the security vulnerability GHSA-4f99-4q7p-p3gh. The changes in src/go.mod and src/go.sum are correct and reflect the dependency update and the execution of go mod tidy. The changes are sound and address the intended purpose of the pull request.
... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh. The src/go.sum file was updated with 'go mod tidy'. containers#1503 containers#1738 https://github.com/containers/toolbox/security/dependabot/26 (cherry picked from commit efa8da9)
debarshiray
force-pushed
the
wip/rishi/0.0.99.5.x-CVE-2025-65637
branch
from
ee2b964 to
41b71bc
Compare
... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh. The src/go.sum file was updated with 'go mod tidy'. containers#1503 containers#1738 https://github.com/containers/toolbox/security/dependabot/26 (cherry picked from commit 3de56c0)
|
Hey @TristanCacqueray @morucci @nhicher ! Just now I created a new branch called I thought adding job.branches attributes will do the trick; so, I added them in this PR; but it didn't make any difference. Any idea about what might be missing? |
|
Hey @debarshiray, perhaps the branch is not protected? In the config, toolbox CI excludes unprotected branch, see: https://softwarefactory-project.io/cgit/config/tree/resources/toolbox.yaml |
debarshiray
force-pushed
the
wip/rishi/0.0.99.5.x-CVE-2025-65637
branch
from
95bcee1 to
cda60e3
Compare
debarshiray
force-pushed
the
wip/rishi/0.0.99.5.x-CVE-2025-65637
branch
from
95bcee1 to
8c8f9f4
Compare
Thanks for the hint - it did the trick! |
|
Build failed. ❌ unit-test FAILURE in 1m 38s |
debarshiray
changed the title
debarshiray
force-pushed
the
wip/rishi/0.0.99.5.x-CVE-2025-65637
branch
from
8c8f9f4 to
9341a89
Compare
... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh. The src/go.sum file was updated with 'go mod tidy'. containers#1503 containers#1738 https://github.com/containers/toolbox/security/dependabot/26 (cherry picked from commit efa8da9)
... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh. The src/go.sum file was updated with 'go mod tidy'. containers#1503 containers#1738 https://github.com/containers/toolbox/security/dependabot/26 (cherry picked from commit 3de56c0)
debarshiray
force-pushed
the
wip/rishi/0.0.99.5.x-CVE-2025-65637
branch
2 times, most recently
from
4ccc2ff to
96561b3
Compare
... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh. The src/go.sum file was updated with 'go mod tidy'. containers#1503 containers#1738 https://github.com/containers/toolbox/security/dependabot/26 (cherry picked from commit efa8da9)
|
Build succeeded. ✔️ unit-test SUCCESS in 1m 42s |
... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh. The src/go.sum file was updated with 'go mod tidy'. containers#1503 containers#1738 https://github.com/containers/toolbox/security/dependabot/26 (cherry picked from commit 3de56c0)
|
Build succeeded. ✔️ unit-test SUCCESS in 1m 39s |
... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh. The src/go.sum file was updated with 'go mod tidy'. containers#1503 containers#1738 https://github.com/containers/toolbox/security/dependabot/26 (cherry picked from commit efa8da9) (cherry picked from commit 90f3bf281ee743e296da1332b4649fed85e1e579)
... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh. The src/go.sum file was updated with 'go mod tidy'. containers#1503 containers#1738 https://github.com/containers/toolbox/security/dependabot/26 (cherry picked from commit 3de56c0) (cherry picked from commit 67e469515d2dbcb8538755a538b40695b52d40e6)
The working directory from which bats(1) is invoked might not be part of
the Toolbx container. eg., the downstream Fedora CI invokes the tests
as:
$ cd /path/to/toolbox/test/system
$ bats .
... and it led to:
not ok 8 help: Try unknown command (forwarded to host)
# tags: commands-options
# (from function `assert_line' in file
./libs/bats-assert/src/assert.bash, line 488,
# in test file ./002-help.bats, line 135)
# `assert_line --index 0
"Error: unknown command \"foo\" for \"toolbox\""' failed
#
# -- line differs --
# index : 0
# expected : Error: unknown command "foo" for "toolbox"
# actual : Error: crun: chdir to `/usr/share/toolbox/test/system`:
No such file or directory: OCI runtime attempted to invoke a
command that was not found
# --
#
containers#1560
containers#1745
(backported from commit 1e90c72)
The system tests can be very I/O intensive, because many of them copy OCI images from the test suite's image cache directory to its local container/storage store, create containers, and then delete everything to run the next test with a clean slate. This makes them slow. In the case of these two particular tests, toolbox(1) is supposed to validate the command line options before trying to find the image. So, there's no need to copy the image from the test suite's image cache directory to its local container/storage store. Fallout from 32b147b containers#1595 containers#1745 (backported from commit adc8650)
Fedora 39 reached End of Life on 26th November 2024: https://docs.fedoraproject.org/en-US/releases/eol/ containers#1602 containers#1745 (backported from commit 0bb4ff8)
containers#1619 containers#1745 (backported from commit c2520f2)
The system tests can be very I/O intensive, because many of them copy OCI images from the test suite's image cache directory to its local container/storage store, create containers, and then delete everything to run the next test with a clean slate. This makes them slow. The runtime environment tests, which includes the group and user tests, are particularly slow because they don't skip the I/O even when testing error handling. This makes them a good target for optimizations. The group and user tests check the group and user configuration in different containers without changing their state. Therefore, a lot of disk I/O can be avoided by creating these containers only once for all the tests. This can reduce the time needed to run the group and user tests from almost 22 minutes to almost 5 minutes. containers#1635 containers#1746 (backported from commit 3017a46)
Fedora 40 reached End of Life on 13th May 2025: https://docs.fedoraproject.org/en-US/releases/eol/ containers#1650 containers#1746 (backported from commit 7cfe9a7)
containers#1730 containers#1746 (backported from commit 431f7f0)
Fedora 41 reached End of Life on 15th December 2025: https://docs.fedoraproject.org/en-US/releases/eol/ containers#1733 containers#1746 (backported from commit 36605d8)
The GitHub Actions workflows for building and publishing the images were removed because the image definitions were removed from this branch [1]. [1] Commit f2b2a18 containers@f2b2a18ddef288a3 containers#1739 containers#1746
... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh. The src/go.sum file was updated with 'go mod tidy'. containers#1503 containers#1738 https://github.com/containers/toolbox/security/dependabot/26 (cherry picked from commit efa8da9)
debarshiray
force-pushed
the
wip/rishi/0.0.99.5.x-CVE-2025-65637
branch
from
4cd5fb5 to
b307bd9
Compare
|
Build succeeded. ✔️ unit-test SUCCESS in 1m 45s |
2 participants
... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh.
The src/go.sum file was updated with
go mod tidy.#1503
https://github.com/containers/toolbox/security/dependabot/26
(cherry picked from commits 3de56c0 and efa8da9)