Skip to content

bob: fix vulnerable dependencies#307213

Merged
Artturin merged 1 commit into
NixOS:masterfrom
katexochen:bob/vuln
May 3, 2024
Merged

bob: fix vulnerable dependencies#307213
Artturin merged 1 commit into
NixOS:masterfrom
katexochen:bob/vuln

Conversation

@katexochen

@katexochen katexochen commented Apr 27, 2024
edited
Loading

Copy link
Copy Markdown
Member

Description of changes

See upstream PR for details: benchkram/bob#387

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@katexochen katexochen added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-23.11 labels Apr 27, 2024
@ofborg ofborg Bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Apr 27, 2024
LeSuisse
LeSuisse reviewed Apr 27, 2024
View reviewed changes

@LeSuisse LeSuisse left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cannot we use the PR you made upstream instead of marking it with knownVulnerabilities?

From the quick glance it does not seem to contains major upgrades so it should be safe.

@katexochen katexochen changed the title bob: add known vulnerabilities bob: fix vulnerable dependencies Apr 29, 2024
@katexochen

katexochen commented Apr 29, 2024

Copy link
Copy Markdown
Member Author

Cannot we use the PR you made upstream instead of marking it with knownVulnerabilities?

From the quick glance it does not seem to contains major upgrades so it should be safe.

Yah, patch didn't apply, needed to backport it. Not sure how to handle these findings in general, I have a ton more laying around.

@ofborg ofborg Bot requested a review from zuzuleinen April 29, 2024 07:14
@ofborg ofborg Bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. and removed 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Apr 29, 2024
LeSuisse
LeSuisse reviewed May 3, 2024
View reviewed changes
Comment thread pkgs/development/tools/build-managers/bob/default.nix Outdated
@katexochen
bob: fix vulnerable dependencies
39d2766 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
@katexochen katexochen requested a review from LeSuisse May 3, 2024 14:43
@nicoonoclaste nicoonoclaste added the 12.approvals: 1 This PR was reviewed and approved by one person. label May 3, 2024
@Artturin Artturin merged commit 17a5dca into NixOS:master May 3, 2024
@github-actions github-actions Bot mentioned this pull request May 3, 2024
Merged
1 task
@github-actions

github-actions Bot commented May 3, 2024

Copy link
Copy Markdown
Contributor

Successfully created backport PR for release-23.11:

@katexochen katexochen deleted the bob/vuln branch May 3, 2024 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leona-ya leona-ya leona-ya left review comments

@nicoonoclaste nicoonoclaste nicoonoclaste approved these changes

@zuzuleinen zuzuleinen Awaiting requested review from zuzuleinen

@LeSuisse LeSuisse Awaiting requested review from LeSuisse

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@katexochen @LeSuisse @nicoonoclaste @leona-ya @Artturin