From c6fb1cca7f616a4e4f95c2d03f86d8012f579129 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 18 Jan 2024 19:13:05 +0000 Subject: [PATCH 001/235] flannel-cni-plugin/1.4.0-flannel1 package update --- flannel-cni-plugin.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flannel-cni-plugin.yaml b/flannel-cni-plugin.yaml index df5d6a5cddb..0be3fe903bc 100644 --- a/flannel-cni-plugin.yaml +++ b/flannel-cni-plugin.yaml @@ -1,7 +1,7 @@ package: name: flannel-cni-plugin - version: 1.2.0 - epoch: 5 + version: 1.4.0-flannel1 + epoch: 0 description: flannel cni plugin copyright: - license: Apache-2.0 @@ -19,7 +19,7 @@ pipeline: with: repository: https://github.com/flannel-io/cni-plugin tag: v${{package.version}} - expected-commit: 6464faacf5c00e25321573225d74638455ef03a0 + expected-commit: 28a4dca643b328ced681a5f9b587f2591b7bb4ce - runs: | # Ensure we build statically since CNI plugins often get moved onto the From 8f973e005176d12290a1f1e0e8d51be57aebbe51 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 30 Jan 2024 18:15:09 +0000 Subject: [PATCH 002/235] vault-1.14/1.14.9 package update --- vault-1.14.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/vault-1.14.yaml b/vault-1.14.yaml index dab9161f4ee..4f1c7b08736 100644 --- a/vault-1.14.yaml +++ b/vault-1.14.yaml @@ -1,8 +1,8 @@ # package.dependecies.provides uses 1.14.999 because we had a 1.14.1 vault package, remove in 1.15+ package: name: vault-1.14 - version: 1.14.8 - epoch: 2 + version: 1.14.9 + epoch: 0 description: Tool for encryption as a service, secrets and privileged access management copyright: - license: MPL-2.0 @@ -24,14 +24,10 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 446f213c47cabf47d52d065647ef666ce4bf8692 + expected-commit: 7c9990adc7b56d27ef5f461ee484764643ba16f7 repository: https://github.com/hashicorp/vault tag: v${{package.version}} - - uses: go/bump - with: - deps: golang.org/x/crypto@v0.17.0 github.com/dvsekhvalnov/jose2go@v1.5.1-0.20231206184617-48ba0b76bc88 github.com/cloudflare/circl@v1.3.7 - - runs: | go generate $(go list ./... | grep -v /vendor/) From 9776c71c2ca2d8990a1949787e68245d5124f583 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 5 Feb 2024 03:08:26 +0000 Subject: [PATCH 003/235] gc/8.2.6 package update --- gc.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gc.yaml b/gc.yaml index 4bc99c2433d..e49e933ad9a 100644 --- a/gc.yaml +++ b/gc.yaml @@ -1,6 +1,6 @@ package: name: gc - version: 8.2.4 + version: 8.2.6 epoch: 0 description: garbage collector for C and C++ copyright: @@ -18,7 +18,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 3d0d3cdbe077403d3106bb40f0cbb563413d6efdbb2a7e1cd6886595dec48fc2 + expected-sha256: b9183fe49d4c44c7327992f626f8eaa1d8b14de140f243edb1c9dcff7719a7fc uri: https://github.com/ivmai/bdwgc/releases/download/v${{package.version}}/gc-${{package.version}}.tar.gz - runs: | From 707390848494233f1bcfecbbbaa9053f80b330ce Mon Sep 17 00:00:00 2001 From: James Rawlings Date: Wed, 7 Feb 2024 09:06:09 +0000 Subject: [PATCH 004/235] Fix license Signed-off-by: James Rawlings --- gc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gc.yaml b/gc.yaml index e49e933ad9a..5188d964b49 100644 --- a/gc.yaml +++ b/gc.yaml @@ -4,7 +4,7 @@ package: epoch: 0 description: garbage collector for C and C++ copyright: - - license: custom:GPL-like + - license: LicenseRef-GC-MIT-style environment: contents: From 2360819fc5f08c4ec2819760f424a66d2adb42ef Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 7 Feb 2024 21:14:40 +0000 Subject: [PATCH 005/235] skaffold/2.10.1 package update --- skaffold.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/skaffold.yaml b/skaffold.yaml index 9ff02a91442..8af26be4fb2 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -1,7 +1,7 @@ package: name: skaffold - version: 2.10.0 - epoch: 3 + version: 2.10.1 + epoch: 0 description: Easy and Repeatable Kubernetes Development copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: cbc665bfc1fe7253df466e70dd48e3851d935a3e + expected-commit: df0264229733d654ae0f43466e760dae936b12e7 repository: https://github.com/GoogleContainerTools/skaffold tag: v${{package.version}} From c94af634f3f6a87bd8d7f86a97b392ec292f6ec1 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 13 Feb 2024 18:16:15 +0000 Subject: [PATCH 006/235] ruby3.2-jruby-openssl/0.14.3 package update --- ruby3.2-jruby-openssl.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ruby3.2-jruby-openssl.yaml b/ruby3.2-jruby-openssl.yaml index d790fc687e0..0fa494b5c6e 100644 --- a/ruby3.2-jruby-openssl.yaml +++ b/ruby3.2-jruby-openssl.yaml @@ -1,7 +1,7 @@ # Generated from https://github.com/jruby/jruby-openssl package: name: ruby3.2-jruby-openssl - version: 0.14.2 + version: 0.14.3 epoch: 0 description: JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. copyright: @@ -24,7 +24,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: b0ca8d8a0d5cb58ca7f8b9e37eb1fda69bfeba7a + expected-commit: 055f5756c424276a1ecf0ec7327a049bb147ea9a repository: https://github.com/jruby/jruby-openssl tag: v${{package.version}} From b5cc474d178fac70c5e77b181fcd4d2791d0acff Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 14 Feb 2024 17:26:01 +0000 Subject: [PATCH 007/235] gitlab-exporter/14.3.0 package update --- gitlab-exporter.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitlab-exporter.yaml b/gitlab-exporter.yaml index 5be6829e083..3423eb61e7d 100644 --- a/gitlab-exporter.yaml +++ b/gitlab-exporter.yaml @@ -4,8 +4,8 @@ #nolint:git-checkout-must-use-github-updates package: name: gitlab-exporter - version: 14.2.0 - epoch: 1 + version: 14.3.0 + epoch: 0 description: GitLab Exporter is a Prometheus Web exporter. copyright: - license: MIT From 31c0ae8d5a20ef8066189848b2efedc796712388 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 14 Feb 2024 23:15:22 +0000 Subject: [PATCH 008/235] aws-crt-cpp/0.26.2 package update --- aws-crt-cpp.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws-crt-cpp.yaml b/aws-crt-cpp.yaml index 6f7f24fbeb8..1464c1ef728 100644 --- a/aws-crt-cpp.yaml +++ b/aws-crt-cpp.yaml @@ -1,6 +1,6 @@ package: name: aws-crt-cpp - version: 0.26.1 + version: 0.26.2 epoch: 0 description: "C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++" copyright: @@ -32,7 +32,7 @@ pipeline: with: repository: https://github.com/awslabs/aws-crt-cpp tag: v${{package.version}} - expected-commit: c499dffd57058c1fe9c28bb56e720f4181ba5a7e + expected-commit: e4514b7fb8b1fe67429aa7b0e00f628999722174 - runs: | if [ "$CBUILD" != "$CHOST" ]; then From 138e785144b853f5143075adb13e9dfd78fb4b2d Mon Sep 17 00:00:00 2001 From: ajayk Date: Tue, 20 Feb 2024 17:34:02 -0800 Subject: [PATCH 009/235] cassandra-4.1: move cassandra to version stream --- cassandra-4.1.yaml | 84 ++++++++++++++++++++++++++++++++++ cassandra-4.1/build.properties | 1 + cassandra-4.1/bumpdeps.patch | 22 +++++++++ 3 files changed, 107 insertions(+) create mode 100644 cassandra-4.1.yaml create mode 100644 cassandra-4.1/build.properties create mode 100644 cassandra-4.1/bumpdeps.patch diff --git a/cassandra-4.1.yaml b/cassandra-4.1.yaml new file mode 100644 index 00000000000..c35151644c6 --- /dev/null +++ b/cassandra-4.1.yaml @@ -0,0 +1,84 @@ +package: + name: cassandra-4.1 + version: 4.1.4 + epoch: 0 + description: Open Source NoSQL Database + copyright: + - license: Apache-2.0 + dependencies: + runtime: + - python-3.11 # needed for cqlsh + provides: + - cassandra=${{package.full-version}} + +environment: + contents: + packages: + - ant + - bash + - build-base + - busybox + - ca-certificates-bundle + - openjdk-11-default-jvm + - python-3.11 + environment: + JAVA_HOME: /usr/lib/jvm/java-11-openjdk + CASSANDRA_USE_JDK11: true + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/apache/cassandra + expected-commit: 99d9faeef57c9cf5240d11eac9db5b283e45a4f9 + tag: cassandra-${{package.version}} + + - uses: patch + with: + # Bumps snakeyaml and jackson-databind to mitigate a bunch of CVEs + patches: bumpdeps.patch + + - runs: | + ant artifacts -Dversion=${{package.version}} + + # Install cassandra from the tarball in build/dist into the destdir in /usr/share/java/cassandra + mkdir -p "${{targets.destdir}}"/usr/share/java/cassandra + tar --strip-components 1 -C "${{targets.destdir}}"/usr/share/java/cassandra -xzf build/apache-cassandra-${{package.version}}-bin.tar.gz + + # Symlink everything in the cassandra bin directory into /usr/bin + mkdir -p "${{targets.destdir}}"/usr/bin/ + + for f in /home/build/build/dist/bin/*; do + filename=$(basename "$f") + ln -sf /usr/share/java/cassandra/bin/"$filename" "${{targets.destdir}}"/usr/bin/"$filename" + done + + mkdir -p ${{targets.destdir}}/var/lib/cassandra + mkdir -p ${{targets.destdir}}/var/log/cassandra + + ln -sT /var/lib/cassandra/ "${{targets.destdir}}"/usr/share/java/cassandra/data + ln -sT /var/log/cassandra/ "${{targets.destdir}}"/usr/share/java/cassandra/logs + +subpackages: + - name: ${{package.name}}-compat + pipeline: + - runs: | + install -d ${{targets.subpkgdir}}/etc/cassandra + mkdir -p ${{targets.subpkgdir}}/opt + ln -sf /usr/share/java/cassandra ${{targets.subpkgdir}}/opt/cassandra + +update: + enabled: true + github: + identifier: apache/cassandra + use-tag: true + tag-filter-prefix: cassandra-4 + strip-prefix: cassandra- + +test: + environment: + contents: + packages: + - wolfi-base + pipeline: + - runs: | + cqlsh --version diff --git a/cassandra-4.1/build.properties b/cassandra-4.1/build.properties new file mode 100644 index 00000000000..b2d68fdae8e --- /dev/null +++ b/cassandra-4.1/build.properties @@ -0,0 +1 @@ +artifact.remoteRepository.central=https://maven-central.storage-download.googleapis.com/repos/central/data/ \ No newline at end of file diff --git a/cassandra-4.1/bumpdeps.patch b/cassandra-4.1/bumpdeps.patch new file mode 100644 index 00000000000..edaf52d434f --- /dev/null +++ b/cassandra-4.1/bumpdeps.patch @@ -0,0 +1,22 @@ +diff --git a/build.xml b/build.xml +index d2d5974cd6..34778edc10 100644 +--- a/build.xml ++++ b/build.xml +@@ -555,7 +555,7 @@ + + + +- ++ + + + +@@ -564,7 +564,7 @@ + + + +- ++ + + + From 1d2168aa29b01940517b5d730fc3b2794442abea Mon Sep 17 00:00:00 2001 From: Sam Singh Anantha Date: Wed, 21 Feb 2024 16:45:17 -0500 Subject: [PATCH 010/235] create grafana-agent-operator package --- grafana-agent-operator.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 grafana-agent-operator.yaml diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml new file mode 100644 index 00000000000..3bce1240b58 --- /dev/null +++ b/grafana-agent-operator.yaml @@ -0,0 +1,29 @@ +package: + name: grafana-agent-operator + version: 0.39.2 + epoch: 0 + description: Grafana Agent Operator is a Kubernetes operator for the static mode of Grafana Agent. It makes it easier to deploy and configure static mode to collect telemetry data from Kubernetes resources. + copyright: + - license: Apache-2.0 + +environment: + contents: + packages: + - go + - busybox + - ca-certificates-bundle + environment: + CGO_ENABLED: "0" + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/grafana/agent + tag: v${{package.version}} + expected-commit: deae3f86639564d7ac7b3cd7b424e8e0e8733898 + - uses: go/build + with: + packages: ./cmd/grafana-agent-operator + output: grafana-agent-operator + ldflags: -s -w + - uses: strip \ No newline at end of file From c54720d11817157833eccaccd5c2c4c22ef34b08 Mon Sep 17 00:00:00 2001 From: Sam Singh Anantha Date: Wed, 21 Feb 2024 16:59:59 -0500 Subject: [PATCH 011/235] add update yaml block --- grafana-agent-operator.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml index 3bce1240b58..a5cfe83e127 100644 --- a/grafana-agent-operator.yaml +++ b/grafana-agent-operator.yaml @@ -26,4 +26,13 @@ pipeline: packages: ./cmd/grafana-agent-operator output: grafana-agent-operator ldflags: -s -w - - uses: strip \ No newline at end of file + - uses: strip + +update: + enabled: true + ignore-regex-patterns: + - '-rc' + github: + identifier: grafana/agent + strip-prefix: v + use-tag: true \ No newline at end of file From cfeaa7482770e8c637c85cf4e0756c47c66e447b Mon Sep 17 00:00:00 2001 From: Sam Singh Anantha Date: Wed, 21 Feb 2024 17:02:13 -0500 Subject: [PATCH 012/235] add eof --- grafana-agent-operator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml index a5cfe83e127..6abb17f3b6f 100644 --- a/grafana-agent-operator.yaml +++ b/grafana-agent-operator.yaml @@ -35,4 +35,4 @@ update: github: identifier: grafana/agent strip-prefix: v - use-tag: true \ No newline at end of file + use-tag: true From efd97e1f6aed8966dce606cdf83767cc87a06aef Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Fri, 23 Feb 2024 00:15:36 +0000 Subject: [PATCH 013/235] xorg-server/21.1.11 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- xorg-server.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xorg-server.yaml b/xorg-server.yaml index c3cadfb3a35..43d7d5260c2 100644 --- a/xorg-server.yaml +++ b/xorg-server.yaml @@ -1,7 +1,7 @@ package: name: xorg-server - version: 21.1.10 - epoch: 5 + version: 21.1.11 + epoch: 0 description: "X Server" copyright: - license: SGI-B-2.0 @@ -56,7 +56,7 @@ pipeline: - uses: fetch with: uri: https://www.x.org/releases/individual/xserver/xorg-server-${{package.version}}.tar.xz - expected-sha256: ceb0b3a2efc57ac3ccf388d3dc88b97615068639fb284d469689ae3d105611d0 + expected-sha256: 1d3dadbd57fb86b16a018e9f5f957aeeadf744f56c0553f55737628d06d326ef - uses: patch # We can remove this once we update to 21.1.11. with: From 553e1d3e8187b59c8bd14d17615bca90456842f3 Mon Sep 17 00:00:00 2001 From: Ajay Kemparaj Date: Thu, 22 Feb 2024 16:43:55 -0800 Subject: [PATCH 014/235] Update xorg-server.yaml --- xorg-server.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/xorg-server.yaml b/xorg-server.yaml index 43d7d5260c2..93130be7998 100644 --- a/xorg-server.yaml +++ b/xorg-server.yaml @@ -58,18 +58,6 @@ pipeline: uri: https://www.x.org/releases/individual/xserver/xorg-server-${{package.version}}.tar.xz expected-sha256: 1d3dadbd57fb86b16a018e9f5f957aeeadf744f56c0553f55737628d06d326ef - - uses: patch # We can remove this once we update to 21.1.11. - with: - patches: CVE-2023-6816.patch - - - uses: patch # We can remove this once we update to 21.1.11. - with: - patches: CVE-2024-0408.patch - - - uses: patch # We can remove this once we update to 21.1.11. - with: - patches: CVE-2024-0409.patch - - uses: autoconf/configure with: opts: | From 3f813e2db2be97cb996e8b50d25b7b4c74e8bc2e Mon Sep 17 00:00:00 2001 From: Sam Singh Anantha Date: Fri, 23 Feb 2024 16:45:53 -0500 Subject: [PATCH 015/235] format yaml --- grafana-agent-operator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml index 6abb17f3b6f..f51b7263b24 100644 --- a/grafana-agent-operator.yaml +++ b/grafana-agent-operator.yaml @@ -31,7 +31,7 @@ pipeline: update: enabled: true ignore-regex-patterns: - - '-rc' + - "-rc" github: identifier: grafana/agent strip-prefix: v From 0e08c04e0f73d15a7b633bfe03334ee429f0c5ce Mon Sep 17 00:00:00 2001 From: Sam Singh Anantha Date: Fri, 23 Feb 2024 17:34:17 -0500 Subject: [PATCH 016/235] fix formatting for go --- grafana-agent-operator.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml index f51b7263b24..1b4ff4557e9 100644 --- a/grafana-agent-operator.yaml +++ b/grafana-agent-operator.yaml @@ -9,9 +9,9 @@ package: environment: contents: packages: - - go - busybox - ca-certificates-bundle + - go environment: CGO_ENABLED: "0" @@ -21,11 +21,13 @@ pipeline: repository: https://github.com/grafana/agent tag: v${{package.version}} expected-commit: deae3f86639564d7ac7b3cd7b424e8e0e8733898 + - uses: go/build with: packages: ./cmd/grafana-agent-operator output: grafana-agent-operator ldflags: -s -w + - uses: strip update: From c5f14f624633049641482fd108dbad2d9fbf1b52 Mon Sep 17 00:00:00 2001 From: ajayk Date: Fri, 23 Feb 2024 16:09:27 -0800 Subject: [PATCH 017/235] envoy-1.29: version stream --- envoy-1.29.yaml | 94 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 envoy-1.29.yaml diff --git a/envoy-1.29.yaml b/envoy-1.29.yaml new file mode 100644 index 00000000000..54d797e96f7 --- /dev/null +++ b/envoy-1.29.yaml @@ -0,0 +1,94 @@ +package: + name: envoy-1.29 + version: 1.29.1 + epoch: 0 + description: Cloud-native high-performance edge/middle/service proxy + copyright: + - license: Apache-2.0 + dependencies: + provides: + - envoy=${{package.full-version}} + +environment: + contents: + packages: + - bash + - bazel-6 + - binutils + - build-base + - busybox + - ca-certificates-bundle + - clang~15 + - cmake + - coreutils + - git + - libtool + - llvm-libcxx-15 + - llvm-libcxx-15-dev + - llvm-libcxxabi-15 + - llvm-lld-15 + - llvm15 + - llvm15-cmake-default + - llvm15-dev + - llvm15-tools + - openjdk-11 + - patch + - python3-dev + - samurai + - wolfi-baselayout + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/envoyproxy/envoy + tag: v${{package.version}} + expected-commit: 4fda4d79d06e1bd59e591be3f348223495083648 + destination: envoy + + - runs: | + export JAVA_HOME=/usr/lib/jvm/java-11-openjdk + mkdir -p .cache/bazel/_bazel_root + + cd envoy + # The Python interpreter complains about being run as root, there's a flag to pass to disable that warning. + sed -i 's/envoy_dependencies_extra()/envoy_dependencies_extra(ignore_root_user_error=True)/g' WORKSPACE + + ./bazel/setup_clang.sh /usr + echo "build --config=libc++" >> user.bazelrc + + bazel build --verbose_failures -c opt envoy + + mkdir -p ${{targets.destdir}}/usr/bin/ + mv bazel-bin/source/exe/envoy-static ${{targets.destdir}}/usr/bin/envoy + + # We no longer need this cache dir, which has some writable files. + rm -rf ../.cache/bazel/_bazel_root + + - uses: strip + +subpackages: + - name: ${{package.name}}-oci-entrypoint + description: Entrypoint for using Envoy in OCI containers + dependencies: + runtime: + - busybox + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/var/lib/envoy/init + cp envoy/ci/docker-entrypoint.sh ${{targets.subpkgdir}}/var/lib/envoy/init/envoy-entrypoint.sh + chmod +x ${{targets.subpkgdir}}/var/lib/envoy/init/envoy-entrypoint.sh + + - name: ${{package.name}}-config + description: Default Envoy configuration + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/etc/envoy + cp envoy/configs/envoyproxy_io_proxy.yaml ${{targets.subpkgdir}}/etc/envoy/envoy.yaml + +update: + enabled: true + github: + identifier: envoyproxy/envoy + strip-prefix: v + use-tag: true + tag-filter-prefix: v1.29 From c436b7b49c18f574bafab936f600f047a5044850 Mon Sep 17 00:00:00 2001 From: ajayk Date: Fri, 23 Feb 2024 16:49:04 -0800 Subject: [PATCH 018/235] etcd-3.5: version stream --- etcd-3.5.yaml | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 etcd-3.5.yaml diff --git a/etcd-3.5.yaml b/etcd-3.5.yaml new file mode 100644 index 00000000000..3a416a0625d --- /dev/null +++ b/etcd-3.5.yaml @@ -0,0 +1,76 @@ +package: + name: etcd-3.5 + version: 3.5.12 + epoch: 0 + description: A highly-available key value store for shared configuration and service discovery. + copyright: + - license: Apache-2.0 + dependencies: + runtime: + - ca-certificates-bundle + - glibc + provides: + - etcd=${{package.full-version}} + +environment: + contents: + packages: + - bash + - busybox + - ca-certificates-bundle + - git + - go + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/etcd-io/etcd + tag: v${{package.version}} + expected-commit: e7b3bb6ccac840770f108ef9a0f013fa51b83256 + + - runs: | + bash -x ./build.sh + mkdir -p "${{targets.destdir}}"/var/lib/${{package.name}} + chmod 700 "${{targets.destdir}}"/var/lib/${{package.name}} + install -Dm755 bin/etcd "${{targets.destdir}}"/usr/bin/etcd + install -Dm755 bin/etcdctl "${{targets.destdir}}"/usr/bin/etcdctl + install -Dm755 bin/etcdutl "${{targets.destdir}}"/usr/bin/etcdutl + + - uses: strip + +update: + enabled: true + github: + identifier: etcd-io/etcd + strip-prefix: v + tag-filter-prefix: v3.5 + use-tag: true + +test: + environment: + contents: + packages: + - busybox + pipeline: + - name: Verify etcd version + runs: | + etcd --version | grep "etcd Version: 3.5" + - name: Start etcd server and perform health check + runs: | + # Start etcd in the background + etcd & + ETCD_PID=$! + sleep 5 # Wait for etcd to start + # Perform a health check + etcdctl endpoint health + kill $ETCD_PID + - name: Set and get a key-value pair + runs: | + etcd & + ETCD_PID=$! + sleep 5 # Wait for etcd to start + # Set a key-value pair + etcdctl put mykey "Hello, etcd" + # Get the value + etcdctl get mykey | grep -q "Hello, etcd" + kill $ETCD_PID From 254d5aec82383075eb7ee95a09fbbf3ffae00b1e Mon Sep 17 00:00:00 2001 From: kranurag7 <81210977+kranurag7@users.noreply.github.com> Date: Mon, 26 Feb 2024 12:36:35 +0530 Subject: [PATCH 019/235] no CGO for clusterctl package Signed-off-by: kranurag7 <81210977+kranurag7@users.noreply.github.com> --- clusterctl.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/clusterctl.yaml b/clusterctl.yaml index cd5cc02b5ee..45dfadd35f7 100644 --- a/clusterctl.yaml +++ b/clusterctl.yaml @@ -1,7 +1,7 @@ package: name: clusterctl version: 1.6.2 - epoch: 0 + epoch: 1 description: A command line tool to manage clusters created by cluster API copyright: - license: Apache-2.0 @@ -15,6 +15,8 @@ environment: - busybox - ca-certificates-bundle - go + environment: + CGO_ENABLED: "0" pipeline: - uses: git-checkout From 55c0532e7b8174396e92bfa0cc340d5b7fd4d7fb Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 10:15:48 +0000 Subject: [PATCH 020/235] brew/4.2.10 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- brew.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/brew.yaml b/brew.yaml index f3dc7922eca..5b76c833e23 100644 --- a/brew.yaml +++ b/brew.yaml @@ -1,6 +1,6 @@ package: name: brew - version: 4.2.9 + version: 4.2.10 epoch: 0 description: "The homebrew package manager" copyright: @@ -48,7 +48,7 @@ pipeline: repository: https://github.com/Homebrew/brew tag: ${{package.version}} destination: ./brew - expected-commit: e5fefd73cd97cd36ae3af29551f529ae59b333d6 + expected-commit: c6d959218f143cd17b1fc3e0f10f143cbd273528 - runs: | set -x From 9998b9a08767b08d9c5ba655781656e808a856e7 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 10:15:53 +0000 Subject: [PATCH 021/235] kafka/3.7.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- kafka.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kafka.yaml b/kafka.yaml index f4f0ae3e763..44fdc08bcde 100644 --- a/kafka.yaml +++ b/kafka.yaml @@ -1,7 +1,7 @@ package: name: kafka # When bumping check to see if the CVE mitigation can be removed. - version: 3.6.1 + version: 3.7.0 epoch: 0 description: Apache Kafka is a distributed event streaming platformm copyright: @@ -29,7 +29,7 @@ pipeline: with: repository: https://github.com/apache/kafka tag: ${{package.version}} - expected-commit: 5e3c2b738d253ff51a7a61fe08713f564ab647fa + expected-commit: 2ae524ed625438c5fee89e78648bd73e64a3ada0 - runs: | export JAVA_TOOL_OPTIONS=-Dfile.encoding=UTF8 From 66a3ad380b02de9611a93871f29d00e08c29cc63 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 11:15:33 +0000 Subject: [PATCH 022/235] py3-archspec/0.2.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-archspec.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-archspec.yaml b/py3-archspec.yaml index 312308d5793..b2ecd4af5ed 100644 --- a/py3-archspec.yaml +++ b/py3-archspec.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/archspec/ package: name: py3-archspec - version: 0.2.2 + version: 0.2.3 epoch: 0 description: A library to query system architecture copyright: @@ -21,7 +21,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 1dc58a5776dd77e6fc6e4ba5626af5b1fb24996e + expected-commit: 7b8fe60b69e2861e7dac104bc1c183decfcd3daf repository: https://github.com/archspec/archspec tag: v${{package.version}} recurse-submodules: true From 26758b0facbcc8b490d389347a3fa4db79f53b3c Mon Sep 17 00:00:00 2001 From: cpanato Date: Mon, 26 Feb 2024 13:10:02 +0100 Subject: [PATCH 023/235] use shared install wolfictl --- .github/workflows/withdraw-packages.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/withdraw-packages.yaml b/.github/workflows/withdraw-packages.yaml index db9df0d90f5..32fabec06cc 100644 --- a/.github/workflows/withdraw-packages.yaml +++ b/.github/workflows/withdraw-packages.yaml @@ -21,11 +21,7 @@ jobs: fetch-depth: 0 # We want the full history for uploading withdrawn-packages.txt to GCS. If this takes too long, we look at merging both files. - name: "Install wolfictl onto PATH" - run: | - # Copy wolfictl out of the wolfictl image and onto PATH - TMP=$(mktemp -d) - docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 -c "cp /usr/bin/wolfictl /out" - echo "$TMP" >> $GITHUB_PATH + uses: wolfi-dev/actions/install-wolfictl@main # This is managed here: https://github.com/chainguard-dev/secrets/blob/main/wolfi-dev.tf - uses: google-github-actions/auth@a6e2e39c0a0331da29f7fd2c2a20a427e8d3ad1f # v2.1.1 From e9ffc4f61f345f48ba83e13b834fa27d50926d40 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 12:16:01 +0000 Subject: [PATCH 024/235] newrelic-infra-operator/0.18.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- newrelic-infra-operator.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/newrelic-infra-operator.yaml b/newrelic-infra-operator.yaml index 508efd35a4f..6d63ee03870 100644 --- a/newrelic-infra-operator.yaml +++ b/newrelic-infra-operator.yaml @@ -1,6 +1,6 @@ package: name: newrelic-infra-operator - version: 0.17.0 + version: 0.18.0 epoch: 0 description: Newrelic kubernetes operator of infrastructure copyright: @@ -19,7 +19,7 @@ pipeline: with: repository: https://github.com/newrelic/newrelic-infra-operator tag: v${{package.version}} - expected-commit: 14a254f3d01bfb7e0b32fd804b33b3e15adcce75 + expected-commit: 576f50101ba2cafd4d41ca478d4e48bdc37fcfbf - runs: | make build From 8bc1e0f80f9db602f63ce64eeed80f1f5e51f9cf Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 12:16:06 +0000 Subject: [PATCH 025/235] tigerbeetle/0.14.181 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- tigerbeetle.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tigerbeetle.yaml b/tigerbeetle.yaml index ddc4215f1b0..972e172a6f3 100644 --- a/tigerbeetle.yaml +++ b/tigerbeetle.yaml @@ -1,6 +1,6 @@ package: name: tigerbeetle - version: 0.14.180 + version: 0.14.181 epoch: 0 description: "The distributed financial accounting database designed for mission critical safety and performance." copyright: @@ -19,7 +19,7 @@ pipeline: with: repository: https://github.com/tigerbeetledb/tigerbeetle tag: ${{package.version}} - expected-commit: a2366a6c26eac5ab94f815384a4e9e386ebefc4d + expected-commit: 998301b0e8923307aebac5a83f65782457a3fba6 - runs: | # cpu values from here: https://github.com/tigerbeetle/tigerbeetle/blob/2ab9fd620e53a6d61cb119e48ece4008bedd777d/tools/docker/Dockerfile#L30C79-L30C92 From 870dbb9f7c582d03c1aabd74873255d68496ef17 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 12:16:53 +0000 Subject: [PATCH 026/235] nri-kubernetes/3.26.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-kubernetes.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nri-kubernetes.yaml b/nri-kubernetes.yaml index 1ee22c61463..ba035e43598 100644 --- a/nri-kubernetes.yaml +++ b/nri-kubernetes.yaml @@ -1,6 +1,6 @@ package: name: nri-kubernetes - version: 3.25.2 + version: 3.26.0 epoch: 0 description: New Relic integration for Kubernetes copyright: @@ -19,7 +19,7 @@ pipeline: with: repository: https://github.com/newrelic/nri-kubernetes tag: v${{package.version}} - expected-commit: f202e6dd5e2813d7682b4673643bce8aa5a67edb + expected-commit: 2b2a1e0cd1c0590960089b96c0c708eeb19f6b5e - runs: | # Our global LDFLAGS conflict with a Makefile parameter From dece7eab01f6ff49355a6a10ffa753b2a0b7ab62 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 12:16:58 +0000 Subject: [PATCH 027/235] newrelic-nri-kube-events/2.9.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- newrelic-nri-kube-events.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/newrelic-nri-kube-events.yaml b/newrelic-nri-kube-events.yaml index 727ad32d503..8a6686ba9a3 100644 --- a/newrelic-nri-kube-events.yaml +++ b/newrelic-nri-kube-events.yaml @@ -1,6 +1,6 @@ package: name: newrelic-nri-kube-events - version: 2.8.2 + version: 2.9.0 epoch: 0 description: New Relic integration that forwards Kubernetes events to New Relic copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/newrelic/nri-kube-events tag: v${{package.version}} - expected-commit: 81a18cac17d37f07d72129338003b3408d711c35 + expected-commit: fa4e083d3fee4ead6b92a398d8fc344292841de4 - uses: go/build with: From 65d560e1f27df14a45ef3b515a56d2242285446b Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 12:17:03 +0000 Subject: [PATCH 028/235] atuin/18.0.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- atuin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/atuin.yaml b/atuin.yaml index e7eeb386aab..463ac3d17ab 100644 --- a/atuin.yaml +++ b/atuin.yaml @@ -1,6 +1,6 @@ package: name: atuin - version: 18.0.1 + version: 18.0.2 epoch: 0 description: Magical shell history copyright: @@ -19,7 +19,7 @@ pipeline: with: repository: https://github.com/atuinsh/atuin tag: v${{package.version}} - expected-commit: 1464cb657a47e7b5705194302532f3ecf37c7649 + expected-commit: a78aaa78e487b2499ffd7eed86bac15aa3df0960 - runs: | cargo build --locked --release From 76dbffc9b218d0213b5ec81f43b6d98b81964f79 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 12:17:08 +0000 Subject: [PATCH 029/235] newrelic-infrastructure-agent/1.50.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- newrelic-infrastructure-agent.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/newrelic-infrastructure-agent.yaml b/newrelic-infrastructure-agent.yaml index e1e28789146..1c155486d65 100644 --- a/newrelic-infrastructure-agent.yaml +++ b/newrelic-infrastructure-agent.yaml @@ -1,6 +1,6 @@ package: name: newrelic-infrastructure-agent - version: 1.49.1 + version: 1.50.0 epoch: 0 description: New Relic Infrastructure Agent copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/newrelic/infrastructure-agent tag: ${{package.version}} - expected-commit: d05f4eb2c15998b480f67e6c074eb647e5398d08 + expected-commit: 1be5c0793dfacbc5afee76316dd141623a6f76ac - runs: | # Our global LDFLAGS conflict with a Makefile parameter: https://github.com/newrelic/infrastructure-agent/blob/07ab68f181e25a1552588a3953167e0b15f52372/build/build.mk#L20-L22 From 9bc160d1e380da0bc8d49c9956a4068f5b79b429 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 13:08:24 +0000 Subject: [PATCH 030/235] ca-certificates/20240226 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- ca-certificates.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ca-certificates.yaml b/ca-certificates.yaml index 06d216d2052..c5308f551d3 100644 --- a/ca-certificates.yaml +++ b/ca-certificates.yaml @@ -1,7 +1,7 @@ package: name: ca-certificates - version: "20230506" - epoch: 1 + version: "20240226" + epoch: 0 description: "CA certificates from the Mozilla trusted root program" copyright: - license: MPL-2.0 AND MIT @@ -19,7 +19,7 @@ pipeline: - uses: fetch with: uri: https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/${{package.version}}/ca-certificates-${{package.version}}.tar.gz - expected-sha256: 21e7247ed7200774625e603ad1998e57ad2e0a79b3c69fa7638063d00f77be3a + expected-sha256: dc73f462a05707aff7de706db1da740cb584658f420139bfa00c4e78d54644dd - runs: | make CC="${{host.triplet.gnu}}-gcc" From 714781952f1d2e34609559483d6c19f94c5b5f9e Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 13:15:24 +0000 Subject: [PATCH 031/235] gobump/0.7.5 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- gobump.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gobump.yaml b/gobump.yaml index e77180817df..3683331b598 100644 --- a/gobump.yaml +++ b/gobump.yaml @@ -1,6 +1,6 @@ package: name: gobump - version: 0.7.4 + version: 0.7.5 epoch: 0 description: Go tool to declaratively bump dependencies copyright: @@ -11,7 +11,7 @@ pipeline: with: repository: https://github.com/chainguard-dev/gobump.git tag: v${{package.version}} - expected-commit: 8b182eb15364022c87269b5f815a3d2a78505da5 + expected-commit: faace681622feee07310c1f1bd01f3570d974e39 - uses: go/build with: From 236c4c6425e11e0584f3f0ab45f65328dfba343b Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 13:15:30 +0000 Subject: [PATCH 032/235] prometheus/2.50.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- prometheus.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/prometheus.yaml b/prometheus.yaml index 0db81d66724..581eeaa6ab3 100644 --- a/prometheus.yaml +++ b/prometheus.yaml @@ -1,6 +1,6 @@ package: name: prometheus - version: 2.50.0 + version: 2.50.1 epoch: 0 description: The Prometheus monitoring system and time series database. copyright: @@ -18,7 +18,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 814b920e8a6345d35712b5857ebd4cb5e90fc107 + expected-commit: 8c9b0285360a0b6288d76214a75ce3025bce4050 repository: https://github.com/prometheus/prometheus tag: v${{package.version}} From d99e8db06a52ea93ba588db93aa4e8bc844d957e Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Mon, 26 Feb 2024 13:38:40 +0000 Subject: [PATCH 033/235] xorg-server: switch debian salsa checkout from tag to branch Last two debian uploads did not push a matching tag. However, only a subtree of debian/local is used to build a small utility which hasn't been changed in years. Update to use `debian-unstable` branch with a fixed expected commit. This is a temporary solution until debian developer pushes matching tags (requested on irc). Possibly we can even drop expected-commit here, as the utility hasn't seen any changes for years now. Fixes #13535 Signed-off-by: Dimitri John Ledkov --- xorg-server.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xorg-server.yaml b/xorg-server.yaml index 93130be7998..7693a0cac72 100644 --- a/xorg-server.yaml +++ b/xorg-server.yaml @@ -112,8 +112,8 @@ subpackages: - uses: git-checkout with: repository: https://salsa.debian.org/xorg-team/xserver/xorg-server - tag: xorg-server-2_${{package.version}}-1 - expected-commit: 8db596f78a4cc8dcbb0422d0f833b1c58b9f9f7b + branch: debian-unstable + expected-commit: b6acc2e6eb9f4bf97e7fc4b4da3ef3d9489267e4 - working-directory: debian/local pipeline: - runs: | From dbe0265b8a79ba1e81ff938e997b1b69a005df91 Mon Sep 17 00:00:00 2001 From: Dan Lorenc Date: Mon, 26 Feb 2024 08:52:56 -0500 Subject: [PATCH 034/235] Remediate CVEs in kubescape. Signed-off-by: Dan Lorenc --- kubescape.yaml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/kubescape.yaml b/kubescape.yaml index df29c76b531..3ca1be01dd5 100644 --- a/kubescape.yaml +++ b/kubescape.yaml @@ -1,7 +1,7 @@ package: name: kubescape version: 3.0.3 - epoch: 7 + epoch: 8 description: Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources. copyright: - license: Apache-2.0 AND MIT @@ -27,8 +27,8 @@ pipeline: - uses: go/bump with: - deps: github.com/containerd/containerd@v1.7.11 golang.org/x/crypto@v0.17.0 github.com/go-jose/go-jose/v3@v3.0.1 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 go.opentelemetry.io/otel@v1.21.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0 go.opentelemetry.io/otel/sdk@v1.21.0 github.com/docker/docker@v24.0.7 github.com/cloudflare/circl@v1.3.7 github.com/sigstore/cosign/v2@v2.2.1 github.com/lestrrat-go/jwx/v2@v2.0.19 github.com/anchore/stereoscope@v0.0.1 github.com/moby/buildkit@v0.12.5 github.com/opencontainers/runc@v1.1.12 - replaces: sigs.k8s.io/kustomize/kyaml=sigs.k8s.io/kustomize/kyaml@v0.14.1 k8s.io/kube-openapi=k8s.io/kube-openapi@v0.0.0-20230501164219-8b0f38b5fd1f github.com/google/gnostic=github.com/google/gnostic@v0.5.7-v3refs k8s.io/client-go=k8s.io/client-go@v0.27.4 k8s.io/api=k8s.io/api@v0.27.4 google.golang.org/grpc=google.golang.org/grpc@v1.58.3 + deps: github.com/containerd/containerd@v1.7.11 golang.org/x/crypto@v0.17.0 github.com/go-jose/go-jose/v3@v3.0.1 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 go.opentelemetry.io/otel@v1.21.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0 go.opentelemetry.io/otel/sdk@v1.21.0 github.com/docker/docker@v24.0.7 github.com/cloudflare/circl@v1.3.7 github.com/sigstore/cosign/v2@v2.2.1 github.com/lestrrat-go/jwx/v2@v2.0.19 github.com/anchore/stereoscope@v0.0.1 github.com/moby/buildkit@v0.12.5 github.com/opencontainers/runc@v1.1.12 helm.sh/helm/v3@v3.14.2 + replaces: sigs.k8s.io/kustomize/kyaml=sigs.k8s.io/kustomize/kyaml@v0.14.1 k8s.io/kube-openapi=k8s.io/kube-openapi@v0.0.0-20230501164219-8b0f38b5fd1f github.com/google/gnostic=github.com/google/gnostic@v0.7.0 k8s.io/client-go=k8s.io/client-go@v0.29.2 k8s.io/api=k8s.io/api@v0.29.2 google.golang.org/grpc=google.golang.org/grpc@v1.58.3 - runs: | export CGO_ENABLED=1 @@ -44,3 +44,12 @@ update: github: identifier: kubescape/kubescape strip-prefix: v + +test: + environment: + contents: + packages: + - wolfi-base + pipeline: + - runs: | + kubescape version From 01699abd8bd8c28af670f4e25469e701726a5370 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Mon, 26 Feb 2024 14:18:06 +0000 Subject: [PATCH 035/235] gitsign: add credential cache Signed-off-by: Jason Hall --- gitsign.yaml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/gitsign.yaml b/gitsign.yaml index b6f9fa8446b..ed6ee9e929b 100644 --- a/gitsign.yaml +++ b/gitsign.yaml @@ -7,13 +7,29 @@ package: - license: Apache-2.0 pipeline: - - uses: go/install + - uses: git-checkout with: - package: github.com/sigstore/gitsign@v${{package.version}} + repository: https://github.com/sigstore/gitsign/ + tag: v${{package.version}} + expected-commit: bbd2c9c4ca1e1684fbabdead79d903ddc6caca92 + + - uses: go/build + with: + packages: . + output: gitsign - uses: strip subpackages: + - name: gitsign-credential-cache + description: "helper binary that allows users to cache signing credentials" + pipeline: + - uses: go/build + with: + packages: ./cmd/gitsign-credential-cache + output: gitsign-credential-cache + - uses: strip + - name: "${{package.name}}-config" description: "GitSign config" pipeline: From 9d963568cd9cf2ab84c64e699ca095bd7765c150 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Mon, 26 Feb 2024 10:02:59 -0500 Subject: [PATCH 036/235] gitsign.yaml: bump epoch Forgot this in https://github.com/wolfi-dev/os/pull/13693 Signed-off-by: Jason Hall --- gitsign.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitsign.yaml b/gitsign.yaml index ed6ee9e929b..f2042c3966b 100644 --- a/gitsign.yaml +++ b/gitsign.yaml @@ -1,7 +1,7 @@ package: name: gitsign version: 0.8.1 - epoch: 0 + epoch: 1 description: Keyless Git signing with Sigstore! copyright: - license: Apache-2.0 From 65a7a7233b5c502dbaab3c9dca178ac3708f4cae Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 16:08:49 +0000 Subject: [PATCH 037/235] py3-jupyter-lsp/2.2.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-jupyter-lsp.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-jupyter-lsp.yaml b/py3-jupyter-lsp.yaml index a5c50eb3b31..5cfbe183e4c 100644 --- a/py3-jupyter-lsp.yaml +++ b/py3-jupyter-lsp.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/jupyter-lsp/ package: name: py3-jupyter-lsp - version: 2.2.2 + version: 2.2.3 epoch: 0 description: Multi-Language Server WebSocket proxy for Jupyter Notebook/Lab server copyright: @@ -25,7 +25,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 256d24620542ae4bba04a50fc1f6ffe208093a07d8e697fea0a8d1b8ca1b7e5b + expected-sha256: 33dbcbc5df24237ff5c8b696b04ff4689fcd316cb8d4957d620fe5504d7d2c3f uri: https://files.pythonhosted.org/packages/source/j/jupyter-lsp/jupyter-lsp-${{package.version}}.tar.gz - name: Python Build From f0c28a0ee8772a71165152fe5ea10697b12f7967 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Mon, 26 Feb 2024 16:14:23 +0000 Subject: [PATCH 038/235] lint: default wolfi-base in tests Signed-off-by: Jason Hall --- Makefile | 1 + atuin.yaml | 4 ---- az.yaml | 4 ---- bazel-6.yaml | 1 - brew.yaml | 4 ---- buildkitd.yaml | 1 - bun-bootstrap.yaml | 4 ---- bun.yaml | 4 ---- busybox.yaml | 4 ---- cassandra.yaml | 4 ---- cbindgen.yaml | 1 - checksec.yaml | 4 ---- conda.yaml | 4 ---- controller-gen.yaml | 4 ---- coredns.yaml | 1 - couchdb.yaml | 2 -- curl.yaml | 4 ---- datadog-agent.yaml | 4 ---- delta.yaml | 4 ---- direnv.yaml | 4 ---- docker-compose.yaml | 1 - doppler-kubernetes-operator.yaml | 4 ---- dua.yaml | 4 ---- eza.yaml | 4 ---- filebeat.yaml | 5 ----- gh.yaml | 4 ---- git.yaml | 4 ---- gnutar.yaml | 4 ---- gobump.yaml | 4 ---- google-cloud-sdk.yaml | 4 ---- gpsd.yaml | 4 ---- grype.yaml | 4 ---- hello-wolfi.yaml | 4 ---- jq.yaml | 4 ---- k9s.yaml | 4 ---- kubeflow-volumes-web-app.yaml | 4 ---- kuberay-operator.yaml | 4 ---- kubescape.yaml | 4 ---- kwok.yaml | 1 - lazygit.yaml | 4 ---- less.yaml | 4 ---- linkerd-await.yaml | 4 ---- linkerd-network-validator.yaml | 4 ---- linkerd2-proxy.yaml | 4 ---- lint.sh | 12 ++++++++++++ linux-pam.yaml | 1 - logstash-exporter.yaml | 4 ---- logstash-filter-xml.yaml | 1 - logstash-integration-jdbc.yaml | 1 - logstash-output-opensearch.yaml | 1 - logstash.yaml | 6 ------ man-db.yaml | 1 - mockery.yaml | 1 - mods.yaml | 4 ---- nodejs-16.yaml | 4 ---- nodejs-18.yaml | 4 ---- nodejs-19.yaml | 4 ---- nodejs-20.yaml | 4 ---- nodejs-21.yaml | 4 ---- npm.yaml | 1 - nvm.yaml | 4 ---- openjpeg.yaml | 1 - opensearch-2.yaml | 1 - opensearch-dashboards-2.yaml | 1 - pdftk.yaml | 1 - pombump.yaml | 4 ---- prometheus-beat-exporter.yaml | 4 ---- py3-absl-py.yaml | 4 ---- py3-agate.yaml | 4 ---- py3-aiofiles.yaml | 4 ---- py3-aiohttp.yaml | 4 ---- py3-aiosignal.yaml | 4 ---- py3-alabaster.yaml | 4 ---- py3-anyio.yaml | 4 ---- py3-appdirs.yaml | 4 ---- py3-appnope.yaml | 4 ---- py3-archspec.yaml | 4 ---- py3-argcomplete.yaml | 4 ---- py3-asgiref.yaml | 4 ---- py3-asn1crypto.yaml | 4 ---- py3-asttokens.yaml | 4 ---- py3-astunparse.yaml | 4 ---- py3-async-generator.yaml | 1 - py3-babel.yaml | 4 ---- py3-backcall.yaml | 4 ---- py3-backoff.yaml | 4 ---- py3-beartype.yaml | 1 - py3-beautifulsoup4.yaml | 4 ---- py3-beniget.yaml | 4 ---- py3-bleach.yaml | 4 ---- py3-blinker.yaml | 4 ---- py3-bokeh.yaml | 4 ---- py3-boltons.yaml | 4 ---- py3-boolean.py.yaml | 1 - py3-botocore.yaml | 4 ---- py3-bracex.yaml | 4 ---- py3-build.yaml | 4 ---- py3-cachecontrol.yaml | 4 ---- py3-cachetools.yaml | 4 ---- py3-cairo.yaml | 4 ---- py3-canonicaljson.yaml | 4 ---- py3-certifi.yaml | 4 ---- py3-cffi.yaml | 4 ---- py3-click.yaml | 4 ---- py3-cloudpickle.yaml | 4 ---- py3-cmaes.yaml | 4 ---- py3-codeowners.yaml | 4 ---- py3-colorama.yaml | 4 ---- py3-colorlog.yaml | 4 ---- py3-configargparse.yaml | 4 ---- py3-configobj.yaml | 4 ---- py3-contextlib2.yaml | 4 ---- py3-contourpy.yaml | 4 ---- py3-crcmod.yaml | 4 ---- py3-cryptography.yaml | 4 ---- py3-cycler.yaml | 4 ---- py3-datadog.yaml | 4 ---- py3-debugpy.yaml | 4 ---- py3-defusedxml.yaml | 4 ---- py3-deprecated.yaml | 4 ---- py3-deprecation.yaml | 4 ---- py3-dill.yaml | 4 ---- py3-distlib.yaml | 4 ---- py3-distro.yaml | 4 ---- py3-django.yaml | 4 ---- py3-docker.yaml | 4 ---- py3-docopt.yaml | 4 ---- py3-docutils.yaml | 4 ---- py3-dulwich.yaml | 4 ---- py3-escapism.yaml | 4 ---- py3-exceptiongroup.yaml | 4 ---- py3-jinja2.yaml | 4 ---- py3-jupyter-client.yaml | 1 - py3-oauth2client.yaml | 1 - py3-psutil.yaml | 1 - py3-pycparser.yaml | 1 - py3-pytest-timeout.yaml | 4 ---- py3-pytest.yaml | 4 ---- py3-soupsieve.yaml | 1 - py3-tinydb.yaml | 4 ---- python-3.10.yaml | 4 ---- pytorch.yaml | 1 - qpdf.yaml | 4 ---- redis-7.0.yaml | 1 - redis-7.2.yaml | 1 - rook.yaml | 4 ---- rpm.yaml | 4 ---- rstudio.yaml | 4 ---- ruby3.2-concurrent-ruby.yaml | 1 - ruby3.2-jrjackson.yaml | 1 - s5cmd.yaml | 4 ---- screen.yaml | 4 ---- selenium.yaml | 1 - shfmt.yaml | 4 ---- spark.yaml | 4 ---- speedtest-go.yaml | 4 ---- sqlite.yaml | 4 ---- src-fingerprint.yaml | 4 ---- ssh-import-id.yaml | 4 ---- starship.yaml | 4 ---- syft.yaml | 4 ---- terraform-docs.yaml | 4 ---- traefik.yaml | 4 ---- uv.yaml | 4 ---- w3m.yaml | 4 ---- yazi.yaml | 4 ---- zellij.yaml | 4 ---- zstd.yaml | 1 - 168 files changed, 13 insertions(+), 569 deletions(-) diff --git a/Makefile b/Makefile index be032c9acc3..1cabce4847e 100644 --- a/Makefile +++ b/Makefile @@ -34,6 +34,7 @@ MELANGE_TEST_OPTS += --arch ${ARCH} MELANGE_TEST_OPTS += --pipeline-dirs ./pipelines/ MELANGE_TEST_OPTS += --repository-append https://packages.wolfi.dev/os MELANGE_TEST_OPTS += --keyring-append https://packages.wolfi.dev/os/wolfi-signing.rsa.pub +MELANGE_TEST_OPTS += --test-package-append wolfi-base MELANGE_TEST_OPTS += --debug MELANGE_TEST_OPTS += ${MELANGE_EXTRA_OPTS} diff --git a/atuin.yaml b/atuin.yaml index 463ac3d17ab..4c059c8f567 100644 --- a/atuin.yaml +++ b/atuin.yaml @@ -44,10 +44,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | atuin -V diff --git a/az.yaml b/az.yaml index 69e8e183461..95efa013b1d 100644 --- a/az.yaml +++ b/az.yaml @@ -61,10 +61,6 @@ update: strip-prefix: azure-cli- test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | az --version diff --git a/bazel-6.yaml b/bazel-6.yaml index 1c225fde0a6..3e833354e66 100644 --- a/bazel-6.yaml +++ b/bazel-6.yaml @@ -52,7 +52,6 @@ test: environment: contents: packages: - - wolfi-base - openjdk-17 - openjdk-17-default-jvm pipeline: diff --git a/brew.yaml b/brew.yaml index 5b76c833e23..b02bbc53d5e 100644 --- a/brew.yaml +++ b/brew.yaml @@ -75,10 +75,6 @@ update: identifier: Homebrew/brew test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | . /etc/profile.d/brew.sh diff --git a/buildkitd.yaml b/buildkitd.yaml index bfdfaeee569..af9868b027d 100644 --- a/buildkitd.yaml +++ b/buildkitd.yaml @@ -67,7 +67,6 @@ test: environment: contents: packages: - - busybox - runc pipeline: - runs: | diff --git a/bun-bootstrap.yaml b/bun-bootstrap.yaml index 66a644a6425..edb049b6ae4 100644 --- a/bun-bootstrap.yaml +++ b/bun-bootstrap.yaml @@ -25,10 +25,6 @@ update: enabled: false test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | bun --version diff --git a/bun.yaml b/bun.yaml index 8eb121c64f4..7605b8ce535 100644 --- a/bun.yaml +++ b/bun.yaml @@ -69,10 +69,6 @@ update: strip-prefix: bun-v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | bun --version diff --git a/busybox.yaml b/busybox.yaml index 37e69736e29..9e54965a1e3 100644 --- a/busybox.yaml +++ b/busybox.yaml @@ -123,10 +123,6 @@ subpackages: done test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | busybox --help diff --git a/cassandra.yaml b/cassandra.yaml index e55f5e81d0b..aa13340bb44 100644 --- a/cassandra.yaml +++ b/cassandra.yaml @@ -73,10 +73,6 @@ update: strip-prefix: cassandra- test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | cqlsh --version diff --git a/cbindgen.yaml b/cbindgen.yaml index f552d919332..003f07663fb 100644 --- a/cbindgen.yaml +++ b/cbindgen.yaml @@ -29,7 +29,6 @@ test: environment: contents: packages: - - wolfi-base - rustup pipeline: - runs: | diff --git a/checksec.yaml b/checksec.yaml index d7457d0515e..a3da8878660 100644 --- a/checksec.yaml +++ b/checksec.yaml @@ -39,10 +39,6 @@ update: identifier: slimm609/checksec.sh test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | checksec --file=/bin/ls --format=csv | grep "Full RELRO,Canary found" diff --git a/conda.yaml b/conda.yaml index 20907219397..bea248fd94f 100644 --- a/conda.yaml +++ b/conda.yaml @@ -58,10 +58,6 @@ update: identifier: conda/conda test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | conda --version diff --git a/controller-gen.yaml b/controller-gen.yaml index 4c0a250b206..dbae9bce9cd 100644 --- a/controller-gen.yaml +++ b/controller-gen.yaml @@ -30,10 +30,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | controller-gen --version diff --git a/coredns.yaml b/coredns.yaml index 1291263626b..b9181eece3d 100644 --- a/coredns.yaml +++ b/coredns.yaml @@ -58,7 +58,6 @@ test: environment: contents: packages: - - busybox - bind-tools pipeline: - runs: | diff --git a/couchdb.yaml b/couchdb.yaml index 29a97ce6995..d697c215d98 100644 --- a/couchdb.yaml +++ b/couchdb.yaml @@ -72,8 +72,6 @@ test: environment: contents: packages: - - busybox - - apk-tools - curl - jq pipeline: diff --git a/curl.yaml b/curl.yaml index 5609faa701c..c81c411c316 100644 --- a/curl.yaml +++ b/curl.yaml @@ -76,10 +76,6 @@ update: strip-prefix: curl- test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | curl --version diff --git a/datadog-agent.yaml b/datadog-agent.yaml index 041ad558bd5..1c7a026e7b0 100644 --- a/datadog-agent.yaml +++ b/datadog-agent.yaml @@ -116,10 +116,6 @@ update: - 'lambda-extension.*' test: - environment: - contents: - packages: - - busybox pipeline: - runs: | # Execute the help command and capture the output diff --git a/delta.yaml b/delta.yaml index 057fa09a6e2..14c0f00c3fb 100644 --- a/delta.yaml +++ b/delta.yaml @@ -28,10 +28,6 @@ pipeline: - uses: strip test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | delta --version diff --git a/direnv.yaml b/direnv.yaml index 58054fac1d1..fc12fe2528c 100644 --- a/direnv.yaml +++ b/direnv.yaml @@ -35,10 +35,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | direnv version diff --git a/docker-compose.yaml b/docker-compose.yaml index 160d360f12f..5de5c31ddff 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -41,7 +41,6 @@ test: environment: contents: packages: - - wolfi-base - docker-cli pipeline: - runs: docker compose --help diff --git a/doppler-kubernetes-operator.yaml b/doppler-kubernetes-operator.yaml index 3c59e14eab9..4303678e6b7 100644 --- a/doppler-kubernetes-operator.yaml +++ b/doppler-kubernetes-operator.yaml @@ -41,10 +41,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | manager --help diff --git a/dua.yaml b/dua.yaml index 6af23d1205d..7ab2706c0a6 100644 --- a/dua.yaml +++ b/dua.yaml @@ -37,10 +37,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | dua -V diff --git a/eza.yaml b/eza.yaml index 9f19cb707b1..166c90debf3 100644 --- a/eza.yaml +++ b/eza.yaml @@ -40,10 +40,6 @@ update: tag-filter-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | eza diff --git a/filebeat.yaml b/filebeat.yaml index 207c59fb17c..3a3bddb9166 100644 --- a/filebeat.yaml +++ b/filebeat.yaml @@ -70,11 +70,6 @@ update: identifier: elastic/beats test: - environment: - contents: - packages: - - wolfi-base - - filebeat pipeline: - runs: | filebeat version diff --git a/gh.yaml b/gh.yaml index 11e1dd86e88..c0cec955aef 100644 --- a/gh.yaml +++ b/gh.yaml @@ -33,10 +33,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | gh --version diff --git a/git.yaml b/git.yaml index 382aee2b2d4..f34df33fb4f 100644 --- a/git.yaml +++ b/git.yaml @@ -105,10 +105,6 @@ subpackages: - runs: ls /usr/local/etc/profile.d/*.bash test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: git --version diff --git a/gnutar.yaml b/gnutar.yaml index c8e94dc9719..ac8e779b2e9 100644 --- a/gnutar.yaml +++ b/gnutar.yaml @@ -41,10 +41,6 @@ update: identifier: 4939 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | tar czf - $(dirname $(which tar)) | tar -tzv | grep tar diff --git a/gobump.yaml b/gobump.yaml index 3683331b598..e530b0de4cf 100644 --- a/gobump.yaml +++ b/gobump.yaml @@ -28,10 +28,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | gobump version diff --git a/google-cloud-sdk.yaml b/google-cloud-sdk.yaml index ba112c7cc86..8aee729007d 100644 --- a/google-cloud-sdk.yaml +++ b/google-cloud-sdk.yaml @@ -79,10 +79,6 @@ pipeline: - uses: strip test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: gcloud --version - runs: gsutil --version diff --git a/gpsd.yaml b/gpsd.yaml index 83fb0e68437..68dd3747de7 100644 --- a/gpsd.yaml +++ b/gpsd.yaml @@ -87,10 +87,6 @@ update: identifier: 6846 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | gpsd --version diff --git a/grype.yaml b/grype.yaml index 5f2b99f671c..f332d494241 100644 --- a/grype.yaml +++ b/grype.yaml @@ -32,10 +32,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | grype --version diff --git a/hello-wolfi.yaml b/hello-wolfi.yaml index a71f74b2a70..019ebd59b27 100644 --- a/hello-wolfi.yaml +++ b/hello-wolfi.yaml @@ -44,10 +44,6 @@ update: identifier: 18057 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | hello diff --git a/jq.yaml b/jq.yaml index 8dcec2c50db..543a998f808 100644 --- a/jq.yaml +++ b/jq.yaml @@ -46,10 +46,6 @@ update: tag-filter: jq- test: - environment: - contents: - packages: - - busybox pipeline: - name: Verify jq installation runs: | diff --git a/k9s.yaml b/k9s.yaml index f9be2d96d3f..995bd9f8dfb 100644 --- a/k9s.yaml +++ b/k9s.yaml @@ -40,10 +40,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | k9s version diff --git a/kubeflow-volumes-web-app.yaml b/kubeflow-volumes-web-app.yaml index 4035e890cfc..ac018321ebd 100644 --- a/kubeflow-volumes-web-app.yaml +++ b/kubeflow-volumes-web-app.yaml @@ -79,10 +79,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | python3 -c "import urllib3" diff --git a/kuberay-operator.yaml b/kuberay-operator.yaml index 466ed4a1b73..64d791c55a3 100644 --- a/kuberay-operator.yaml +++ b/kuberay-operator.yaml @@ -38,10 +38,6 @@ update: tag-filter: v1.0.0 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | /usr/bin/manager --version diff --git a/kubescape.yaml b/kubescape.yaml index 3ca1be01dd5..59b5d6eede2 100644 --- a/kubescape.yaml +++ b/kubescape.yaml @@ -46,10 +46,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | kubescape version diff --git a/kwok.yaml b/kwok.yaml index 9ac782e4d8f..054c9feafdd 100644 --- a/kwok.yaml +++ b/kwok.yaml @@ -41,7 +41,6 @@ test: environment: contents: packages: - - busybox - kubectl-default - kwokctl - kubernetes diff --git a/lazygit.yaml b/lazygit.yaml index 37cdb0579b9..00b0d2ccbba 100644 --- a/lazygit.yaml +++ b/lazygit.yaml @@ -47,10 +47,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | lazygit --version diff --git a/less.yaml b/less.yaml index c9d97e115a5..c68467fc0fe 100644 --- a/less.yaml +++ b/less.yaml @@ -36,10 +36,6 @@ pipeline: - uses: strip test: - environment: - contents: - packages: - - wolfi-base pipeline: - name: Validate that lessecho runs runs: | diff --git a/linkerd-await.yaml b/linkerd-await.yaml index cbcd5c8301b..54729069242 100644 --- a/linkerd-await.yaml +++ b/linkerd-await.yaml @@ -36,10 +36,6 @@ update: strip-prefix: release/v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | linkerd-await --version | grep ${{package.version}} diff --git a/linkerd-network-validator.yaml b/linkerd-network-validator.yaml index 80f209f589e..1409cc196ac 100644 --- a/linkerd-network-validator.yaml +++ b/linkerd-network-validator.yaml @@ -40,10 +40,6 @@ update: tag-filter: validator/v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | linkerd-network-validator --version | grep ${{package.version}} diff --git a/linkerd2-proxy.yaml b/linkerd2-proxy.yaml index 8903b069faf..844b9da1f92 100644 --- a/linkerd2-proxy.yaml +++ b/linkerd2-proxy.yaml @@ -42,10 +42,6 @@ update: tag-filter: release/v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | # There aren't really any flags here to get the version so just run and look for the right error diff --git a/lint.sh b/lint.sh index 96ce2741dd6..e4ca4d297bb 100755 --- a/lint.sh +++ b/lint.sh @@ -24,4 +24,16 @@ for p in $(make list); do yq -i 'del(.environment.contents.repositories)' ${fn} yq -i 'del(.environment.contents.keyring)' ${fn} fi + + # Don't specify wolfi-base or any of its packages, or the main package, for test pipelines. + for pkg in wolfi-base busybox apk-tools wolfi-keys ${p}; do + yq -i 'del(.test.environment.contents.packages[] | select(. == "'${pkg}'"))' ${fn} + yam ${fn} + done + + # If .test.environment.contents.packages is empty, remove it all. + if [ "$(yq -r '.test.environment.contents.packages | length' ${fn})" == "0" ]; then + yq -i 'del(.test.environment)' ${fn} + yam ${fn} + fi done diff --git a/linux-pam.yaml b/linux-pam.yaml index ef778ffc2fa..88a747cbaf9 100644 --- a/linux-pam.yaml +++ b/linux-pam.yaml @@ -78,7 +78,6 @@ test: environment: contents: packages: - - wolfi-base - util-linux - shadow pipeline: diff --git a/logstash-exporter.yaml b/logstash-exporter.yaml index 162afae2ba0..a9e19982a57 100644 --- a/logstash-exporter.yaml +++ b/logstash-exporter.yaml @@ -41,10 +41,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | logstash-exporter -version diff --git a/logstash-filter-xml.yaml b/logstash-filter-xml.yaml index 49bee5ae20a..0b362e96d2c 100644 --- a/logstash-filter-xml.yaml +++ b/logstash-filter-xml.yaml @@ -52,7 +52,6 @@ test: environment: contents: packages: - - wolfi-base - logstash - openjdk-17-default-jvm pipeline: diff --git a/logstash-integration-jdbc.yaml b/logstash-integration-jdbc.yaml index ac4c04d7b1a..033fd5a6e3c 100644 --- a/logstash-integration-jdbc.yaml +++ b/logstash-integration-jdbc.yaml @@ -52,7 +52,6 @@ test: environment: contents: packages: - - wolfi-base - logstash - openjdk-11-default-jvm - jruby-9.4 diff --git a/logstash-output-opensearch.yaml b/logstash-output-opensearch.yaml index 369d5147998..519115e7665 100644 --- a/logstash-output-opensearch.yaml +++ b/logstash-output-opensearch.yaml @@ -52,7 +52,6 @@ test: environment: contents: packages: - - wolfi-base - logstash - openjdk-17-default-jvm pipeline: diff --git a/logstash.yaml b/logstash.yaml index 58ead03db53..8196cac1630 100644 --- a/logstash.yaml +++ b/logstash.yaml @@ -241,12 +241,6 @@ subpackages: grep 'message.*hello' test: - environment: - contents: - packages: - - wolfi-base - environment: - LS_JAVA_HOME: /usr/lib/jvm/default-jvm pipeline: - name: Ensure default plugins were actually installed runs: | diff --git a/man-db.yaml b/man-db.yaml index e3bfa269200..ad51e1c1b46 100644 --- a/man-db.yaml +++ b/man-db.yaml @@ -57,7 +57,6 @@ test: environment: contents: packages: - - wolfi-base - man-db-doc pipeline: - runs: | diff --git a/mockery.yaml b/mockery.yaml index b6338cfed7e..c72ac79efb7 100644 --- a/mockery.yaml +++ b/mockery.yaml @@ -36,7 +36,6 @@ test: environment: contents: packages: - - wolfi-base - posix-libc-utils pipeline: - runs: | diff --git a/mods.yaml b/mods.yaml index 727e08348ad..786bcae9c84 100644 --- a/mods.yaml +++ b/mods.yaml @@ -42,10 +42,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | mods --version diff --git a/nodejs-16.yaml b/nodejs-16.yaml index d9f5dc45bc5..baa0f84a0c6 100644 --- a/nodejs-16.yaml +++ b/nodejs-16.yaml @@ -90,10 +90,6 @@ update: tag-filter: v16. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | node --version | grep ${{package.version}} diff --git a/nodejs-18.yaml b/nodejs-18.yaml index 191885941f9..05333475297 100644 --- a/nodejs-18.yaml +++ b/nodejs-18.yaml @@ -90,10 +90,6 @@ update: tag-filter: v18. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | node --version | grep ${{package.version}} diff --git a/nodejs-19.yaml b/nodejs-19.yaml index a6e4930e2a7..6cc8b931ac1 100644 --- a/nodejs-19.yaml +++ b/nodejs-19.yaml @@ -89,10 +89,6 @@ update: tag-filter: v19. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | node --version | grep ${{package.version}} diff --git a/nodejs-20.yaml b/nodejs-20.yaml index 891e0e606e8..6ced82fa1a0 100644 --- a/nodejs-20.yaml +++ b/nodejs-20.yaml @@ -90,10 +90,6 @@ update: tag-filter: v20. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | node --version | grep ${{package.version}} diff --git a/nodejs-21.yaml b/nodejs-21.yaml index 9f46e663a31..fc92327c62e 100644 --- a/nodejs-21.yaml +++ b/nodejs-21.yaml @@ -87,10 +87,6 @@ update: tag-filter: v21. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | node --version | grep ${{package.version}} diff --git a/npm.yaml b/npm.yaml index 73fb8ea0d9e..4a4b12c8136 100644 --- a/npm.yaml +++ b/npm.yaml @@ -115,7 +115,6 @@ test: environment: contents: packages: - - wolfi-base - nodejs environment: HOME: /home/build diff --git a/nvm.yaml b/nvm.yaml index 83ee02f0ab9..0f9f0afed26 100644 --- a/nvm.yaml +++ b/nvm.yaml @@ -37,10 +37,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | source /usr/share/nvm/nvm.sh diff --git a/openjpeg.yaml b/openjpeg.yaml index 8e07bee0f45..508073c8e61 100644 --- a/openjpeg.yaml +++ b/openjpeg.yaml @@ -29,7 +29,6 @@ pipeline: # - uses: patch # with: # patches: fix-cmakelists.patch - - uses: cmake/configure with: opt: | diff --git a/opensearch-2.yaml b/opensearch-2.yaml index 1d790d04796..2739aca151c 100644 --- a/opensearch-2.yaml +++ b/opensearch-2.yaml @@ -271,7 +271,6 @@ test: environment: contents: packages: - - wolfi-base - openjdk-17-default-jvm - bash pipeline: diff --git a/opensearch-dashboards-2.yaml b/opensearch-dashboards-2.yaml index e8dd819e672..111386dfc98 100644 --- a/opensearch-dashboards-2.yaml +++ b/opensearch-dashboards-2.yaml @@ -146,7 +146,6 @@ test: environment: contents: packages: - - busybox - ${{package.name}}-config environment: OSD_NODE_HOME: /usr diff --git a/pdftk.yaml b/pdftk.yaml index 08880384580..7994dbd0153 100644 --- a/pdftk.yaml +++ b/pdftk.yaml @@ -46,7 +46,6 @@ test: environment: contents: packages: - - wolfi-base - openjdk-8-default-jvm pipeline: - runs: | diff --git a/pombump.yaml b/pombump.yaml index 9bd12a8f9c9..ec4d8baa1b4 100644 --- a/pombump.yaml +++ b/pombump.yaml @@ -28,10 +28,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | pombump version diff --git a/prometheus-beat-exporter.yaml b/prometheus-beat-exporter.yaml index dba390047b4..6bd8ac0c535 100644 --- a/prometheus-beat-exporter.yaml +++ b/prometheus-beat-exporter.yaml @@ -42,10 +42,6 @@ update: identifier: trustpilot/beat-exporter test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | beat-exporter --version diff --git a/py3-absl-py.yaml b/py3-absl-py.yaml index 4f789ac83ff..cc820316c84 100644 --- a/py3-absl-py.yaml +++ b/py3-absl-py.yaml @@ -41,10 +41,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="absl" diff --git a/py3-agate.yaml b/py3-agate.yaml index 300fc8a4ac5..76f4ecd78ac 100644 --- a/py3-agate.yaml +++ b/py3-agate.yaml @@ -46,10 +46,6 @@ update: identifier: wireservice/agate test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="agate" diff --git a/py3-aiofiles.yaml b/py3-aiofiles.yaml index 6a76a93b6ec..416de0fc345 100644 --- a/py3-aiofiles.yaml +++ b/py3-aiofiles.yaml @@ -35,10 +35,6 @@ update: identifier: 12743 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="aiofiles" diff --git a/py3-aiohttp.yaml b/py3-aiohttp.yaml index e7969f0dafd..381d0f86b4e 100644 --- a/py3-aiohttp.yaml +++ b/py3-aiohttp.yaml @@ -74,10 +74,6 @@ update: identifier: 6713 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="aiohttp" diff --git a/py3-aiosignal.yaml b/py3-aiosignal.yaml index b320e2ef772..b405d7f021b 100644 --- a/py3-aiosignal.yaml +++ b/py3-aiosignal.yaml @@ -41,10 +41,6 @@ update: identifier: 41889 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="aiosignal" diff --git a/py3-alabaster.yaml b/py3-alabaster.yaml index c9588dda65b..a4f042228a9 100644 --- a/py3-alabaster.yaml +++ b/py3-alabaster.yaml @@ -37,10 +37,6 @@ update: identifier: bitprophet/alabaster test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="alabaster" diff --git a/py3-anyio.yaml b/py3-anyio.yaml index 22bf6edaf4d..f283d6eb2fb 100644 --- a/py3-anyio.yaml +++ b/py3-anyio.yaml @@ -48,10 +48,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="anyio" diff --git a/py3-appdirs.yaml b/py3-appdirs.yaml index 7cb9f335d28..ae83600f4f4 100644 --- a/py3-appdirs.yaml +++ b/py3-appdirs.yaml @@ -39,10 +39,6 @@ update: identifier: 6278 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="appdirs" diff --git a/py3-appnope.yaml b/py3-appnope.yaml index a672c6aa9ea..aad07c1f1ae 100644 --- a/py3-appnope.yaml +++ b/py3-appnope.yaml @@ -39,10 +39,6 @@ update: identifier: minrk/appnope test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="appnope" diff --git a/py3-archspec.yaml b/py3-archspec.yaml index b2ecd4af5ed..ceb72219088 100644 --- a/py3-archspec.yaml +++ b/py3-archspec.yaml @@ -38,10 +38,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | archspec --version diff --git a/py3-argcomplete.yaml b/py3-argcomplete.yaml index 4dbb0adc5b3..0ad734f33fa 100644 --- a/py3-argcomplete.yaml +++ b/py3-argcomplete.yaml @@ -36,10 +36,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="argcomplete" diff --git a/py3-asgiref.yaml b/py3-asgiref.yaml index e69865905fd..14c750f8b87 100644 --- a/py3-asgiref.yaml +++ b/py3-asgiref.yaml @@ -40,10 +40,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | python3 ./test.py > output.out 2>&1 diff --git a/py3-asn1crypto.yaml b/py3-asn1crypto.yaml index 7fd2a2c7942..b60a96d5dee 100644 --- a/py3-asn1crypto.yaml +++ b/py3-asn1crypto.yaml @@ -42,10 +42,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="asn1crypto" diff --git a/py3-asttokens.yaml b/py3-asttokens.yaml index 41e69b8e595..d788a472ce2 100644 --- a/py3-asttokens.yaml +++ b/py3-asttokens.yaml @@ -43,10 +43,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="asttokens" diff --git a/py3-astunparse.yaml b/py3-astunparse.yaml index fa11a9f311f..56c8900abe7 100644 --- a/py3-astunparse.yaml +++ b/py3-astunparse.yaml @@ -43,10 +43,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="astunparse" diff --git a/py3-async-generator.yaml b/py3-async-generator.yaml index f30a031d061..fb28b17754c 100644 --- a/py3-async-generator.yaml +++ b/py3-async-generator.yaml @@ -44,7 +44,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 pipeline: - runs: | diff --git a/py3-babel.yaml b/py3-babel.yaml index 9f7155086ad..515115550b0 100644 --- a/py3-babel.yaml +++ b/py3-babel.yaml @@ -40,10 +40,6 @@ update: identifier: 11984 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="babel" diff --git a/py3-backcall.yaml b/py3-backcall.yaml index 0c78b37f849..850c843ba62 100644 --- a/py3-backcall.yaml +++ b/py3-backcall.yaml @@ -39,10 +39,6 @@ update: identifier: takluyver/backcall test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="backcall" diff --git a/py3-backoff.yaml b/py3-backoff.yaml index 4e8f77a014a..2b4b09f945c 100644 --- a/py3-backoff.yaml +++ b/py3-backoff.yaml @@ -35,10 +35,6 @@ update: identifier: 44448 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="backoff" diff --git a/py3-beartype.yaml b/py3-beartype.yaml index e2132b34460..25d42b6c42a 100644 --- a/py3-beartype.yaml +++ b/py3-beartype.yaml @@ -42,7 +42,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 pipeline: - runs: | diff --git a/py3-beautifulsoup4.yaml b/py3-beautifulsoup4.yaml index 919817db3b7..e88fef88501 100644 --- a/py3-beautifulsoup4.yaml +++ b/py3-beautifulsoup4.yaml @@ -41,10 +41,6 @@ update: identifier: 3779 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="beautifulsoup4" diff --git a/py3-beniget.yaml b/py3-beniget.yaml index c486b6913d1..e47c5b19f60 100644 --- a/py3-beniget.yaml +++ b/py3-beniget.yaml @@ -42,10 +42,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="beniget" diff --git a/py3-bleach.yaml b/py3-bleach.yaml index e9ba5e0483d..75ff64c44f8 100644 --- a/py3-bleach.yaml +++ b/py3-bleach.yaml @@ -43,10 +43,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="bleach" diff --git a/py3-blinker.yaml b/py3-blinker.yaml index 7a9a6097c7e..1cec806e583 100644 --- a/py3-blinker.yaml +++ b/py3-blinker.yaml @@ -44,10 +44,6 @@ update: identifier: pallets-eco/blinker test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="blinker" diff --git a/py3-bokeh.yaml b/py3-bokeh.yaml index b201d5de21f..ccd5e9d16f5 100644 --- a/py3-bokeh.yaml +++ b/py3-bokeh.yaml @@ -46,10 +46,6 @@ update: identifier: 78655 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="bokeh" diff --git a/py3-boltons.yaml b/py3-boltons.yaml index c039e7832ea..7eda64c8cf6 100644 --- a/py3-boltons.yaml +++ b/py3-boltons.yaml @@ -45,10 +45,6 @@ update: identifier: mahmoud/boltons test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="boltons" diff --git a/py3-boolean.py.yaml b/py3-boolean.py.yaml index 3f7879ad361..cd340f1e6a8 100644 --- a/py3-boolean.py.yaml +++ b/py3-boolean.py.yaml @@ -45,7 +45,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 pipeline: - runs: | diff --git a/py3-botocore.yaml b/py3-botocore.yaml index 9ea930b2bbb..fd0a338dc5b 100644 --- a/py3-botocore.yaml +++ b/py3-botocore.yaml @@ -43,10 +43,6 @@ update: identifier: 29738 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="botocore" diff --git a/py3-bracex.yaml b/py3-bracex.yaml index e44db55f151..40e260cc244 100644 --- a/py3-bracex.yaml +++ b/py3-bracex.yaml @@ -50,10 +50,6 @@ update: strip-suffix: .post1 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="bracex" diff --git a/py3-build.yaml b/py3-build.yaml index 8dfc03f57c2..46e8ceac419 100644 --- a/py3-build.yaml +++ b/py3-build.yaml @@ -46,10 +46,6 @@ update: strip-suffix: .post1 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="build" diff --git a/py3-cachecontrol.yaml b/py3-cachecontrol.yaml index 93a7ef645b3..53e417c2bd6 100644 --- a/py3-cachecontrol.yaml +++ b/py3-cachecontrol.yaml @@ -45,10 +45,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cachecontrol" diff --git a/py3-cachetools.yaml b/py3-cachetools.yaml index fe9c452b5ac..dc6ab42b823 100644 --- a/py3-cachetools.yaml +++ b/py3-cachetools.yaml @@ -40,10 +40,6 @@ update: identifier: tkem/cachetools test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cachetools" diff --git a/py3-cairo.yaml b/py3-cairo.yaml index d057cb4dc67..e8c61298d35 100644 --- a/py3-cairo.yaml +++ b/py3-cairo.yaml @@ -58,10 +58,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cairo" diff --git a/py3-canonicaljson.yaml b/py3-canonicaljson.yaml index 470aba4940e..a709ba68608 100644 --- a/py3-canonicaljson.yaml +++ b/py3-canonicaljson.yaml @@ -39,10 +39,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="canonicaljson" diff --git a/py3-certifi.yaml b/py3-certifi.yaml index 32b12043f4f..6aee448171c 100644 --- a/py3-certifi.yaml +++ b/py3-certifi.yaml @@ -61,10 +61,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="certifi" diff --git a/py3-cffi.yaml b/py3-cffi.yaml index c4dce9b1c68..a650a00299c 100644 --- a/py3-cffi.yaml +++ b/py3-cffi.yaml @@ -43,10 +43,6 @@ update: identifier: 5536 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cffi" diff --git a/py3-click.yaml b/py3-click.yaml index fcb24b6659d..e9706134e22 100644 --- a/py3-click.yaml +++ b/py3-click.yaml @@ -43,10 +43,6 @@ update: identifier: pallets/click test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="click" diff --git a/py3-cloudpickle.yaml b/py3-cloudpickle.yaml index 907bb671468..02aa991967e 100644 --- a/py3-cloudpickle.yaml +++ b/py3-cloudpickle.yaml @@ -43,10 +43,6 @@ update: tag-filter: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cloudpickle" diff --git a/py3-cmaes.yaml b/py3-cmaes.yaml index dd72de70ef7..8fd0a49c58e 100644 --- a/py3-cmaes.yaml +++ b/py3-cmaes.yaml @@ -43,10 +43,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cmaes" diff --git a/py3-codeowners.yaml b/py3-codeowners.yaml index e0f6b1de344..e0f941342fa 100644 --- a/py3-codeowners.yaml +++ b/py3-codeowners.yaml @@ -38,10 +38,6 @@ update: identifier: sbdchd/codeowners test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="codeowners" diff --git a/py3-colorama.yaml b/py3-colorama.yaml index e4c023fa7c1..bdc437d0626 100644 --- a/py3-colorama.yaml +++ b/py3-colorama.yaml @@ -51,10 +51,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="colorama" diff --git a/py3-colorlog.yaml b/py3-colorlog.yaml index 6b34698cbd3..a47ec5e2c5b 100644 --- a/py3-colorlog.yaml +++ b/py3-colorlog.yaml @@ -42,10 +42,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="colorlog" diff --git a/py3-configargparse.yaml b/py3-configargparse.yaml index bf93e04f7b1..b2e5bd7bf51 100644 --- a/py3-configargparse.yaml +++ b/py3-configargparse.yaml @@ -41,10 +41,6 @@ update: identifier: bw2/ConfigArgParse test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | DBSNP_PATH=./package_test_here python ./config_test.py --my-config ./config.txt f1.vcf f2.vcf diff --git a/py3-configobj.yaml b/py3-configobj.yaml index 3cfbd8681cf..c6e09dcde03 100644 --- a/py3-configobj.yaml +++ b/py3-configobj.yaml @@ -44,10 +44,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="configobj" diff --git a/py3-contextlib2.yaml b/py3-contextlib2.yaml index 8744bde5e7c..19357786dce 100644 --- a/py3-contextlib2.yaml +++ b/py3-contextlib2.yaml @@ -39,10 +39,6 @@ update: identifier: 6215 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="contextlib2" diff --git a/py3-contourpy.yaml b/py3-contourpy.yaml index 0eb30f995f2..e91ce37bd69 100644 --- a/py3-contourpy.yaml +++ b/py3-contourpy.yaml @@ -48,10 +48,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="contourpy" diff --git a/py3-crcmod.yaml b/py3-crcmod.yaml index c234378b583..3794ea6e17c 100644 --- a/py3-crcmod.yaml +++ b/py3-crcmod.yaml @@ -44,10 +44,6 @@ update: identifier: 12017 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="crcmod" diff --git a/py3-cryptography.yaml b/py3-cryptography.yaml index 9b54f5a2e8f..634b818a11e 100644 --- a/py3-cryptography.yaml +++ b/py3-cryptography.yaml @@ -45,10 +45,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cryptography" diff --git a/py3-cycler.yaml b/py3-cycler.yaml index 1f67850f9d0..63fa7de91df 100644 --- a/py3-cycler.yaml +++ b/py3-cycler.yaml @@ -44,10 +44,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cycler" diff --git a/py3-datadog.yaml b/py3-datadog.yaml index 18e27f1f68e..529e6f9b1bd 100644 --- a/py3-datadog.yaml +++ b/py3-datadog.yaml @@ -37,10 +37,6 @@ update: identifier: 35391 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="datadog" diff --git a/py3-debugpy.yaml b/py3-debugpy.yaml index 2403105edc3..f65aabc4e52 100644 --- a/py3-debugpy.yaml +++ b/py3-debugpy.yaml @@ -42,10 +42,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="debugpy" diff --git a/py3-defusedxml.yaml b/py3-defusedxml.yaml index 77ab47780c7..c445d95a66e 100644 --- a/py3-defusedxml.yaml +++ b/py3-defusedxml.yaml @@ -46,10 +46,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="defusedxml" diff --git a/py3-deprecated.yaml b/py3-deprecated.yaml index 91dde8a6fc1..3b348755515 100644 --- a/py3-deprecated.yaml +++ b/py3-deprecated.yaml @@ -40,10 +40,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="deprecated" diff --git a/py3-deprecation.yaml b/py3-deprecation.yaml index 80738c510e0..dd16a2ff32c 100644 --- a/py3-deprecation.yaml +++ b/py3-deprecation.yaml @@ -40,10 +40,6 @@ update: identifier: briancurtin/deprecation test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="deprecation" diff --git a/py3-dill.yaml b/py3-dill.yaml index 7171eb3fc98..0ae638b18c5 100644 --- a/py3-dill.yaml +++ b/py3-dill.yaml @@ -40,10 +40,6 @@ update: identifier: uqfoundation/dill test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="dill" diff --git a/py3-distlib.yaml b/py3-distlib.yaml index 332d0c23159..7c7b050b90a 100644 --- a/py3-distlib.yaml +++ b/py3-distlib.yaml @@ -43,10 +43,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="distlib" diff --git a/py3-distro.yaml b/py3-distro.yaml index 6aed8febf47..d59496bf52f 100644 --- a/py3-distro.yaml +++ b/py3-distro.yaml @@ -44,10 +44,6 @@ update: identifier: 12202 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="distro" diff --git a/py3-django.yaml b/py3-django.yaml index 6dbdc361ef3..ed04656f2cf 100644 --- a/py3-django.yaml +++ b/py3-django.yaml @@ -42,10 +42,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | python3 ./test.py > output.out 2>&1 diff --git a/py3-docker.yaml b/py3-docker.yaml index fe9ad0bb12c..cbf2671a959 100644 --- a/py3-docker.yaml +++ b/py3-docker.yaml @@ -41,10 +41,6 @@ update: identifier: docker/docker-py test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="docker" diff --git a/py3-docopt.yaml b/py3-docopt.yaml index 68646201f09..d177816fef3 100644 --- a/py3-docopt.yaml +++ b/py3-docopt.yaml @@ -37,10 +37,6 @@ update: identifier: 8436 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="docopt" diff --git a/py3-docutils.yaml b/py3-docutils.yaml index 8eb3b32a00b..38832451d1b 100644 --- a/py3-docutils.yaml +++ b/py3-docutils.yaml @@ -45,10 +45,6 @@ update: identifier: 3849 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="docutils" diff --git a/py3-dulwich.yaml b/py3-dulwich.yaml index 73a4ff203f2..746e85397e8 100644 --- a/py3-dulwich.yaml +++ b/py3-dulwich.yaml @@ -40,10 +40,6 @@ update: strip-prefix: dulwich- test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="dulwich" diff --git a/py3-escapism.yaml b/py3-escapism.yaml index 45980b549b6..2fdc12876cc 100644 --- a/py3-escapism.yaml +++ b/py3-escapism.yaml @@ -39,10 +39,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="escapism" diff --git a/py3-exceptiongroup.yaml b/py3-exceptiongroup.yaml index 894b592a46f..fd788c01d9e 100644 --- a/py3-exceptiongroup.yaml +++ b/py3-exceptiongroup.yaml @@ -43,10 +43,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="exceptiongroup" diff --git a/py3-jinja2.yaml b/py3-jinja2.yaml index d8080193126..daa7cb30e87 100644 --- a/py3-jinja2.yaml +++ b/py3-jinja2.yaml @@ -45,9 +45,5 @@ update: identifier: 3894 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: python -c 'import jinja2' diff --git a/py3-jupyter-client.yaml b/py3-jupyter-client.yaml index e9eb0744359..28225ce994b 100644 --- a/py3-jupyter-client.yaml +++ b/py3-jupyter-client.yaml @@ -52,7 +52,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 pipeline: - runs: | diff --git a/py3-oauth2client.yaml b/py3-oauth2client.yaml index 77ddfb6d952..d06c33d65e0 100644 --- a/py3-oauth2client.yaml +++ b/py3-oauth2client.yaml @@ -48,7 +48,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 pipeline: - runs: | diff --git a/py3-psutil.yaml b/py3-psutil.yaml index 083e1d08345..9acd11fdf08 100644 --- a/py3-psutil.yaml +++ b/py3-psutil.yaml @@ -47,7 +47,6 @@ test: environment: contents: packages: - - wolfi-base - python3 pipeline: - runs: | diff --git a/py3-pycparser.yaml b/py3-pycparser.yaml index 9d4a41ea311..45e98133fee 100644 --- a/py3-pycparser.yaml +++ b/py3-pycparser.yaml @@ -52,7 +52,6 @@ test: environment: contents: packages: - - wolfi-base - python3 pipeline: - runs: | diff --git a/py3-pytest-timeout.yaml b/py3-pytest-timeout.yaml index a75d0fae383..74a9cc88643 100644 --- a/py3-pytest-timeout.yaml +++ b/py3-pytest-timeout.yaml @@ -39,10 +39,6 @@ update: tag-filter: 2. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | rc=0 diff --git a/py3-pytest.yaml b/py3-pytest.yaml index f6dacb60143..63dd0e9e434 100644 --- a/py3-pytest.yaml +++ b/py3-pytest.yaml @@ -44,10 +44,6 @@ update: identifier: pytest-dev/pytest test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | pytest ./test_capitalize.py diff --git a/py3-soupsieve.yaml b/py3-soupsieve.yaml index 60dba2b7fe3..18fdebec848 100644 --- a/py3-soupsieve.yaml +++ b/py3-soupsieve.yaml @@ -47,7 +47,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 - py3-beautifulsoup4 pipeline: diff --git a/py3-tinydb.yaml b/py3-tinydb.yaml index b6041bd2312..2eecf7ca76c 100644 --- a/py3-tinydb.yaml +++ b/py3-tinydb.yaml @@ -39,10 +39,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | python3 ./test.py > output.out 2>&1 diff --git a/python-3.10.yaml b/python-3.10.yaml index 30ab8c45876..48c5c1f42d0 100644 --- a/python-3.10.yaml +++ b/python-3.10.yaml @@ -110,10 +110,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | python3 --version diff --git a/pytorch.yaml b/pytorch.yaml index 1a7b0aeef5d..22217d83062 100644 --- a/pytorch.yaml +++ b/pytorch.yaml @@ -102,7 +102,6 @@ test: environment: contents: packages: - - wolfi-base - python-3.11 pipeline: - runs: | diff --git a/qpdf.yaml b/qpdf.yaml index 2dbbdc2a805..7ca2a8f075c 100644 --- a/qpdf.yaml +++ b/qpdf.yaml @@ -66,10 +66,6 @@ subpackages: description: Repair PDF files in QDF form after editing test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | qpdf -version diff --git a/redis-7.0.yaml b/redis-7.0.yaml index aee5531b69b..8d0f100d43a 100644 --- a/redis-7.0.yaml +++ b/redis-7.0.yaml @@ -149,7 +149,6 @@ test: environment: contents: packages: - - busybox - redis-cli pipeline: - runs: | diff --git a/redis-7.2.yaml b/redis-7.2.yaml index 71a3d82e1ef..0a97f056ed3 100644 --- a/redis-7.2.yaml +++ b/redis-7.2.yaml @@ -151,7 +151,6 @@ test: environment: contents: packages: - - busybox - redis-cli pipeline: - runs: | diff --git a/rook.yaml b/rook.yaml index 59810844b1c..beb4cb3006b 100644 --- a/rook.yaml +++ b/rook.yaml @@ -70,10 +70,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | rook version diff --git a/rpm.yaml b/rpm.yaml index 593b6a32b12..53d9aea9aad 100644 --- a/rpm.yaml +++ b/rpm.yaml @@ -107,10 +107,6 @@ update: strip-suffix: -release test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | rpm --version diff --git a/rstudio.yaml b/rstudio.yaml index 842183972ab..939578417bc 100644 --- a/rstudio.yaml +++ b/rstudio.yaml @@ -98,10 +98,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | rstudio-server version diff --git a/ruby3.2-concurrent-ruby.yaml b/ruby3.2-concurrent-ruby.yaml index 512a378b644..4b29a219849 100644 --- a/ruby3.2-concurrent-ruby.yaml +++ b/ruby3.2-concurrent-ruby.yaml @@ -91,7 +91,6 @@ test: contents: packages: - ruby3.2-bundler - - wolfi-base # Install the subpackages for testing - ruby3.2-concurrent-ruby-ext - ruby3.2-concurrent-ruby-edge diff --git a/ruby3.2-jrjackson.yaml b/ruby3.2-jrjackson.yaml index 3dcd490678e..0cf8de3a06d 100644 --- a/ruby3.2-jrjackson.yaml +++ b/ruby3.2-jrjackson.yaml @@ -57,7 +57,6 @@ test: environment: contents: packages: - - busybox - jruby-9.4 - openjdk-11-default-jvm pipeline: diff --git a/s5cmd.yaml b/s5cmd.yaml index 4f4ca4173bd..33bdd5a36b0 100644 --- a/s5cmd.yaml +++ b/s5cmd.yaml @@ -35,10 +35,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | s5cmd version diff --git a/screen.yaml b/screen.yaml index 1b66a1f99cb..8088a1371ee 100644 --- a/screen.yaml +++ b/screen.yaml @@ -41,10 +41,6 @@ subpackages: description: screen manpages test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: screen -v diff --git a/selenium.yaml b/selenium.yaml index 3a58ee0911e..1fbcfbb6717 100644 --- a/selenium.yaml +++ b/selenium.yaml @@ -107,7 +107,6 @@ test: environment: contents: packages: - - wolfi-base - openjdk-11-default-jvm pipeline: - runs: | diff --git a/shfmt.yaml b/shfmt.yaml index a2fedc634fe..fff7dc321ec 100644 --- a/shfmt.yaml +++ b/shfmt.yaml @@ -33,10 +33,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | shfmt --version diff --git a/spark.yaml b/spark.yaml index 5b1f59c3da8..007a9c78ac6 100644 --- a/spark.yaml +++ b/spark.yaml @@ -83,10 +83,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | /usr/lib/spark/bin/spark-submit --version diff --git a/speedtest-go.yaml b/speedtest-go.yaml index c52cb3230f5..62cf0e8c674 100644 --- a/speedtest-go.yaml +++ b/speedtest-go.yaml @@ -20,10 +20,6 @@ pipeline: ldflags: -s -w test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: speedtest-go diff --git a/sqlite.yaml b/sqlite.yaml index e34af73d8f9..64cf7d5a291 100644 --- a/sqlite.yaml +++ b/sqlite.yaml @@ -84,10 +84,6 @@ update: identifier: 4877 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | sqlite3 --version diff --git a/src-fingerprint.yaml b/src-fingerprint.yaml index d0cad42580f..c1b759b3354 100644 --- a/src-fingerprint.yaml +++ b/src-fingerprint.yaml @@ -37,10 +37,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | src-fingerprint --version diff --git a/ssh-import-id.yaml b/ssh-import-id.yaml index 223a9081027..28e59a099b6 100644 --- a/ssh-import-id.yaml +++ b/ssh-import-id.yaml @@ -44,10 +44,6 @@ update: enabled: false # Need support for git.launchpad.net test: - environment: - contents: - packages: - - busybox pipeline: - runs: | ssh-import-id kirkland diff --git a/starship.yaml b/starship.yaml index ef036971111..c3a4501ec09 100644 --- a/starship.yaml +++ b/starship.yaml @@ -35,10 +35,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | starship --version diff --git a/syft.yaml b/syft.yaml index ec70c65d6da..6fffb560c1f 100644 --- a/syft.yaml +++ b/syft.yaml @@ -32,10 +32,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | syft --version diff --git a/terraform-docs.yaml b/terraform-docs.yaml index 4493b759fc1..e7da8455398 100644 --- a/terraform-docs.yaml +++ b/terraform-docs.yaml @@ -13,10 +13,6 @@ pipeline: version: v${{package.version}} test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: terraform-docs --help diff --git a/traefik.yaml b/traefik.yaml index 82adef40496..680aac81874 100644 --- a/traefik.yaml +++ b/traefik.yaml @@ -46,10 +46,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | traefik version diff --git a/uv.yaml b/uv.yaml index 18a3aa28ffd..2f5271f9de2 100644 --- a/uv.yaml +++ b/uv.yaml @@ -36,10 +36,6 @@ update: identifier: astral-sh/uv test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | uv --version | grep ${{package.version}} diff --git a/w3m.yaml b/w3m.yaml index 055e5a70058..f6027bca570 100644 --- a/w3m.yaml +++ b/w3m.yaml @@ -51,10 +51,6 @@ update: # Basic test, requires newtork access, to dump https://example.com to stdout test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | w3m -dump https://example.com diff --git a/yazi.yaml b/yazi.yaml index 93ab1a49ab6..50fb4285cb6 100644 --- a/yazi.yaml +++ b/yazi.yaml @@ -38,10 +38,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | yazi --version diff --git a/zellij.yaml b/zellij.yaml index a6328cde78e..76229999b92 100644 --- a/zellij.yaml +++ b/zellij.yaml @@ -86,10 +86,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | zellij --version diff --git a/zstd.yaml b/zstd.yaml index 969e3a19614..d33e8cc938c 100644 --- a/zstd.yaml +++ b/zstd.yaml @@ -62,7 +62,6 @@ test: environment: contents: packages: - - wolfi-base - pkgconf - zstd-dev pipeline: From d70d2e9c40e1ecf4d88ceb07293be57704ad0fd1 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 16:16:03 +0000 Subject: [PATCH 039/235] nri-apache/1.12.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-apache.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nri-apache.yaml b/nri-apache.yaml index 102c6514371..c1a7dd35196 100644 --- a/nri-apache.yaml +++ b/nri-apache.yaml @@ -1,6 +1,6 @@ package: name: nri-apache - version: 1.12.2 + version: 1.12.3 epoch: 0 description: New Relic Infrastructure Apache Integration copyright: @@ -18,7 +18,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-apache - expected-commit: 1e46f24e4e0a07a6cbb03b203a2a5aec924a9596 + expected-commit: cadfea94275a78aeb09589697e8a00343ac74305 tag: v${{package.version}} - uses: go/build From edab451f39604c641abb8d9dcc22ed39e31300ce Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 16:16:10 +0000 Subject: [PATCH 040/235] py3-minimal-snowplow-tracker/1.0.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-minimal-snowplow-tracker.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/py3-minimal-snowplow-tracker.yaml b/py3-minimal-snowplow-tracker.yaml index e4483044fc2..564860bbc77 100644 --- a/py3-minimal-snowplow-tracker.yaml +++ b/py3-minimal-snowplow-tracker.yaml @@ -1,8 +1,8 @@ # Generated from https://pypi.org/project/minimal-snowplow-tracker/ package: name: py3-minimal-snowplow-tracker - version: 1.0.1 - epoch: 1 + version: 1.0.2 + epoch: 0 description: A minimal snowplow event tracker for Python. Add analytics to your Python and Django apps, webapps and games copyright: - license: Apache-2.0 @@ -27,7 +27,7 @@ pipeline: with: repository: https://github.com/snowplow/snowplow-python-tracker tag: ${{package.version}} - expected-commit: b29a57d91ebe88c4fa104f905c12040d3d7296c6 + expected-commit: cb7e434be13af1f5dfe5b6b3416d062c477f8de1 - name: Python Build uses: python/build-wheel From 504cda717d4745976f9260d001680c47235beccd Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 16:16:16 +0000 Subject: [PATCH 041/235] gcsfuse/1.4.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- gcsfuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gcsfuse.yaml b/gcsfuse.yaml index a5ea41949f3..89e87f39f0c 100644 --- a/gcsfuse.yaml +++ b/gcsfuse.yaml @@ -1,6 +1,6 @@ package: name: gcsfuse - version: 1.4.1 + version: 1.4.2 epoch: 0 description: A user-space file system for interacting with Google Cloud Storage copyright: From 62fb7dbd2d54eb1aac2fc7066282eab88f0cf7a8 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 16:16:21 +0000 Subject: [PATCH 042/235] pixi/0.15.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- pixi.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pixi.yaml b/pixi.yaml index e7e62b9cc58..eb29ab9633a 100644 --- a/pixi.yaml +++ b/pixi.yaml @@ -1,6 +1,6 @@ package: name: pixi - version: 0.14.0 + version: 0.15.1 epoch: 0 description: "Package management made easy" copyright: @@ -20,7 +20,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/prefix-dev/pixi - expected-commit: 44240e8815cf74e7f1ebf4ca6f6d7e1ef86a6cb9 + expected-commit: 745862373f60a90c77b70fb68365af54614d571e tag: v${{package.version}} - name: Configure and build From 6cdabf19bd0d8bcc3ca09219c113545f5e407ce0 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 16:16:27 +0000 Subject: [PATCH 043/235] py3-typing-extensions/4.10.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-typing-extensions.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/py3-typing-extensions.yaml b/py3-typing-extensions.yaml index d34be9d7d8e..f12ce3671f2 100644 --- a/py3-typing-extensions.yaml +++ b/py3-typing-extensions.yaml @@ -1,8 +1,8 @@ # Generated from https://pypi.org/project/typing-extensions/ package: name: py3-typing-extensions - version: 4.9.0 - epoch: 1 + version: 4.10.0 + epoch: 0 description: Backported and Experimental Type Hints for Python 3.7+ copyright: - license: PSF-2.0 @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/python/typing_extensions tag: ${{package.version}} - expected-commit: fc461d6faf4585849b561f2e4cbb06e9db095307 + expected-commit: ed81f2b2043f60b0c159914e264e127f5d0b4cda - name: Python Build runs: | From e448f18e08913eafa7b90996a2227cd2f74bbf61 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 16:16:32 +0000 Subject: [PATCH 044/235] nri-postgresql/2.13.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-postgresql.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nri-postgresql.yaml b/nri-postgresql.yaml index 3e2bbb18af5..1548f8765d5 100644 --- a/nri-postgresql.yaml +++ b/nri-postgresql.yaml @@ -1,7 +1,7 @@ package: name: nri-postgresql - version: 2.13.0 - epoch: 4 + version: 2.13.1 + epoch: 0 description: New Relic Infrastructure Postgresql Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-postgresql - expected-commit: ee5e60b6e9af6c70339a500f0c111196680e26e2 + expected-commit: 5bbcff2c6b8b4f49bbd891a7a887ed0106bedbdc tag: v${{package.version}} - uses: go/build From 663c2b774c196ffd6de4f9b6eafc771840318623 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 16:16:37 +0000 Subject: [PATCH 045/235] pstack/2.4.7 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- pstack.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pstack.yaml b/pstack.yaml index d58955b023f..5a1068fb9d3 100644 --- a/pstack.yaml +++ b/pstack.yaml @@ -1,6 +1,6 @@ package: name: pstack - version: 2.4.6 + version: 2.4.7 epoch: 0 description: "Print stack traces from running processes, or core files." copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/peadar/pstack tag: v${{package.version}} - expected-commit: 542da7ec3b0b4f6bd107de13f06ff0a02bfabbe3 + expected-commit: abbca2ce52122be4487d0a9bdda9bc928c48ac58 - name: Set directories runs: | From d673c9d0d53323d57e83f9cc7387da0849961ca0 Mon Sep 17 00:00:00 2001 From: mauricio-dc-chainguard Date: Mon, 26 Feb 2024 10:50:28 -0600 Subject: [PATCH 046/235] adding kuberay-operator-compat Signed-off-by: mauricio-dc-chainguard --- kuberay-operator.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/kuberay-operator.yaml b/kuberay-operator.yaml index 466ed4a1b73..b1f717e7afc 100644 --- a/kuberay-operator.yaml +++ b/kuberay-operator.yaml @@ -1,7 +1,7 @@ package: name: kuberay-operator version: 1.0.0 - epoch: 0 + epoch: 1 description: A toolkit to run Ray applications on Kubernetes copyright: - license: Apache-2.0 @@ -30,6 +30,16 @@ pipeline: - uses: strip +subpackages: + - name: kuberay-operator-compat + description: "Compatibility package to place binaries in the location expected by upstream helm charts" + pipeline: + - runs: | + # The helm chart expects the cass-operator binaries to be in / instead of /usr/bin + mkdir -p "${{targets.subpkgdir}}" + ln -sf /usr/bin/manager ${{targets.subpkgdir}}/manager + - uses: strip + update: enabled: true github: From 04368146712fbcccad244ea2b828f4b6030bf70f Mon Sep 17 00:00:00 2001 From: mauricio-dc-chainguard <156850521+mauricio-dc-chainguard@users.noreply.github.com> Date: Mon, 26 Feb 2024 11:04:42 -0600 Subject: [PATCH 047/235] Update kuberay-operator.yaml Co-authored-by: Ajay Kemparaj Signed-off-by: mauricio-dc-chainguard <156850521+mauricio-dc-chainguard@users.noreply.github.com> --- kuberay-operator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kuberay-operator.yaml b/kuberay-operator.yaml index b1f717e7afc..338efd47502 100644 --- a/kuberay-operator.yaml +++ b/kuberay-operator.yaml @@ -35,7 +35,7 @@ subpackages: description: "Compatibility package to place binaries in the location expected by upstream helm charts" pipeline: - runs: | - # The helm chart expects the cass-operator binaries to be in / instead of /usr/bin + # The helm chart expects the kuberay-operator binaries to be in / instead of /usr/bin mkdir -p "${{targets.subpkgdir}}" ln -sf /usr/bin/manager ${{targets.subpkgdir}}/manager - uses: strip From c0c672360f6da0318f04afdce1af4deaf9905947 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Mon, 26 Feb 2024 17:07:41 +0000 Subject: [PATCH 048/235] fix concurrent ruby test Signed-off-by: Jason Hall --- ruby3.2-concurrent-ruby.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ruby3.2-concurrent-ruby.yaml b/ruby3.2-concurrent-ruby.yaml index 4b29a219849..93c3b215881 100644 --- a/ruby3.2-concurrent-ruby.yaml +++ b/ruby3.2-concurrent-ruby.yaml @@ -88,6 +88,8 @@ subpackages: test: environment: + environment: + HOME: /home/build contents: packages: - ruby3.2-bundler From 95ac4dbed97b725e179438e726d2abc99595a0ef Mon Sep 17 00:00:00 2001 From: mauricio-dc-chainguard <156850521+mauricio-dc-chainguard@users.noreply.github.com> Date: Mon, 26 Feb 2024 11:08:24 -0600 Subject: [PATCH 049/235] Update kuberay-operator.yaml Co-authored-by: Ajay Kemparaj Signed-off-by: mauricio-dc-chainguard <156850521+mauricio-dc-chainguard@users.noreply.github.com> --- kuberay-operator.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/kuberay-operator.yaml b/kuberay-operator.yaml index 338efd47502..5181f4b633b 100644 --- a/kuberay-operator.yaml +++ b/kuberay-operator.yaml @@ -38,7 +38,6 @@ subpackages: # The helm chart expects the kuberay-operator binaries to be in / instead of /usr/bin mkdir -p "${{targets.subpkgdir}}" ln -sf /usr/bin/manager ${{targets.subpkgdir}}/manager - - uses: strip update: enabled: true From c860641472101669e560d47e5872abe27cfe6ce7 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:15:51 +0000 Subject: [PATCH 050/235] py3-poetry/1.8.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-poetry.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/py3-poetry.yaml b/py3-poetry.yaml index 01826b2a9f0..64f6751264b 100644 --- a/py3-poetry.yaml +++ b/py3-poetry.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/poetry/ package: name: py3-poetry - version: 1.8.0 + version: 1.8.1 epoch: 0 description: Python dependency management and packaging made easy. copyright: @@ -50,11 +50,11 @@ pipeline: with: repository: https://github.com/python-poetry/poetry tag: ${{package.version}} - expected-commit: a3789fec54390e8cca8a6b399b59b8b45cc26dd3 + expected-commit: 78f7dd6b762b78e657ee9c74cf0ae50ccb0904ec - uses: fetch with: - expected-sha256: 27676b30e17c44b836cc002bf3cf8472f01fce886bddb4987caf14aeb4663165 + expected-sha256: 23519cc45eb3cf48e899145bc762425a141e3afd52ecc53ec443ca635122327f uri: https://files.pythonhosted.org/packages/source/p/poetry/poetry-${{package.version}}.tar.gz - name: Python Build From dd5d27fac62923dff8895d2d8865e5336d720141 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:15:56 +0000 Subject: [PATCH 051/235] uv/0.1.11 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- uv.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/uv.yaml b/uv.yaml index 18a3aa28ffd..04d4c8c289d 100644 --- a/uv.yaml +++ b/uv.yaml @@ -1,6 +1,6 @@ package: name: uv - version: 0.1.10 + version: 0.1.11 epoch: 0 description: An extremely fast Python package installer and resolver, written in Rust. copyright: @@ -22,7 +22,7 @@ pipeline: with: repository: https://github.com/astral-sh/uv tag: ${{package.version}} - expected-commit: daa8565a75249305821fdc34ace085060c082ba3 + expected-commit: 32e5cacdd600e073ca6ab6ca11f76ec5e7e2c20e - runs: | cargo build --locked --release From 0e4089ce2f178bf3042331b5f8d1bbb2249e9467 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:16:00 +0000 Subject: [PATCH 052/235] syft/0.105.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- syft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/syft.yaml b/syft.yaml index ec70c65d6da..7d835b3d14a 100644 --- a/syft.yaml +++ b/syft.yaml @@ -1,6 +1,6 @@ package: name: syft - version: 0.105.0 + version: 0.105.1 epoch: 0 description: CLI tool and library for generating a Software Bill of Materials from container images and filesystems copyright: @@ -15,7 +15,7 @@ pipeline: with: repository: https://github.com/anchore/syft tag: v${{package.version}} - expected-commit: 65cadda48653d2452a7e41a47a60d2934e8fcb07 + expected-commit: 928511ea0f1449e057e8057e38743d258b22476b - uses: go/build with: From accb680a67830b69b8d872f19e6ddd68659ff240 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:16:05 +0000 Subject: [PATCH 053/235] nri-mysql/1.10.4 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-mysql.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nri-mysql.yaml b/nri-mysql.yaml index c5877c262c6..b79050d04c2 100644 --- a/nri-mysql.yaml +++ b/nri-mysql.yaml @@ -1,7 +1,7 @@ package: name: nri-mysql - version: 1.10.2 - epoch: 4 + version: 1.10.4 + epoch: 0 description: New Relic Infrastructure MySQL Integration copyright: - license: Apache-2.0 @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-mysql - expected-commit: 54fc0ed4811aaa36f7552ee0c7d551da8fd9523e + expected-commit: 580d18bbda6e107e98df1905be5534d528db9f63 tag: v${{package.version}} - uses: go/build From e5a35be1ea67d39c978058a3207c6976ee44ee4d Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:16:10 +0000 Subject: [PATCH 054/235] k8s-sidecar/1.25.6 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- k8s-sidecar.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s-sidecar.yaml b/k8s-sidecar.yaml index d240ae493cc..6928ed5d8d6 100644 --- a/k8s-sidecar.yaml +++ b/k8s-sidecar.yaml @@ -1,6 +1,6 @@ package: name: k8s-sidecar - version: 1.25.4 + version: 1.25.6 epoch: 0 description: "container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder" copyright: @@ -25,7 +25,7 @@ pipeline: with: repository: https://github.com/kiwigrid/k8s-sidecar tag: ${{package.version}} - expected-commit: 8214130a91b90d4202c546ab2328f85a5da16c45 + expected-commit: 34e16c9440adea149e8964b81f8e7574f2f48d65 - runs: | mkdir -p ${{targets.destdir}}/usr/share/app From a181fced1960485d7b7a6eb5c5e5520577376794 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:16:40 +0000 Subject: [PATCH 055/235] coredns/1.11.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- coredns.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/coredns.yaml b/coredns.yaml index 1291263626b..d87a91f79ca 100644 --- a/coredns.yaml +++ b/coredns.yaml @@ -1,7 +1,7 @@ package: name: coredns - version: 1.11.1 - epoch: 10 + version: 1.11.2 + epoch: 0 description: CoreDNS is a DNS server that chains plugins copyright: - license: Apache-2.0 @@ -25,7 +25,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: ae2bbc29be1aaae0b3ded5d188968a6c97bb3144 + expected-commit: 8868454177bdd3e70e71bd52d3c0e38bcf0d77fd repository: https://github.com/coredns/coredns tag: v${{package.version}} @@ -33,10 +33,6 @@ pipeline: # Ensures plugins get included make check - - uses: go/bump - with: - deps: golang.org/x/net@v0.17.0 google.golang.org/grpc@v1.58.3 golang.org/x/crypto@v0.17.0 github.com/quic-go/quic-go@v0.37.7 - - uses: go/build with: go-package: go-1.20 From 7d75a40a6c1907a29afa64e8efbb867039faa2a8 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:16:44 +0000 Subject: [PATCH 056/235] hugo-extended/0.123.4 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- hugo-extended.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hugo-extended.yaml b/hugo-extended.yaml index ead3fc9868e..86414700ac7 100644 --- a/hugo-extended.yaml +++ b/hugo-extended.yaml @@ -1,6 +1,6 @@ package: name: hugo-extended - version: 0.123.3 + version: 0.123.4 epoch: 0 description: The world's fastest framework for building websites. copyright: From cb4c763e770b974879a0d18c690553eebbda8e13 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:17:15 +0000 Subject: [PATCH 057/235] rye/0.27.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- rye.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rye.yaml b/rye.yaml index 8c860960768..dd170dc35cb 100644 --- a/rye.yaml +++ b/rye.yaml @@ -1,6 +1,6 @@ package: name: rye - version: 0.26.0 + version: 0.27.0 epoch: 0 description: "An Experimental Package Management Solution for Python" copyright: @@ -21,7 +21,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/mitsuhiko/rye - expected-commit: d245f625ed1e48b794863cc3a69d0a83daf74c5c + expected-commit: 43ee4fce00021b4cc15dfc3fb92a97b9b156a981 tag: ${{package.version}} - name: Configure and build From 3d69ffd5d824f3a0c8ffb581ebc67c9d81562099 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:17:20 +0000 Subject: [PATCH 058/235] hugo/0.123.4 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- hugo.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hugo.yaml b/hugo.yaml index 72822a27e13..164ed36b154 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -1,6 +1,6 @@ package: name: hugo - version: 0.123.3 + version: 0.123.4 epoch: 0 description: The world's fastest framework for building websites. copyright: @@ -18,7 +18,7 @@ pipeline: with: repository: https://github.com/gohugoio/hugo tag: v${{package.version}} - expected-commit: a75a659f6fc0cb3a52b2b2ba666a81f79a459376 + expected-commit: 21a41003c4633b142ac565c52da22924dc30637a - uses: go/build with: From 7b0e4e23b8ad143633cc7ab6f9fd343b465af102 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Mon, 26 Feb 2024 12:32:17 -0500 Subject: [PATCH 059/235] Update ca-certificates.yaml Signed-off-by: Jason Hall --- ca-certificates.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ca-certificates.yaml b/ca-certificates.yaml index c5308f551d3..9a3cf3d0cd5 100644 --- a/ca-certificates.yaml +++ b/ca-certificates.yaml @@ -61,6 +61,15 @@ subpackages: mv "${{targets.destdir}}"/etc/ssl/certs/ca-certificates.crt "${{targets.subpkgdir}}"/etc/ssl/certs ln -s certs/ca-certificates.crt "${{targets.subpkgdir}}"/etc/ssl/cert.pem +test: + environment: + contents: + packages: + - curl + - wolfi-base + pipeline: + - runs: curl -v https://packages.wolfi.dev + update: enabled: true release-monitor: From 87483ce18f5649527111a8b13144ebce43c09a5d Mon Sep 17 00:00:00 2001 From: Sam Singh Anantha <30288538+sanghanan@users.noreply.github.com> Date: Mon, 26 Feb 2024 13:03:57 -0500 Subject: [PATCH 060/235] Update grafana-agent-operator.yaml Signed-off-by: Sam Singh Anantha <30288538+sanghanan@users.noreply.github.com> --- grafana-agent-operator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml index 1b4ff4557e9..142283730c3 100644 --- a/grafana-agent-operator.yaml +++ b/grafana-agent-operator.yaml @@ -33,7 +33,7 @@ pipeline: update: enabled: true ignore-regex-patterns: - - "-rc" + - '-rc' github: identifier: grafana/agent strip-prefix: v From d74605d12f6f7e65a1b95955732f4a24fcf027db Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 18:08:39 +0000 Subject: [PATCH 061/235] py3-pywinpty/2.0.13 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-pywinpty.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-pywinpty.yaml b/py3-pywinpty.yaml index a02665557c4..29f95e2dcbc 100644 --- a/py3-pywinpty.yaml +++ b/py3-pywinpty.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/pywinpty/ package: name: py3-pywinpty - version: 2.0.12 + version: 2.0.13 epoch: 0 description: Pseudo terminal support for Windows from Python. copyright: @@ -24,7 +24,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 8197de460ae8ebb7f5d1701dfa1b5df45b157bb832e92acba316305e18ca00dd + expected-sha256: c34e32351a3313ddd0d7da23d27f835c860d32fe4ac814d372a3ea9594f41dde uri: https://files.pythonhosted.org/packages/source/p/pywinpty/pywinpty-${{package.version}}.tar.gz - name: Python Build From bfde7869935fefd6a34f2969639b1dec74c7e71d Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 18:15:02 +0000 Subject: [PATCH 062/235] renovate/37.214.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.yaml b/renovate.yaml index 3d38ea97e5f..f19783a382b 100644 --- a/renovate.yaml +++ b/renovate.yaml @@ -1,6 +1,6 @@ package: name: renovate - version: 37.214.0 + version: 37.214.1 epoch: 0 description: "Automated dependency updates. Multi-platform and multi-language." copyright: From 0f6857087f8453e6722580020ac0068b9b55e13f Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 18:15:08 +0000 Subject: [PATCH 063/235] neon/4983 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- neon.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/neon.yaml b/neon.yaml index 2bba3c2ca59..c60c6f4ca7b 100644 --- a/neon.yaml +++ b/neon.yaml @@ -1,6 +1,6 @@ package: name: neon - version: "4917" + version: "4983" epoch: 0 description: "Serverless Postgres. We separated storage and compute to offer autoscaling, branching, and bottomless storage." copyright: @@ -43,7 +43,7 @@ pipeline: with: repository: https://github.com/neondatabase/neon tag: release-${{package.version}} - expected-commit: 96a4e8de660be469fb00efd7d268120890ca06fd + expected-commit: 6460beffcd0d9c4d4a1ed17e39295a869510d29f recurse-submodules: true - runs: | From fd5412c56476396a4cb1bbbb95a9a13a78fe6dd1 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 18:15:33 +0000 Subject: [PATCH 064/235] nri-cassandra/2.13.4 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-cassandra.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nri-cassandra.yaml b/nri-cassandra.yaml index 7322cfaff53..3c290333339 100644 --- a/nri-cassandra.yaml +++ b/nri-cassandra.yaml @@ -1,7 +1,7 @@ package: name: nri-cassandra - version: 2.13.2 - epoch: 4 + version: 2.13.4 + epoch: 0 description: New Relic Infrastructure Cassandra Integration copyright: - license: Apache-2.0 @@ -14,7 +14,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-cassandra - expected-commit: b629c78b1fc76e8c6176aeb24f43e05d6dc6de8c + expected-commit: b66f1934b1d26d1d53e51b8a39041074883c39ed tag: v${{package.version}} - uses: go/build From c21a9ac448e64d3dfef29ccea6b27a1ad60299e9 Mon Sep 17 00:00:00 2001 From: ajayk Date: Mon, 26 Feb 2024 11:35:39 -0800 Subject: [PATCH 065/235] npm: use the ip 2.0.1 --- npm.yaml | 9 +++++---- sqlpad.yaml | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/npm.yaml b/npm.yaml index 73fb8ea0d9e..d83e9e59a1b 100644 --- a/npm.yaml +++ b/npm.yaml @@ -1,7 +1,7 @@ package: name: npm version: 10.4.0 - epoch: 1 + epoch: 2 description: "the npm package manager for javascript, mainline" copyright: - license: Artistic-2.0 @@ -29,13 +29,14 @@ pipeline: runs: | rm -rf ip - # Replace the ip package with the seal-security fork, which is a drop-in replacement + # update the https://www.npmjs.com/package/ip/v/2.0.1 # that resolves a CVE. + # remove this once npm fixes it - uses: fetch working-directory: /home/build/node_modules/ip with: - uri: https://registry.npmjs.org/@seal-security/ip/-/ip-2.0.0-sp-1.tgz - expected-sha512: 652901950df430b0d6f484fc12be69ca6e88b0c3223ad3a97441c510a438437a7858c959c85cc4d03d98ab920c4919401114497fe7436b8e5942392582e7ab4f + uri: https://registry.npmjs.org/ip/-/ip-2.0.1.tgz + expected-sha512: 94950bf6298b4cd8b565f5d3f8353aac105d6e228606e6b2f41eb11923d58d4790c1a1f54481aa79ff1166452d1e2a0b9923693d1e4ce0754a2469b58fc15655 delete: true - runs: | diff --git a/sqlpad.yaml b/sqlpad.yaml index 28b316c9a04..11984ddc11a 100644 --- a/sqlpad.yaml +++ b/sqlpad.yaml @@ -1,7 +1,7 @@ package: name: sqlpad version: 7.4.1 # when updating check the patch below as it contains dependency version updates which may downgrade if upstream upgrades them - epoch: 0 + epoch: 1 description: Web-based SQL editor. Legacy project in maintenance mode. copyright: - license: MIT From ad5eae62e7b12c9e5411ddcbc9547dff98535be4 Mon Sep 17 00:00:00 2001 From: ajayk Date: Mon, 26 Feb 2024 11:55:43 -0800 Subject: [PATCH 066/235] sqlpad changes --- sqlpad.yaml | 2 +- sqlpad/server-package-json.patch | 79 ++++++++++++++++++++++++++++++-- 2 files changed, 77 insertions(+), 4 deletions(-) diff --git a/sqlpad.yaml b/sqlpad.yaml index 11984ddc11a..286315da8ac 100644 --- a/sqlpad.yaml +++ b/sqlpad.yaml @@ -52,4 +52,4 @@ update: enabled: true github: identifier: sqlpad/sqlpad - strip-prefix: v + strip-prefix: v \ No newline at end of file diff --git a/sqlpad/server-package-json.patch b/sqlpad/server-package-json.patch index 2b445b59f62..e5b0323c0bd 100644 --- a/sqlpad/server-package-json.patch +++ b/sqlpad/server-package-json.patch @@ -1,8 +1,16 @@ diff --git a/server/package.json b/server/package.json -index 19d52f20..4956d34d 100644 +index ecff486d..a1bec622 100644 --- a/server/package.json +++ b/server/package.json -@@ -126,6 +126,8 @@ +@@ -61,6 +61,7 @@ + "format-link-header": "^3.1.1", + "hdb": "^0.19.0", + "helmet": "^7.0.0", ++ "ip": "^2.0.1", + "jsonwebtoken": "^9.0.0", + "ldapjs": "^2.3.2", + "lodash": "^4.17.20", +@@ -127,6 +128,8 @@ "traverse": "^0.6.6" }, "resolutions": { @@ -11,4 +19,69 @@ index 19d52f20..4956d34d 100644 + "semver": "6.3.1", + "@node-saml/node-saml": "4.0.5" } - } \ No newline at end of file + } +diff --git a/server/yarn.lock b/server/yarn.lock +index e9f0019f..0bda349b 100644 +--- a/server/yarn.lock ++++ b/server/yarn.lock +@@ -304,10 +304,10 @@ + semver "^7.3.5" + tar "^6.1.11" + +-"@node-saml/node-saml@^4.0.4": +- version "4.0.4" +- resolved "https://registry.yarnpkg.com/@node-saml/node-saml/-/node-saml-4.0.4.tgz#472a6b17021a0c9d8261964bf6e1dd686ae2d515" +- integrity sha512-oybUBWBYVsHGckQxzyzlpRM4E2iuW3I2Ok/J9SwlotdmjvmZxSo6Ub74D9wltG8C9daJZYI57uy+1UK4FtcGXA== ++"@node-saml/node-saml@4.0.5", "@node-saml/node-saml@^4.0.4": ++ version "4.0.5" ++ resolved "https://registry.yarnpkg.com/@node-saml/node-saml/-/node-saml-4.0.5.tgz#039e387095b54639b06df62b1b4a6d8941c6d907" ++ integrity sha512-J5DglElbY1tjOuaR1NPtjOXkXY5bpUhDoKVoeucYN98A3w4fwgjIOPqIGcb6cQsqFq2zZ6vTCeKn5C/hvefSaw== + dependencies: + "@types/debug" "^4.1.7" + "@types/passport" "^1.0.11" +@@ -2673,6 +2673,11 @@ ip@^2.0.0: + resolved "https://registry.yarnpkg.com/ip/-/ip-2.0.0.tgz#4cf4ab182fee2314c75ede1276f8c80b479936da" + integrity sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ== + ++ip@^2.0.1: ++ version "2.0.1" ++ resolved "https://registry.yarnpkg.com/ip/-/ip-2.0.1.tgz#e8f3595d33a3ea66490204234b77636965307105" ++ integrity sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ== ++ + ipaddr.js@0.1.3: + version "0.1.3" + resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-0.1.3.tgz#27a9ca37f148d2102b0ef191ccbf2c51a8f025c6" +@@ -4573,32 +4578,11 @@ secure-json-parse@^2.4.0: + resolved "https://registry.yarnpkg.com/secure-json-parse/-/secure-json-parse-2.7.0.tgz#5a5f9cd6ae47df23dba3151edd06855d47e09862" + integrity sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw== + +-semver@^6.0.0, semver@^6.3.0, semver@^6.3.1: ++semver@6.3.1, semver@^6.0.0, semver@^6.3.0, semver@^6.3.1, semver@^7.3.2, semver@^7.3.5, semver@^7.3.7, semver@^7.3.8, semver@^7.5.4: + version "6.3.1" + resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" + integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== + +-semver@^7.3.2, semver@^7.3.7: +- version "7.5.2" +- resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.2.tgz#5b851e66d1be07c1cdaf37dfc856f543325a2beb" +- integrity sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ== +- dependencies: +- lru-cache "^6.0.0" +- +-semver@^7.3.5, semver@^7.3.8: +- version "7.5.4" +- resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e" +- integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== +- dependencies: +- lru-cache "^6.0.0" +- +-semver@^7.5.4: +- version "7.6.0" +- resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.0.tgz#1a46a4db4bffcccd97b743b5005c8325f23d4e2d" +- integrity sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg== +- dependencies: +- lru-cache "^6.0.0" +- + send@0.18.0: + version "0.18.0" + resolved "https://registry.yarnpkg.com/send/-/send-0.18.0.tgz#670167cc654b05f5aa4a767f9113bb371bc706be" From 6b3ba2277c112790095315893e684bcec8d0b925 Mon Sep 17 00:00:00 2001 From: ajayk Date: Mon, 26 Feb 2024 11:56:52 -0800 Subject: [PATCH 067/235] npm: use the ip 2.0.1 --- sqlpad.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sqlpad.yaml b/sqlpad.yaml index 286315da8ac..048d86a9160 100644 --- a/sqlpad.yaml +++ b/sqlpad.yaml @@ -16,6 +16,7 @@ environment: - build-base - busybox - nodejs-18 + - python3 - yarn pipeline: @@ -52,4 +53,4 @@ update: enabled: true github: identifier: sqlpad/sqlpad - strip-prefix: v \ No newline at end of file + strip-prefix: v From 9be6e34e15813338798f1316e0378edd6ba486e8 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 20:08:58 +0000 Subject: [PATCH 068/235] haproxy/2.9.6 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- haproxy.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/haproxy.yaml b/haproxy.yaml index 9a8098c1770..e50e64c464e 100644 --- a/haproxy.yaml +++ b/haproxy.yaml @@ -1,6 +1,6 @@ package: name: haproxy - version: 2.9.5 + version: 2.9.6 epoch: 0 description: "A TCP/HTTP reverse proxy for high availability environments" copyright: @@ -33,7 +33,7 @@ pipeline: - uses: fetch with: uri: https://www.haproxy.org/download/${{vars.mangled-package-version}}/src/haproxy-${{package.version}}.tar.gz - expected-sha256: 32b785b128838f4218b8d54690c86c48794d03f817cbb627fb48769f79efd59b + expected-sha256: 208adf47c8fa83c54978034ba5c0110b7463c47078f119bd052342171a3b9a0b - uses: autoconf/make with: From 70ea33af57169b15a58a8b6938ad02cf4403bf33 Mon Sep 17 00:00:00 2001 From: ajayk Date: Mon, 26 Feb 2024 12:14:02 -0800 Subject: [PATCH 069/235] fix ip --- sqlpad/server-package-json.patch | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/sqlpad/server-package-json.patch b/sqlpad/server-package-json.patch index e5b0323c0bd..09cc18286c0 100644 --- a/sqlpad/server-package-json.patch +++ b/sqlpad/server-package-json.patch @@ -1,5 +1,5 @@ diff --git a/server/package.json b/server/package.json -index ecff486d..a1bec622 100644 +index ecff486d..f96c921c 100644 --- a/server/package.json +++ b/server/package.json @@ -61,6 +61,7 @@ @@ -10,18 +10,19 @@ index ecff486d..a1bec622 100644 "jsonwebtoken": "^9.0.0", "ldapjs": "^2.3.2", "lodash": "^4.17.20", -@@ -127,6 +128,8 @@ +@@ -127,6 +128,9 @@ "traverse": "^0.6.6" }, "resolutions": { - "supertest/**/cookiejar": "^2.1.4" + "supertest/**/cookiejar": "^2.1.4", + "semver": "6.3.1", -+ "@node-saml/node-saml": "4.0.5" ++ "@node-saml/node-saml": "4.0.5", ++ "ip": "2.0.1" } } diff --git a/server/yarn.lock b/server/yarn.lock -index e9f0019f..0bda349b 100644 +index e9f0019f..12eb780f 100644 --- a/server/yarn.lock +++ b/server/yarn.lock @@ -304,10 +304,10 @@ @@ -39,19 +40,22 @@ index e9f0019f..0bda349b 100644 dependencies: "@types/debug" "^4.1.7" "@types/passport" "^1.0.11" -@@ -2673,6 +2673,11 @@ ip@^2.0.0: - resolved "https://registry.yarnpkg.com/ip/-/ip-2.0.0.tgz#4cf4ab182fee2314c75ede1276f8c80b479936da" - integrity sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ== +@@ -2668,10 +2668,10 @@ internal-slot@^1.0.5: + hasown "^2.0.0" + side-channel "^1.0.4" -+ip@^2.0.1: +-ip@^2.0.0: +- version "2.0.0" +- resolved "https://registry.yarnpkg.com/ip/-/ip-2.0.0.tgz#4cf4ab182fee2314c75ede1276f8c80b479936da" +- integrity sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ== ++ip@2.0.1, ip@^2.0.0, ip@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/ip/-/ip-2.0.1.tgz#e8f3595d33a3ea66490204234b77636965307105" + integrity sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ== -+ + ipaddr.js@0.1.3: version "0.1.3" - resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-0.1.3.tgz#27a9ca37f148d2102b0ef191ccbf2c51a8f025c6" -@@ -4573,32 +4578,11 @@ secure-json-parse@^2.4.0: +@@ -4573,32 +4573,11 @@ secure-json-parse@^2.4.0: resolved "https://registry.yarnpkg.com/secure-json-parse/-/secure-json-parse-2.7.0.tgz#5a5f9cd6ae47df23dba3151edd06855d47e09862" integrity sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw== @@ -84,4 +88,4 @@ index e9f0019f..0bda349b 100644 - send@0.18.0: version "0.18.0" - resolved "https://registry.yarnpkg.com/send/-/send-0.18.0.tgz#670167cc654b05f5aa4a767f9113bb371bc706be" + resolved "https://registry.yarnpkg.com/send/-/send-0.18.0.tgz#670167cc654b05f5aa4a767f9113bb371bc706be" \ No newline at end of file From b22db55b22bb3f6a48a7ec3765cbb3bbe678286e Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 20:15:17 +0000 Subject: [PATCH 070/235] py3-sqlglot/22.0.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-sqlglot.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-sqlglot.yaml b/py3-sqlglot.yaml index e7295e9f103..b2972517023 100644 --- a/py3-sqlglot.yaml +++ b/py3-sqlglot.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/sqlglot/ package: name: py3-sqlglot - version: 21.2.1 + version: 22.0.0 epoch: 0 description: An easily customizable SQL parser and transpiler copyright: @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/tobymao/sqlglot tag: v${{package.version}} - expected-commit: c23ac05379e2aa5cb5681e26e2c0b8137300baa3 + expected-commit: 9595240a1c0f0e5ace9f67f31564e5d5edb9a9d2 - name: Python Build runs: python setup.py build From 8dd7a9ae36f5978a902d9d4d2cfcadfd9ae1236b Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 20:15:23 +0000 Subject: [PATCH 071/235] grype/0.74.7 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- grype.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grype.yaml b/grype.yaml index 5f2b99f671c..0f8567a33f7 100644 --- a/grype.yaml +++ b/grype.yaml @@ -1,6 +1,6 @@ package: name: grype - version: 0.74.6 + version: 0.74.7 epoch: 0 description: Vulnerability scanner for container images, filesystems, and SBOMs copyright: @@ -15,7 +15,7 @@ pipeline: with: repository: https://github.com/anchore/grype tag: v${{package.version}} - expected-commit: b9cf0e5cf89b47dc2d34315855d68542e817657c + expected-commit: 987238519b8d6e302130ab715f20daed6634da68 - uses: go/build with: From c0d37bc8640e1e28adbaca2a598064c8bbbcda73 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 20:15:33 +0000 Subject: [PATCH 072/235] newrelic-prometheus-configurator/1.14.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- newrelic-prometheus-configurator.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/newrelic-prometheus-configurator.yaml b/newrelic-prometheus-configurator.yaml index 122b593025c..8a63ff2fb10 100644 --- a/newrelic-prometheus-configurator.yaml +++ b/newrelic-prometheus-configurator.yaml @@ -1,6 +1,6 @@ package: name: newrelic-prometheus-configurator - version: 1.13.0 + version: 1.14.0 epoch: 0 description: New Relic Prometheus Configurator copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/newrelic/newrelic-prometheus-configurator tag: v${{package.version}} - expected-commit: e6e9b572c180affd9e3aebf3a2a11ce6a9b91b35 + expected-commit: 1340547b6f3099e369391a0c280fb3335136f28e - runs: | GOOS=$(go env GOOS) From 385af30871c9692bd9a65c820a71bdb0c76aa5dd Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 20:15:38 +0000 Subject: [PATCH 073/235] reflex/0.4.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- reflex.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/reflex.yaml b/reflex.yaml index 649b47cecf7..90ad06a5984 100644 --- a/reflex.yaml +++ b/reflex.yaml @@ -1,6 +1,6 @@ package: name: reflex - version: 0.4.1 + version: 0.4.2 epoch: 0 description: "Web apps in pure Python" copyright: @@ -32,7 +32,7 @@ pipeline: with: repository: https://github.com/reflex-dev/reflex tag: v${{package.version}} - expected-commit: 6384c62e51cc354b0c1071c8a7ffa66cabd51a17 + expected-commit: b13a25c1f697b2de961cdfc8b3d4db7ad131205d - runs: | poetry build From e899aece4f62d3c52d9fed0bd7c4dafa9a9df473 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 21:08:36 +0000 Subject: [PATCH 074/235] py3-botocore/1.34.50 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-botocore.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-botocore.yaml b/py3-botocore.yaml index 9ea930b2bbb..2ea457d59f3 100644 --- a/py3-botocore.yaml +++ b/py3-botocore.yaml @@ -1,6 +1,6 @@ package: name: py3-botocore - version: 1.34.49 + version: 1.34.50 epoch: 0 description: The low-level, core functionality of Boto3 copyright: @@ -27,7 +27,7 @@ pipeline: - uses: fetch with: uri: https://files.pythonhosted.org/packages/source/b/botocore/botocore-${{package.version}}.tar.gz - expected-sha256: d89410bc60673eaff1699f3f1fdcb0e3a5e1f7a6a048c0d88c3ce5c3549433ec + expected-sha256: 33ab82cb96c4bb684f0dbafb071808e4817d83debc88b223e7d988256370c6d7 - runs: | python3 setup.py build From 55a6fe3e6bb09b616ea52d054f55570aed224e94 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 21:08:48 +0000 Subject: [PATCH 075/235] py3-boto3/1.34.50 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-boto3.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-boto3.yaml b/py3-boto3.yaml index 0c1628d0b12..90f09fa9afc 100644 --- a/py3-boto3.yaml +++ b/py3-boto3.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/boto3/ package: name: py3-boto3 - version: 1.34.49 + version: 1.34.50 epoch: 0 description: The AWS SDK for Python copyright: @@ -24,7 +24,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 96b9dc85ce8d52619b56ca7b1ac1423eaf0af5ce132904bcc8aa81396eec2abf + expected-sha256: 290952be7899560039cb0042e8a2354f61a7dead0d0ca8bea6ba901930df0468 uri: https://files.pythonhosted.org/packages/source/b/boto3/boto3-${{package.version}}.tar.gz - name: Python Build From 9d9147a73e98db3e31e1ce3154e9ed8962a8f386 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 21:15:04 +0000 Subject: [PATCH 076/235] aws-cli/1.32.50 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- aws-cli.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws-cli.yaml b/aws-cli.yaml index a2fec36ee84..fbf1288c1c0 100644 --- a/aws-cli.yaml +++ b/aws-cli.yaml @@ -1,6 +1,6 @@ package: name: aws-cli - version: 1.32.49 + version: 1.32.50 epoch: 0 description: "Universal Command Line Interface for Amazon Web Services" copyright: @@ -33,7 +33,7 @@ pipeline: - uses: fetch with: uri: https://github.com/aws/aws-cli/archive/${{package.version}}.tar.gz - expected-sha256: 68643326e9e060ddbd4deea32c1ac3ed5b60d0ed6496e3660b23b951ee385e54 + expected-sha256: f688ebffa5efb8fbe0486e8998877d8a344ce3c4a8d4c2d0303c4b279eb69314 - runs: | python3 setup.py build From 3466676c026e2867afcd39140ca8411ccbdef0bc Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 21:15:10 +0000 Subject: [PATCH 077/235] py3-google-cloud-pubsub/2.19.7 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-google-cloud-pubsub.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-google-cloud-pubsub.yaml b/py3-google-cloud-pubsub.yaml index 4069f5df904..dccff491ccb 100644 --- a/py3-google-cloud-pubsub.yaml +++ b/py3-google-cloud-pubsub.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/google-cloud-pubsub/ package: name: py3-google-cloud-pubsub - version: 2.19.6 + version: 2.19.7 epoch: 0 description: Google Cloud Pub/Sub API client library copyright: @@ -29,7 +29,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 2aecd601113386d677ea6faa31f096407926ef48 + expected-commit: 706eee6489c2a7d1b6bcb22824c7cf4f1b5f22e3 repository: https://github.com/googleapis/python-pubsub tag: v${{package.version}} From 134405a1fcfe629e4e381737c27e3b2603d5497b Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 21:15:25 +0000 Subject: [PATCH 078/235] terragrunt/0.55.10 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- terragrunt.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terragrunt.yaml b/terragrunt.yaml index 6ee47babc1b..8667b7db9fc 100644 --- a/terragrunt.yaml +++ b/terragrunt.yaml @@ -1,6 +1,6 @@ package: name: terragrunt - version: 0.55.9 + version: 0.55.10 epoch: 0 description: Thin wrapper for Terraform providing extra tools copyright: @@ -20,7 +20,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 79043c3bbed2bee61b6c71f77fc7998d09d45565c08fa1e6013c417b675ffcf0 + expected-sha256: fbf14cb884031de1d0a122da2e5e096aaa97ce4417b7f21d87377e6a3b23701f uri: https://github.com/gruntwork-io/terragrunt/archive/refs/tags/v${{package.version}}.tar.gz - uses: go/bump From 073772ffbef4d386e3bd7d31831cef75a902221a Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 21:15:31 +0000 Subject: [PATCH 079/235] scala-2/2.13.13 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- scala-2.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scala-2.yaml b/scala-2.yaml index b2c785129a3..f5055e1823d 100644 --- a/scala-2.yaml +++ b/scala-2.yaml @@ -1,6 +1,6 @@ package: name: scala-2 - version: 2.13.12 + version: 2.13.13 epoch: 0 description: Scala 2 compiler and standard library. copyright: @@ -24,7 +24,7 @@ pipeline: with: repository: https://github.com/scala/scala tag: v${{package.version}} - expected-commit: 80514f73a6c7db32df9887d9a5ca9ae921e25118 + expected-commit: fcc67cd56c67851bf31019ec25ccb09d08b9561b - uses: patch with: From 5e47643ff5dc324ccb78f7e5356d90b2031391ae Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 21:15:36 +0000 Subject: [PATCH 080/235] terraform-provider-google/5.18.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- terraform-provider-google.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform-provider-google.yaml b/terraform-provider-google.yaml index d69db20af69..01607e54e8e 100644 --- a/terraform-provider-google.yaml +++ b/terraform-provider-google.yaml @@ -1,6 +1,6 @@ package: name: terraform-provider-google - version: 5.17.0 + version: 5.18.0 epoch: 0 description: Terraform GCP provider copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/hashicorp/terraform-provider-google tag: v${{package.version}} - expected-commit: f93541ea0299b66e1ac6b5c88912e573ae809307 + expected-commit: 0a4166fa7d540cb48f1e0c9883456dbabfeafdda - uses: go/build with: From 6665313afc11a67cdfcf8f2c64b2a8442ee0527d Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:08:33 +0000 Subject: [PATCH 081/235] py3-ipykernel/6.29.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-ipykernel.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-ipykernel.yaml b/py3-ipykernel.yaml index 0fa268c1afd..90f45ab3970 100644 --- a/py3-ipykernel.yaml +++ b/py3-ipykernel.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/ipykernel/ package: name: py3-ipykernel - version: 6.29.2 + version: 6.29.3 epoch: 0 description: IPython Kernel for Jupyter copyright: @@ -36,7 +36,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 3bade28004e3ff624ed57974948116670604ac5f676d12339693f3142176d3f0 + expected-sha256: e14c250d1f9ea3989490225cc1a542781b095a18a19447fcf2b5eaf7d0ac5bd2 uri: https://files.pythonhosted.org/packages/source/i/ipykernel/ipykernel-${{package.version}}.tar.gz - name: Python Build From e273ae514c29a59c7ba9d7ba079cb91fdb799ac5 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:14:53 +0000 Subject: [PATCH 082/235] vim/9.1.0139 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- vim.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vim.yaml b/vim.yaml index d3690110819..b3da843b394 100644 --- a/vim.yaml +++ b/vim.yaml @@ -1,6 +1,6 @@ package: name: vim - version: 9.1.0136 + version: 9.1.0139 epoch: 0 description: "Improved vi-style text editor" copyright: @@ -21,7 +21,7 @@ pipeline: - uses: fetch with: uri: https://github.com/vim/vim/archive/v${{package.version}}.tar.gz - expected-sha256: b28d671da210459ea50a8b7dc1c46fb96300c273d130a2944a72659b342ded1d + expected-sha256: bfa800d76dba1a614396f59e4edcff65012ffbc29d795e414c40932dc8cd883d - runs: | # vim seems to manually set FORTIFY_SOURCE=1, and setting both breaks the build From ee5f9623e4c3ac9187fa263bfb00ad3e8b5c6a38 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:15:01 +0000 Subject: [PATCH 083/235] wit-bindgen/0.19.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- wit-bindgen.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wit-bindgen.yaml b/wit-bindgen.yaml index f120eb666a6..7c256dfbb93 100644 --- a/wit-bindgen.yaml +++ b/wit-bindgen.yaml @@ -1,6 +1,6 @@ package: name: wit-bindgen - version: 0.19.1 + version: 0.19.2 epoch: 0 description: "A language binding generator for WebAssembly interface types" copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/bytecodealliance/wit-bindgen tag: v${{package.version}} - expected-commit: e0319e9cf138c71743e425c95adba394b7469778 + expected-commit: a4387452abe52952e4c6ac10724235bb2e0f3ed2 - name: Configure and build runs: | From 5b068d129cccb16f697dd878b4f83431317c599b Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:15:29 +0000 Subject: [PATCH 084/235] zarf/0.32.4 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- zarf.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/zarf.yaml b/zarf.yaml index 51bd9448b46..169fcb89d3d 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -1,7 +1,7 @@ package: name: zarf - version: 0.32.3 - epoch: 1 + version: 0.32.4 + epoch: 0 description: DevSecOps for Air Gap & Limited-Connection Systems. copyright: - license: Apache-2.0 @@ -18,14 +18,10 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 1320831270fe4f2b78c5cae2fa6719633742cdeb + expected-commit: f6b83e1c272a22ffd1815b7d38fb6c5f0f1003f9 repository: https://github.com/defenseunicorns/zarf tag: v${{package.version}} - - uses: go/bump - with: - deps: helm.sh/helm/v3@v3.14.1 - - uses: go/build with: ldflags: -s -w -X 'github.com/defenseunicorns/zarf/src/config.CLIVersion=v${{package.version}}' From e408d7955b394bd93290f657b78fa578ec206cb8 Mon Sep 17 00:00:00 2001 From: chainguardian <101908552+chainguardian@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:20:45 +0000 Subject: [PATCH 085/235] terraform-provider-google/5.18.0-r0: fix GHSA-9763-4f94-gfch --- terraform-provider-google.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/terraform-provider-google.yaml b/terraform-provider-google.yaml index 01607e54e8e..3c0bcb5e325 100644 --- a/terraform-provider-google.yaml +++ b/terraform-provider-google.yaml @@ -1,7 +1,7 @@ package: name: terraform-provider-google version: 5.18.0 - epoch: 0 + epoch: 1 description: Terraform GCP provider copyright: - license: MPL-2.0 @@ -22,6 +22,10 @@ pipeline: tag: v${{package.version}} expected-commit: 0a4166fa7d540cb48f1e0c9883456dbabfeafdda + - uses: go/bump + with: + deps: github.com/cloudflare/circl@v1.3.7 + - uses: go/build with: packages: . From 365ffce53bb8c0f64c6ab59e26ef2c6a1ac57b19 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Mon, 26 Feb 2024 23:15:32 +0000 Subject: [PATCH 086/235] py3-sqlglot/22.0.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-sqlglot.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-sqlglot.yaml b/py3-sqlglot.yaml index b2972517023..ffae3b296f7 100644 --- a/py3-sqlglot.yaml +++ b/py3-sqlglot.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/sqlglot/ package: name: py3-sqlglot - version: 22.0.0 + version: 22.0.1 epoch: 0 description: An easily customizable SQL parser and transpiler copyright: @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/tobymao/sqlglot tag: v${{package.version}} - expected-commit: 9595240a1c0f0e5ace9f67f31564e5d5edb9a9d2 + expected-commit: e2fc6e88dc7ae52d956dd84721de197c6c698d90 - name: Python Build runs: python setup.py build From 8f8fcb109e1b7ba4cd7d0e7ef47c5e3a04234b46 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Tue, 27 Feb 2024 00:51:21 +0000 Subject: [PATCH 087/235] fix logstash jdbc test Signed-off-by: Jason Hall --- logstash-integration-jdbc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logstash-integration-jdbc.yaml b/logstash-integration-jdbc.yaml index 033fd5a6e3c..807fbe7c00a 100644 --- a/logstash-integration-jdbc.yaml +++ b/logstash-integration-jdbc.yaml @@ -53,7 +53,7 @@ test: contents: packages: - logstash - - openjdk-11-default-jvm + - openjdk-17-default-jvm - jruby-9.4 pipeline: - runs: | From dff3aed3e74358e5863c51b44b5afbc5f855152d Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 03:15:33 +0000 Subject: [PATCH 088/235] rqlite/8.22.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- rqlite.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rqlite.yaml b/rqlite.yaml index a3450a5185d..f2b71279699 100644 --- a/rqlite.yaml +++ b/rqlite.yaml @@ -1,7 +1,7 @@ package: name: rqlite # When bumping the version, you can remove the `go get` line in the build. - version: 8.21.3 + version: 8.22.0 epoch: 0 description: The lightweight, distributed relational database built on SQLite copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/rqlite/rqlite tag: v${{package.version}} - expected-commit: 17b3269f8c7410fff1dee64d88b3f51fdd92e457 + expected-commit: d67a56bdac79565923bb9ce12b5add55180072b4 - runs: | mkdir -p ${{targets.destdir}}/usr/bin From ce99f087e45c02d8eaeca5f3c94e2f0684c4877e Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 03:16:09 +0000 Subject: [PATCH 089/235] lua-luv/1.48.0-1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- lua-luv.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lua-luv.yaml b/lua-luv.yaml index 5d7e5c64bd6..501720d23f4 100644 --- a/lua-luv.yaml +++ b/lua-luv.yaml @@ -1,6 +1,6 @@ package: name: lua-luv - version: 1.48.0.0 + version: 1.48.0-1 epoch: 0 description: "Bare libuv bindings for Lua" copyright: From 84c4a6c67d85bb6dc4c1563f35bc69b354f27396 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 04:15:18 +0000 Subject: [PATCH 090/235] py3-tomlkit/0.12.4 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-tomlkit.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/py3-tomlkit.yaml b/py3-tomlkit.yaml index b6fb40a3f0d..0284bd4ba41 100644 --- a/py3-tomlkit.yaml +++ b/py3-tomlkit.yaml @@ -1,8 +1,8 @@ # Generated from https://pypi.org/project/tomlkit/ package: name: py3-tomlkit - version: 0.12.3 - epoch: 1 + version: 0.12.4 + epoch: 0 description: Style preserving TOML library copyright: - license: MIT @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/sdispater/tomlkit tag: ${{package.version}} - expected-commit: a678c2f665a2f52c43b204dd70b2aa677331a423 + expected-commit: 911cccd630965ff423316e25b4685ecf7df0ec0a - name: Python Build runs: | From 30f62d7f146e8344909e1336a6e1f759e0ded7ee Mon Sep 17 00:00:00 2001 From: Ajay Kemparaj Date: Mon, 26 Feb 2024 20:33:53 -0800 Subject: [PATCH 091/235] Update lua-luv.yaml Signed-off-by: Ajay Kemparaj --- lua-luv.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lua-luv.yaml b/lua-luv.yaml index 501720d23f4..d7bdf185ad6 100644 --- a/lua-luv.yaml +++ b/lua-luv.yaml @@ -1,6 +1,6 @@ package: name: lua-luv - version: 1.48.0-1 + version: 1.48.0.1 epoch: 0 description: "Bare libuv bindings for Lua" copyright: @@ -29,8 +29,8 @@ pipeline: - uses: git-checkout with: repository: https://github.com/luvit/luv - tag: v${{vars.mangled-package-version}} - expected-commit: 372da9de30482319d3cff9bcfa1a008506c6cd02 + tag: ${{vars.mangled-package-version}} + expected-commit: 693951ef762058a8a9fdc76ef7d9e465d6bdd8cc - runs: | # TODO: Package lua-compat5.3 @@ -61,8 +61,8 @@ subpackages: update: enabled: true version-transform: - - match: \.(\d+)$ - replace: .$1 + - match: \- + replace: . github: identifier: luvit/luv strip-prefix: v From ba2bc080ba2b7660a691f58d85740f55664af91f Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 06:08:57 +0000 Subject: [PATCH 092/235] libbsd/0.12.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- libbsd.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libbsd.yaml b/libbsd.yaml index 0750191aef6..bbe47d82b3b 100644 --- a/libbsd.yaml +++ b/libbsd.yaml @@ -1,6 +1,6 @@ package: name: libbsd - version: 0.11.8 + version: 0.12.0 epoch: 0 description: commonly-used BSD functions not implemented by all libcs copyright: @@ -19,7 +19,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 55fdfa2696fb4d55a592fa9ad14a9df897c7b0008ddb3b30c419914841f85f33 + expected-sha256: f741a3bc75162ba19f2f6666076a7961cd75dc93c234e9be4594da1e6f848cfb uri: https://libbsd.freedesktop.org/releases/libbsd-${{package.version}}.tar.xz - uses: autoconf/configure From 6e37c255b92cc973a0dab73f8a9f0adf4f99ebda Mon Sep 17 00:00:00 2001 From: chainguardian <101908552+chainguardian@users.noreply.github.com> Date: Tue, 27 Feb 2024 07:05:55 +0000 Subject: [PATCH 093/235] istio-operator-1.20/1.20.3-r1: fix GHSA-r53h-jv2g-vpx6 --- istio-operator-1.20.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/istio-operator-1.20.yaml b/istio-operator-1.20.yaml index 98956ec679b..327163f0cd8 100644 --- a/istio-operator-1.20.yaml +++ b/istio-operator-1.20.yaml @@ -1,7 +1,7 @@ package: name: istio-operator-1.20 version: 1.20.3 - epoch: 1 + epoch: 2 description: Istio operator provides user friendly options to operate the Istio service mesh copyright: - license: Apache-2.0 @@ -32,7 +32,7 @@ pipeline: - uses: go/bump with: - deps: helm.sh/helm/v3@v3.14.1 + deps: helm.sh/helm/v3@v3.14.2 - uses: go/build with: From adade6caf2a45fe7a480e93a5390d131d983a073 Mon Sep 17 00:00:00 2001 From: Graham Bucknell Date: Tue, 27 Feb 2024 18:23:44 +1100 Subject: [PATCH 094/235] add php-memcached --- php-8.2-memcached.yaml | 67 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 php-8.2-memcached.yaml diff --git a/php-8.2-memcached.yaml b/php-8.2-memcached.yaml new file mode 100644 index 00000000000..567946f3fce --- /dev/null +++ b/php-8.2-memcached.yaml @@ -0,0 +1,67 @@ +package: + name: php-8.2-memcached + version: 3.2.0 + epoch: 0 + description: "A PHP extension for Memcached" + copyright: + - license: PHP-3.01 + dependencies: + runtime: + - ${{package.name}}-config + - php-8.2 + provides: + - php-redis=${{package.full-version}} + +environment: + contents: + packages: + - autoconf + - build-base + - busybox + - php-8.2 + - php-8.2-dev + - php-8.2-igbinary-dev + - zlib-dev + - libmemcached-dev + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/php-memcached-dev/php-memcached + tag: v${{package.version}} + expected-commit: d1cb3ae87be5382444322118f87324f4044d13b0 + + - name: Prepare build + runs: phpize + + - name: Configure + runs: ./configure + + - uses: autoconf/make + + - name: Make install + runs: | + INSTALL_ROOT="${{targets.destdir}}" DESTDIR="${{targets.destdir}}" make install + +subpackages: + - name: ${{package.name}}-config + dependencies: + provides: + - php-memcached-config=${{package.full-version}} + pipeline: + - runs: | + mkdir -p "${{targets.subpkgdir}}/etc/php/conf.d" + echo "extension=memcached.so" > "${{targets.subpkgdir}}/etc/php/conf.d/redis.ini" + + - name: ${{package.name}}-dev + description: PHP 8.2 memcached development headers + dependencies: + provides: + - php-memcached-dev=${{package.full-version}} + pipeline: + - uses: split/dev + +update: + enabled: true + github: + identifier: php-memcached-dev/php-memcached From 0709c33432c374bac30c55a7c072f05061a6551d Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 09:14:53 +0000 Subject: [PATCH 095/235] renovate/37.214.5 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.yaml b/renovate.yaml index f19783a382b..64c30c96db2 100644 --- a/renovate.yaml +++ b/renovate.yaml @@ -1,6 +1,6 @@ package: name: renovate - version: 37.214.1 + version: 37.214.5 epoch: 0 description: "Automated dependency updates. Multi-platform and multi-language." copyright: From 14bbeda93ff74532bbf496be7ea08d2106276405 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 09:15:24 +0000 Subject: [PATCH 096/235] nri-nginx/3.4.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-nginx.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nri-nginx.yaml b/nri-nginx.yaml index f96a63cbf27..0ed7b78dbd5 100644 --- a/nri-nginx.yaml +++ b/nri-nginx.yaml @@ -1,7 +1,7 @@ package: name: nri-nginx - version: 3.4.1 - epoch: 4 + version: 3.4.3 + epoch: 0 description: New Relic Infrastructure Nginx Integration copyright: - license: Apache-2.0 @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-nginx - expected-commit: bfa3ad0a7bd7e928a31922f74eb8b1d8f232a019 + expected-commit: bc1bde6bb93e3feed5a150999c8e1babeda6af8c tag: v${{package.version}} - uses: go/build From b8eb367a8e596a8c15a207551f8a1e8400bffeea Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 09:15:29 +0000 Subject: [PATCH 097/235] nri-kafka/3.7.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-kafka.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nri-kafka.yaml b/nri-kafka.yaml index f7735c8a493..b14db2ee806 100644 --- a/nri-kafka.yaml +++ b/nri-kafka.yaml @@ -1,6 +1,6 @@ package: name: nri-kafka - version: 3.7.0 + version: 3.7.1 epoch: 0 description: New Relic Infrastructure Kafka Integration copyright: @@ -14,7 +14,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-kafka - expected-commit: 276d1c7c0e788061e3020d1f77c0d22d9afa4e37 + expected-commit: 501583e5405e136c4ff780a132d6f61a0471ee9e tag: v${{package.version}} - uses: go/build From 6eca953879c568b7b4cee0db9cc18ef803c7b377 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 09:15:55 +0000 Subject: [PATCH 098/235] nri-elasticsearch/5.2.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-elasticsearch.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nri-elasticsearch.yaml b/nri-elasticsearch.yaml index f32ac337804..b375d7b387c 100644 --- a/nri-elasticsearch.yaml +++ b/nri-elasticsearch.yaml @@ -1,7 +1,7 @@ package: name: nri-elasticsearch - version: 5.2.2 - epoch: 3 + version: 5.2.3 + epoch: 0 description: New Relic Infrastructure Elasticsearch Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-elasticsearch - expected-commit: 50c6fe0d6796c3dd8cf68f7bfb48cf922ca67e3b + expected-commit: 3d465692ee0bddd4968882c8a974376199889390 tag: v${{package.version}} - uses: go/build From f1e366554df4707b453d4dc01c19915d3562cea5 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 09:16:00 +0000 Subject: [PATCH 099/235] nri-redis/1.11.4 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-redis.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nri-redis.yaml b/nri-redis.yaml index f8474d43105..9885730178c 100644 --- a/nri-redis.yaml +++ b/nri-redis.yaml @@ -1,7 +1,7 @@ package: name: nri-redis - version: 1.11.2 - epoch: 4 + version: 1.11.4 + epoch: 0 description: New Relic Infrastructure Redis Integration copyright: - license: Apache-2.0 @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-redis - expected-commit: 088d1ba271e1d54494f4f9cdc51c0099cf54a48d + expected-commit: cc2fbf3e833231e5851af5a4ca557aae6b85772b tag: v${{package.version}} - uses: go/build From edd8bf34f856941a12e0718ead3aad0658800de8 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 09:16:04 +0000 Subject: [PATCH 100/235] nri-rabbitmq/2.13.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-rabbitmq.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nri-rabbitmq.yaml b/nri-rabbitmq.yaml index a998f04ce0a..ce8d2a02907 100644 --- a/nri-rabbitmq.yaml +++ b/nri-rabbitmq.yaml @@ -1,7 +1,7 @@ package: name: nri-rabbitmq - version: 2.13.2 - epoch: 3 + version: 2.13.3 + epoch: 0 description: New Relic Infrastructure RabbitMQ Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-rabbitmq - expected-commit: d49f2fe2473788ae5c914061161318973db7766f + expected-commit: b886eb3cf211936eee8ae2e29a3e5cb702a37a6d tag: v${{package.version}} - uses: go/build From 11a395a5216812a81cfcba56da598db6bf724e09 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 11:08:32 +0000 Subject: [PATCH 101/235] dpkg/1.22.5 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- dpkg.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dpkg.yaml b/dpkg.yaml index 2a370121c7b..0957c34dac3 100644 --- a/dpkg.yaml +++ b/dpkg.yaml @@ -1,6 +1,6 @@ package: name: dpkg - version: 1.22.4 + version: 1.22.5 epoch: 0 description: "The Debian Package Manager" copyright: @@ -25,7 +25,7 @@ pipeline: - uses: fetch with: uri: http://ftp.de.debian.org/debian/pool/main/d/dpkg/dpkg_${{package.version}}.tar.xz - expected-sha256: 40818c174e6074a190e0013fa0ea8b04db743b8e5e7a7818239510fbb4e6eb1d + expected-sha256: 26d27610536fdf951aa2be84503166c6ca8f6c36f71c049ab562ccca3233ca7e - runs: | ./configure \ From 5bc433cbcf2b59a3dc062a59f4ca747d00b65f9f Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 11:14:43 +0000 Subject: [PATCH 102/235] newrelic-fluent-bit-output/1.19.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- newrelic-fluent-bit-output.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/newrelic-fluent-bit-output.yaml b/newrelic-fluent-bit-output.yaml index dd84f71ce16..4ce864a69e1 100644 --- a/newrelic-fluent-bit-output.yaml +++ b/newrelic-fluent-bit-output.yaml @@ -1,6 +1,6 @@ package: name: newrelic-fluent-bit-output - version: 1.19.1 + version: 1.19.2 epoch: 0 description: A Fluent Bit output plugin that sends logs to New Relic copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/newrelic/newrelic-fluent-bit-output tag: v${{package.version}} - expected-commit: f180ae4147c8ca0b2fbd73599dcf38bb4486fd3b + expected-commit: f8b9de892b03956735881f9c4e67f39a2eb8831c - uses: patch with: From 1c978a460236a1001150a6104ccc20bc5e72c179 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Tue, 27 Feb 2024 11:49:19 +0000 Subject: [PATCH 103/235] vault-1.14: add back the now missing `go mod tidy` Previously vault-1.14 had a go/bump pipeline, which has a side effect of calling `go mod tidy`. This step appears to be required, as the build fails with go toolchain requesting to perform `go mod tidy` prior to being able to complete the `go generate` steps. Add back `go mod tidy` as the first pipeline action. It's either harmless, or unbreaks the build. Signed-off-by: Dimitri John Ledkov --- vault-1.14.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vault-1.14.yaml b/vault-1.14.yaml index 4f1c7b08736..1c79e89844a 100644 --- a/vault-1.14.yaml +++ b/vault-1.14.yaml @@ -29,6 +29,7 @@ pipeline: tag: v${{package.version}} - runs: | + go mod tidy go generate $(go list ./... | grep -v /vendor/) # Build plugins From e7c2c740710123e70b2c8aeeb9d73d1dfaf346de Mon Sep 17 00:00:00 2001 From: Mark McCormick Date: Tue, 27 Feb 2024 12:15:41 +0000 Subject: [PATCH 104/235] hello-world-golang example package Signed-off-by: Mark McCormick --- hello-world-golang.yaml | 48 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 hello-world-golang.yaml diff --git a/hello-world-golang.yaml b/hello-world-golang.yaml new file mode 100644 index 00000000000..af56cb0213f --- /dev/null +++ b/hello-world-golang.yaml @@ -0,0 +1,48 @@ +package: + name: hello-world-golang + version: 1.3 + epoch: 0 + description: Simple go application that prints 'hello world' in a loop when built and invoked. + copyright: + - license: Apache-2.0 + +environment: + contents: + packages: + - busybox + - ca-certificates-bundle + - go + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/chainguard-dev/hello-world-golang.git + tag: v${{package.version}} + expected-commit: 618bb31108414cb031a29e6ca521e1192079c1af + + # Example of how to bump a dependency in the application: + - uses: go/bump + with: + deps: github.com/sirupsen/logrus@v1.9.0 + + - uses: go/build + with: + packages: . + output: hello-world + + - uses: strip + +test: + environment: + contents: + packages: + - wolfi-base + pipeline: + - runs: | + hello-world --version + +update: + enabled: true + github: + identifier: chainguard-dev/hello-world-golang + strip-prefix: v From 8429a78d2b0071ba9aa70e6bbe92cfc8e69af6aa Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 12:16:33 +0000 Subject: [PATCH 105/235] nri-f5/2.7.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-f5.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nri-f5.yaml b/nri-f5.yaml index 1be45ec832c..a524fed7314 100644 --- a/nri-f5.yaml +++ b/nri-f5.yaml @@ -1,7 +1,7 @@ package: name: nri-f5 - version: 2.7.2 - epoch: 4 + version: 2.7.3 + epoch: 0 description: New Relic Infrastructure F5 Integration copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-f5 - expected-commit: 5636886916efadc67d96febb36b57d90ffff830f + expected-commit: bad8bb7b4f63d831193d0e9dd4559e403f316504 tag: v${{package.version}} - uses: go/build From 87200411f2391b14d098e01c3f31fe9559d6e4e2 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 12:16:44 +0000 Subject: [PATCH 106/235] nri-memcached/2.5.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-memcached.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nri-memcached.yaml b/nri-memcached.yaml index 2eb0755d177..68f6773e7d3 100644 --- a/nri-memcached.yaml +++ b/nri-memcached.yaml @@ -1,7 +1,7 @@ package: name: nri-memcached - version: 2.5.1 - epoch: 4 + version: 2.5.3 + epoch: 0 description: New Relic Infrastructure memcached Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-memcached - expected-commit: df1824d0a43a011fce9ae51e46be27449dbd14ed + expected-commit: e451470f5f5dfc9b012a456f6da7d03791610bf7 tag: v${{package.version}} - uses: go/build From a02cba3f6a7e1bce0ca5950669486fc1f04a4992 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 12:16:49 +0000 Subject: [PATCH 107/235] nri-haproxy/3.0.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-haproxy.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nri-haproxy.yaml b/nri-haproxy.yaml index 5c042f8bbe7..bcafce4dd37 100644 --- a/nri-haproxy.yaml +++ b/nri-haproxy.yaml @@ -1,7 +1,7 @@ package: name: nri-haproxy - version: 2.5.1 - epoch: 3 + version: 3.0.0 + epoch: 0 description: New Relic Infrastructure HAproxy Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-haproxy - expected-commit: 88607192565c57ca9dc6c134ae6d3d8503099b4b + expected-commit: be59cbe348c609c8fac699a3515a852662b6d328 tag: v${{package.version}} - uses: go/build From d060615f43a05deb4bdf6baa93b8197cf13a3f56 Mon Sep 17 00:00:00 2001 From: James Rawlings Date: Tue, 27 Feb 2024 13:11:30 +0000 Subject: [PATCH 108/235] gobject-introspection: ignore dev versions identified by an odd minor version see wolfi-dev/os#10782 Signed-off-by: James Rawlings --- gobject-introspection.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gobject-introspection.yaml b/gobject-introspection.yaml index a149a4901ea..8fc9aaddf71 100644 --- a/gobject-introspection.yaml +++ b/gobject-introspection.yaml @@ -81,5 +81,7 @@ subpackages: update: enabled: true + ignore-regex-patterns: + - (\d+)\.(\d*[13579])\.(\d+)$ # ignore "odd" numbered minor versions as these are development releases release-monitor: identifier: 1223 From 5c3d4a353231fc1fd2a463a6273ea5fc9f56eae9 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 13:15:10 +0000 Subject: [PATCH 109/235] nri-nagios/2.9.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nri-nagios.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nri-nagios.yaml b/nri-nagios.yaml index 495e1b0e96b..8f2334fc4ae 100644 --- a/nri-nagios.yaml +++ b/nri-nagios.yaml @@ -1,7 +1,7 @@ package: name: nri-nagios - version: 2.9.1 - epoch: 3 + version: 2.9.2 + epoch: 0 description: New Relic Infrastructure Nagios Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-nagios - expected-commit: b7b56a695b9c7cc5d343668aaa1214daced2bed4 + expected-commit: 21d2ec76f1ee51fb0b4d5a86a852fee7299cf001 tag: v${{package.version}} - uses: go/build From 3ec18e16359780cc9fb874fe240429ea06a00ff9 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Tue, 27 Feb 2024 09:06:31 -0500 Subject: [PATCH 110/235] fix couchdb test --- couchdb.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/couchdb.yaml b/couchdb.yaml index d697c215d98..ddf315711b6 100644 --- a/couchdb.yaml +++ b/couchdb.yaml @@ -95,7 +95,7 @@ test: TIMEOUT=30 # Timeout in seconds START_TIME=$(date +%s) - while true; dos + while true; do # Check if the current time is past the timeout CURRENT_TIME=$(date +%s) if [ $((CURRENT_TIME - START_TIME)) -ge $TIMEOUT ]; then From d7c6fcb24c34d917a2f1008e476366685289d013 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Tue, 27 Feb 2024 14:33:48 +0000 Subject: [PATCH 111/235] gc: use valid Boehm-GC spdx license tag Signed-off-by: Dimitri John Ledkov --- gc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gc.yaml b/gc.yaml index 5188d964b49..c48cbf31ea6 100644 --- a/gc.yaml +++ b/gc.yaml @@ -4,7 +4,7 @@ package: epoch: 0 description: garbage collector for C and C++ copyright: - - license: LicenseRef-GC-MIT-style + - license: Boehm-GC environment: contents: From 140d080251bdd17a4e1446d1b6ba878a4e6bd564 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 15:14:53 +0000 Subject: [PATCH 112/235] jenkins/2.447 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- jenkins.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins.yaml b/jenkins.yaml index 65e10d41d50..a8f54caf843 100644 --- a/jenkins.yaml +++ b/jenkins.yaml @@ -1,6 +1,6 @@ package: name: jenkins - version: "2.446" + version: "2.447" epoch: 0 description: copyright: @@ -34,7 +34,7 @@ pipeline: - uses: fetch with: uri: https://github.com/jenkinsci/jenkins/archive/refs/tags/jenkins-${{package.version}}.tar.gz - expected-sha256: 5955272b7ad03a2eef9cfa16c108922ad70b74628685dc0d1463cf62fc3e28d4 + expected-sha256: 27b4510e6e43bf72054f61748377001314bb1efb89df055864f395b04c6aee19 - uses: patch with: From b0af00643551bf71ffdd36e4e8e4a6a9da5bfa24 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 15:15:48 +0000 Subject: [PATCH 113/235] ggshield/1.25.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- ggshield.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ggshield.yaml b/ggshield.yaml index c0fba489d77..13d45548976 100644 --- a/ggshield.yaml +++ b/ggshield.yaml @@ -1,6 +1,6 @@ package: name: ggshield - version: 1.24.0 + version: 1.25.0 epoch: 0 description: Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations. copyright: @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/GitGuardian/ggshield tag: v${{package.version}} - expected-commit: 278fdcc7cceba1f1f1678325f59ffd77cfa9b324 + expected-commit: a698c1ee4095620fe9c7ee626860a3dfc5ad02a8 - runs: | pip3 install certifi -U # https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 From 05339acf1c80a99c39d690a03ed7142375fbb5bb Mon Sep 17 00:00:00 2001 From: Sam Singh Anantha <30288538+sanghanan@users.noreply.github.com> Date: Tue, 27 Feb 2024 10:47:07 -0500 Subject: [PATCH 114/235] bump version Signed-off-by: Sam Singh Anantha <30288538+sanghanan@users.noreply.github.com> --- grafana-agent-operator.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml index 142283730c3..e151a71f8c9 100644 --- a/grafana-agent-operator.yaml +++ b/grafana-agent-operator.yaml @@ -1,6 +1,6 @@ package: name: grafana-agent-operator - version: 0.39.2 + version: 0.40.0 epoch: 0 description: Grafana Agent Operator is a Kubernetes operator for the static mode of Grafana Agent. It makes it easier to deploy and configure static mode to collect telemetry data from Kubernetes resources. copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/grafana/agent tag: v${{package.version}} - expected-commit: deae3f86639564d7ac7b3cd7b424e8e0e8733898 + expected-commit: 9be969325c6dfe7d4b30d026645ffb1287d801c3 - uses: go/build with: From 0d5bf7ff75d80a7ecb7eeb1daad91b1b3c10dcbf Mon Sep 17 00:00:00 2001 From: Sam Singh Anantha <30288538+sanghanan@users.noreply.github.com> Date: Tue, 27 Feb 2024 10:48:44 -0500 Subject: [PATCH 115/235] remove quotes from regex Signed-off-by: Sam Singh Anantha <30288538+sanghanan@users.noreply.github.com> --- grafana-agent-operator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml index e151a71f8c9..f91d8a9d45c 100644 --- a/grafana-agent-operator.yaml +++ b/grafana-agent-operator.yaml @@ -33,7 +33,7 @@ pipeline: update: enabled: true ignore-regex-patterns: - - '-rc' + - -rc github: identifier: grafana/agent strip-prefix: v From 07790cfe95a0b8e2e8d38313d4d4234e5fd3754b Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 16:15:43 +0000 Subject: [PATCH 116/235] kots/1.107.8 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- kots.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kots.yaml b/kots.yaml index 9328aaf44fa..b9fec97cd95 100644 --- a/kots.yaml +++ b/kots.yaml @@ -1,6 +1,6 @@ package: name: kots - version: 1.107.7 + version: 1.107.8 epoch: 0 description: Kubernetes Off-The-Shelf (KOTS) Software copyright: @@ -21,7 +21,7 @@ pipeline: - uses: fetch with: uri: https://github.com/replicatedhq/kots/archive/refs/tags/v${{package.version}}.tar.gz - expected-sha256: 3598db778e9be1ef518b5f344274250a8ef70f5f7b8fd06a05ccef6fa042918d + expected-sha256: 2d62746b6e96f8152983c1da96b3d543c1ef439d70a456eefc7ccc76c90dab02 - uses: go/bump with: From 10636c5d7dfa7f0ca88e22e96221e8153b551878 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 17:15:51 +0000 Subject: [PATCH 117/235] renovate/37.215.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.yaml b/renovate.yaml index 64c30c96db2..1e4afeb9fcc 100644 --- a/renovate.yaml +++ b/renovate.yaml @@ -1,6 +1,6 @@ package: name: renovate - version: 37.214.5 + version: 37.215.1 epoch: 0 description: "Automated dependency updates. Multi-platform and multi-language." copyright: From 6328fbef726b6cde14f98c72fe2e5c5977db76ed Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 17:16:14 +0000 Subject: [PATCH 118/235] py3-keyring/24.3.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-keyring.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/py3-keyring.yaml b/py3-keyring.yaml index a0eede507fe..bcb71a7f5c9 100644 --- a/py3-keyring.yaml +++ b/py3-keyring.yaml @@ -1,8 +1,8 @@ # Generated from https://pypi.org/project/keyring/ package: name: py3-keyring - version: 24.3.0 - epoch: 1 + version: 24.3.1 + epoch: 0 description: Store and access your passwords safely. copyright: - license: "MIT" @@ -33,7 +33,7 @@ pipeline: with: repository: https://github.com/jaraco/keyring tag: v${{package.version}} - expected-commit: 9056f4ac3c3d20fb1cb3648b02bf9607bb49995d + expected-commit: 3727268f0de9d5ab56d94e2cff0a794153769c18 - name: Python Build uses: python/build-wheel From 9e9013c93be5ef80f4015f7840f72f299b4de4a5 Mon Sep 17 00:00:00 2001 From: Sam Singh Anantha <30288538+sanghanan@users.noreply.github.com> Date: Tue, 27 Feb 2024 12:19:04 -0500 Subject: [PATCH 119/235] add tag-filter-prefix: v Signed-off-by: Sam Singh Anantha <30288538+sanghanan@users.noreply.github.com> --- grafana-agent-operator.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml index f91d8a9d45c..fa1a3dcbc6f 100644 --- a/grafana-agent-operator.yaml +++ b/grafana-agent-operator.yaml @@ -38,3 +38,4 @@ update: identifier: grafana/agent strip-prefix: v use-tag: true + tag-filter-prefix: v From 045e03d664e06111df99dc6b4b1a04311cf39381 Mon Sep 17 00:00:00 2001 From: ajayk Date: Mon, 26 Feb 2024 13:53:09 -0800 Subject: [PATCH 120/235] remove version streamed packages --- cassandra.yaml | 78 --------------- cassandra/build.properties | 1 - cassandra/bumpdeps.patch | 22 ----- envoy.yaml | 89 ----------------- envoy/luajit.patch | 189 ------------------------------------- etcd.yaml | 43 --------- 6 files changed, 422 deletions(-) delete mode 100644 cassandra.yaml delete mode 100644 cassandra/build.properties delete mode 100644 cassandra/bumpdeps.patch delete mode 100644 envoy.yaml delete mode 100644 envoy/luajit.patch delete mode 100644 etcd.yaml diff --git a/cassandra.yaml b/cassandra.yaml deleted file mode 100644 index aa13340bb44..00000000000 --- a/cassandra.yaml +++ /dev/null @@ -1,78 +0,0 @@ -package: - name: cassandra - version: 4.1.4 - epoch: 0 - description: Open Source NoSQL Database - copyright: - - license: Apache-2.0 - dependencies: - runtime: - - python-3.11 # needed for cqlsh - -environment: - contents: - packages: - - ant - - bash - - build-base - - busybox - - ca-certificates-bundle - - openjdk-11-default-jvm - - python-3.11 - environment: - JAVA_HOME: /usr/lib/jvm/java-11-openjdk - CASSANDRA_USE_JDK11: true - -pipeline: - - uses: git-checkout - with: - repository: https://github.com/apache/cassandra - expected-commit: 99d9faeef57c9cf5240d11eac9db5b283e45a4f9 - tag: cassandra-${{package.version}} - - - uses: patch - with: - # Bumps snakeyaml and jackson-databind to mitigate a bunch of CVEs - patches: bumpdeps.patch - - - runs: | - ant artifacts -Dversion=${{package.version}} - - # Install cassandra from the tarball in build/dist into the destdir in /usr/share/java/cassandra - mkdir -p "${{targets.destdir}}"/usr/share/java/cassandra - tar --strip-components 1 -C "${{targets.destdir}}"/usr/share/java/cassandra -xzf build/apache-cassandra-${{package.version}}-bin.tar.gz - - # Symlink everything in the cassandra bin directory into /usr/bin - mkdir -p "${{targets.destdir}}"/usr/bin/ - - for f in /home/build/build/dist/bin/*; do - filename=$(basename "$f") - ln -sf /usr/share/java/cassandra/bin/"$filename" "${{targets.destdir}}"/usr/bin/"$filename" - done - - mkdir -p ${{targets.destdir}}/var/lib/cassandra - mkdir -p ${{targets.destdir}}/var/log/cassandra - - ln -sT /var/lib/cassandra/ "${{targets.destdir}}"/usr/share/java/cassandra/data - ln -sT /var/log/cassandra/ "${{targets.destdir}}"/usr/share/java/cassandra/logs - -subpackages: - - name: cassandra-compat - pipeline: - - runs: | - install -d ${{targets.subpkgdir}}/etc/cassandra - mkdir -p ${{targets.subpkgdir}}/opt - ln -sf /usr/share/java/cassandra ${{targets.subpkgdir}}/opt/cassandra - -update: - enabled: true - github: - identifier: apache/cassandra - use-tag: true - tag-filter-prefix: cassandra-4 - strip-prefix: cassandra- - -test: - pipeline: - - runs: | - cqlsh --version diff --git a/cassandra/build.properties b/cassandra/build.properties deleted file mode 100644 index b2d68fdae8e..00000000000 --- a/cassandra/build.properties +++ /dev/null @@ -1 +0,0 @@ -artifact.remoteRepository.central=https://maven-central.storage-download.googleapis.com/repos/central/data/ \ No newline at end of file diff --git a/cassandra/bumpdeps.patch b/cassandra/bumpdeps.patch deleted file mode 100644 index edaf52d434f..00000000000 --- a/cassandra/bumpdeps.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/build.xml b/build.xml -index d2d5974cd6..34778edc10 100644 ---- a/build.xml -+++ b/build.xml -@@ -555,7 +555,7 @@ - - - -- -+ - - - -@@ -564,7 +564,7 @@ - - - -- -+ - - - diff --git a/envoy.yaml b/envoy.yaml deleted file mode 100644 index e2c6317e202..00000000000 --- a/envoy.yaml +++ /dev/null @@ -1,89 +0,0 @@ -package: - name: envoy - version: 1.29.1 - epoch: 0 - description: Cloud-native high-performance edge/middle/service proxy - copyright: - - license: Apache-2.0 - -environment: - contents: - packages: - - bash - - bazel-6 - - binutils - - build-base - - busybox - - ca-certificates-bundle - - clang~15 - - cmake - - coreutils - - git - - libtool - - llvm-libcxx-15 - - llvm-libcxx-15-dev - - llvm-libcxxabi-15 - - llvm-lld-15 - - llvm15 - - llvm15-cmake-default - - llvm15-dev - - llvm15-tools - - openjdk-11 - - patch - - python3-dev - - samurai - - wolfi-baselayout - -pipeline: - - uses: git-checkout - with: - repository: https://github.com/envoyproxy/envoy - tag: v${{package.version}} - expected-commit: 4fda4d79d06e1bd59e591be3f348223495083648 - destination: envoy - - - runs: | - export JAVA_HOME=/usr/lib/jvm/java-11-openjdk - mkdir -p .cache/bazel/_bazel_root - - cd envoy - # The Python interpreter complains about being run as root, there's a flag to pass to disable that warning. - sed -i 's/envoy_dependencies_extra()/envoy_dependencies_extra(ignore_root_user_error=True)/g' WORKSPACE - - ./bazel/setup_clang.sh /usr - echo "build --config=libc++" >> user.bazelrc - - bazel build --verbose_failures -c opt envoy - - mkdir -p ${{targets.destdir}}/usr/bin/ - mv bazel-bin/source/exe/envoy-static ${{targets.destdir}}/usr/bin/envoy - - # We no longer need this cache dir, which has some writable files. - rm -rf ../.cache/bazel/_bazel_root - - - uses: strip - -subpackages: - - name: envoy-oci-entrypoint - description: Entrypoint for using Envoy in OCI containers - dependencies: - runtime: - - busybox - pipeline: - - runs: | - mkdir -p ${{targets.subpkgdir}}/var/lib/envoy/init - cp envoy/ci/docker-entrypoint.sh ${{targets.subpkgdir}}/var/lib/envoy/init/envoy-entrypoint.sh - chmod +x ${{targets.subpkgdir}}/var/lib/envoy/init/envoy-entrypoint.sh - - - name: envoy-config - description: Default Envoy configuration - pipeline: - - runs: | - mkdir -p ${{targets.subpkgdir}}/etc/envoy - cp envoy/configs/envoyproxy_io_proxy.yaml ${{targets.subpkgdir}}/etc/envoy/envoy.yaml - -update: - enabled: true - github: - identifier: envoyproxy/envoy - strip-prefix: v diff --git a/envoy/luajit.patch b/envoy/luajit.patch deleted file mode 100644 index f7781067b4a..00000000000 --- a/envoy/luajit.patch +++ /dev/null @@ -1,189 +0,0 @@ -diff --git a/src/Makefile b/src/Makefile -index 30d64be2..ae7ec875 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -27,7 +27,7 @@ NODOTABIVER= 51 - DEFAULT_CC = gcc - # - # LuaJIT builds as a native 32 or 64 bit binary by default. --CC= $(DEFAULT_CC) -+CC ?= $(DEFAULT_CC) - # - # Use this if you want to force a 32 bit build on a 64 bit multilib OS. - #CC= $(DEFAULT_CC) -m32 -@@ -71,10 +71,10 @@ CCWARN= -Wall - # as dynamic mode. - # - # Mixed mode creates a static + dynamic library and a statically linked luajit. --BUILDMODE= mixed -+#BUILDMODE= mixed - # - # Static mode creates a static library and a statically linked luajit. --#BUILDMODE= static -+BUILDMODE= static - # - # Dynamic mode creates a dynamic library and a dynamically linked luajit. - # Note: this executable will only run when the library is installed! -@@ -99,7 +99,7 @@ XCFLAGS= - # enabled by default. Some other features that *might* break some existing - # code (e.g. __pairs or os.execute() return values) can be enabled here. - # Note: this does not provide full compatibility with Lua 5.2 at this time. --#XCFLAGS+= -DLUAJIT_ENABLE_LUA52COMPAT -+XCFLAGS+= -DLUAJIT_ENABLE_LUA52COMPAT - # - # Disable the JIT compiler, i.e. turn LuaJIT into a pure interpreter. - #XCFLAGS+= -DLUAJIT_DISABLE_JIT -@@ -212,7 +212,7 @@ TARGET_STCC= $(STATIC_CC) - TARGET_DYNCC= $(DYNAMIC_CC) - TARGET_LD= $(CROSS)$(CC) - TARGET_AR= $(CROSS)ar rcus --TARGET_STRIP= $(CROSS)strip -+TARGET_STRIP?= $(CROSS)strip - - TARGET_LIBPATH= $(or $(PREFIX),/usr/local)/$(or $(MULTILIB),lib) - TARGET_SONAME= libluajit-$(ABIVER).so.$(MAJVER) -@@ -598,7 +598,7 @@ endif - - Q= @ - E= @echo --#Q= -+Q= - #E= @: - - ############################################################################## -diff --git a/src/msvcbuild.bat b/src/msvcbuild.bat -index d323d8d4..2e08a3a1 100644 ---- a/src/msvcbuild.bat -+++ b/src/msvcbuild.bat -@@ -13,9 +13,7 @@ - @if not defined INCLUDE goto :FAIL - - @setlocal --@rem Add more debug flags here, e.g. DEBUGCFLAGS=/DLUA_USE_APICHECK --@set DEBUGCFLAGS= --@set LJCOMPILE=cl /nologo /c /O2 /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline -+@set LJCOMPILE=cl /nologo /c /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline /DLUAJIT_ENABLE_LUA52COMPAT - @set LJLINK=link /nologo - @set LJMT=mt /nologo - @set LJLIB=lib /nologo /nodefaultlib -@@ -24,10 +22,9 @@ - @set DASC=vm_x64.dasc - @set LJDLLNAME=lua51.dll - @set LJLIBNAME=lua51.lib --@set BUILDTYPE=release - @set ALL_LIB=lib_base.c lib_math.c lib_bit.c lib_string.c lib_table.c lib_io.c lib_os.c lib_package.c lib_debug.c lib_jit.c lib_ffi.c lib_buffer.c - --%LJCOMPILE% host\minilua.c -+%LJCOMPILE% /O2 host\minilua.c - @if errorlevel 1 goto :BAD - %LJLINK% /out:minilua.exe minilua.obj - @if errorlevel 1 goto :BAD -@@ -51,7 +48,7 @@ if exist minilua.exe.manifest^ - minilua %DASM% -LN %DASMFLAGS% -o host\buildvm_arch.h %DASC% - @if errorlevel 1 goto :BAD - --%LJCOMPILE% /I "." /I %DASMDIR% host\buildvm*.c -+%LJCOMPILE% /O2 /I "." /I %DASMDIR% host\buildvm*.c - @if errorlevel 1 goto :BAD - %LJLINK% /out:buildvm.exe buildvm*.obj - @if errorlevel 1 goto :BAD -@@ -75,26 +72,35 @@ buildvm -m folddef -o lj_folddef.h lj_opt_fold.c - - @if "%1" neq "debug" goto :NODEBUG - @shift --@set BUILDTYPE=debug --@set LJCOMPILE=%LJCOMPILE% /Zi %DEBUGCFLAGS% --@set LJLINK=%LJLINK% /opt:ref /opt:icf /incremental:no -+@set LJCOMPILE=%LJCOMPILE% /O0 /Z7 -+@set LJLINK=%LJLINK% /debug /opt:ref /opt:icf /incremental:no -+@set LJCRTDBG=d -+@goto :ENDDEBUG - :NODEBUG --@set LJLINK=%LJLINK% /%BUILDTYPE% -+@set LJCOMPILE=%LJCOMPILE% /O2 /Z7 -+@set LJLINK=%LJLINK% /release /incremental:no -+@set LJCRTDBG= -+:ENDDEBUG - @if "%1"=="amalg" goto :AMALGDLL - @if "%1"=="static" goto :STATIC --%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL lj_*.c lib_*.c -+@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% -+%LJCOMPILE% /DLUA_BUILD_AS_DLL lj_*.c lib_*.c - @if errorlevel 1 goto :BAD - %LJLINK% /DLL /out:%LJDLLNAME% lj_*.obj lib_*.obj - @if errorlevel 1 goto :BAD - @goto :MTDLL - :STATIC -+@shift -+@set LJCOMPILE=%LJCOMPILE% /MT%LJCRTDBG% - %LJCOMPILE% lj_*.c lib_*.c - @if errorlevel 1 goto :BAD - %LJLIB% /OUT:%LJLIBNAME% lj_*.obj lib_*.obj - @if errorlevel 1 goto :BAD - @goto :MTDLL - :AMALGDLL --%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL ljamalg.c -+@shift -+@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% -+%LJCOMPILE% /DLUA_BUILD_AS_DLL ljamalg.c - @if errorlevel 1 goto :BAD - %LJLINK% /DLL /out:%LJDLLNAME% ljamalg.obj lj_vm.obj - @if errorlevel 1 goto :BAD -diff --git a/build.py b/build.py -new file mode 100755 -index 00000000..1201542c ---- /dev/null -+++ b/build.py -@@ -0,0 +1,52 @@ -+#!/usr/bin/env python3 -+ -+import argparse -+import os -+import shutil -+ -+def main(): -+ parser = argparse.ArgumentParser() -+ parser.add_argument("--prefix") -+ args = parser.parse_args() -+ src_dir = os.path.dirname(os.path.realpath(__file__)) -+ shutil.copytree(src_dir, os.path.basename(src_dir)) -+ os.chdir(os.path.basename(src_dir)) -+ -+ os.environ["MACOSX_DEPLOYMENT_TARGET"] = "10.8" -+ os.environ["DEFAULT_CC"] = os.environ.get("CC", "") -+ os.environ["TARGET_CFLAGS"] = os.environ.get("CFLAGS", "") + " -fno-function-sections -fno-data-sections" -+ os.environ["TARGET_LDFLAGS"] = os.environ.get("CFLAGS", "") + " -fno-function-sections -fno-data-sections" -+ os.environ["CFLAGS"] = "" -+ os.environ["LDFLAGS"] = "" -+ -+ # Don't strip the binary - it doesn't work when cross-compiling, and we don't use it anyway. -+ os.environ["TARGET_STRIP"] = "@echo" -+ -+ # Remove LuaJIT from ASAN for now. -+ # TODO(htuch): Remove this when https://github.com/envoyproxy/envoy/issues/6084 is resolved. -+ if "ENVOY_CONFIG_ASAN" in os.environ or "ENVOY_CONFIG_MSAN" in os.environ: -+ os.environ["TARGET_CFLAGS"] += " -fsanitize-blacklist=%s/com_github_luajit_luajit/clang-asan-blocklist.txt" % os.environ["PWD"] -+ with open("clang-asan-blocklist.txt", "w") as f: -+ f.write("fun:*\n") -+ -+ os.system('"{}" -j{} V=1 PREFIX="{}" install'.format(os.environ["MAKE"], os.cpu_count(), args.prefix)) -+ -+def win_main(): -+ src_dir = os.path.dirname(os.path.realpath(__file__)) -+ dst_dir = os.getcwd() + "/luajit" -+ shutil.copytree(src_dir, os.path.basename(src_dir)) -+ os.chdir(os.path.basename(src_dir) + "/src") -+ os.system('msvcbuild.bat ' + os.getenv('WINDOWS_DBG_BUILD', '') + ' static') -+ os.makedirs(dst_dir + "/lib", exist_ok=True) -+ shutil.copy("lua51.lib", dst_dir + "/lib") -+ os.makedirs(dst_dir + "/include/luajit-2.1", exist_ok=True) -+ for header in ["lauxlib.h", "luaconf.h", "lua.h", "lua.hpp", "luajit.h", "lualib.h"]: -+ shutil.copy(header, dst_dir + "/include/luajit-2.1") -+ os.makedirs(dst_dir + "/bin", exist_ok=True) -+ shutil.copy("luajit.exe", dst_dir + "/bin") -+ -+if os.name == 'nt': -+ win_main() -+else: -+ main() -+ diff --git a/etcd.yaml b/etcd.yaml deleted file mode 100644 index 4fb6efa6017..00000000000 --- a/etcd.yaml +++ /dev/null @@ -1,43 +0,0 @@ -package: - name: etcd - version: 3.5.12 - epoch: 0 - description: A highly-available key value store for shared configuration and service discovery. - copyright: - - license: Apache-2.0 - dependencies: - runtime: - - ca-certificates-bundle - - glibc - -environment: - contents: - packages: - - bash - - busybox - - ca-certificates-bundle - - git - - go - -pipeline: - - uses: git-checkout - with: - repository: https://github.com/etcd-io/etcd - tag: v${{package.version}} - expected-commit: e7b3bb6ccac840770f108ef9a0f013fa51b83256 - - - runs: | - bash -x ./build.sh - mkdir -p "${{targets.destdir}}"/var/lib/${{package.name}} - chmod 700 "${{targets.destdir}}"/var/lib/${{package.name}} - install -Dm755 bin/etcd "${{targets.destdir}}"/usr/bin/etcd - install -Dm755 bin/etcdctl "${{targets.destdir}}"/usr/bin/etcdctl - install -Dm755 bin/etcdutl "${{targets.destdir}}"/usr/bin/etcdutl - - - uses: strip - -update: - enabled: true - github: - identifier: etcd-io/etcd - strip-prefix: v From cc670fbff22b071c5368a0d89ba59fcdb82e4636 Mon Sep 17 00:00:00 2001 From: ajayk Date: Mon, 26 Feb 2024 21:00:59 -0800 Subject: [PATCH 121/235] withdraw all the previous packages --- withdrawn-packages.txt | 113 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) diff --git a/withdrawn-packages.txt b/withdrawn-packages.txt index ad03776618d..63aaee25abc 100644 --- a/withdrawn-packages.txt +++ b/withdrawn-packages.txt @@ -2,3 +2,116 @@ argo-cd-2.8.0-r0.apk argo-cd-2.8.0-r1.apk argo-cd-2.8.1-r0.apk argo-cd-2.8.2-r0.apk +cassandra-4.1.1-r0.apk +cassandra-4.1.1-r1.apk +cassandra-4.1.3-r0.apk +cassandra-4.1.3-r1.apk +cassandra-4.1.3-r2.apk +cassandra-4.1.3-r3.apk +cassandra-4.1.3-r4.apk +cassandra-4.1.3-r5.apk +cassandra-4.1.3-r6.apk +cassandra-4.1.3-r7.apk +cassandra-4.1.3-r8.apk +cassandra-4.1.3-r9.apk +cassandra-4.1.4-r0.apk +cassandra-compat-4.1.3-r1.apk +cassandra-compat-4.1.3-r2.apk +cassandra-compat-4.1.3-r3.apk +cassandra-compat-4.1.3-r4.apk +cassandra-compat-4.1.3-r5.apk +cassandra-compat-4.1.3-r6.apk +cassandra-compat-4.1.3-r7.apk +cassandra-compat-4.1.3-r8.apk +cassandra-compat-4.1.3-r9.apk +cassandra-compat-4.1.4-r0.apk +etcd-3.5.6-r0.apk +etcd-3.5.6-r1.apk +etcd-3.5.6-r2.apk +etcd-3.5.6-r3.apk +etcd-3.5.7-r0.apk +etcd-3.5.7-r1.apk +etcd-3.5.7-r2.apk +etcd-3.5.7-r3.apk +etcd-3.5.7-r4.apk +etcd-3.5.8-r0.apk +etcd-3.5.8-r1.apk +etcd-3.5.9-r0.apk +etcd-3.5.9-r1.apk +etcd-3.5.9-r2.apk +etcd-3.5.9-r3.apk +etcd-3.5.9-r4.apk +etcd-3.5.9-r5.apk +etcd-3.5.9-r6.apk +etcd-3.5.9-r7.apk +etcd-3.5.10-r0.apk +etcd-3.5.10-r1.apk +etcd-3.5.10-r2.apk +etcd-3.5.11-r0.apk +etcd-3.5.11-r1.apk +etcd-3.5.11-r2.apk +etcd-3.5.12-r0.apk +envoy-1.24.0-r0.apk +envoy-1.24.0-r1.apk +envoy-1.24.1-r0.apk +envoy-1.25.0-r0.apk +envoy-1.25.1-r0.apk +envoy-1.25.2-r0.apk +envoy-1.25.3-r0.apk +envoy-1.25.5-r0.apk +envoy-1.26.0-r0.apk +envoy-1.26.1-r0.apk +envoy-1.26.1-r1.apk +envoy-1.26.2-r0.apk +envoy-1.26.2-r1.apk +envoy-1.26.3-r0.apk +envoy-1.26.4-r0.apk +envoy-1.27.0-r0.apk +envoy-1.27.1-r0.apk +envoy-1.27.2-r0.apk +envoy-1.28.0-r0.apk +envoy-1.28.0-r1.apk +envoy-1.28.0-r2.apk +envoy-1.29.1-r0.apk +envoy-config-1.24.0-r1.apk +envoy-config-1.24.1-r0.apk +envoy-config-1.25.0-r0.apk +envoy-config-1.25.1-r0.apk +envoy-config-1.25.2-r0.apk +envoy-config-1.25.3-r0.apk +envoy-config-1.25.5-r0.apk +envoy-config-1.26.0-r0.apk +envoy-config-1.26.1-r0.apk +envoy-config-1.26.1-r1.apk +envoy-config-1.26.2-r0.apk +envoy-config-1.26.2-r1.apk +envoy-config-1.26.3-r0.apk +envoy-config-1.26.4-r0.apk +envoy-config-1.27.0-r0.apk +envoy-config-1.27.1-r0.apk +envoy-config-1.27.2-r0.apk +envoy-config-1.28.0-r0.apk +envoy-config-1.28.0-r1.apk +envoy-config-1.28.0-r2.apk +envoy-config-1.29.1-r0.apk +envoy-oci-entrypoint-1.24.0-r1.apk +envoy-oci-entrypoint-1.24.1-r0.apk +envoy-oci-entrypoint-1.25.0-r0.apk +envoy-oci-entrypoint-1.25.1-r0.apk +envoy-oci-entrypoint-1.25.2-r0.apk +envoy-oci-entrypoint-1.25.3-r0.apk +envoy-oci-entrypoint-1.25.5-r0.apk +envoy-oci-entrypoint-1.26.0-r0.apk +envoy-oci-entrypoint-1.26.1-r0.apk +envoy-oci-entrypoint-1.26.1-r1.apk +envoy-oci-entrypoint-1.26.2-r0.apk +envoy-oci-entrypoint-1.26.2-r1.apk +envoy-oci-entrypoint-1.26.3-r0.apk +envoy-oci-entrypoint-1.26.4-r0.apk +envoy-oci-entrypoint-1.27.0-r0.apk +envoy-oci-entrypoint-1.27.1-r0.apk +envoy-oci-entrypoint-1.27.2-r0.apk +envoy-oci-entrypoint-1.28.0-r0.apk +envoy-oci-entrypoint-1.28.0-r1.apk +envoy-oci-entrypoint-1.28.0-r2.apk +envoy-oci-entrypoint-1.29.1-r0.apk \ No newline at end of file From 6f0df84e40ea2ce742475ed6239ce52b4aac048c Mon Sep 17 00:00:00 2001 From: Ajay Kemparaj Date: Tue, 27 Feb 2024 09:32:30 -0800 Subject: [PATCH 122/235] Update ruby3.2-jruby-openssl.yaml Signed-off-by: Ajay Kemparaj --- ruby3.2-jruby-openssl.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby3.2-jruby-openssl.yaml b/ruby3.2-jruby-openssl.yaml index 0fa494b5c6e..dbf446dbe3a 100644 --- a/ruby3.2-jruby-openssl.yaml +++ b/ruby3.2-jruby-openssl.yaml @@ -5,7 +5,7 @@ package: epoch: 0 description: JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. copyright: - - license: GPL-2.0-or-later AND EPL-1.0-or-later AND LGPL-2.1-or-later + - license: GPL-2.0-or-later AND EPL-1.0 AND LGPL-2.1-or-later dependencies: runtime: - ruby3.2-bouncy-castle-java From c351a0d8bf13573589c8dce8937a622e772badf6 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov <19779+xnox@users.noreply.github.com> Date: Tue, 27 Feb 2024 18:01:26 +0000 Subject: [PATCH 123/235] Update flannel-cni-plugin.yaml Make version without the flannel1 suffix Signed-off-by: Dimitri John Ledkov <19779+xnox@users.noreply.github.com> --- flannel-cni-plugin.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flannel-cni-plugin.yaml b/flannel-cni-plugin.yaml index 0be3fe903bc..31e338e19c7 100644 --- a/flannel-cni-plugin.yaml +++ b/flannel-cni-plugin.yaml @@ -1,6 +1,6 @@ package: name: flannel-cni-plugin - version: 1.4.0-flannel1 + version: 1.4.0 epoch: 0 description: flannel cni plugin copyright: @@ -18,7 +18,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/flannel-io/cni-plugin - tag: v${{package.version}} + tag: v${{package.version}}-flannel1 expected-commit: 28a4dca643b328ced681a5f9b587f2591b7bb4ce - runs: | From d012d372466443f034dba21c2e6bb3a8e08e25a9 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov <19779+xnox@users.noreply.github.com> Date: Tue, 27 Feb 2024 18:09:25 +0000 Subject: [PATCH 124/235] Update gitlab-exporter.yaml Set expected commit Signed-off-by: Dimitri John Ledkov <19779+xnox@users.noreply.github.com> --- gitlab-exporter.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitlab-exporter.yaml b/gitlab-exporter.yaml index 3423eb61e7d..d96de6503c2 100644 --- a/gitlab-exporter.yaml +++ b/gitlab-exporter.yaml @@ -59,7 +59,7 @@ pipeline: repository: https://gitlab.com/gitlab-org/ruby/gems/gitlab-exporter.git # inconsistent package versioning tag: ${{package.version}} - expected-commit: 8500f0bdac1512e39d9a11230c2395dc384f0796 + expected-commit: 5bcc07dc951f45c6fb41cc3b2b689f1f40698b2b - uses: ruby/unlock-spec From 6a40fbdb50a2b8d81cca43dd2dff345965780fc4 Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Tue, 27 Feb 2024 11:33:41 -0700 Subject: [PATCH 125/235] feat(packages): Add Chromium Adds Chromium to Wolfi Signed-off-by: RJ Sampson --- chromium.yaml | 219 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 219 insertions(+) create mode 100644 chromium.yaml diff --git a/chromium.yaml b/chromium.yaml new file mode 100644 index 00000000000..0023a95444a --- /dev/null +++ b/chromium.yaml @@ -0,0 +1,219 @@ +# source is chromium src so we can't use github updates to get expected commit +# let's still auto create the PR, it will fail as expected commit will be wrong +# however it will be easy to fix +#nolint:git-checkout-must-use-github-updates +package: + name: chromium + version: 122.0.6250.1 + epoch: 1 + description: "Open souce version of Google's chrome web browser" + copyright: + - license: BSD-3-Clause + target-architecture: + - x86_64 + dependencies: + runtime: + - font-opensans + - fontconfig + - libnss + - mesa + +environment: + contents: + packages: + - alsa-lib-dev + - at-spi2-core-dev + - bash + - bison + - brotli-dev + - build-base + - busybox + - bzip2-dev + - ca-certificates-bundle + - cairo-dev + - cups-dev + - curl + - curl-dev + - dav1d-dev + - dbus-dev + - dbus-glib-dev + - elfutils + - elfutils-dev + - eudev-dev + - expat-dev + - ffmpeg-dev + - findutils + - flac-dev + - flex + - freetype-dev + - fribidi-dev + - git + - glib-dev + - gn + - gperf + - gtk-3-dev + - gzip + - harfbuzz-dev + - harfbuzz-static + - hwdata-dev + - krb5-dev + - lcms2-dev + - libbsd-dev + - libcap-dev + - libdrm-dev + - libevent-dev + - libffi-dev + - libgcrypt-dev + - libjpeg-turbo-dev + - libnspr-dev + - libnss-dev + - libsecret-dev + - libusb-dev + - libva-dev + - libwebp-dev + - libxcomposite-dev + - libxcursor-dev + - libxdamage + - libxdamage-dev + - libxft-dev + - libxi-dev + - libxinerama-dev + - libxkbcommon + - libxkbcommon-dev + - libxml2-dev + - libxrandr-dev + - libxshmfence-dev + - libxslt-dev + - libxtst + - libxtst-dev + - linux-headers + - mesa-dev + - mesa-gbm + - opus-dev + - pango + - pango-dev + - pciutils + - pciutils-dev + - perl + - pulseaudio-dev + - py3-httplib2 + - py3-setuptools + - python3 + - qt5-qtbase-dev + - rust + - samurai + - speex-dev + - sqlite-dev + - wget + - xcb-proto + - zlib-dev + - zstd-dev + +pipeline: + - uses: git-checkout + with: + # === INFO === Initial git clone: takes ~3 minutes, needs 6GB disk + repository: https://chromium.googlesource.com/chromium/src.git + tag: ${{package.version}} + depth: 1 + expected-commit: 553d92272085528d3d2c898c9263714e8ad3345b + destination: /home/src + + - runs: | + cd /home + time git clone --depth 1 https://chromium.googlesource.com/chromium/tools/depot_tools.git + export PATH="$PATH:/home/depot_tools" + # .gclient must be in one directory above chromium's src + cat </home/.gclient + # Setup a .gclient config (handled by 'fetch' in upstream instructions) + solutions = [ + { "name" : "src", + "url" : "https://chromium.googlesource.com/chromium/src.git", + "managed": False, + "custom_deps": {}, + "custom_vars": {}, + }, + ] + EOF + cat /home/.gclient + # === INFO === Sync dependencies: takes about 11 minutes, requires 30 GB of disk + # go back into our chromium src directory + cd /home/src + time gclient sync --no-history + # === INFO === Make node executable: works around permission denial + cd /home/src + chmod +x third_party/node/linux/node-linux-x64/bin/node + # === INFO === Generate config: takes about 30 minutes / + cd /home/src + time gn gen /home/src/out/Default --args=" + clang_use_chrome_plugins=false + chrome_pgo_phase=0 + enable_nocompile_tests_new=false + is_debug=false + is_official_build=true + symbol_level=0 + use_sysroot=false + use_system_freetype=true + use_system_harfbuzz=true + use_system_lcms2=true + use_system_libdrm=true + use_system_libffi=true + use_system_libjpeg=true + use_system_zlib=true + " + # === INFO === Compile: takes about 3 hours, 60 GB of disk (on a 32xXeon, 128GBxRAM, 2TBxNVME system) + cd /home/src + time autoninja -C /home/src/out/Default chrome chromedriver chrome_sandbox + # === INFO === Install the binaries and libraries + cd /home/src/out/Default + mkdir -p ${{targets.destdir}}/usr/bin ${{targets.destdir}}/usr/lib/${{package.name}} + mv *.so* ${{targets.destdir}}/usr/lib/${{package.name}} + mv chrome ${{targets.destdir}}/usr/lib/${{package.name}} + mv chrome_sandbox ${{targets.destdir}}/usr/lib/${{package.name}} + mv chromedriver ${{targets.destdir}}/usr/lib/${{package.name}} + # resources + mv snapshot_blob.bin ${{targets.destdir}}/usr/lib/${{package.name}} + mv v8_context_snapshot.bin ${{targets.destdir}}/usr/lib/${{package.name}} + mv icudtl.dat ${{targets.destdir}}/usr/lib/${{package.name}} + mv xdg-mime ${{targets.destdir}}/usr/lib/${{package.name}} + mv xdg-settings ${{targets.destdir}}/usr/lib/${{package.name}} + mv vk_swiftshader_icd.json ${{targets.destdir}}/usr/lib/${{package.name}} + mv *.pak ${{targets.destdir}}/usr/lib/${{package.name}} + mv locales ${{targets.destdir}}/usr/lib/${{package.name}} + # links + ln -sf /usr/lib/${{package.name}}/chrome ${{targets.destdir}}/usr/bin/chromium-browser + ln -sf chromium-browser ${{targets.destdir}}/usr/bin/chromium + mkdir -p ${{targets.destdir}}/etc/chromium + + - uses: strip + with: + opts: -s + +subpackages: + - name: ${{package.name}}-qt + options: + no-depends: true + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/usr/lib/${{package.name}} + mv ${{targets.destdir}}/usr/lib/${{package.name}}/*qt* ${{targets.subpkgdir}}/usr/lib/${{package.name}} + + - name: ${{package.name}}-lang + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/usr/lib/${{package.name}} + mv ${{targets.destdir}}/usr/lib/${{package.name}}/locales ${{targets.subpkgdir}}/usr/lib/${{package.name}} + +update: + enabled: false + release-monitor: + identifier: 13344 + +test: + environment: + contents: + packages: + - wolfi-base + pipeline: + - runs: | + chromium --no-sandbox --headless --disable-gpu --dump-dom https://www.chromestatus.com From e264e33f8688f6a7f3a24929e0898d37bf94dd20 Mon Sep 17 00:00:00 2001 From: Ajay Kemparaj Date: Tue, 27 Feb 2024 10:58:38 -0800 Subject: [PATCH 126/235] Update cassandra-4.1.yaml --- cassandra-4.1.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cassandra-4.1.yaml b/cassandra-4.1.yaml index c35151644c6..925f04a0919 100644 --- a/cassandra-4.1.yaml +++ b/cassandra-4.1.yaml @@ -1,7 +1,7 @@ package: name: cassandra-4.1 version: 4.1.4 - epoch: 0 + epoch: 1 description: Open Source NoSQL Database copyright: - license: Apache-2.0 @@ -60,6 +60,9 @@ pipeline: subpackages: - name: ${{package.name}}-compat + dependencies: + provides: + - cassandra-compat=${{package.full-version}} pipeline: - runs: | install -d ${{targets.subpkgdir}}/etc/cassandra From f041ed46cfd2e73b93b7d37610a2bb5bf3aedede Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 19:08:19 +0000 Subject: [PATCH 127/235] orc/0.4.38 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- orc.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/orc.yaml b/orc.yaml index fc05dda20d5..198aaae6f38 100644 --- a/orc.yaml +++ b/orc.yaml @@ -1,6 +1,6 @@ package: name: orc - version: 0.4.37 + version: 0.4.38 epoch: 0 description: Oil Run-time Compiler copyright: @@ -18,7 +18,7 @@ environment: pipeline: - uses: fetch with: - expected-sha512: 73c1e6e3bf66ceda94eb009675b0728ec844acc238959a4e741cbd6b69b7231b544fb85bb093641319d761bcfc0a9f84da864ab7bcf5dd1c263aa75f7b9d2310 + expected-sha512: 49f34be85f6980e4b5e94f848016f5788b658323f3a120110bc237722ac99938c02976efbe96022d148054330432899533305d4dd21be8fab76fd1995179339a uri: https://gstreamer.freedesktop.org/src/orc/orc-${{package.version}}.tar.xz - uses: meson/configure From 73e4c08ac5238eef2ec6be1f273b28513deb975a Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 19:15:09 +0000 Subject: [PATCH 128/235] py3-pydantic/2.6.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-pydantic.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-pydantic.yaml b/py3-pydantic.yaml index 7ef6273a632..5641af6e4e9 100644 --- a/py3-pydantic.yaml +++ b/py3-pydantic.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/pydantic/ package: name: py3-pydantic - version: 2.6.2 + version: 2.6.3 epoch: 0 description: Data validation using Python type hints copyright: @@ -28,7 +28,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 511d862ec9895de6999d260ac4c790d0b233e316 + expected-commit: 88451f3a09f6cc34e66fcb78f0e76755fc6a89bc repository: https://github.com/pydantic/pydantic tag: v${{package.version}} From 682f015ecefde11c784f036de793e3d73e75efbf Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 19:15:43 +0000 Subject: [PATCH 129/235] logstash-exporter/1.6.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- logstash-exporter.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/logstash-exporter.yaml b/logstash-exporter.yaml index a9e19982a57..93d832862fa 100644 --- a/logstash-exporter.yaml +++ b/logstash-exporter.yaml @@ -1,6 +1,6 @@ package: name: logstash-exporter - version: 1.6.2 + version: 1.6.3 epoch: 0 description: Prometheus exporter for Logstash written in Go copyright: @@ -18,7 +18,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 76b41045d8e5688eb3bacdcaece5b9dafe5a039e + expected-commit: 119ace0b38cd6b3a4662eb63a5d49143ef02699c repository: https://github.com/kuskoman/logstash-exporter tag: v${{package.version}} From 71287ccaf2c0085fad9ca7b698d0ea642c881ba5 Mon Sep 17 00:00:00 2001 From: ajayk Date: Tue, 27 Feb 2024 11:36:32 -0800 Subject: [PATCH 130/235] envoy: add subpackge provides --- envoy-1.29.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/envoy-1.29.yaml b/envoy-1.29.yaml index 54d797e96f7..e33061c5465 100644 --- a/envoy-1.29.yaml +++ b/envoy-1.29.yaml @@ -1,7 +1,7 @@ package: name: envoy-1.29 version: 1.29.1 - epoch: 0 + epoch: 1 description: Cloud-native high-performance edge/middle/service proxy copyright: - license: Apache-2.0 @@ -72,6 +72,8 @@ subpackages: dependencies: runtime: - busybox + provides: + - envoy-oci-entrypoint=${{package.full-version}} pipeline: - runs: | mkdir -p ${{targets.subpkgdir}}/var/lib/envoy/init @@ -80,6 +82,9 @@ subpackages: - name: ${{package.name}}-config description: Default Envoy configuration + dependencies: + provides: + - envoy-config=${{package.full-version}} pipeline: - runs: | mkdir -p ${{targets.subpkgdir}}/etc/envoy From 5e889728a6d7b56de4274e274e7fb97bef95ecab Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 20:16:03 +0000 Subject: [PATCH 131/235] vim/9.1.0140 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- vim.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vim.yaml b/vim.yaml index b3da843b394..3af004a2daa 100644 --- a/vim.yaml +++ b/vim.yaml @@ -1,6 +1,6 @@ package: name: vim - version: 9.1.0139 + version: 9.1.0140 epoch: 0 description: "Improved vi-style text editor" copyright: @@ -21,7 +21,7 @@ pipeline: - uses: fetch with: uri: https://github.com/vim/vim/archive/v${{package.version}}.tar.gz - expected-sha256: bfa800d76dba1a614396f59e4edcff65012ffbc29d795e414c40932dc8cd883d + expected-sha256: be99e77183372b3da93d3b17342b3e8b2f8dcdd4dce6b3f8dce260b5d2e875b0 - runs: | # vim seems to manually set FORTIFY_SOURCE=1, and setting both breaks the build From 1a54f26bdd4e65d37740d193e9da30452799d7e7 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 20:16:09 +0000 Subject: [PATCH 132/235] aws-cli/1.32.51 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- aws-cli.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws-cli.yaml b/aws-cli.yaml index fbf1288c1c0..5e0f69cd4d4 100644 --- a/aws-cli.yaml +++ b/aws-cli.yaml @@ -1,6 +1,6 @@ package: name: aws-cli - version: 1.32.50 + version: 1.32.51 epoch: 0 description: "Universal Command Line Interface for Amazon Web Services" copyright: @@ -33,7 +33,7 @@ pipeline: - uses: fetch with: uri: https://github.com/aws/aws-cli/archive/${{package.version}}.tar.gz - expected-sha256: f688ebffa5efb8fbe0486e8998877d8a344ce3c4a8d4c2d0303c4b279eb69314 + expected-sha256: e9030b3b6a99332e81a9a53c8cf18352200f1db4241819b3deec7f47739fe488 - runs: | python3 setup.py build From 9a069e1fdc6626b5f87d25a179f6f2aa0ec40fe2 Mon Sep 17 00:00:00 2001 From: Jon Johnson Date: Tue, 27 Feb 2024 12:22:42 -0800 Subject: [PATCH 133/235] Add .install to gcloud installation root This fixes the "gcloud components" subcommand. Signed-off-by: Jon Johnson --- google-cloud-sdk.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/google-cloud-sdk.yaml b/google-cloud-sdk.yaml index 8aee729007d..7820a3a7ec7 100644 --- a/google-cloud-sdk.yaml +++ b/google-cloud-sdk.yaml @@ -1,7 +1,7 @@ package: name: google-cloud-sdk version: 460.0.0 - epoch: 0 + epoch: 1 description: "Google Cloud Command Line Interface" copyright: - license: Apache-2.0 @@ -69,6 +69,10 @@ pipeline: find google-cloud-sdk/ -name "*.pyc" -exec rm -rf '{}' + rm -rf google-cloud-sdk/.install + # gcloud expects to find a directory called ".install" in its "Installation Root" (as reported by "gcloud info"). + # Without this, "gcloud components" doesn't work. + mkdir google-cloud-sdk/.install + mv google-cloud-sdk ${{targets.destdir}}/usr/share/ mkdir -p ${{targets.destdir}}/usr/bin From bb80e72025ca2f64de5df5a559185cdd8cf1125e Mon Sep 17 00:00:00 2001 From: Jamon Camisso Date: Tue, 27 Feb 2024 15:23:02 -0500 Subject: [PATCH 134/235] Add version test to grafana-agent-operator Signed-off-by: Jamon Camisso --- grafana-agent-operator.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml index fa1a3dcbc6f..3581b48fa35 100644 --- a/grafana-agent-operator.yaml +++ b/grafana-agent-operator.yaml @@ -30,6 +30,10 @@ pipeline: - uses: strip +test: + pipeline: + - runs: /usr/bin/grafana-agent-operator -version + update: enabled: true ignore-regex-patterns: From 163b6754c79814994e5b4aaf7261bfaeaf7bc69b Mon Sep 17 00:00:00 2001 From: Jamon Camisso Date: Tue, 27 Feb 2024 15:24:28 -0500 Subject: [PATCH 135/235] Add version test to grafana-agent-operator Signed-off-by: Jamon Camisso --- grafana-agent-operator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml index 3581b48fa35..ce918fded2a 100644 --- a/grafana-agent-operator.yaml +++ b/grafana-agent-operator.yaml @@ -1,7 +1,7 @@ package: name: grafana-agent-operator version: 0.40.0 - epoch: 0 + epoch: 1 description: Grafana Agent Operator is a Kubernetes operator for the static mode of Grafana Agent. It makes it easier to deploy and configure static mode to collect telemetry data from Kubernetes resources. copyright: - license: Apache-2.0 From 217dde5708a8b9230c48209176e683ab276fb03e Mon Sep 17 00:00:00 2001 From: Jamon Camisso Date: Tue, 27 Feb 2024 15:34:17 -0500 Subject: [PATCH 136/235] Update grafana-agent-operator.yaml Co-authored-by: Ajay Kemparaj Signed-off-by: Jamon Camisso --- grafana-agent-operator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml index ce918fded2a..3581b48fa35 100644 --- a/grafana-agent-operator.yaml +++ b/grafana-agent-operator.yaml @@ -1,7 +1,7 @@ package: name: grafana-agent-operator version: 0.40.0 - epoch: 1 + epoch: 0 description: Grafana Agent Operator is a Kubernetes operator for the static mode of Grafana Agent. It makes it easier to deploy and configure static mode to collect telemetry data from Kubernetes resources. copyright: - license: Apache-2.0 From fb53bf65d1d6e73cc815773b1121494ad5086595 Mon Sep 17 00:00:00 2001 From: Jon Johnson Date: Tue, 27 Feb 2024 12:44:28 -0800 Subject: [PATCH 137/235] Fix latest mariadb version stream This wasn't providing any of the right virtuals. Signed-off-by: Jon Johnson --- mariadb-11.2.yaml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/mariadb-11.2.yaml b/mariadb-11.2.yaml index 60245f908ad..27fbc1c6020 100644 --- a/mariadb-11.2.yaml +++ b/mariadb-11.2.yaml @@ -1,13 +1,15 @@ package: name: mariadb-11.2 version: 11.2.3 - epoch: 0 + epoch: 1 description: "The MariaDB open source relational database" copyright: - license: GPL-3.0-or-later dependencies: runtime: - pwgen + provides: + - mariadb=${{package.full-version}} environment: contents: @@ -147,16 +149,23 @@ pipeline: subpackages: - name: "${{package.name}}-dev" description: "headers for mariadb" + dependencies: + provides: + - mariadb-dev=${{package.full-version}} pipeline: - uses: split/dev - dependencies: - name: "${{package.name}}-doc" + dependencies: + provides: + - mariadb-doc=${{package.full-version}} pipeline: - uses: split/manpages - name: "${{package.name}}-bench" dependencies: + provides: + - mariadb-bench=${{package.full-version}} pipeline: - runs: | mkdir -p "${{targets.subpkgdir}}"/usr/share/ @@ -164,6 +173,8 @@ subpackages: - name: "${{package.name}}-backup" dependencies: + provides: + - mariadb-backup=${{package.full-version}} pipeline: - runs: | mkdir -p "${{targets.subpkgdir}}"/usr/bin @@ -175,6 +186,8 @@ subpackages: - name: "${{package.name}}-oci-entrypoint" description: Entrypoint for using HAProxy in OCI containers dependencies: + provides: + - mariadb-oci-entrypoint=${{package.full-version}} runtime: - bash - busybox @@ -187,6 +200,8 @@ subpackages: - name: "${{package.name}}-embedded" description: Emedded library for mariadb dependencies: + provides: + - mariadb-embedded=${{package.full-version}} pipeline: - runs: | mkdir -p ${{targets.subpkgdir}}/usr/bin/ From b68bb6e72fe8d3b5420d0ae0cc839385b48031e2 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 21:14:55 +0000 Subject: [PATCH 138/235] wasm-tools/1.201.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- wasm-tools.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wasm-tools.yaml b/wasm-tools.yaml index e974553adbe..69c4708d599 100644 --- a/wasm-tools.yaml +++ b/wasm-tools.yaml @@ -1,6 +1,6 @@ package: name: wasm-tools - version: 1.200.0 + version: 1.201.0 epoch: 0 description: "Low level tooling for WebAssembly in Rust" copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/bytecodealliance/wasm-tools tag: v${{package.version}} - expected-commit: 69a397f99a3775c0a20a4ad68aaf193b85e23213 + expected-commit: 90161a9b5fbfeaa40e9b4ba2339d7cd1bd52deff - name: Configure and build runs: | From 343cd848e03a9df4cf226e4aaa7563c787aaad13 Mon Sep 17 00:00:00 2001 From: ajayk Date: Tue, 27 Feb 2024 13:17:00 -0800 Subject: [PATCH 139/235] add version stream for cilium-1.14 --- cilium-1.14.yaml | 134 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 cilium-1.14.yaml diff --git a/cilium-1.14.yaml b/cilium-1.14.yaml new file mode 100644 index 00000000000..ea3222a8e57 --- /dev/null +++ b/cilium-1.14.yaml @@ -0,0 +1,134 @@ +package: + name: cilium-1.14 + version: 1.14.6 + epoch: 0 + description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane + copyright: + - license: Apache-2.0 + dependencies: + runtime: + - bpftool + # cilium does compilations at runtime on the node. + - clang + - cni-plugins-loopback + - iproute2 + - ipset + - iptables + - kmod + - llvm15 + - llvm15-tools + provides: + - cilium=${{package.full-version}} + +environment: + contents: + packages: + - build-base + - busybox + - clang + - coreutils # for GNU install + - git + - go + - grep + - iptables # for cilium-iptables + - llvm15 + - llvm15-tools + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/cilium/cilium + tag: v${{package.version}} + expected-commit: 4a4fa0587d1beb6abce883780957f9848dc50b60 + + - uses: patch + with: + patches: loopback-location.patch + + - runs: | + # Remove groupadd from Makefile: it's not doing anything useful in + # a package build anyway, and it's not available in busybox. + find . -name Makefile -exec sed -i '/groupadd/d' {} \; + + DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make build-container + DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make install-container + + - uses: strip + +subpackages: + - name: ${{package.name}}-container-init + description: init scripts for cilium + dependencies: + provides: + - cilium-container-init=${{package.full-version}} + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/usr/bin + cp images/cilium/init-container.sh \ + plugins/cilium-cni/install-plugin.sh \ + plugins/cilium-cni/cni-uninstall.sh \ + ${{targets.subpkgdir}}/usr/bin + + - name: ${{package.name}}-container-init-compat + description: init scripts for cilium + dependencies: + runtime: + - ${{package.name}}-container-init + provides: + - cilium-container-init-compat=${{package.full-version}} + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}} + ln -sf /usr/bin/init-container.sh ${{targets.subpkgdir}}/init-container.sh + ln -sf /usr/bin/install-plugin.sh ${{targets.subpkgdir}}/install-plugin.sh + ln -sf /usr/bin/cni-uninstall.sh ${{targets.subpkgdir}}/cni-uninstall.sh + + - name: ${{package.name}}-iptables + description: iptables compatibility package for cilium + dependencies: + runtime: + - iptables + provides: + - cilium-iptables=${{package.full-version}} + pipeline: + - runs: | + # This script generates a wrapper based on the version + # of iptables provided by the build environment. + ./images/runtime/iptables-wrapper-installer.sh + mkdir -p ${{targets.subpkgdir}}/sbin + mv /sbin/iptables-wrapper ${{targets.subpkgdir}}/sbin/iptables-wrapper + - uses: strip + + - name: ${{package.name}}-operator-generic + description: Generic operator for cilium + dependencies: + runtime: + - gops + provides: + - cilium-operator-generic=${{package.full-version}} + pipeline: + - runs: | + cd /home/build/operator + make cilium-operator-generic + DESTDIR=${{targets.subpkgdir}} make install-generic + - uses: strip + + - name: ${{package.name}}-hubble-relay + description: Hubble relay + dependencies: + provides: + - cilium-hubble-relay=${{package.full-version}} + pipeline: + - runs: | + cd /home/build/hubble-relay + make hubble-relay + DESTDIR=${{targets.subpkgdir}} make install + - uses: strip + +update: + # set to false until we figure out whats happening with the latest updates + enabled: false + github: + identifier: cilium/cilium + strip-prefix: v + tag-filter-prefix: v1.14. \ No newline at end of file From fa5f5ebcff1e8b2d44faec2a4afa92aefefbc766 Mon Sep 17 00:00:00 2001 From: ajayk Date: Tue, 27 Feb 2024 13:17:42 -0800 Subject: [PATCH 140/235] add version stream for cilium-1.14 --- cilium-1.14.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/cilium-1.14.yaml b/cilium-1.14.yaml index ea3222a8e57..a2a0cdd0e13 100644 --- a/cilium-1.14.yaml +++ b/cilium-1.14.yaml @@ -18,7 +18,7 @@ package: - llvm15 - llvm15-tools provides: - - cilium=${{package.full-version}} + - cilium=${{package.full-version}} environment: contents: @@ -60,7 +60,7 @@ subpackages: description: init scripts for cilium dependencies: provides: - - cilium-container-init=${{package.full-version}} + - cilium-container-init=${{package.full-version}} pipeline: - runs: | mkdir -p ${{targets.subpkgdir}}/usr/bin @@ -75,7 +75,7 @@ subpackages: runtime: - ${{package.name}}-container-init provides: - - cilium-container-init-compat=${{package.full-version}} + - cilium-container-init-compat=${{package.full-version}} pipeline: - runs: | mkdir -p ${{targets.subpkgdir}} @@ -89,7 +89,7 @@ subpackages: runtime: - iptables provides: - - cilium-iptables=${{package.full-version}} + - cilium-iptables=${{package.full-version}} pipeline: - runs: | # This script generates a wrapper based on the version @@ -105,7 +105,7 @@ subpackages: runtime: - gops provides: - - cilium-operator-generic=${{package.full-version}} + - cilium-operator-generic=${{package.full-version}} pipeline: - runs: | cd /home/build/operator @@ -117,7 +117,7 @@ subpackages: description: Hubble relay dependencies: provides: - - cilium-hubble-relay=${{package.full-version}} + - cilium-hubble-relay=${{package.full-version}} pipeline: - runs: | cd /home/build/hubble-relay @@ -126,9 +126,9 @@ subpackages: - uses: strip update: - # set to false until we figure out whats happening with the latest updates + # set to false until we figure out whats happening with the latest updates enabled: false github: identifier: cilium/cilium strip-prefix: v - tag-filter-prefix: v1.14. \ No newline at end of file + tag-filter-prefix: v1.14. From ad709648542a97bb7d252aaa451ddcb0b44ed0c3 Mon Sep 17 00:00:00 2001 From: ajayk Date: Tue, 27 Feb 2024 13:21:31 -0800 Subject: [PATCH 141/235] add patch --- cilium-1.14/loopback-location.patch | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 cilium-1.14/loopback-location.patch diff --git a/cilium-1.14/loopback-location.patch b/cilium-1.14/loopback-location.patch new file mode 100644 index 00000000000..43100bb074e --- /dev/null +++ b/cilium-1.14/loopback-location.patch @@ -0,0 +1,15 @@ +Update the loopback binary location to be /usr/bin + +diff --git a/plugins/cilium-cni/install-plugin.sh b/plugins/cilium-cni/install-plugin.sh +index f3d589acc8..9cd4673fbf 100755 +--- a/plugins/cilium-cni/install-plugin.sh ++++ b/plugins/cilium-cni/install-plugin.sh +@@ -30,7 +30,7 @@ install_cni() { + # Install the CNI loopback driver if not installed already + if [ ! -f "${CNI_DIR}/bin/loopback" ]; then + # Don't fail hard if this fails as it is usually not required +- install_cni /cni/loopback || true ++ install_cni /usr/bin/loopback || true + fi + + install_cni "/opt/cni/bin/${BIN_NAME}" From 92063a29a4467b6f1ab14a4e66e0bc480f41b989 Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Tue, 27 Feb 2024 11:35:28 -0700 Subject: [PATCH 142/235] feat(packages): Add Docker Selenium Adds Docker Selenium to Wolfi Signed-off-by: RJ Sampson --- docker-selenium.yaml | 194 +++++++++++++++++++++++++++ docker-selenium/0001-fix-paths.patch | 31 +++++ 2 files changed, 225 insertions(+) create mode 100644 docker-selenium.yaml create mode 100644 docker-selenium/0001-fix-paths.patch diff --git a/docker-selenium.yaml b/docker-selenium.yaml new file mode 100644 index 00000000000..fafdc6c82a5 --- /dev/null +++ b/docker-selenium.yaml @@ -0,0 +1,194 @@ +package: + name: docker-selenium + # Officially they distribute the version with the following format: 4.16.1-20231219 + # But the '-' is not a valid character according to APK versioning spec; and resulting + # 'package format error' when trying to install the package. The workaround is + # to replace '-' with '.', then mangling the version to replace back. + version: 4.18.1.20240224 + epoch: 0 + description: Provides a simple way to run Selenium Grid with Chrome, Firefox, and Edge using Docker, making it easier to perform browser automation + copyright: + - license: Apache-2.0 + target-architecture: + # TODO: Enable aarch64 + # Requires aarch64 variant of Chromedriver + - x86_64 + dependencies: + runtime: + - Xvfb + - bash + - busybox + - chromium + - coreutils + - fluxbox + - font-ipa + - font-liberation + - font-misc-cyrillic + - font-noto-emoji + - font-ubuntu + - font-wqy-zenhei + - fontconfig + - freetype + - glib + - glibc-locale-en + - libfontconfig1 + - libgcc + - libnss + - libnss-tools + - libxcb + - mcookie + - novnc + - openjdk-11 + - pulseaudio + - selenium-server-compat + - sudo-rs + - supervisor + - ttf-dejavu + - tzdata + - websockify + - x11vnc + - xauth + - xkbcomp + - xkeyboard-config + - xmessage + - xvfb-run + +environment: + contents: + packages: + - acl + - bash + - build-base + - busybox + - bzip2 + - ca-certificates-bundle + - chromium + - curl + - git + - gnupg + - jq + - openjdk-11 + - openjdk-11-default-jvm + - openjdk-11-jre + - openssl + - x11vnc + - yq + environment: + JAVA_HOME: /usr/lib/jvm/java-11-openjdk + TC: UTC + SEL_USER: seluser + SEL_PASSWD: secret + +# Transform melange version to replace last dot "." with "-". +var-transforms: + - from: ${{package.version}} + match: ^(.+)\.(\d+)$ + replace: $1-$2 + to: mangled-package-version + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/SeleniumHQ/docker-selenium + tag: ${{vars.mangled-package-version}} + expected-commit: 9e99f2adf126979fe4a79ded70ff57e8da889ae3 + + - uses: patch + with: + patches: 0001-fix-paths.patch + + - runs: | + mkdir -p ${{targets.destdir}}/usr/bin + mkdir -p ${{targets.destdir}}/etc/supervisor/conf.d + mkdir -p ${{targets.destdir}}/var/tmp + + # https://github.com/SeleniumHQ/docker-selenium/blob/trunk/Base/Dockerfile + - working-directory: Base + pipeline: + - runs: | + mkdir -p ${{targets.destdir}}/opt/bin + install -Dm755 check-grid.sh ${{targets.destdir}}/opt/bin/ + install -Dm755 entry_point.sh ${{targets.destdir}}/opt/bin/ + install -Dm755f supervisord.conf ${{targets.destdir}}/etc + mkdir -p ${{targets.destdir}}/var/run/supervisor + - runs: | + mkdir -p ${{targets.destdir}}/opt/selenium + echo "${SEL_PASSWD}" > ${{targets.destdir}}/opt/selenium/initialPasswd + # TODO: Implement malware scan for jars retrieved by coursier + - runs: | + # Retrieve OpenTelemetry/GRPC Java versions + export OPENTELEMETRY_VERSION=$(curl "https://api.github.com/repos/open-telemetry/opentelemetry-java/releases/latest" | jq -r ".tag_name" | sed 's/v//') + export GRPC_VERSION=$(curl "https://api.github.com/repos/grpc/grpc-java/releases/latest" | jq -r ".tag_name" | sed 's/v//') + + mkdir -p ${{targets.destdir}}/external_jars + curl -sSLfO https://github.com/coursier/launchers/raw/master/coursier + chmod +x coursier + ./coursier fetch --classpath --cache ${{targets.destdir}}/external_jars \ + io.opentelemetry:opentelemetry-exporter-otlp:${OPENTELEMETRY_VERSION} \ + io.grpc:grpc-netty:${GRPC_VERSION} > ${{targets.destdir}}/external_jars/.classpath.txt + + # https://github.com/SeleniumHQ/docker-selenium/blob/trunk/NodeBase/Dockerfile + - working-directory: NodeBase + pipeline: + - runs: | + install -Dm755 start-selenium-node.sh ${{targets.destdir}}/opt/bin/ + install -Dm755 start-xvfb.sh ${{targets.destdir}}/opt/bin/ + install -Dm755 selenium.conf ${{targets.destdir}}/etc/supervisor/conf.d/ + install -Dm755 start-vnc.sh ${{targets.destdir}}/opt/bin/ + install -Dm755 start-novnc.sh ${{targets.destdir}}/opt/bin/ + install -Dm755 selenium_grid_logo.png ${{targets.destdir}}/usr/share/images/fluxbox/ubuntu-light.png + install -Dm755 generate_config ${{targets.destdir}}/opt/bin/generate_config + + mkdir -p ${{targets.destdir}}/home/$SEL_USER/.fluxbox + mkdir -p ${{targets.destdir}}/tmp/.X11-unix + mkdir -p ${{targets.destdir}}/home/$SEL_USER/.vnc + mkdir -p ${{targets.destdir}}/opt/selenium + x11vnc -storepasswd $(cat ${{targets.destdir}}/opt/selenium/initialPasswd) ${{targets.destdir}}/home/$SEL_USER/.vnc/passwd + + # https://github.com/SeleniumHQ/docker-selenium/blob/trunk/NodeChrome/Dockerfile + - working-directory: NodeChrome + pipeline: + - runs: | + install -Dm755 wrap_chrome_binary ${{targets.destdir}}/opt/bin/wrap_chrome_binary + + export CHROMEDRIVER_VERSION=$(/usr/lib/chromium/chromedriver --version | awk '{print $2}') + ln -sf /usr/lib/chromium/chromedriver ${{targets.destdir}}/opt/selenium/chromedriver-$CHROMEDRIVER_VERSION + + export CHROMIUM_VERSION=$(/usr/bin/chromium-browser --product-version) + echo "chrome" > ${{targets.destdir}}/opt/selenium/browser_name + echo $CHROMIUM_VERSION > ${{targets.destdir}}/opt/selenium/browser_version + echo "\"goog:chromeOptions\": {\"binary\": \"/usr/bin/chromium\"}" > ${{targets.destdir}}/opt/selenium/browser_binary_location + + # https://github.com/SeleniumHQ/docker-selenium/blob/trunk/Standalone/Dockerfile + - working-directory: Standalone + pipeline: + - runs: | + install -Dm755 start-selenium-standalone.sh ${{targets.destdir}}/opt/bin/start-selenium-standalone.sh + install -Dm755 selenium.conf ${{targets.destdir}}/etc/supervisor/conf.d/ + install -Dm755 generate_config ${{targets.destdir}}/opt/bin/generate_config + + - uses: strip + +subpackages: + - name: docker-selenium-supervisor-config + description: Docker Selenium supervisor configuration + dependencies: + replaces: + - supervisor-config + provides: + - supervisor-config + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/etc + mv ${{targets.destdir}}/etc/supervisord.conf ${{targets.subpkgdir}}/etc + mv ${{targets.destdir}}/etc/supervisor ${{targets.subpkgdir}}/etc + +update: + enabled: true + ignore-regex-patterns: + - '.*grid.*' + version-transform: + - match: ^(.+)\-(\d+)$ + replace: $1.$2 + github: + identifier: SeleniumHQ/docker-selenium diff --git a/docker-selenium/0001-fix-paths.patch b/docker-selenium/0001-fix-paths.patch new file mode 100644 index 00000000000..e98e813f5a6 --- /dev/null +++ b/docker-selenium/0001-fix-paths.patch @@ -0,0 +1,31 @@ +From a46cb8f824d0b43270ebd8a5405ffe199afd9af0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Furkan=20T=C3=BCrkal?= +Date: Tue, 30 Jan 2024 13:54:17 +0300 +Subject: [PATCH] fix paths +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Furkan Türkal +--- + NodeBase/start-novnc.sh | 2 +- + NodeBase/start-vnc.sh | 2 +- + NodeBase/start-xvfb.sh | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/NodeBase/start-novnc.sh b/NodeBase/start-novnc.sh +index c3cb4ef..075e62d 100755 +--- a/NodeBase/start-novnc.sh ++++ b/NodeBase/start-novnc.sh +@@ -18,7 +18,7 @@ if [ "${START_XVFB:-$SE_START_XVFB}" = true ] ; then + fi + fi + +- /opt/bin/noVNC/utils/novnc_proxy --listen ${NO_VNC_PORT:-$SE_NO_VNC_PORT} --vnc localhost:${VNC_PORT:-$SE_VNC_PORT} ++ /usr/bin/novnc_server --web /usr/share/webapps/novnc --listen ${NO_VNC_PORT:-$SE_NO_VNC_PORT} --vnc localhost:${VNC_PORT:-$SE_VNC_PORT} + else + echo "noVNC won't start because SE_START_NO_VNC is false." + fi +-- +2.39.3 (Apple Git-145) + From b8b96853955c50c8823e7b7b5d9f2f444b920a94 Mon Sep 17 00:00:00 2001 From: ajayk Date: Tue, 27 Feb 2024 13:47:11 -0800 Subject: [PATCH 143/235] gcloud-sdk: add gcloud component list test --- google-cloud-sdk.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/google-cloud-sdk.yaml b/google-cloud-sdk.yaml index 7820a3a7ec7..594229a7420 100644 --- a/google-cloud-sdk.yaml +++ b/google-cloud-sdk.yaml @@ -86,6 +86,7 @@ test: pipeline: - runs: gcloud --version - runs: gsutil --version + - runs: gcloud components list update: enabled: true From 130d6c021cd00052a1b8147f6fd622c18e6bffcd Mon Sep 17 00:00:00 2001 From: ajayk Date: Tue, 27 Feb 2024 13:59:42 -0800 Subject: [PATCH 144/235] cilium-1.14: add a version test --- cilium-1.14.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cilium-1.14.yaml b/cilium-1.14.yaml index a2a0cdd0e13..3549bc44642 100644 --- a/cilium-1.14.yaml +++ b/cilium-1.14.yaml @@ -125,6 +125,10 @@ subpackages: DESTDIR=${{targets.subpkgdir}} make install - uses: strip +test: + pipeline: + - runs: cilium version + update: # set to false until we figure out whats happening with the latest updates enabled: false From bc9e21cf5d03816826f041c119bd829ad7d860f5 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 22:09:32 +0000 Subject: [PATCH 145/235] py3-boto3/1.34.51 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-boto3.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-boto3.yaml b/py3-boto3.yaml index 90f09fa9afc..5d17bbf2dff 100644 --- a/py3-boto3.yaml +++ b/py3-boto3.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/boto3/ package: name: py3-boto3 - version: 1.34.50 + version: 1.34.51 epoch: 0 description: The AWS SDK for Python copyright: @@ -24,7 +24,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 290952be7899560039cb0042e8a2354f61a7dead0d0ca8bea6ba901930df0468 + expected-sha256: 2cd9463e738a184cbce8a6824027c22163c5f73e277a35ff5aa0fb0e845b4301 uri: https://files.pythonhosted.org/packages/source/b/boto3/boto3-${{package.version}}.tar.gz - name: Python Build From 7cde455525f619f4bf72e38fc3a3be8573180b88 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 22:09:40 +0000 Subject: [PATCH 146/235] py3-botocore/1.34.51 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-botocore.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-botocore.yaml b/py3-botocore.yaml index 8be0cbea3d7..34089ed572d 100644 --- a/py3-botocore.yaml +++ b/py3-botocore.yaml @@ -1,6 +1,6 @@ package: name: py3-botocore - version: 1.34.50 + version: 1.34.51 epoch: 0 description: The low-level, core functionality of Boto3 copyright: @@ -27,7 +27,7 @@ pipeline: - uses: fetch with: uri: https://files.pythonhosted.org/packages/source/b/botocore/botocore-${{package.version}}.tar.gz - expected-sha256: 33ab82cb96c4bb684f0dbafb071808e4817d83debc88b223e7d988256370c6d7 + expected-sha256: 5086217442e67dd9de36ec7e87a0c663f76b7790d5fb6a12de565af95e87e319 - runs: | python3 setup.py build From a0a667fc400123285033aa726ad718a94633865c Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Tue, 27 Feb 2024 22:16:36 +0000 Subject: [PATCH 147/235] renovate/37.218.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.yaml b/renovate.yaml index 1e4afeb9fcc..76880f7542f 100644 --- a/renovate.yaml +++ b/renovate.yaml @@ -1,6 +1,6 @@ package: name: renovate - version: 37.215.1 + version: 37.218.0 epoch: 0 description: "Automated dependency updates. Multi-platform and multi-language." copyright: From d518621aaff57d9e4b391cc48f038fdbc0df0f97 Mon Sep 17 00:00:00 2001 From: Ville Aikas Date: Tue, 27 Feb 2024 14:15:54 -0800 Subject: [PATCH 148/235] bump version. Signed-off-by: Ville Aikas --- pombump.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pombump.yaml b/pombump.yaml index ec4d8baa1b4..852cec42368 100644 --- a/pombump.yaml +++ b/pombump.yaml @@ -1,6 +1,6 @@ package: name: pombump - version: 0.0.9 + version: 0.0.10 epoch: 0 description: Go tool for bumping versions in pom.xml files copyright: @@ -11,7 +11,7 @@ pipeline: with: repository: https://github.com/chainguard-dev/pombump.git tag: v${{package.version}} - expected-commit: c18f3617e009085e8479eabecf9bbeca9f2df781 + expected-commit: 25249008fd8205e5d011ce09d37f7e18718a6051 - uses: go/build with: From dd8874602f880f2604abe20372b56c833b203969 Mon Sep 17 00:00:00 2001 From: Philippe Deslauriers Date: Wed, 28 Feb 2024 00:52:46 +0000 Subject: [PATCH 149/235] kube-fluentd-operator: Fix CVE-2023-4785 Signed-off-by: Philippe Deslauriers --- kube-fluentd-operator.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kube-fluentd-operator.yaml b/kube-fluentd-operator.yaml index dad87ddba47..6b655fdf600 100644 --- a/kube-fluentd-operator.yaml +++ b/kube-fluentd-operator.yaml @@ -1,7 +1,7 @@ package: name: kube-fluentd-operator version: 1.18.2 - epoch: 0 + epoch: 1 description: Auto-configuration of Fluentd daemon-set based on Kubernetes metadata copyright: - license: MIT @@ -71,7 +71,7 @@ pipeline: git checkout ${{vars.FLUENT_PLUGIN_GOOGLE_CLOUD_COMMIT}} # to fix some CVEs in the grpc - sed -e "s/'grpc', '1.52.0'/'grpc', '1.53.0'/g" -i fluent-plugin-google-cloud.gemspec + sed -e "s/'grpc', '1.52.0'/'grpc', '1.53.2'/g" -i fluent-plugin-google-cloud.gemspec bundle config set --local path ${GEM_DIR} bundle config set --local without 'development test' From b744f78ea2a1907e279d3b710305f3d147ef68fc Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 01:28:53 +0000 Subject: [PATCH 150/235] perl-b-hooks-endofscope/0.27 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- perl-b-hooks-endofscope.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/perl-b-hooks-endofscope.yaml b/perl-b-hooks-endofscope.yaml index 8ca040207f7..09414d4ccb6 100644 --- a/perl-b-hooks-endofscope.yaml +++ b/perl-b-hooks-endofscope.yaml @@ -1,8 +1,8 @@ # Generated from https://git.alpinelinux.org/aports/plain/main/perl-b-hooks-endofscope/APKBUILD package: name: perl-b-hooks-endofscope - version: "0.26" - epoch: 1 + version: "0.27" + epoch: 0 description: Execute code after a scope finished compilation copyright: - license: GPL-1.0-or-later OR Artistic-1.0-Perl @@ -27,7 +27,7 @@ pipeline: - uses: fetch with: uri: https://cpan.metacpan.org/authors/id/E/ET/ETHER/B-Hooks-EndOfScope-${{package.version}}.tar.gz - expected-sha512: e7333f061889d5d97cd793ad557ec1a2c5a918c977f1af22ce004d5d67f7781fcf171f427c31ed6a2a2d02d12e6ad3e15e1c80cad498f83263ff384ab0ec297c + expected-sha512: a05b47e446cc05f6adadd7597fc96eca5066302d3241e2c032574c64a87215fd9272ce5b1f338e0df9c39bed51aeac126547dd0cfb5f154a23721513f09894fe - uses: perl/make From 80b90de67752a6f1b00949798c9bf07fed8f6bb4 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 01:29:00 +0000 Subject: [PATCH 151/235] parallel/20240222 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- parallel.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/parallel.yaml b/parallel.yaml index 9b07972174e..0546c70a90e 100644 --- a/parallel.yaml +++ b/parallel.yaml @@ -1,6 +1,6 @@ package: name: parallel - version: "20240122" + version: "20240222" epoch: 0 description: "GNU parallel is a shell tool for executing jobs in parallel using one or more computers" copyright: @@ -18,7 +18,7 @@ pipeline: - uses: fetch with: uri: https://ftp.gnu.org/gnu/parallel/parallel-${{package.version}}.tar.bz2 - expected-sha256: 859688cbb5641cd7b6b16b2b960be24aa4e37e655cc8ffcd8af971cd7d5b449f + expected-sha256: eba09b6a7e238f622293f7d461597f35075cb56f170d0a73148f53d259ec8556 - uses: autoconf/configure From 5eb03409f12effdc9bc5d5109d21c97ca43f6d0b Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 02:19:56 +0000 Subject: [PATCH 152/235] rqlite/8.22.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- rqlite.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rqlite.yaml b/rqlite.yaml index f2b71279699..ef94c0172c2 100644 --- a/rqlite.yaml +++ b/rqlite.yaml @@ -1,7 +1,7 @@ package: name: rqlite # When bumping the version, you can remove the `go get` line in the build. - version: 8.22.0 + version: 8.22.1 epoch: 0 description: The lightweight, distributed relational database built on SQLite copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/rqlite/rqlite tag: v${{package.version}} - expected-commit: d67a56bdac79565923bb9ce12b5add55180072b4 + expected-commit: aea705a521c069badd949237ddc38ca592bfea01 - runs: | mkdir -p ${{targets.destdir}}/usr/bin From 08720a4c69f4e44754ebd7e955ef9a01c927a317 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 02:20:02 +0000 Subject: [PATCH 153/235] memcached/1.6.24 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- memcached.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/memcached.yaml b/memcached.yaml index 32149a95292..ce92a5b2985 100644 --- a/memcached.yaml +++ b/memcached.yaml @@ -1,6 +1,6 @@ package: name: memcached - version: 1.6.23 + version: 1.6.24 epoch: 0 description: "Distributed memory object caching system" copyright: @@ -23,7 +23,7 @@ pipeline: - uses: fetch with: uri: https://www.memcached.org/files/memcached-${{package.version}}.tar.gz - expected-sha512: b531a58f8fd1ff9ae821319302093ccf44a6c911ad680a15cc29390144a153340814f45c0a1ea9eebf999743399579e655abea671b27b85c1202d70945ce902a + expected-sha512: e43386c2a6c0b95cefdccfe7f6b3890c59ca8b5c2636efc2e910b9617b20a5cf6de9bfedaafe0fb05c91bebb175fbdf033f5e0e512cb041b73af5af0d1854265 - uses: autoconf/configure with: From 5a72c546f286f4ed3e9f38d9536cc467f2d85c15 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 02:20:22 +0000 Subject: [PATCH 154/235] binaryen/117 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- binaryen.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/binaryen.yaml b/binaryen.yaml index 3e541558f5c..0fe74374667 100644 --- a/binaryen.yaml +++ b/binaryen.yaml @@ -1,6 +1,6 @@ package: name: binaryen - version: "116" + version: "117" epoch: 0 description: Optimizer and compiler/toolchain library for WebAssembly copyright: @@ -22,7 +22,7 @@ pipeline: with: repository: https://github.com/webassembly/binaryen tag: version_${{package.version}} - expected-commit: 11dba9b1c2ad988500b329727f39f4d8786918c5 + expected-commit: c62a0c97168e88f97bca4bd96298a5ffc041844d - uses: cmake/configure with: From d689eb28b5c2ed0b8851f856ba00a73b2ce7ad08 Mon Sep 17 00:00:00 2001 From: Graham Bucknell Date: Wed, 28 Feb 2024 13:45:19 +1100 Subject: [PATCH 155/235] remove redis mistake, change update script --- php-8.2-memcached.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/php-8.2-memcached.yaml b/php-8.2-memcached.yaml index 567946f3fce..1c800b7f836 100644 --- a/php-8.2-memcached.yaml +++ b/php-8.2-memcached.yaml @@ -10,7 +10,7 @@ package: - ${{package.name}}-config - php-8.2 provides: - - php-redis=${{package.full-version}} + - php-memcached=${{package.full-version}} environment: contents: @@ -18,11 +18,11 @@ environment: - autoconf - build-base - busybox + - libmemcached-dev - php-8.2 - php-8.2-dev - php-8.2-igbinary-dev - zlib-dev - - libmemcached-dev pipeline: - uses: git-checkout @@ -51,7 +51,7 @@ subpackages: pipeline: - runs: | mkdir -p "${{targets.subpkgdir}}/etc/php/conf.d" - echo "extension=memcached.so" > "${{targets.subpkgdir}}/etc/php/conf.d/redis.ini" + echo "extension=memcached.so" > "${{targets.subpkgdir}}/etc/php/conf.d/memcached.ini" - name: ${{package.name}}-dev description: PHP 8.2 memcached development headers @@ -65,3 +65,5 @@ update: enabled: true github: identifier: php-memcached-dev/php-memcached + strip-prefix: v + tag-filter: v From 10154c0a6f26631dcc2976a31cbc0e339a4e92bb Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 03:08:54 +0000 Subject: [PATCH 156/235] openjpeg/2.5.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- openjpeg.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/openjpeg.yaml b/openjpeg.yaml index 508073c8e61..972635eac12 100644 --- a/openjpeg.yaml +++ b/openjpeg.yaml @@ -1,7 +1,7 @@ package: name: openjpeg - version: 2.5.0 - epoch: 1 + version: 2.5.1 + epoch: 0 description: "Open-source implementation of JPEG2000 image codec" copyright: - license: BSD-2-Clause @@ -24,7 +24,7 @@ pipeline: - uses: fetch with: uri: https://github.com/uclouvain/openjpeg/archive/v${{package.version}}/openjpeg-v${{package.version}}.tar.gz - expected-sha512: 08975a2dd79f1e29fd1824249a5fbe66026640ed787b3a3aa8807c2c69f994240ff33e2132f8bf15bbc2202bef7001f98e42d487231d4eebc8e503538658049a + expected-sha512: 7cb0b67e67b3e2799577a6b6f5d60c67c6ce12d16c307e01129b763a48e272eeaf029504dc52b5cc380e562c2db5220f335449b52eacc3784763f95524e4a8d9 # - uses: patch # with: From e2d45473b6e34f9178d90e2704dae19d68c111a6 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 05:08:46 +0000 Subject: [PATCH 157/235] libbsd/0.12.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- libbsd.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libbsd.yaml b/libbsd.yaml index bbe47d82b3b..0262e8de282 100644 --- a/libbsd.yaml +++ b/libbsd.yaml @@ -1,6 +1,6 @@ package: name: libbsd - version: 0.12.0 + version: 0.12.1 epoch: 0 description: commonly-used BSD functions not implemented by all libcs copyright: @@ -19,7 +19,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: f741a3bc75162ba19f2f6666076a7961cd75dc93c234e9be4594da1e6f848cfb + expected-sha256: d7747f8ec1baa6ff5c096a9dd587c061233dec90da0f1aedd66d830f6db6996a uri: https://libbsd.freedesktop.org/releases/libbsd-${{package.version}}.tar.xz - uses: autoconf/configure From 3d6ea036987b7d11dd498eb096ff0e2d27aeba05 Mon Sep 17 00:00:00 2001 From: ajayk Date: Tue, 27 Feb 2024 21:35:48 -0800 Subject: [PATCH 158/235] binaryen update cmake flags --- binaryen.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/binaryen.yaml b/binaryen.yaml index 0fe74374667..a0fdacb2c85 100644 --- a/binaryen.yaml +++ b/binaryen.yaml @@ -27,7 +27,12 @@ pipeline: - uses: cmake/configure with: opts: | - -DBUILD_TESTS=OFF + -DBUILD_TESTS=OFF \ + -DCMAKE_C_COMPILER=gcc \ + -DCMAKE_CXX_COMPILER=g++ \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_CXX_STANDARD=20 - uses: cmake/build From d8a0b754b44513650086b5f96ed03a5c6407d2b9 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 06:15:26 +0000 Subject: [PATCH 159/235] renovate/37.219.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.yaml b/renovate.yaml index 76880f7542f..eddcf820a67 100644 --- a/renovate.yaml +++ b/renovate.yaml @@ -1,6 +1,6 @@ package: name: renovate - version: 37.218.0 + version: 37.219.0 epoch: 0 description: "Automated dependency updates. Multi-platform and multi-language." copyright: From 83acc6ef90f8614b3a0d07072bfeb4bb4bacc959 Mon Sep 17 00:00:00 2001 From: ajayk Date: Tue, 27 Feb 2024 22:05:25 -0800 Subject: [PATCH 160/235] add test --- binaryen.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/binaryen.yaml b/binaryen.yaml index a0fdacb2c85..09b5900b530 100644 --- a/binaryen.yaml +++ b/binaryen.yaml @@ -51,3 +51,22 @@ update: github: identifier: webassembly/binaryen strip-prefix: version_ + +test: + pipeline: + - runs: | + cat > hello_world.wat <<'EOF' + (module + (type $i32_i32_=>_i32 (func (param i32 i32) (result i32))) + (memory $0 256 256) + (export "add" (func $add)) + (func $add (param $x i32) (param $y i32) (result i32) + (i32.add + (local.get $x) + (local.get $y) + ) + ) + ) + EOF + /usr/bin/wasm2js hello_world.wat -o hello_world.js + cat hello_world.js From aada83f4659e1e64fa526ed58bebba0a87d6d4b7 Mon Sep 17 00:00:00 2001 From: kranurag7 <81210977+kranurag7@users.noreply.github.com> Date: Wed, 28 Feb 2024 13:08:57 +0530 Subject: [PATCH 161/235] make yq a static executable Signed-off-by: kranurag7 <81210977+kranurag7@users.noreply.github.com> --- yq.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/yq.yaml b/yq.yaml index 8344eac5204..a6db7bcc0d5 100644 --- a/yq.yaml +++ b/yq.yaml @@ -1,11 +1,15 @@ package: name: yq version: 4.42.1 - epoch: 0 + epoch: 1 description: "yq is a portable command-line YAML, JSON, XML, CSV and properties processor" copyright: - license: Apache-2.0 +environment: + environment: + CGO_ENABLED: "0" + pipeline: - uses: git-checkout with: From 1fd6faa028bccd2ff43c3ee0c7e13e1a06ef45fe Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 10:15:13 +0000 Subject: [PATCH 162/235] k8s-sidecar/1.26.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- k8s-sidecar.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s-sidecar.yaml b/k8s-sidecar.yaml index 6928ed5d8d6..6c9484c8673 100644 --- a/k8s-sidecar.yaml +++ b/k8s-sidecar.yaml @@ -1,6 +1,6 @@ package: name: k8s-sidecar - version: 1.25.6 + version: 1.26.0 epoch: 0 description: "container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder" copyright: @@ -25,7 +25,7 @@ pipeline: with: repository: https://github.com/kiwigrid/k8s-sidecar tag: ${{package.version}} - expected-commit: 34e16c9440adea149e8964b81f8e7574f2f48d65 + expected-commit: ac2354adbc69afe932c45ab7ea7c4a51dd98dd1a - runs: | mkdir -p ${{targets.destdir}}/usr/share/app From 940e06845584fa4d162154bf110c6ce31d55df3a Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 10:15:20 +0000 Subject: [PATCH 163/235] actions-runner-controller/0.8.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- actions-runner-controller.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/actions-runner-controller.yaml b/actions-runner-controller.yaml index 287f449ff64..88be2169c6b 100644 --- a/actions-runner-controller.yaml +++ b/actions-runner-controller.yaml @@ -1,7 +1,7 @@ package: name: actions-runner-controller - version: 0.8.2 - epoch: 1 + version: 0.8.3 + epoch: 0 description: Kubernetes controller for GitHub Actions self-hosted runners copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ pipeline: with: repository: https://github.com/actions/actions-runner-controller tag: gha-runner-scale-set-${{package.version}} - expected-commit: d72774753c1ac24f927cac68b368f2abc9f65f40 + expected-commit: 309b53143e55d4ff7b1777561c20a70bc09c8da1 # Ref: https://github.com/actions/actions-runner-controller/blob/gha-runner-scale-set-0.5.0/Dockerfile#L35 - uses: go/bump From 8eafe488c6f445443a98e21652c8d4faced59b36 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 13:15:17 +0000 Subject: [PATCH 164/235] prometheus-alertmanager/0.27.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- prometheus-alertmanager.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/prometheus-alertmanager.yaml b/prometheus-alertmanager.yaml index 22dad4cb859..2c4e74a91a2 100644 --- a/prometheus-alertmanager.yaml +++ b/prometheus-alertmanager.yaml @@ -1,8 +1,8 @@ package: name: prometheus-alertmanager # When bumping this version you can remove the `go get` line in the build script - version: 0.26.0 - epoch: 6 + version: 0.27.0 + epoch: 0 description: Prometheus Alertmanager copyright: - license: Apache-2.0 @@ -22,11 +22,7 @@ pipeline: with: repository: https://github.com/prometheus/alertmanager tag: v${{package.version}} - expected-commit: d7b4f0c7322e7151d6e3b1e31cbc15361e295d8d - - - uses: go/bump - with: - deps: golang.org/x/net@v0.17.0 golang.org/x/crypto@v0.17.0 + expected-commit: 0aa3c2aad14cff039931923ab16b26b7481783b5 - runs: | make build From cfdb35366d6991b376fca2dc564f55f6dbab121e Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:15:39 +0000 Subject: [PATCH 165/235] py3-jupyterhub-idle-culler/1.3.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-jupyterhub-idle-culler.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-jupyterhub-idle-culler.yaml b/py3-jupyterhub-idle-culler.yaml index 2aed917f552..e6ffd51f5c9 100644 --- a/py3-jupyterhub-idle-culler.yaml +++ b/py3-jupyterhub-idle-culler.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/jupyterhub-idle-culler/ package: name: py3-jupyterhub-idle-culler - version: 1.3.0 + version: 1.3.1 epoch: 0 copyright: - license: BSD-3-Clause @@ -24,7 +24,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 10e9cb99e174542339b71f081f561f4ec36d8021 + expected-commit: 37aa612767c1b0d0a969395b329d286e7cf6c074 repository: https://github.com/jupyterhub/jupyterhub-idle-culler tag: ${{package.version}} From d4a7675c1a13c1e7ee2599ca8e2a5e1a18c43c01 Mon Sep 17 00:00:00 2001 From: Ajay Kemparaj Date: Wed, 28 Feb 2024 06:56:38 -0800 Subject: [PATCH 166/235] Update prometheus-alertmanager.yaml --- prometheus-alertmanager.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/prometheus-alertmanager.yaml b/prometheus-alertmanager.yaml index 2c4e74a91a2..e9532278c33 100644 --- a/prometheus-alertmanager.yaml +++ b/prometheus-alertmanager.yaml @@ -16,6 +16,7 @@ environment: - ca-certificates-bundle - curl - go + - npm pipeline: - uses: git-checkout From 2cb48cba0a6ad0599228e680ba65c4f61095aa2b Mon Sep 17 00:00:00 2001 From: Ajay Kemparaj Date: Wed, 28 Feb 2024 07:00:41 -0800 Subject: [PATCH 167/235] Update prometheus-alertmanager.yaml --- prometheus-alertmanager.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/prometheus-alertmanager.yaml b/prometheus-alertmanager.yaml index e9532278c33..7833c13b106 100644 --- a/prometheus-alertmanager.yaml +++ b/prometheus-alertmanager.yaml @@ -16,6 +16,7 @@ environment: - ca-certificates-bundle - curl - go + - nodejs - npm pipeline: From bba0b7630afc2e11048aba19bfe1850addf36612 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 15:15:46 +0000 Subject: [PATCH 168/235] py3-rich/13.7.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-rich.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-rich.yaml b/py3-rich.yaml index d52821d8897..1972ce89d80 100644 --- a/py3-rich.yaml +++ b/py3-rich.yaml @@ -1,6 +1,6 @@ package: name: py3-rich - version: 13.7.0 + version: 13.7.1 epoch: 0 description: "Rich is a Python library for rich text and beautiful formatting in the terminal." copyright: @@ -27,7 +27,7 @@ pipeline: with: repository: https://github.com/Textualize/rich tag: v${{package.version}} - expected-commit: fd981823644ccf50d685ac9c0cfe8e1e56c9dd35 + expected-commit: 7f580bdcf07a3b269a0e786b6a3aa9c804f393cf - runs: | export SETUPTOOLS_SCM_PRETEND_VERSION=${{package.version}} From 826833b06c17f69a97d949fbc2401747af4b9878 Mon Sep 17 00:00:00 2001 From: Ajay Kemparaj Date: Wed, 28 Feb 2024 07:57:52 -0800 Subject: [PATCH 169/235] Update py3-rich.yaml --- py3-rich.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py3-rich.yaml b/py3-rich.yaml index 1972ce89d80..7f52fc731fd 100644 --- a/py3-rich.yaml +++ b/py3-rich.yaml @@ -4,7 +4,7 @@ package: epoch: 0 description: "Rich is a Python library for rich text and beautiful formatting in the terminal." copyright: - - license: LGPL-2.1 + - license: LGPL-2.1-or-later dependencies: runtime: - py3-markdown-it-py From e3f9de6ed34e0e97efc5a6183adb70b32bc98bcf Mon Sep 17 00:00:00 2001 From: Ajay Kemparaj Date: Wed, 28 Feb 2024 08:04:22 -0800 Subject: [PATCH 170/235] Update py3-rich.yaml --- py3-rich.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py3-rich.yaml b/py3-rich.yaml index 7f52fc731fd..5faf9876826 100644 --- a/py3-rich.yaml +++ b/py3-rich.yaml @@ -4,7 +4,7 @@ package: epoch: 0 description: "Rich is a Python library for rich text and beautiful formatting in the terminal." copyright: - - license: LGPL-2.1-or-later + - license: LGPL-2.1-or-later dependencies: runtime: - py3-markdown-it-py From 2aebd003639e61dc5eb687f4109563d72f3225fb Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 16:15:45 +0000 Subject: [PATCH 171/235] hugo-extended/0.123.5 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- hugo-extended.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hugo-extended.yaml b/hugo-extended.yaml index 86414700ac7..530b1b7f6fb 100644 --- a/hugo-extended.yaml +++ b/hugo-extended.yaml @@ -1,6 +1,6 @@ package: name: hugo-extended - version: 0.123.4 + version: 0.123.5 epoch: 0 description: The world's fastest framework for building websites. copyright: From 23d4478e72ede8a489a2f9b5490e38fb05ca6152 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 16:16:03 +0000 Subject: [PATCH 172/235] hugo/0.123.5 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- hugo.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hugo.yaml b/hugo.yaml index 164ed36b154..2e0927074cd 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -1,6 +1,6 @@ package: name: hugo - version: 0.123.4 + version: 0.123.5 epoch: 0 description: The world's fastest framework for building websites. copyright: @@ -18,7 +18,7 @@ pipeline: with: repository: https://github.com/gohugoio/hugo tag: v${{package.version}} - expected-commit: 21a41003c4633b142ac565c52da22924dc30637a + expected-commit: 1904ba40e8f6871fc8ece7d276c3499db7dbd3f0 - uses: go/build with: From db020062d660e0c8c83df14916abbc6254da3176 Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Wed, 28 Feb 2024 09:48:27 -0700 Subject: [PATCH 173/235] chore(chromium): Bump to 122.0.6261.99 Signed-off-by: RJ Sampson --- chromium.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/chromium.yaml b/chromium.yaml index 0023a95444a..b0d5e3d45d4 100644 --- a/chromium.yaml +++ b/chromium.yaml @@ -1,11 +1,11 @@ -# source is chromium src so we can't use github updates to get expected commit +# source is chromium src so we can't use github updates to get expected commit # let's still auto create the PR, it will fail as expected commit will be wrong # however it will be easy to fix #nolint:git-checkout-must-use-github-updates package: name: chromium - version: 122.0.6250.1 - epoch: 1 + version: 122.0.6261.99 + epoch: 0 description: "Open souce version of Google's chrome web browser" copyright: - license: BSD-3-Clause @@ -116,7 +116,7 @@ pipeline: repository: https://chromium.googlesource.com/chromium/src.git tag: ${{package.version}} depth: 1 - expected-commit: 553d92272085528d3d2c898c9263714e8ad3345b + expected-commit: ae38870e15f9d99049aaaf0e7245bc3583ae6cf9 destination: /home/src - runs: | From 814e8a0492c973aa34446d3e4a484264fb57e185 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 18:15:11 +0000 Subject: [PATCH 174/235] npm/10.5.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- npm.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/npm.yaml b/npm.yaml index 64bfb784358..c4e9374e422 100644 --- a/npm.yaml +++ b/npm.yaml @@ -1,7 +1,7 @@ package: name: npm - version: 10.4.0 - epoch: 2 + version: 10.5.0 + epoch: 0 description: "the npm package manager for javascript, mainline" copyright: - license: Artistic-2.0 @@ -17,7 +17,7 @@ pipeline: - uses: fetch with: uri: https://registry.npmjs.org/npm/-/npm-${{package.version}}.tgz - expected-sha512: 452eccc743957d794e7102d178fb8321874509504f08d6a9587a650cafa687b18374ffd3be8af8a1cbb26d144f4af7dc45bdaf8d126dd5f1c2ab0ddcafca8009 + expected-sha512: 123c70bdf87d627595536c80e45ce860b4d6e76bf11c2cfe307ace160f4273c205805ffa7f90063c0bdbe564dacb90c850fd4d21f37754167470b9463b462cf8 delete: true - uses: patch From ff11f1b3fd528b834243c23f31792e43a954eb2b Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Wed, 28 Feb 2024 11:16:46 -0700 Subject: [PATCH 175/235] chore(chromium): Enable automatic updates Enables automatic updates for Chromium Signed-off-by: RJ Sampson --- chromium.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/chromium.yaml b/chromium.yaml index b0d5e3d45d4..10d605aa0f1 100644 --- a/chromium.yaml +++ b/chromium.yaml @@ -1,6 +1,3 @@ -# source is chromium src so we can't use github updates to get expected commit -# let's still auto create the PR, it will fail as expected commit will be wrong -# however it will be easy to fix #nolint:git-checkout-must-use-github-updates package: name: chromium @@ -205,7 +202,7 @@ subpackages: mv ${{targets.destdir}}/usr/lib/${{package.name}}/locales ${{targets.subpkgdir}}/usr/lib/${{package.name}} update: - enabled: false + enabled: true release-monitor: identifier: 13344 From 6a2a5ed30ee94ac1c6bf6f6cbf99499fbdf45645 Mon Sep 17 00:00:00 2001 From: Ajay Kemparaj Date: Wed, 28 Feb 2024 10:37:52 -0800 Subject: [PATCH 176/235] Update npm.yaml ip library was addressed in https://github.com/npm/cli/commit/43cac2f990aefca283d49e26ff83ba5d6fb28313 Signed-off-by: Ajay Kemparaj --- npm.yaml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/npm.yaml b/npm.yaml index c4e9374e422..8f25c13e94a 100644 --- a/npm.yaml +++ b/npm.yaml @@ -24,21 +24,6 @@ pipeline: with: patches: dont-check-for-last-version.patch - # Delete the ip package from the npm package to prepare for replacement. - - working-directory: /home/build/node_modules - runs: | - rm -rf ip - - # update the https://www.npmjs.com/package/ip/v/2.0.1 - # that resolves a CVE. - # remove this once npm fixes it - - uses: fetch - working-directory: /home/build/node_modules/ip - with: - uri: https://registry.npmjs.org/ip/-/ip-2.0.1.tgz - expected-sha512: 94950bf6298b4cd8b565f5d3f8353aac105d6e228606e6b2f41eb11923d58d4790c1a1f54481aa79ff1166452d1e2a0b9923693d1e4ce0754a2469b58fc15655 - delete: true - - runs: | # Wrapper scripts written in Bash and CMD. rm bin/npm bin/npx bin/*.cmd From 7462e6390eda45d615b9a19e8b467195d6602e70 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 19:08:29 +0000 Subject: [PATCH 177/235] mesa/24.0.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- mesa.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mesa.yaml b/mesa.yaml index d292a613a71..1ed81b11ee6 100644 --- a/mesa.yaml +++ b/mesa.yaml @@ -1,6 +1,6 @@ package: name: mesa - version: 24.0.1 + version: 24.0.2 epoch: 0 description: Mesa DRI OpenGL library copyright: @@ -57,7 +57,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: f387192b08c471c545590dd12230a2a343244804b5fe866fec6aea02eab57613 + expected-sha256: 94e28a8edad06d8ed2b83eb53f253b9eb5aa62c3080f939702e1b3039b56c9e8 uri: https://mesa.freedesktop.org/archive/mesa-${{package.version}}.tar.xz - runs: | From e34efcce5f9b00d7804588b0e9d8be0fda630ec2 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 19:14:58 +0000 Subject: [PATCH 178/235] hugo/0.123.6 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- hugo.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hugo.yaml b/hugo.yaml index 2e0927074cd..738cbd8d53d 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -1,6 +1,6 @@ package: name: hugo - version: 0.123.5 + version: 0.123.6 epoch: 0 description: The world's fastest framework for building websites. copyright: @@ -18,7 +18,7 @@ pipeline: with: repository: https://github.com/gohugoio/hugo tag: v${{package.version}} - expected-commit: 1904ba40e8f6871fc8ece7d276c3499db7dbd3f0 + expected-commit: 92684f9a26838a46d1a81e3c250fef5207bcb735 - uses: go/build with: From d86593ab72dde92286a606051c83e7a540b6a1b5 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 19:15:09 +0000 Subject: [PATCH 179/235] node-problem-detector-0.8/0.8.16 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- node-problem-detector-0.8.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/node-problem-detector-0.8.yaml b/node-problem-detector-0.8.yaml index 22498a1a2ff..8b0a4571949 100644 --- a/node-problem-detector-0.8.yaml +++ b/node-problem-detector-0.8.yaml @@ -1,7 +1,7 @@ package: name: node-problem-detector-0.8 - version: 0.8.15 - epoch: 2 + version: 0.8.16 + epoch: 0 description: node-problem-detector aims to make various node problems visible to the upstream layers in the cluster management stack. copyright: - license: Apache-2.0 @@ -27,11 +27,7 @@ pipeline: with: repository: https://github.com/kubernetes/node-problem-detector tag: v${{package.version}} - expected-commit: 3704fa72a9baa124a82fc5b11371cc2b08786ab0 - - - uses: go/bump - with: - deps: google.golang.org/grpc@v1.58.3 golang.org/x/crypto@v0.17.0 + expected-commit: 855780c9c17d7483f2101f5f88d8d6861b436d0c # removes unnecessary maintain of patch files - runs: | From 4ad2c4b41125f670e6907bd21fc6533e1ff1a0c2 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 20:15:17 +0000 Subject: [PATCH 180/235] py3-sqlglot/22.0.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-sqlglot.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-sqlglot.yaml b/py3-sqlglot.yaml index ffae3b296f7..918f5b82a04 100644 --- a/py3-sqlglot.yaml +++ b/py3-sqlglot.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/sqlglot/ package: name: py3-sqlglot - version: 22.0.1 + version: 22.0.2 epoch: 0 description: An easily customizable SQL parser and transpiler copyright: @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/tobymao/sqlglot tag: v${{package.version}} - expected-commit: e2fc6e88dc7ae52d956dd84721de197c6c698d90 + expected-commit: c0d355a27d86539dfd95a87fea7e1bd75c4fabe4 - name: Python Build runs: python setup.py build From a4bbcc7848e268ec4a725686077ecf6727dc29b7 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 20:15:47 +0000 Subject: [PATCH 181/235] hugo-extended/0.123.6 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- hugo-extended.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hugo-extended.yaml b/hugo-extended.yaml index 530b1b7f6fb..8522cbb6440 100644 --- a/hugo-extended.yaml +++ b/hugo-extended.yaml @@ -1,6 +1,6 @@ package: name: hugo-extended - version: 0.123.5 + version: 0.123.6 epoch: 0 description: The world's fastest framework for building websites. copyright: From 4f0206a7ed0d5fcaaedff7cf40aca756fef185ae Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 20:15:53 +0000 Subject: [PATCH 182/235] aws-cli/1.32.52 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- aws-cli.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws-cli.yaml b/aws-cli.yaml index 5e0f69cd4d4..adaf23f8d0f 100644 --- a/aws-cli.yaml +++ b/aws-cli.yaml @@ -1,6 +1,6 @@ package: name: aws-cli - version: 1.32.51 + version: 1.32.52 epoch: 0 description: "Universal Command Line Interface for Amazon Web Services" copyright: @@ -33,7 +33,7 @@ pipeline: - uses: fetch with: uri: https://github.com/aws/aws-cli/archive/${{package.version}}.tar.gz - expected-sha256: e9030b3b6a99332e81a9a53c8cf18352200f1db4241819b3deec7f47739fe488 + expected-sha256: 82e37bc74a7f49787cc8d22d6ab53f595e264f583522ee2805706d5d8b2d0272 - runs: | python3 setup.py build From 0cb65180404717cebd675f52a228bf1f54e7c977 Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Tue, 27 Feb 2024 20:05:36 -0700 Subject: [PATCH 183/235] chore(dask-gateway): Install inside of a virtual environment Installs dask-gateway and dask-gateway-server into a venv Signed-off-by: RJ Sampson --- dask-gateway.yaml | 83 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 60 insertions(+), 23 deletions(-) diff --git a/dask-gateway.yaml b/dask-gateway.yaml index 956a899babc..fd2310a4e83 100644 --- a/dask-gateway.yaml +++ b/dask-gateway.yaml @@ -1,10 +1,16 @@ package: name: dask-gateway version: 2024.1.0 - epoch: 0 + epoch: 1 description: "A multi-tenant server for securely deploying and managing Dask clusters." copyright: - license: BSD-3-Clause + options: + # We create a dependency on libpython even though we provide + # libpython in the virtual environment. This prevents python + # versions on the host from being swapped out. Enabling no- + # depends works around this + no-depends: true dependencies: runtime: - python3 @@ -16,15 +22,10 @@ environment: - busybox - ca-certificates-bundle - go - - py3-aiohttp - - py3-build - - py3-colorlog - - py3-cryptography - py3-gpep517 - py3-installer - py3-pip - py3-setuptools - - py3-traitlets - py3-wheel - python3 - python3-dev @@ -38,31 +39,67 @@ pipeline: expected-commit: 52a523041a509dd4aae3ff831cc09dbaf95bd32c - runs: | - cd dask-gateway - python3 -m gpep517 build-wheel --wheel-dir dist --output-fd 1 + cd ${{package.name}} - python3 -m installer -d "${{targets.destdir}}" dist/dask_gateway*.whl + # Build package + python -m gpep517 build-wheel --wheel-dir dist --output-fd 1 + + # Setup venv and install package + python -m venv .venv --system-site-packages + .venv/bin/pip install -I --no-compile dist/*.whl + + mkdir -p ${{targets.destdir}}/usr/share/${{package.name}} + mv .venv ${{targets.destdir}}/usr/share/${{package.name}}/ + + # Fix venv paths + sed -i "s|/home/build|/usr/share|g" ${{targets.destdir}}/usr/share/${{package.name}}/.venv/bin/* + + # Include system site-packages + sed -i "s|include-system-site-packages = false|include-system-site-packages = true|g" ${{targets.destdir}}/usr/share/${{package.name}}/.venv/pyvenv.cfg + + # Symlink scripts to PATH + mkdir -p ${{targets.destdir}}/usr/bin/ + ln -s /usr/share/${{package.name}}/.venv/bin/dask ${{targets.destdir}}/usr/bin/dask + ln -s /usr/share/${{package.name}}/.venv/bin/dask-scheduler ${{targets.destdir}}/usr/bin/dask-scheduler + ln -s /usr/share/${{package.name}}/.venv/bin/dask-ssh ${{targets.destdir}}/usr/bin/dask-ssh + ln -s /usr/share/${{package.name}}/.venv/bin/dask-worker ${{targets.destdir}}/usr/bin/dask-worker subpackages: - name: dask-gateway-server description: A multi-tenant server for securely deploying and managing Dask clusters + options: + no-depends: true + dependencies: + runtime: + - python3 pipeline: - name: Python Build runs: | - cd dask-gateway-server - python3 -m gpep517 build-wheel --wheel-dir dist --output-fd 1 - mkdir -p "${{targets.subpkgdir}}/usr/bin" - install -Dm755 ./dask_gateway_server/proxy/dask-gateway-proxy "${{targets.subpkgdir}}/usr/bin/" - python -m installer -d "${{targets.subpkgdir}}/" dist/dask_gateway_server*.whl - dependencies: - runtime: - - py3-sqlalchemy - - py3-typing-extensions - - py3-traitlets - - py3-colorlog - - py3-aiohttp - - py3-cryptography - - py3-kubernetes-asyncio + cd ${{package.name}}-server + + # Build package + python -m gpep517 build-wheel --wheel-dir dist --output-fd 1 + + # Setup venv and install package + python -m venv .venv --system-site-packages + .venv/bin/pip install -I --no-compile dist/*.whl + + # Install kubernetes asyncio, sqlalchemy, and typing extensions + .venv/bin/pip install kubernetes-asyncio sqlalchemy typing_extensions --no-compile + + mkdir -p ${{targets.subpkgdir}}/usr/share/${{package.name}}-server + mv .venv ${{targets.subpkgdir}}/usr/share/${{package.name}}-server/ + + # Fix venv paths + sed -i "s|/home/build|/usr/share|g" ${{targets.subpkgdir}}/usr/share/${{package.name}}-server/.venv/bin/* + + # Include system site-packages + sed -i "s|include-system-site-packages = false|include-system-site-packages = true|g" ${{targets.subpkgdir}}/usr/share/${{package.name}}-server/.venv/pyvenv.cfg + + # Symlink scripts to PATH + mkdir -p ${{targets.subpkgdir}}/usr/bin/ + ln -s /usr/share/${{package.name}}-server/.venv/bin/${{package.name}}-jobqueue-launcher ${{targets.subpkgdir}}/usr/bin/${{package.name}}-jobqueue-launcher + ln -s /usr/share/${{package.name}}-server/.venv/bin/${{package.name}}-server ${{targets.subpkgdir}}/usr/bin/${{package.name}}-server update: enabled: true From 40937bdbcd5345b8dcc76d0c97ffa496c9b526db Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 21:08:20 +0000 Subject: [PATCH 184/235] openjpeg/2.5.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- openjpeg.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openjpeg.yaml b/openjpeg.yaml index 972635eac12..ebd6b336924 100644 --- a/openjpeg.yaml +++ b/openjpeg.yaml @@ -1,6 +1,6 @@ package: name: openjpeg - version: 2.5.1 + version: 2.5.2 epoch: 0 description: "Open-source implementation of JPEG2000 image codec" copyright: @@ -24,7 +24,7 @@ pipeline: - uses: fetch with: uri: https://github.com/uclouvain/openjpeg/archive/v${{package.version}}/openjpeg-v${{package.version}}.tar.gz - expected-sha512: 7cb0b67e67b3e2799577a6b6f5d60c67c6ce12d16c307e01129b763a48e272eeaf029504dc52b5cc380e562c2db5220f335449b52eacc3784763f95524e4a8d9 + expected-sha512: 24c058b3e0710e689ba7fd6bce8a88353ce64e825b2e5bbf6b00ca3f2a2ec1e9c70a72e0252a5c89d10c537cf84d55af54bf2f16c58ca01db98c2018cf132e1a # - uses: patch # with: From bd1e6bbaedbdc074032d3638b47fdff8afa74025 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 21:08:32 +0000 Subject: [PATCH 185/235] py3-boto3/1.34.52 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-boto3.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-boto3.yaml b/py3-boto3.yaml index 5d17bbf2dff..59a393011ae 100644 --- a/py3-boto3.yaml +++ b/py3-boto3.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/boto3/ package: name: py3-boto3 - version: 1.34.51 + version: 1.34.52 epoch: 0 description: The AWS SDK for Python copyright: @@ -24,7 +24,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 2cd9463e738a184cbce8a6824027c22163c5f73e277a35ff5aa0fb0e845b4301 + expected-sha256: 66303b5f26d92afb72656ff490b22ea72dfff8bf1a29e4a0c5d5f11ec56245dd uri: https://files.pythonhosted.org/packages/source/b/boto3/boto3-${{package.version}}.tar.gz - name: Python Build From 5439d6e472fc386464153986ab3378c6c5ea5ebf Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 22:08:22 +0000 Subject: [PATCH 186/235] py3-botocore/1.34.52 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-botocore.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-botocore.yaml b/py3-botocore.yaml index 34089ed572d..b6513a99d4a 100644 --- a/py3-botocore.yaml +++ b/py3-botocore.yaml @@ -1,6 +1,6 @@ package: name: py3-botocore - version: 1.34.51 + version: 1.34.52 epoch: 0 description: The low-level, core functionality of Boto3 copyright: @@ -27,7 +27,7 @@ pipeline: - uses: fetch with: uri: https://files.pythonhosted.org/packages/source/b/botocore/botocore-${{package.version}}.tar.gz - expected-sha256: 5086217442e67dd9de36ec7e87a0c663f76b7790d5fb6a12de565af95e87e319 + expected-sha256: 187da93aec3f2e87d8a31eced16fa2cb9c71fe2d69b0a797f9f7a9220f5bf7ae - runs: | python3 setup.py build From 2d1601d68182a14ee1f48f441313fe3075e92bb3 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 22:08:30 +0000 Subject: [PATCH 187/235] tk/8.6.14 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- tk.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tk.yaml b/tk.yaml index 9f7c13a6354..0ee34a2aaa8 100644 --- a/tk.yaml +++ b/tk.yaml @@ -1,6 +1,6 @@ package: name: tk - version: 8.6.13 + version: 8.6.14 epoch: 0 description: GUI toolkit for the Tcl scripting language copyright: @@ -23,7 +23,7 @@ pipeline: - uses: fetch with: uri: https://downloads.sourceforge.net/sourceforge/tcl/tk${{package.version}}-src.tar.gz - expected-sha256: 2e65fa069a23365440a3c56c556b8673b5e32a283800d8d9b257e3f584ce0675 + expected-sha256: 8ffdb720f47a6ca6107eac2dd877e30b0ef7fac14f3a84ebbd0b3612cee41a94 - runs: | cd unix From 16a20fee96fcafeead53298b9939e916ea69e230 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 28 Feb 2024 21:01:42 +0000 Subject: [PATCH 188/235] python-3.11 - Address CVE-2023-27043 --- python-3.11.yaml | 15 +- .../CVE-2023-27043-enable-disable.patch | 149 ++++++ python-3.11/CVE-2023-27043-unittest.py | 38 ++ python-3.11/CVE-2023-27043.patch | 504 ++++++++++++++++++ 4 files changed, 705 insertions(+), 1 deletion(-) create mode 100644 python-3.11/CVE-2023-27043-enable-disable.patch create mode 100644 python-3.11/CVE-2023-27043-unittest.py create mode 100644 python-3.11/CVE-2023-27043.patch diff --git a/python-3.11.yaml b/python-3.11.yaml index e895a1ba210..edbe1ae71ff 100644 --- a/python-3.11.yaml +++ b/python-3.11.yaml @@ -1,7 +1,7 @@ package: name: python-3.11 version: 3.11.8 - epoch: 0 + epoch: 1 description: "the Python programming language" copyright: - license: PSF-2.0 @@ -41,6 +41,14 @@ pipeline: Modules/_ctypes/darwin* \ Modules/_ctypes/libffi* + - uses: patch + with: + patches: CVE-2023-27043.patch + + - uses: patch + with: + patches: CVE-2023-27043-enable-disable.patch + - name: Configure runs: | ./configure \ @@ -79,6 +87,11 @@ pipeline: - uses: strip +test: + pipeline: + - runs: | + python3.11 CVE-2023-27043-unittest.py + subpackages: - name: "python-3.11-doc" description: "python3 documentation" diff --git a/python-3.11/CVE-2023-27043-enable-disable.patch b/python-3.11/CVE-2023-27043-enable-disable.patch new file mode 100644 index 00000000000..6b84c803179 --- /dev/null +++ b/python-3.11/CVE-2023-27043-enable-disable.patch @@ -0,0 +1,149 @@ +From 9e6732965b10ef8c0abfe799c208f14a23861340 Mon Sep 17 00:00:00 2001 +From: Scott Moser +Date: Tue, 27 Feb 2024 17:13:23 +0000 +Subject: [PATCH 2/2] Change default value for strict to be dependent on + environment var + +This follows the general solution described at: +https://access.redhat.com/articles/7051467 + +The differences are: +1. it does not support /etc/python/email.cfg +2. environment variable is named PYTHON_EMAIL_STRICT_PARSING_DEFAULT + It loosely controls the default 'strict' value of getaddresses and + parseaddr. + + If the variable is unset or set to any value other than 'false' + or '0', then strict=True is used. + +To opt out of this security fix, set the environment variable + + PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false +--- + Lib/email/utils.py | 29 ++++++++++++++-- + Lib/test/test_email/test_email_notstrict.py | 38 +++++++++++++++++++++ + 2 files changed, 65 insertions(+), 2 deletions(-) + create mode 100644 Lib/test/test_email/test_email_notstrict.py + +diff --git a/Lib/email/utils.py b/Lib/email/utils.py +index 94ead0e91f..ce34122a83 100644 +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,8 @@ + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++_parseaddr_strict_default = None ++ + + def _has_surrogates(s): + """Return True if s may contain surrogate-escaped binary data.""" +@@ -149,7 +151,7 @@ def _strip_quoted_realnames(addr): + + supports_strict_parsing = True + +-def getaddresses(fieldvalues, *, strict=True): ++def getaddresses(fieldvalues, *, strict=None): + """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. + + When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in +@@ -157,6 +159,7 @@ def getaddresses(fieldvalues, *, strict=True): + + If strict is true, use a strict parser which rejects malformed inputs. + """ ++ strict = _get_default_parseaddr_strict(strict) + + # If strict is true, if the resulting list of parsed addresses is greater + # than the number of fieldvalues in the input list, a parsing error has +@@ -321,7 +324,7 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr, *, strict=True): ++def parseaddr(addr, *, strict=None): + """ + Parse addr into its constituent realname and email address parts. + +@@ -330,6 +333,8 @@ def parseaddr(addr, *, strict=True): + + If strict is True, use a strict parser which rejects malformed inputs. + """ ++ strict = _get_default_parseaddr_strict(strict) ++ + if not strict: + addrs = _AddressList(addr).addresslist + if not addrs: +@@ -351,6 +356,26 @@ def parseaddr(addr, *, strict=True): + return addrs[0] + + ++# get default value for strict parameter in parseaddr and getaddresses ++def _get_default_parseaddr_strict(val): ++ # non-None value passed into function, use it. ++ if val is not None: ++ return val ++ ++ # consult or update the cached global. ++ global _parseaddr_strict_default ++ ++ if _parseaddr_strict_default is None: ++ val = os.environ.get("PYTHON_EMAIL_STRICT_PARSING_DEFAULT", "true") ++ # env var with 'false' explicitly disables the disabling (meaning strict=true) ++ if val in ("false", "0"): ++ _parseaddr_strict_default = False ++ else: ++ _parseaddr_strict_default = True ++ ++ return _parseaddr_strict_default ++ ++ + # rfc822.unquote() doesn't properly de-backslash-ify in Python pre-2.3. + def unquote(str): + """Remove quotes from a string.""" +diff --git a/Lib/test/test_email/test_email_notstrict.py b/Lib/test/test_email/test_email_notstrict.py +new file mode 100644 +index 0000000000..fe8617cfcb +--- /dev/null ++++ b/Lib/test/test_email/test_email_notstrict.py +@@ -0,0 +1,38 @@ ++""" ++This is the test_getaddresses_nasty function with the triggering ++test case that was added for this fix. We test that ++setting PYTHON_EMAIL_STRICT_PARSING_DEFAULT to false gives ++the old behavior and to true gives new behavior ++""" ++ ++import unittest ++ ++from unittest.mock import patch ++ ++from email import utils ++ ++expected_strict = [('', '')] ++expected_nonstrict = [('', ''), ('', ''), ('', '*--')] ++ ++@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "false"}) ++@patch('email.utils._parseaddr_strict_default', None) ++class TestNonstrictParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_nonstrict) ++ ++@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "true"}) ++@patch('email.utils._parseaddr_strict_default', None) ++class TestStrictParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_strict) ++ ++"""This test would fail if env had PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false""" ++class TestStrictNoEnvParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_strict) ++ ++if __name__ == '__main__': ++ unittest.main() +-- +2.44.0 + diff --git a/python-3.11/CVE-2023-27043-unittest.py b/python-3.11/CVE-2023-27043-unittest.py new file mode 100644 index 00000000000..fe8617cfcb1 --- /dev/null +++ b/python-3.11/CVE-2023-27043-unittest.py @@ -0,0 +1,38 @@ +""" +This is the test_getaddresses_nasty function with the triggering +test case that was added for this fix. We test that +setting PYTHON_EMAIL_STRICT_PARSING_DEFAULT to false gives +the old behavior and to true gives new behavior +""" + +import unittest + +from unittest.mock import patch + +from email import utils + +expected_strict = [('', '')] +expected_nonstrict = [('', ''), ('', ''), ('', '*--')] + +@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "false"}) +@patch('email.utils._parseaddr_strict_default', None) +class TestNonstrictParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_nonstrict) + +@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "true"}) +@patch('email.utils._parseaddr_strict_default', None) +class TestStrictParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_strict) + +"""This test would fail if env had PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false""" +class TestStrictNoEnvParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_strict) + +if __name__ == '__main__': + unittest.main() diff --git a/python-3.11/CVE-2023-27043.patch b/python-3.11/CVE-2023-27043.patch new file mode 100644 index 00000000000..f3cb5f61c9b --- /dev/null +++ b/python-3.11/CVE-2023-27043.patch @@ -0,0 +1,504 @@ +From 3eb81705ca7111fd36e0447e7fc2e737080e16b4 Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Fri, 15 Dec 2023 16:10:40 +0100 +Subject: [PATCH 1/2] [CVE-2023-27043] gh-102988: Reject malformed addresses in + email.parseaddr() (#111116) + +Detect email address parsing errors and return empty tuple to +indicate the parsing error (old API). Add an optional 'strict' +parameter to getaddresses() and parseaddr() functions. Patch by +Thomas Dwyer. + +Co-Authored-By: Thomas Dwyer +(cherry picked from commit 4a153a1d3b18803a684cd1bcc2cdf3ede3dbae19) +--- + Doc/library/email.utils.rst | 19 +- + Lib/email/utils.py | 151 ++++++++++++- + Lib/test/test_email/test_email.py | 204 +++++++++++++++++- + ...-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 + + 4 files changed, 361 insertions(+), 21 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst + +diff --git a/Doc/library/email.utils.rst b/Doc/library/email.utils.rst +index 0e266b6a45..6723dc4f13 100644 +--- a/Doc/library/email.utils.rst ++++ b/Doc/library/email.utils.rst +@@ -60,13 +60,18 @@ of the new API. + begins with angle brackets, they are stripped off. + + +-.. function:: parseaddr(address) ++.. function:: parseaddr(address, *, strict=True) + + Parse address -- which should be the value of some address-containing field such + as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and + *email address* parts. Returns a tuple of that information, unless the parse + fails, in which case a 2-tuple of ``('', '')`` is returned. + ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: formataddr(pair, charset='utf-8') + +@@ -84,12 +89,15 @@ of the new API. + Added the *charset* option. + + +-.. function:: getaddresses(fieldvalues) ++.. function:: getaddresses(fieldvalues, *, strict=True) + + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. + *fieldvalues* is a sequence of header field values as might be returned by +- :meth:`Message.get_all `. Here's a simple +- example that gets all the recipients of a message:: ++ :meth:`Message.get_all `. ++ ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ Here's a simple example that gets all the recipients of a message:: + + from email.utils import getaddresses + +@@ -99,6 +107,9 @@ of the new API. + resent_ccs = msg.get_all('resent-cc', []) + all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) + ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: parsedate(date) + +diff --git a/Lib/email/utils.py b/Lib/email/utils.py +index 8993858ab4..94ead0e91f 100644 +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,7 @@ + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++ + def _has_surrogates(s): + """Return True if s may contain surrogate-escaped binary data.""" + # This check is based on the fact that unless there are surrogates, utf8 +@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): + return address + + ++def _iter_escaped_chars(addr): ++ pos = 0 ++ escape = False ++ for pos, ch in enumerate(addr): ++ if escape: ++ yield (pos, '\\' + ch) ++ escape = False ++ elif ch == '\\': ++ escape = True ++ else: ++ yield (pos, ch) ++ if escape: ++ yield (pos, '\\') ++ ++ ++def _strip_quoted_realnames(addr): ++ """Strip real names between quotes.""" ++ if '"' not in addr: ++ # Fast path ++ return addr ++ ++ start = 0 ++ open_pos = None ++ result = [] ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '"': ++ if open_pos is None: ++ open_pos = pos ++ else: ++ if start != open_pos: ++ result.append(addr[start:open_pos]) ++ start = pos + 1 ++ open_pos = None ++ ++ if start < len(addr): ++ result.append(addr[start:]) ++ ++ return ''.join(result) + +-def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" +- all = COMMASPACE.join(str(v) for v in fieldvalues) +- a = _AddressList(all) +- return a.addresslist ++ ++supports_strict_parsing = True ++ ++def getaddresses(fieldvalues, *, strict=True): ++ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. ++ ++ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in ++ its place. ++ ++ If strict is true, use a strict parser which rejects malformed inputs. ++ """ ++ ++ # If strict is true, if the resulting list of parsed addresses is greater ++ # than the number of fieldvalues in the input list, a parsing error has ++ # occurred and consequently a list containing a single empty 2-tuple [('', ++ # '')] is returned in its place. This is done to avoid invalid output. ++ # ++ # Malformed input: getaddresses(['alice@example.com ']) ++ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')] ++ # Safe output: [('', '')] ++ ++ if not strict: ++ all = COMMASPACE.join(str(v) for v in fieldvalues) ++ a = _AddressList(all) ++ return a.addresslist ++ ++ fieldvalues = [str(v) for v in fieldvalues] ++ fieldvalues = _pre_parse_validation(fieldvalues) ++ addr = COMMASPACE.join(fieldvalues) ++ a = _AddressList(addr) ++ result = _post_parse_validation(a.addresslist) ++ ++ # Treat output as invalid if the number of addresses is not equal to the ++ # expected number of addresses. ++ n = 0 ++ for v in fieldvalues: ++ # When a comma is used in the Real Name part it is not a deliminator. ++ # So strip those out before counting the commas. ++ v = _strip_quoted_realnames(v) ++ # Expected number of addresses: 1 + number of commas ++ n += 1 + v.count(',') ++ if len(result) != n: ++ return [('', '')] ++ ++ return result ++ ++ ++def _check_parenthesis(addr): ++ # Ignore parenthesis in quoted real names. ++ addr = _strip_quoted_realnames(addr) ++ ++ opens = 0 ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '(': ++ opens += 1 ++ elif ch == ')': ++ opens -= 1 ++ if opens < 0: ++ return False ++ return (opens == 0) ++ ++ ++def _pre_parse_validation(email_header_fields): ++ accepted_values = [] ++ for v in email_header_fields: ++ if not _check_parenthesis(v): ++ v = "('', '')" ++ accepted_values.append(v) ++ ++ return accepted_values ++ ++ ++def _post_parse_validation(parsed_email_header_tuples): ++ accepted_values = [] ++ # The parser would have parsed a correctly formatted domain-literal ++ # The existence of an [ after parsing indicates a parsing failure ++ for v in parsed_email_header_tuples: ++ if '[' in v[1]: ++ v = ('', '') ++ accepted_values.append(v) ++ ++ return accepted_values + + + def _format_timetuple_and_zone(timetuple, zone): +@@ -205,16 +321,33 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr): ++def parseaddr(addr, *, strict=True): + """ + Parse addr into its constituent realname and email address parts. + + Return a tuple of realname and email address, unless the parse fails, in + which case return a 2-tuple of ('', ''). ++ ++ If strict is True, use a strict parser which rejects malformed inputs. + """ +- addrs = _AddressList(addr).addresslist +- if not addrs: +- return '', '' ++ if not strict: ++ addrs = _AddressList(addr).addresslist ++ if not addrs: ++ return ('', '') ++ return addrs[0] ++ ++ if isinstance(addr, list): ++ addr = addr[0] ++ ++ if not isinstance(addr, str): ++ return ('', '') ++ ++ addr = _pre_parse_validation([addr])[0] ++ addrs = _post_parse_validation(_AddressList(addr).addresslist) ++ ++ if not addrs or len(addrs) > 1: ++ return ('', '') ++ + return addrs[0] + + +diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py +index 677f2094b8..20b67792ea 100644 +--- a/Lib/test/test_email/test_email.py ++++ b/Lib/test/test_email/test_email.py +@@ -17,6 +17,7 @@ + + import email + import email.policy ++import email.utils + + from email.charset import Charset + from email.generator import Generator, DecodedGenerator, BytesGenerator +@@ -3321,15 +3322,154 @@ def test_getaddresses(self): + [('Al Person', 'aperson@dom.ain'), + ('Bud Person', 'bperson@dom.ain')]) + ++ def test_getaddresses_comma_in_name(self): ++ """GH-106669 regression test.""" ++ self.assertEqual( ++ utils.getaddresses( ++ [ ++ '"Bud, Person" ', ++ 'aperson@dom.ain (Al Person)', ++ '"Mariusz Felisiak" ', ++ ] ++ ), ++ [ ++ ('Bud, Person', 'bperson@dom.ain'), ++ ('Al Person', 'aperson@dom.ain'), ++ ('Mariusz Felisiak', 'to@example.com'), ++ ], ++ ) ++ ++ def test_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056""" ++ alice = 'alice@example.org' ++ bob = 'bob@example.com' ++ empty = ('', '') ++ ++ # Test utils.getaddresses() and utils.parseaddr() on malformed email ++ # addresses: default behavior (strict=True) rejects malformed address, ++ # and strict=False which tolerates malformed address. ++ for invalid_separator, expected_non_strict in ( ++ ('(', [(f'<{bob}>', alice)]), ++ (')', [('', alice), empty, ('', bob)]), ++ ('<', [('', alice), empty, ('', bob), empty]), ++ ('>', [('', alice), empty, ('', bob)]), ++ ('[', [('', f'{alice}[<{bob}>]')]), ++ (']', [('', alice), empty, ('', bob)]), ++ ('@', [empty, empty, ('', bob)]), ++ (';', [('', alice), empty, ('', bob)]), ++ (':', [('', alice), ('', bob)]), ++ ('.', [('', alice + '.'), ('', bob)]), ++ ('"', [('', alice), ('', f'<{bob}>')]), ++ ): ++ address = f'{alice}{invalid_separator}<{bob}>' ++ with self.subTest(address=address): ++ self.assertEqual(utils.getaddresses([address]), ++ [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ expected_non_strict) ++ ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Comma (',') is treated differently depending on strict parameter. ++ # Comma without quotes. ++ address = f'{alice},<{bob}>' ++ self.assertEqual(utils.getaddresses([address]), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Real name between quotes containing comma. ++ address = '"Alice, alice@example.org" ' ++ expected_strict = ('Alice, alice@example.org', 'bob@example.com') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Valid parenthesis in comments. ++ address = 'alice@example.org (Alice)' ++ expected_strict = ('Alice', 'alice@example.org') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Invalid parenthesis in comments. ++ address = 'alice@example.org )Alice(' ++ self.assertEqual(utils.getaddresses([address]), [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', 'alice@example.org'), ('', ''), ('', 'Alice')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Two addresses with quotes separated by comma. ++ address = '"Jane Doe" , "John Doe" ' ++ self.assertEqual(utils.getaddresses([address]), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Test email.utils.supports_strict_parsing attribute ++ self.assertEqual(email.utils.supports_strict_parsing, True) ++ + def test_getaddresses_nasty(self): +- eq = self.assertEqual +- eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq(utils.getaddresses( +- ['[]*-- =~$']), +- [('', ''), ('', ''), ('', '*--')]) +- eq(utils.getaddresses( +- ['foo: ;', '"Jason R. Mastaler" ']), +- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) ++ for addresses, expected in ( ++ (['"Sürname, Firstname" '], ++ [('Sürname, Firstname', 'to@example.com')]), ++ ++ (['foo: ;'], ++ [('', '')]), ++ ++ (['foo: ;', '"Jason R. Mastaler" '], ++ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]), ++ ++ ([r'Pete(A nice \) chap) '], ++ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]), ++ ++ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'], ++ [('', '')]), ++ ++ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'], ++ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]), ++ ++ (['John Doe '], ++ [('John Doe (comment)', 'jdoe@machine.example')]), ++ ++ (['"Mary Smith: Personal Account" '], ++ [('Mary Smith: Personal Account', 'smith@home.example')]), ++ ++ (['Undisclosed recipients:;'], ++ [('', '')]), ++ ++ ([r', "Giant; \"Big\" Box" '], ++ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]), ++ ): ++ with self.subTest(addresses=addresses): ++ self.assertEqual(utils.getaddresses(addresses), ++ expected) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ expected) ++ ++ addresses = ['[]*-- =~$'] ++ self.assertEqual(utils.getaddresses(addresses), ++ [('', '')]) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ [('', ''), ('', ''), ('', '*--')]) + + def test_getaddresses_embedded_comment(self): + """Test proper handling of a nested comment""" +@@ -3520,6 +3660,54 @@ def test_mime_classes_policy_argument(self): + m = cls(*constructor, policy=email.policy.default) + self.assertIs(m.policy, email.policy.default) + ++ def test_iter_escaped_chars(self): ++ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')), ++ [(0, 'a'), ++ (2, '\\\\'), ++ (3, 'b'), ++ (5, '\\"'), ++ (6, 'c'), ++ (8, '\\\\'), ++ (9, '"'), ++ (10, 'd')]) ++ self.assertEqual(list(utils._iter_escaped_chars('a\\')), ++ [(0, 'a'), (1, '\\')]) ++ ++ def test_strip_quoted_realnames(self): ++ def check(addr, expected): ++ self.assertEqual(utils._strip_quoted_realnames(addr), expected) ++ ++ check('"Jane Doe" , "John Doe" ', ++ ' , ') ++ check(r'"Jane \"Doe\"." ', ++ ' ') ++ ++ # special cases ++ check(r'before"name"after', 'beforeafter') ++ check(r'before"name"', 'before') ++ check(r'b"name"', 'b') # single char ++ check(r'"name"after', 'after') ++ check(r'"name"a', 'a') # single char ++ check(r'"name"', '') ++ ++ # no change ++ for addr in ( ++ 'Jane Doe , John Doe ', ++ 'lone " quote', ++ ): ++ self.assertEqual(utils._strip_quoted_realnames(addr), addr) ++ ++ ++ def test_check_parenthesis(self): ++ addr = 'alice@example.net' ++ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice(')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)')) ++ ++ # Ignore real name between quotes ++ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}')) ++ + + # Test the iterator/generators + class TestIterators(TestEmailBase): +diff --git a/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +new file mode 100644 +index 0000000000..3d0e9e4078 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +@@ -0,0 +1,8 @@ ++:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now ++return ``('', '')`` 2-tuples in more situations where invalid email ++addresses are encountered instead of potentially inaccurate values. Add ++optional *strict* parameter to these two functions: use ``strict=False`` to ++get the old behavior, accept malformed inputs. ++``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check ++if the *strict* paramater is available. Patch by Thomas Dwyer and Victor ++Stinner to improve the CVE-2023-27043 fix. +-- +2.44.0 + From 227fdc5ecfaddc134b3126d6941d5f73ad92ac49 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 28 Feb 2024 21:09:03 +0000 Subject: [PATCH 189/235] python-3.12 - Address CVE-2023-27043 --- python-3.12.yaml | 15 +- .../CVE-2023-27043-enable-disable.patch | 149 ++++++ python-3.12/CVE-2023-27043-unittest.py | 38 ++ python-3.12/CVE-2023-27043.patch | 487 ++++++++++++++++++ 4 files changed, 688 insertions(+), 1 deletion(-) create mode 100644 python-3.12/CVE-2023-27043-enable-disable.patch create mode 100644 python-3.12/CVE-2023-27043-unittest.py create mode 100644 python-3.12/CVE-2023-27043.patch diff --git a/python-3.12.yaml b/python-3.12.yaml index 2c15c8e25bd..36708f320f0 100644 --- a/python-3.12.yaml +++ b/python-3.12.yaml @@ -1,7 +1,7 @@ package: name: python-3.12 version: 3.12.2 - epoch: 0 + epoch: 1 description: "the Python programming language" copyright: - license: PSF-2.0 @@ -41,6 +41,14 @@ pipeline: Modules/_ctypes/darwin* \ Modules/_ctypes/libffi* + - uses: patch + with: + patches: CVE-2023-27043.patch + + - uses: patch + with: + patches: CVE-2023-27043-enable-disable.patch + - name: Configure runs: | ./configure \ @@ -79,6 +87,11 @@ pipeline: - uses: strip +test: + pipeline: + - runs: | + python3.12 CVE-2023-27043-unittest.py + subpackages: - name: "python-3.12-doc" description: "python3 documentation" diff --git a/python-3.12/CVE-2023-27043-enable-disable.patch b/python-3.12/CVE-2023-27043-enable-disable.patch new file mode 100644 index 00000000000..41bd0180371 --- /dev/null +++ b/python-3.12/CVE-2023-27043-enable-disable.patch @@ -0,0 +1,149 @@ +From 8ea32b439336ef0270b2af9f7b1b67b59fd29cd0 Mon Sep 17 00:00:00 2001 +From: Scott Moser +Date: Tue, 27 Feb 2024 17:13:23 +0000 +Subject: [PATCH 2/2] Change default value for strict to be dependent on + environment var + +This follows the general solution described at: +https://access.redhat.com/articles/7051467 + +The differences are: +1. it does not support /etc/python/email.cfg +2. environment variable is named PYTHON_EMAIL_STRICT_PARSING_DEFAULT + It loosely controls the default 'strict' value of getaddresses and + parseaddr. + + If the variable is unset or set to any value other than 'false' + or '0', then strict=True is used. + +To opt out of this security fix, set the environment variable + + PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false +--- + Lib/email/utils.py | 29 ++++++++++++++-- + Lib/test/test_email/test_email_notstrict.py | 38 +++++++++++++++++++++ + 2 files changed, 65 insertions(+), 2 deletions(-) + create mode 100644 Lib/test/test_email/test_email_notstrict.py + +diff --git a/Lib/email/utils.py b/Lib/email/utils.py +index af2fb14754..80798ecb2b 100644 +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,8 @@ + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++_parseaddr_strict_default = None ++ + + def _has_surrogates(s): + """Return True if s may contain surrogate-escaped binary data.""" +@@ -149,7 +151,7 @@ def _strip_quoted_realnames(addr): + + supports_strict_parsing = True + +-def getaddresses(fieldvalues, *, strict=True): ++def getaddresses(fieldvalues, *, strict=None): + """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. + + When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in +@@ -157,6 +159,7 @@ def getaddresses(fieldvalues, *, strict=True): + + If strict is true, use a strict parser which rejects malformed inputs. + """ ++ strict = _get_default_parseaddr_strict(strict) + + # If strict is true, if the resulting list of parsed addresses is greater + # than the number of fieldvalues in the input list, a parsing error has +@@ -321,7 +324,7 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr, *, strict=True): ++def parseaddr(addr, *, strict=None): + """ + Parse addr into its constituent realname and email address parts. + +@@ -330,6 +333,8 @@ def parseaddr(addr, *, strict=True): + + If strict is True, use a strict parser which rejects malformed inputs. + """ ++ strict = _get_default_parseaddr_strict(strict) ++ + if not strict: + addrs = _AddressList(addr).addresslist + if not addrs: +@@ -351,6 +356,26 @@ def parseaddr(addr, *, strict=True): + return addrs[0] + + ++# get default value for strict parameter in parseaddr and getaddresses ++def _get_default_parseaddr_strict(val): ++ # non-None value passed into function, use it. ++ if val is not None: ++ return val ++ ++ # consult or update the cached global. ++ global _parseaddr_strict_default ++ ++ if _parseaddr_strict_default is None: ++ val = os.environ.get("PYTHON_EMAIL_STRICT_PARSING_DEFAULT", "true") ++ # env var with 'false' explicitly disables the disabling (meaning strict=true) ++ if val in ("false", "0"): ++ _parseaddr_strict_default = False ++ else: ++ _parseaddr_strict_default = True ++ ++ return _parseaddr_strict_default ++ ++ + # rfc822.unquote() doesn't properly de-backslash-ify in Python pre-2.3. + def unquote(str): + """Remove quotes from a string.""" +diff --git a/Lib/test/test_email/test_email_notstrict.py b/Lib/test/test_email/test_email_notstrict.py +new file mode 100644 +index 0000000000..fe8617cfcb +--- /dev/null ++++ b/Lib/test/test_email/test_email_notstrict.py +@@ -0,0 +1,38 @@ ++""" ++This is the test_getaddresses_nasty function with the triggering ++test case that was added for this fix. We test that ++setting PYTHON_EMAIL_STRICT_PARSING_DEFAULT to false gives ++the old behavior and to true gives new behavior ++""" ++ ++import unittest ++ ++from unittest.mock import patch ++ ++from email import utils ++ ++expected_strict = [('', '')] ++expected_nonstrict = [('', ''), ('', ''), ('', '*--')] ++ ++@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "false"}) ++@patch('email.utils._parseaddr_strict_default', None) ++class TestNonstrictParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_nonstrict) ++ ++@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "true"}) ++@patch('email.utils._parseaddr_strict_default', None) ++class TestStrictParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_strict) ++ ++"""This test would fail if env had PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false""" ++class TestStrictNoEnvParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_strict) ++ ++if __name__ == '__main__': ++ unittest.main() +-- +2.44.0 + diff --git a/python-3.12/CVE-2023-27043-unittest.py b/python-3.12/CVE-2023-27043-unittest.py new file mode 100644 index 00000000000..fe8617cfcb1 --- /dev/null +++ b/python-3.12/CVE-2023-27043-unittest.py @@ -0,0 +1,38 @@ +""" +This is the test_getaddresses_nasty function with the triggering +test case that was added for this fix. We test that +setting PYTHON_EMAIL_STRICT_PARSING_DEFAULT to false gives +the old behavior and to true gives new behavior +""" + +import unittest + +from unittest.mock import patch + +from email import utils + +expected_strict = [('', '')] +expected_nonstrict = [('', ''), ('', ''), ('', '*--')] + +@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "false"}) +@patch('email.utils._parseaddr_strict_default', None) +class TestNonstrictParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_nonstrict) + +@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "true"}) +@patch('email.utils._parseaddr_strict_default', None) +class TestStrictParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_strict) + +"""This test would fail if env had PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false""" +class TestStrictNoEnvParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_strict) + +if __name__ == '__main__': + unittest.main() diff --git a/python-3.12/CVE-2023-27043.patch b/python-3.12/CVE-2023-27043.patch new file mode 100644 index 00000000000..832fa9af4b8 --- /dev/null +++ b/python-3.12/CVE-2023-27043.patch @@ -0,0 +1,487 @@ +From 3818e8e7036092b9a31c985a61dc5f60414e05ea Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Fri, 15 Dec 2023 16:10:40 +0100 +Subject: [PATCH 1/2] [CVE-2023-27043] gh-102988: Reject malformed addresses in + email.parseaddr() (#111116) + +Detect email address parsing errors and return empty tuple to +indicate the parsing error (old API). Add an optional 'strict' +parameter to getaddresses() and parseaddr() functions. Patch by +Thomas Dwyer. + +Co-Authored-By: Thomas Dwyer +(cherry picked from commit 4a153a1d3b18803a684cd1bcc2cdf3ede3dbae19) +--- + Doc/library/email.utils.rst | 19 +- + Lib/email/utils.py | 151 +++++++++++++- + Lib/test/test_email/test_email.py | 187 +++++++++++++++++- + ...-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 + + 4 files changed, 344 insertions(+), 21 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst + +diff --git a/Doc/library/email.utils.rst b/Doc/library/email.utils.rst +index 345b64001c..d693a9bc39 100644 +--- a/Doc/library/email.utils.rst ++++ b/Doc/library/email.utils.rst +@@ -58,13 +58,18 @@ of the new API. + begins with angle brackets, they are stripped off. + + +-.. function:: parseaddr(address) ++.. function:: parseaddr(address, *, strict=True) + + Parse address -- which should be the value of some address-containing field such + as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and + *email address* parts. Returns a tuple of that information, unless the parse + fails, in which case a 2-tuple of ``('', '')`` is returned. + ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: formataddr(pair, charset='utf-8') + +@@ -82,12 +87,15 @@ of the new API. + Added the *charset* option. + + +-.. function:: getaddresses(fieldvalues) ++.. function:: getaddresses(fieldvalues, *, strict=True) + + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. + *fieldvalues* is a sequence of header field values as might be returned by +- :meth:`Message.get_all `. Here's a simple +- example that gets all the recipients of a message:: ++ :meth:`Message.get_all `. ++ ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ Here's a simple example that gets all the recipients of a message:: + + from email.utils import getaddresses + +@@ -97,6 +105,9 @@ of the new API. + resent_ccs = msg.get_all('resent-cc', []) + all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) + ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: parsedate(date) + +diff --git a/Lib/email/utils.py b/Lib/email/utils.py +index aa949aa933..af2fb14754 100644 +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,7 @@ + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++ + def _has_surrogates(s): + """Return True if s may contain surrogate-escaped binary data.""" + # This check is based on the fact that unless there are surrogates, utf8 +@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): + return address + + ++def _iter_escaped_chars(addr): ++ pos = 0 ++ escape = False ++ for pos, ch in enumerate(addr): ++ if escape: ++ yield (pos, '\\' + ch) ++ escape = False ++ elif ch == '\\': ++ escape = True ++ else: ++ yield (pos, ch) ++ if escape: ++ yield (pos, '\\') ++ ++ ++def _strip_quoted_realnames(addr): ++ """Strip real names between quotes.""" ++ if '"' not in addr: ++ # Fast path ++ return addr ++ ++ start = 0 ++ open_pos = None ++ result = [] ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '"': ++ if open_pos is None: ++ open_pos = pos ++ else: ++ if start != open_pos: ++ result.append(addr[start:open_pos]) ++ start = pos + 1 ++ open_pos = None ++ ++ if start < len(addr): ++ result.append(addr[start:]) ++ ++ return ''.join(result) + +-def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" +- all = COMMASPACE.join(str(v) for v in fieldvalues) +- a = _AddressList(all) +- return a.addresslist ++ ++supports_strict_parsing = True ++ ++def getaddresses(fieldvalues, *, strict=True): ++ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. ++ ++ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in ++ its place. ++ ++ If strict is true, use a strict parser which rejects malformed inputs. ++ """ ++ ++ # If strict is true, if the resulting list of parsed addresses is greater ++ # than the number of fieldvalues in the input list, a parsing error has ++ # occurred and consequently a list containing a single empty 2-tuple [('', ++ # '')] is returned in its place. This is done to avoid invalid output. ++ # ++ # Malformed input: getaddresses(['alice@example.com ']) ++ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')] ++ # Safe output: [('', '')] ++ ++ if not strict: ++ all = COMMASPACE.join(str(v) for v in fieldvalues) ++ a = _AddressList(all) ++ return a.addresslist ++ ++ fieldvalues = [str(v) for v in fieldvalues] ++ fieldvalues = _pre_parse_validation(fieldvalues) ++ addr = COMMASPACE.join(fieldvalues) ++ a = _AddressList(addr) ++ result = _post_parse_validation(a.addresslist) ++ ++ # Treat output as invalid if the number of addresses is not equal to the ++ # expected number of addresses. ++ n = 0 ++ for v in fieldvalues: ++ # When a comma is used in the Real Name part it is not a deliminator. ++ # So strip those out before counting the commas. ++ v = _strip_quoted_realnames(v) ++ # Expected number of addresses: 1 + number of commas ++ n += 1 + v.count(',') ++ if len(result) != n: ++ return [('', '')] ++ ++ return result ++ ++ ++def _check_parenthesis(addr): ++ # Ignore parenthesis in quoted real names. ++ addr = _strip_quoted_realnames(addr) ++ ++ opens = 0 ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '(': ++ opens += 1 ++ elif ch == ')': ++ opens -= 1 ++ if opens < 0: ++ return False ++ return (opens == 0) ++ ++ ++def _pre_parse_validation(email_header_fields): ++ accepted_values = [] ++ for v in email_header_fields: ++ if not _check_parenthesis(v): ++ v = "('', '')" ++ accepted_values.append(v) ++ ++ return accepted_values ++ ++ ++def _post_parse_validation(parsed_email_header_tuples): ++ accepted_values = [] ++ # The parser would have parsed a correctly formatted domain-literal ++ # The existence of an [ after parsing indicates a parsing failure ++ for v in parsed_email_header_tuples: ++ if '[' in v[1]: ++ v = ('', '') ++ accepted_values.append(v) ++ ++ return accepted_values + + + def _format_timetuple_and_zone(timetuple, zone): +@@ -205,16 +321,33 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr): ++def parseaddr(addr, *, strict=True): + """ + Parse addr into its constituent realname and email address parts. + + Return a tuple of realname and email address, unless the parse fails, in + which case return a 2-tuple of ('', ''). ++ ++ If strict is True, use a strict parser which rejects malformed inputs. + """ +- addrs = _AddressList(addr).addresslist +- if not addrs: +- return '', '' ++ if not strict: ++ addrs = _AddressList(addr).addresslist ++ if not addrs: ++ return ('', '') ++ return addrs[0] ++ ++ if isinstance(addr, list): ++ addr = addr[0] ++ ++ if not isinstance(addr, str): ++ return ('', '') ++ ++ addr = _pre_parse_validation([addr])[0] ++ addrs = _post_parse_validation(_AddressList(addr).addresslist) ++ ++ if not addrs or len(addrs) > 1: ++ return ('', '') ++ + return addrs[0] + + +diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py +index 2a237095b9..4672b790d8 100644 +--- a/Lib/test/test_email/test_email.py ++++ b/Lib/test/test_email/test_email.py +@@ -16,6 +16,7 @@ + + import email + import email.policy ++import email.utils + + from email.charset import Charset + from email.generator import Generator, DecodedGenerator, BytesGenerator +@@ -3337,15 +3338,137 @@ def test_getaddresses_comma_in_name(self): + ], + ) + ++ def test_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056""" ++ alice = 'alice@example.org' ++ bob = 'bob@example.com' ++ empty = ('', '') ++ ++ # Test utils.getaddresses() and utils.parseaddr() on malformed email ++ # addresses: default behavior (strict=True) rejects malformed address, ++ # and strict=False which tolerates malformed address. ++ for invalid_separator, expected_non_strict in ( ++ ('(', [(f'<{bob}>', alice)]), ++ (')', [('', alice), empty, ('', bob)]), ++ ('<', [('', alice), empty, ('', bob), empty]), ++ ('>', [('', alice), empty, ('', bob)]), ++ ('[', [('', f'{alice}[<{bob}>]')]), ++ (']', [('', alice), empty, ('', bob)]), ++ ('@', [empty, empty, ('', bob)]), ++ (';', [('', alice), empty, ('', bob)]), ++ (':', [('', alice), ('', bob)]), ++ ('.', [('', alice + '.'), ('', bob)]), ++ ('"', [('', alice), ('', f'<{bob}>')]), ++ ): ++ address = f'{alice}{invalid_separator}<{bob}>' ++ with self.subTest(address=address): ++ self.assertEqual(utils.getaddresses([address]), ++ [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ expected_non_strict) ++ ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Comma (',') is treated differently depending on strict parameter. ++ # Comma without quotes. ++ address = f'{alice},<{bob}>' ++ self.assertEqual(utils.getaddresses([address]), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Real name between quotes containing comma. ++ address = '"Alice, alice@example.org" ' ++ expected_strict = ('Alice, alice@example.org', 'bob@example.com') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Valid parenthesis in comments. ++ address = 'alice@example.org (Alice)' ++ expected_strict = ('Alice', 'alice@example.org') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Invalid parenthesis in comments. ++ address = 'alice@example.org )Alice(' ++ self.assertEqual(utils.getaddresses([address]), [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', 'alice@example.org'), ('', ''), ('', 'Alice')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Two addresses with quotes separated by comma. ++ address = '"Jane Doe" , "John Doe" ' ++ self.assertEqual(utils.getaddresses([address]), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Test email.utils.supports_strict_parsing attribute ++ self.assertEqual(email.utils.supports_strict_parsing, True) ++ + def test_getaddresses_nasty(self): +- eq = self.assertEqual +- eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq(utils.getaddresses( +- ['[]*-- =~$']), +- [('', ''), ('', ''), ('', '*--')]) +- eq(utils.getaddresses( +- ['foo: ;', '"Jason R. Mastaler" ']), +- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) ++ for addresses, expected in ( ++ (['"Sürname, Firstname" '], ++ [('Sürname, Firstname', 'to@example.com')]), ++ ++ (['foo: ;'], ++ [('', '')]), ++ ++ (['foo: ;', '"Jason R. Mastaler" '], ++ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]), ++ ++ ([r'Pete(A nice \) chap) '], ++ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]), ++ ++ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'], ++ [('', '')]), ++ ++ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'], ++ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]), ++ ++ (['John Doe '], ++ [('John Doe (comment)', 'jdoe@machine.example')]), ++ ++ (['"Mary Smith: Personal Account" '], ++ [('Mary Smith: Personal Account', 'smith@home.example')]), ++ ++ (['Undisclosed recipients:;'], ++ [('', '')]), ++ ++ ([r', "Giant; \"Big\" Box" '], ++ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]), ++ ): ++ with self.subTest(addresses=addresses): ++ self.assertEqual(utils.getaddresses(addresses), ++ expected) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ expected) ++ ++ addresses = ['[]*-- =~$'] ++ self.assertEqual(utils.getaddresses(addresses), ++ [('', '')]) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ [('', ''), ('', ''), ('', '*--')]) + + def test_getaddresses_embedded_comment(self): + """Test proper handling of a nested comment""" +@@ -3536,6 +3659,54 @@ def test_mime_classes_policy_argument(self): + m = cls(*constructor, policy=email.policy.default) + self.assertIs(m.policy, email.policy.default) + ++ def test_iter_escaped_chars(self): ++ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')), ++ [(0, 'a'), ++ (2, '\\\\'), ++ (3, 'b'), ++ (5, '\\"'), ++ (6, 'c'), ++ (8, '\\\\'), ++ (9, '"'), ++ (10, 'd')]) ++ self.assertEqual(list(utils._iter_escaped_chars('a\\')), ++ [(0, 'a'), (1, '\\')]) ++ ++ def test_strip_quoted_realnames(self): ++ def check(addr, expected): ++ self.assertEqual(utils._strip_quoted_realnames(addr), expected) ++ ++ check('"Jane Doe" , "John Doe" ', ++ ' , ') ++ check(r'"Jane \"Doe\"." ', ++ ' ') ++ ++ # special cases ++ check(r'before"name"after', 'beforeafter') ++ check(r'before"name"', 'before') ++ check(r'b"name"', 'b') # single char ++ check(r'"name"after', 'after') ++ check(r'"name"a', 'a') # single char ++ check(r'"name"', '') ++ ++ # no change ++ for addr in ( ++ 'Jane Doe , John Doe ', ++ 'lone " quote', ++ ): ++ self.assertEqual(utils._strip_quoted_realnames(addr), addr) ++ ++ ++ def test_check_parenthesis(self): ++ addr = 'alice@example.net' ++ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice(')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)')) ++ ++ # Ignore real name between quotes ++ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}')) ++ + + # Test the iterator/generators + class TestIterators(TestEmailBase): +diff --git a/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +new file mode 100644 +index 0000000000..3d0e9e4078 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +@@ -0,0 +1,8 @@ ++:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now ++return ``('', '')`` 2-tuples in more situations where invalid email ++addresses are encountered instead of potentially inaccurate values. Add ++optional *strict* parameter to these two functions: use ``strict=False`` to ++get the old behavior, accept malformed inputs. ++``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check ++if the *strict* paramater is available. Patch by Thomas Dwyer and Victor ++Stinner to improve the CVE-2023-27043 fix. +-- +2.44.0 + From 625e456b2a50a613e5f07526f9d3426fd202b991 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 22:15:35 +0000 Subject: [PATCH 190/235] uv/0.1.12 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- uv.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/uv.yaml b/uv.yaml index b7183392284..864ecf9884f 100644 --- a/uv.yaml +++ b/uv.yaml @@ -1,6 +1,6 @@ package: name: uv - version: 0.1.11 + version: 0.1.12 epoch: 0 description: An extremely fast Python package installer and resolver, written in Rust. copyright: @@ -22,7 +22,7 @@ pipeline: with: repository: https://github.com/astral-sh/uv tag: ${{package.version}} - expected-commit: 32e5cacdd600e073ca6ab6ca11f76ec5e7e2c20e + expected-commit: f68b2d1d5efc05acb9fe48c558d631081eff26d9 - runs: | cargo build --locked --release From 1db0d14769698a0c7aa2a265cc980aa39c18710b Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Wed, 28 Feb 2024 23:08:31 +0000 Subject: [PATCH 191/235] tcl/8.6.14 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- tcl.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tcl.yaml b/tcl.yaml index e8e58e96a58..700492cd61b 100644 --- a/tcl.yaml +++ b/tcl.yaml @@ -1,6 +1,6 @@ package: name: tcl - version: 8.6.13 + version: 8.6.14 epoch: 0 description: The Tcl scripting language copyright: @@ -21,7 +21,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 43a1fae7412f61ff11de2cfd05d28cfc3a73762f354a417c62370a54e2caf066 + expected-sha256: 5880225babf7954c58d4fb0f5cf6279104ce1cd6aa9b71e9a6322540e1c4de66 uri: https://downloads.sourceforge.net/project/tcl/Tcl/${{package.version}}/tcl${{package.version}}-src.tar.gz - uses: autoconf/configure From 866cd4ec0cc231fad7947b28fe0db56d960d6150 Mon Sep 17 00:00:00 2001 From: Nghia Tran Date: Wed, 28 Feb 2024 14:36:15 -0800 Subject: [PATCH 192/235] Bundle Envoy into the cilium package Since 1.14.7 and 1.15, the agent expects the exact commit for cilium/proxy so we need to bundle them together. Also add a check to remind reviewers to bump the SHA for Wolfi-bot PRs. --- cilium-1.14.yaml | 80 ++++++++++++++++++++++++++- cilium-1.14/toolchains-paths.patch | 87 ++++++++++++++++++++++++++++++ 2 files changed, 165 insertions(+), 2 deletions(-) create mode 100644 cilium-1.14/toolchains-paths.patch diff --git a/cilium-1.14.yaml b/cilium-1.14.yaml index 3549bc44642..494b1a5e96a 100644 --- a/cilium-1.14.yaml +++ b/cilium-1.14.yaml @@ -1,7 +1,7 @@ package: name: cilium-1.14 version: 1.14.6 - epoch: 0 + epoch: 1 description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane copyright: - license: Apache-2.0 @@ -23,16 +23,36 @@ package: environment: contents: packages: + - bash + - bazel-6 + - binutils - build-base - busybox - - clang + - ca-certificates-bundle + - clang~15 + - cmake - coreutils # for GNU install + # We need to stick to gcc 12 for now, envoy doesn't build with gcc >= 13 + - gcc-12-default - git - go - grep - iptables # for cilium-iptables + - libtool + - llvm-lld-15 - llvm15 + - llvm15-cmake-default + - llvm15-dev - llvm15-tools + - openjdk-11 + - patch + - python3-dev + - samurai + - wolfi-baselayout + +vars: + # https://github.com/cilium/cilium/blob/v1.14.6/images/cilium/Dockerfile + CILIUM_PROXY_COMMIT: "ad82c7c56e88989992fd25d8d67747de865c823b" pipeline: - uses: git-checkout @@ -53,6 +73,62 @@ pipeline: DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make build-container DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make install-container + - runs: | + # Check the Dockerfile for a SHA and match against the proxy SHA + ENVOY_SHA=$(grep 'FROM.*cilium-envoy' ./images/cilium/Dockerfile \ + | sed "s/^FROM.*:v[0-9.]\+-//g" | cut -d@ -f1) + + if [ "$ENVOY_SHA" != "${{vars.CILIUM_PROXY_COMMIT}}" ]; then + echo "Expected vars.CILIUM_PROXY_COMMIT to be $ENVOY_SHA. Please update" 1>&2 + exit 1 + fi + + - runs: | + # TODO: Replace with git-checkout when `commit` parameter + # is supported. + tmpdir=$(mktemp -d) + git config --global --add safe.directory $tmpdir + git config --global --add safe.directory /home/build + git clone https://github.com/cilium/proxy $tmpdir + cd $tmpdir + git reset --hard ${{vars.CILIUM_PROXY_COMMIT}} + + mkdir -p /home/build/envoy + tar -c . | (cd /home/build/envoy && tar -x) + rm -rf $tmpdir + + - uses: patch + with: + patches: toolchains-paths.patch + + - uses: go/bump + with: + modroot: /home/build/envoy + deps: golang.org/x/net@v0.17.0 + + - runs: | + cd /home/build/envoy/proxylib + make + mkdir -p ${{targets.destdir}}/usr/lib + cp -v libcilium.so ${{targets.destdir}}/usr/lib/libcilium.so + + cd /home/build/envoy + + export JAVA_HOME=/usr/lib/jvm/java-11-openjdk + mkdir -p .cache/bazel/_bazel_root + + ./bazel/setup_clang.sh /usr + + mkdir -p ${{targets.destdir}}/usr/bin + bazel build --fission=no --config=clang \ + --discard_analysis_cache \ + --nokeep_state_after_build \ + --notrack_incremental_state \ + --conlyopt="-Wno-strict-prototypes" \ + --verbose_failures -c opt //:cilium-envoy + + cp -v bazel-bin/cilium-envoy ${{targets.destdir}}/usr/bin/cilium-envoy + - uses: strip subpackages: diff --git a/cilium-1.14/toolchains-paths.patch b/cilium-1.14/toolchains-paths.patch new file mode 100644 index 00000000000..d7195b715b8 --- /dev/null +++ b/cilium-1.14/toolchains-paths.patch @@ -0,0 +1,87 @@ +diff --git a/envoy/bazel/toolchains/BUILD b/envoy/bazel/toolchains/BUILD +index b806112b6..024d8882e 100644 +--- a/envoy/bazel/toolchains/BUILD ++++ b/envoy/bazel/toolchains/BUILD +@@ -48,6 +48,11 @@ cc_toolchain_config( + coverage_link_flags = ["--coverage"], + cpu = "aarch64", + cxx_builtin_include_directories = [ ++ # These aren't how we configure where to look, but which files ++ # Bazel allows us to use in the build. So we don't have to be ++ # super exact and specify the version in the path. ++ "/usr/lib64/gcc/aarch64-unknown-linux-gnu", ++ "/usr/lib/clang", + "/usr/lib/llvm-15", + "/usr/aarch64-linux-gnu/include", + "/usr/include", +@@ -76,18 +81,18 @@ cc_toolchain_config( + target_libc = "glibc", + target_system_name = "aarch64-linux-gnu", + tool_paths = { +- "ar": "/usr/bin/llvm-ar-15", +- "compat-ld": "/usr/bin/lld-15", +- "ld": "/usr/bin/lld-15", +- "gold": "/usr/bin/lld-15", ++ "ar": "/usr/bin/llvm-ar", ++ "compat-ld": "/usr/bin/lld", ++ "ld": "/usr/bin/lld", ++ "gold": "/usr/bin/lld", + "cpp": "/usr/bin/clang-cpp-15", + "gcc": "/usr/bin/clang-15", +- "dwp": "/usr/bin/llvm-dwp-15", +- "gcov": "/usr/bin/llvmcov-15", +- "nm": "/usr/bin/llvm-nm-15", +- "objcopy": "/usr/bin/llvm-objcopy-15", +- "objdump": "/usr/bin/llvm-objdump-15", +- "strip": "/usr/bin/llvm-strip-15", ++ "dwp": "/usr/bin/llvm-dwp", ++ "gcov": "/usr/bin/llvmcov", ++ "nm": "/usr/bin/llvm-nm", ++ "objcopy": "/usr/bin/llvm-objcopy", ++ "objdump": "/usr/bin/llvm-objdump", ++ "strip": "/usr/bin/llvm-strip", + }, + toolchain_identifier = "linux_aarch64", + unfiltered_compile_flags = [ +@@ -146,6 +151,11 @@ cc_toolchain_config( + coverage_link_flags = ["--coverage"], + cpu = "k8", + cxx_builtin_include_directories = [ ++ # These aren't how we configure where to look, but which files ++ # Bazel allows us to use in the build. So we don't have to be ++ # super exact and specify the version in the path. ++ "/usr/lib64/gcc/x86_64-pc-linux-gnu", ++ "/usr/lib/clang", + "/usr/lib/llvm-15", + "/usr/x86_64-linux-gnu/include", + "/usr/include", +@@ -174,18 +184,18 @@ cc_toolchain_config( + target_libc = "unknown", + target_system_name = "unknown", + tool_paths = { +- "ar": "/usr/bin/llvm-ar-15", +- "compat-ld": "/usr/bin/lld-15", +- "ld": "/usr/bin/lld-15", +- "gold": "/usr/bin/lld-15", +- "cpp": "/usr/bin/clang-cpp-15", ++ "ar": "/usr/bin/llvm-ar", ++ "compat-ld": "/usr/bin/lld", ++ "ld": "/usr/bin/lld", ++ "gold": "/usr/bin/lld", ++ "cpp": "/usr/bin/clang-cpp", + "gcc": "/usr/bin/clang-15", +- "dwp": "/usr/bin/llvm-dwp-15", +- "gcov": "/usr/bin/llvmcov-15", +- "nm": "/usr/bin/llvm-nm-15", +- "objcopy": "/usr/bin/llvm-objcopy-15", +- "objdump": "/usr/bin/llvm-objdump-15", +- "strip": "/usr/bin/llvm-strip-15", ++ "dwp": "/usr/bin/llvm-dwp", ++ "gcov": "/usr/bin/llvmcov", ++ "nm": "/usr/bin/llvm-nm", ++ "objcopy": "/usr/bin/llvm-objcopy", ++ "objdump": "/usr/bin/llvm-objdump", ++ "strip": "/usr/bin/llvm-strip", + }, + toolchain_identifier = "linux_x86_64", + unfiltered_compile_flags = [ From 829690f56497512912d6d1a327c472471ef82da8 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 00:22:24 +0000 Subject: [PATCH 193/235] wasmtime/18.0.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- wasmtime.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wasmtime.yaml b/wasmtime.yaml index fd2e5810088..a3d3f452746 100644 --- a/wasmtime.yaml +++ b/wasmtime.yaml @@ -1,6 +1,6 @@ package: name: wasmtime - version: 18.0.1 + version: 18.0.2 epoch: 0 description: "A fast and secure runtime for WebAssembly" copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/bytecodealliance/wasmtime tag: v${{package.version}} - expected-commit: 446862c70ce87201ca5438ebdd054977dd2eed5b + expected-commit: 90db6e99f03d9cdd4cd45679df9b9124d6277d9c - name: Configure and build runs: | From 36f7021379107aa24d75128c0e0707132a51495b Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Wed, 28 Feb 2024 17:51:00 -0700 Subject: [PATCH 194/235] chore(dask-gateway): Add tests Signed-off-by: RJ Sampson --- dask-gateway.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/dask-gateway.yaml b/dask-gateway.yaml index fd2310a4e83..18783099116 100644 --- a/dask-gateway.yaml +++ b/dask-gateway.yaml @@ -100,9 +100,43 @@ subpackages: mkdir -p ${{targets.subpkgdir}}/usr/bin/ ln -s /usr/share/${{package.name}}-server/.venv/bin/${{package.name}}-jobqueue-launcher ${{targets.subpkgdir}}/usr/bin/${{package.name}}-jobqueue-launcher ln -s /usr/share/${{package.name}}-server/.venv/bin/${{package.name}}-server ${{targets.subpkgdir}}/usr/bin/${{package.name}}-server + test: + environment: + contents: + packages: + - wolfi-base + pipeline: + - runs: | + # Version check, also ensures executable paths are correct + dask-gateway-server --version + + # Test imports in virtual environment + source /usr/share/${{package.name}}-server/.venv/bin/activate + python -c "import dask_gateway_server" + python -c "import kubernetes_asyncio" + python -c "import sqlalchemy" + python -c "import typing_extensions" update: enabled: true github: identifier: dask/dask-gateway use-tag: true + +test: + environment: + contents: + packages: + - wolfi-base + pipeline: + - runs: | + # Version check, also ensures executable paths are correct + dask --version + dask-scheduler --version + dask-ssh --version + dask-worker --version + + # Test imports in virtual environment + source /usr/share/${{package.name}}/.venv/bin/activate + python -c "import dask_gateway" + python -c "from dask_gateway import Gateway" From 58956c50d7979b238fb32b25cac856d4f3463686 Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Wed, 28 Feb 2024 13:23:46 -0700 Subject: [PATCH 195/235] chore(chromium): Add Chromium Docker Selenium compat package Since these files are tied to the Chromium version, it's best we create them while packaging Chromium instead of incrementing Docker Selenium's epoch for a rebuild Signed-off-by: RJ Sampson --- chromium.yaml | 14 +++++++++++++- docker-selenium.yaml | 12 ++---------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/chromium.yaml b/chromium.yaml index 10d605aa0f1..cc1ede0475d 100644 --- a/chromium.yaml +++ b/chromium.yaml @@ -2,7 +2,7 @@ package: name: chromium version: 122.0.6261.99 - epoch: 0 + epoch: 1 description: "Open souce version of Google's chrome web browser" copyright: - license: BSD-3-Clause @@ -201,6 +201,18 @@ subpackages: mkdir -p ${{targets.subpkgdir}}/usr/lib/${{package.name}} mv ${{targets.destdir}}/usr/lib/${{package.name}}/locales ${{targets.subpkgdir}}/usr/lib/${{package.name}} + # https://github.com/SeleniumHQ/docker-selenium/blob/trunk/NodeChrome/Dockerfile + - name: chromium-docker-selenium-compat + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/opt/selenium + + ln -sf /usr/lib/chromium/chromedriver ${{targets.subpkgdir}}/opt/selenium/chromedriver-${{package.version}} + + echo "chrome" > ${{targets.subpkgdir}}/opt/selenium/browser_name + echo ${{package.version}} > ${{targets.subpkgdir}}/opt/selenium/browser_version + echo "\"goog:chromeOptions\": {\"binary\": \"/usr/bin/chromium\"}" > ${{targets.subpkgdir}}/opt/selenium/browser_binary_location + update: enabled: true release-monitor: diff --git a/docker-selenium.yaml b/docker-selenium.yaml index fafdc6c82a5..9e02cf2c5d2 100644 --- a/docker-selenium.yaml +++ b/docker-selenium.yaml @@ -5,7 +5,7 @@ package: # 'package format error' when trying to install the package. The workaround is # to replace '-' with '.', then mangling the version to replace back. version: 4.18.1.20240224 - epoch: 0 + epoch: 1 description: Provides a simple way to run Selenium Grid with Chrome, Firefox, and Edge using Docker, making it easier to perform browser automation copyright: - license: Apache-2.0 @@ -19,6 +19,7 @@ package: - bash - busybox - chromium + - chromium-docker-selenium-compat - coreutils - fluxbox - font-ipa @@ -62,7 +63,6 @@ environment: - busybox - bzip2 - ca-certificates-bundle - - chromium - curl - git - gnupg @@ -151,14 +151,6 @@ pipeline: - runs: | install -Dm755 wrap_chrome_binary ${{targets.destdir}}/opt/bin/wrap_chrome_binary - export CHROMEDRIVER_VERSION=$(/usr/lib/chromium/chromedriver --version | awk '{print $2}') - ln -sf /usr/lib/chromium/chromedriver ${{targets.destdir}}/opt/selenium/chromedriver-$CHROMEDRIVER_VERSION - - export CHROMIUM_VERSION=$(/usr/bin/chromium-browser --product-version) - echo "chrome" > ${{targets.destdir}}/opt/selenium/browser_name - echo $CHROMIUM_VERSION > ${{targets.destdir}}/opt/selenium/browser_version - echo "\"goog:chromeOptions\": {\"binary\": \"/usr/bin/chromium\"}" > ${{targets.destdir}}/opt/selenium/browser_binary_location - # https://github.com/SeleniumHQ/docker-selenium/blob/trunk/Standalone/Dockerfile - working-directory: Standalone pipeline: From f2abbe5b7231993d040c1fa6c04f3c7ba71e2404 Mon Sep 17 00:00:00 2001 From: ajayk Date: Wed, 28 Feb 2024 17:04:27 -0800 Subject: [PATCH 196/235] remove cilium as it is version streamed now --- cilium.yaml | 118 --------------------------------- cilium/loopback-location.patch | 15 ----- withdrawn-packages.txt | 82 ++++++++++++++++++++++- 3 files changed, 81 insertions(+), 134 deletions(-) delete mode 100644 cilium.yaml delete mode 100644 cilium/loopback-location.patch diff --git a/cilium.yaml b/cilium.yaml deleted file mode 100644 index db7a6d10dcd..00000000000 --- a/cilium.yaml +++ /dev/null @@ -1,118 +0,0 @@ -package: - name: cilium - version: 1.15.1 - epoch: 0 - description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane - copyright: - - license: Apache-2.0 - dependencies: - runtime: - - bpftool - # cilium does compilations at runtime on the node. - - clang - - cni-plugins-loopback - - iproute2 - - ipset - - iptables - - kmod - - llvm15 - - llvm15-tools - -environment: - contents: - packages: - - build-base - - busybox - - clang - - coreutils # for GNU install - - git - - go - - grep - - iptables # for cilium-iptables - - llvm15 - - llvm15-tools - -pipeline: - - uses: git-checkout - with: - repository: https://github.com/cilium/cilium - tag: v${{package.version}} - expected-commit: a368c8f0f34dfe9a47e8a621af31ea94337f6fb5 - - - uses: patch - with: - patches: loopback-location.patch - - - runs: | - # Remove groupadd from Makefile: it's not doing anything useful in - # a package build anyway, and it's not available in busybox. - find . -name Makefile -exec sed -i '/groupadd/d' {} \; - - DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make build-container - DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make install-container - - - uses: strip - -subpackages: - - name: ${{package.name}}-container-init - description: init scripts for cilium - pipeline: - - runs: | - mkdir -p ${{targets.subpkgdir}}/usr/bin - cp images/cilium/init-container.sh \ - plugins/cilium-cni/install-plugin.sh \ - plugins/cilium-cni/cni-uninstall.sh \ - ${{targets.subpkgdir}}/usr/bin - - - name: ${{package.name}}-container-init-compat - description: init scripts for cilium - dependencies: - runtime: - - ${{package.name}}-container-init - pipeline: - - runs: | - mkdir -p ${{targets.subpkgdir}} - ln -sf /usr/bin/init-container.sh ${{targets.subpkgdir}}/init-container.sh - ln -sf /usr/bin/install-plugin.sh ${{targets.subpkgdir}}/install-plugin.sh - ln -sf /usr/bin/cni-uninstall.sh ${{targets.subpkgdir}}/cni-uninstall.sh - - - name: ${{package.name}}-iptables - description: iptables compatibility package for cilium - dependencies: - runtime: - - iptables - pipeline: - - runs: | - # This script generates a wrapper based on the version - # of iptables provided by the build environment. - ./images/runtime/iptables-wrapper-installer.sh - mkdir -p ${{targets.subpkgdir}}/sbin - mv /sbin/iptables-wrapper ${{targets.subpkgdir}}/sbin/iptables-wrapper - - uses: strip - - - name: ${{package.name}}-operator-generic - description: Generic operator for cilium - dependencies: - runtime: - - gops - pipeline: - - runs: | - cd /home/build/operator - make cilium-operator-generic - DESTDIR=${{targets.subpkgdir}} make install-generic - - uses: strip - - - name: hubble-relay - description: Hubble relay - pipeline: - - runs: | - cd /home/build/hubble-relay - make hubble-relay - DESTDIR=${{targets.subpkgdir}} make install - - uses: strip - -update: - enabled: true - github: - identifier: cilium/cilium - strip-prefix: v diff --git a/cilium/loopback-location.patch b/cilium/loopback-location.patch deleted file mode 100644 index 43100bb074e..00000000000 --- a/cilium/loopback-location.patch +++ /dev/null @@ -1,15 +0,0 @@ -Update the loopback binary location to be /usr/bin - -diff --git a/plugins/cilium-cni/install-plugin.sh b/plugins/cilium-cni/install-plugin.sh -index f3d589acc8..9cd4673fbf 100755 ---- a/plugins/cilium-cni/install-plugin.sh -+++ b/plugins/cilium-cni/install-plugin.sh -@@ -30,7 +30,7 @@ install_cni() { - # Install the CNI loopback driver if not installed already - if [ ! -f "${CNI_DIR}/bin/loopback" ]; then - # Don't fail hard if this fails as it is usually not required -- install_cni /cni/loopback || true -+ install_cni /usr/bin/loopback || true - fi - - install_cni "/opt/cni/bin/${BIN_NAME}" diff --git a/withdrawn-packages.txt b/withdrawn-packages.txt index 63aaee25abc..67ed625d6ff 100644 --- a/withdrawn-packages.txt +++ b/withdrawn-packages.txt @@ -114,4 +114,84 @@ envoy-oci-entrypoint-1.27.2-r0.apk envoy-oci-entrypoint-1.28.0-r0.apk envoy-oci-entrypoint-1.28.0-r1.apk envoy-oci-entrypoint-1.28.0-r2.apk -envoy-oci-entrypoint-1.29.1-r0.apk \ No newline at end of file +envoy-oci-entrypoint-1.29.1-r0.apk +cilium-1.14.2-r0.apk +cilium-1.14.3-r0.apk +cilium-1.14.3-r1.apk +cilium-1.14.3-r2.apk +cilium-1.14.4-r0.apk +cilium-1.14.4-r1.apk +cilium-1.14.4-r2.apk +cilium-1.14.4-r3.apk +cilium-1.14.5-r0.apk +cilium-1.14.5-r1.apk +cilium-1.14.5-r2.apk +cilium-1.14.6-r0.apk +cilium-1.15.0-r0.apk +cilium-1.15.1-r0.apk +cilium-container-init-1.14.3-r1.apk +cilium-container-init-1.14.3-r2.apk +cilium-container-init-1.14.4-r0.apk +cilium-container-init-1.14.4-r1.apk +cilium-container-init-1.14.4-r2.apk +cilium-container-init-1.14.4-r3.apk +cilium-container-init-1.14.5-r0.apk +cilium-container-init-1.14.5-r1.apk +cilium-container-init-1.14.5-r2.apk +cilium-container-init-1.14.6-r0.apk +cilium-container-init-1.15.0-r0.apk +cilium-container-init-1.15.1-r0.apk +cilium-container-init-compat-1.14.3-r1.apk +cilium-container-init-compat-1.14.3-r2.apk +cilium-container-init-compat-1.14.4-r0.apk +cilium-container-init-compat-1.14.4-r1.apk +cilium-container-init-compat-1.14.4-r2.apk +cilium-container-init-compat-1.14.4-r3.apk +cilium-container-init-compat-1.14.5-r0.apk +cilium-container-init-compat-1.14.5-r1.apk +cilium-container-init-compat-1.14.5-r2.apk +cilium-container-init-compat-1.14.6-r0.apk +cilium-container-init-compat-1.15.0-r0.apk +cilium-container-init-compat-1.15.1-r0.apk +cilium-iptables-1.14.2-r0.apk +cilium-iptables-1.14.3-r0.apk +cilium-iptables-1.14.3-r1.apk +cilium-iptables-1.14.3-r2.apk +cilium-iptables-1.14.4-r0.apk +cilium-iptables-1.14.4-r1.apk +cilium-iptables-1.14.4-r2.apk +cilium-iptables-1.14.4-r3.apk +cilium-iptables-1.14.5-r0.apk +cilium-iptables-1.14.5-r1.apk +cilium-iptables-1.14.5-r2.apk +cilium-iptables-1.14.6-r0.apk +cilium-iptables-1.15.0-r0.apk +cilium-iptables-1.15.1-r0.apk +cilium-operator-generic-1.14.2-r0.apk +cilium-operator-generic-1.14.3-r0.apk +cilium-operator-generic-1.14.3-r1.apk +cilium-operator-generic-1.14.3-r2.apk +cilium-operator-generic-1.14.4-r0.apk +cilium-operator-generic-1.14.4-r1.apk +cilium-operator-generic-1.14.4-r2.apk +cilium-operator-generic-1.14.4-r3.apk +cilium-operator-generic-1.14.5-r0.apk +cilium-operator-generic-1.14.5-r1.apk +cilium-operator-generic-1.14.5-r2.apk +cilium-operator-generic-1.14.6-r0.apk +cilium-operator-generic-1.15.0-r0.apk +cilium-operator-generic-1.15.1-r0.apk +hubble-relay-1.14.2-r0 x86_64.apk +hubble-relay-1.14.3-r0 x86_64.apk +hubble-relay-1.14.3-r1 x86_64.apk +hubble-relay-1.14.3-r2 x86_64.apk +hubble-relay-1.14.4-r0 x86_64.apk +hubble-relay-1.14.4-r1 x86_64.apk +hubble-relay-1.14.4-r2 x86_64.apk +hubble-relay-1.14.4-r3 x86_64.apk +hubble-relay-1.14.5-r0 x86_64.apk +hubble-relay-1.14.5-r1 x86_64.apk +hubble-relay-1.14.5-r2 x86_64.apk +hubble-relay-1.14.6-r0 x86_64.apk +hubble-relay-1.15.0-r0 x86_64.apk +hubble-relay-1.15.1-r0 x86_64.apk \ No newline at end of file From 21bb85519f39b3f90f1a9ef8afbaaaf27afde6f1 Mon Sep 17 00:00:00 2001 From: kaniini Date: Thu, 29 Feb 2024 01:22:11 +0000 Subject: [PATCH 197/235] Update images digests --- .github/workflows/build-world.yaml | 2 +- .github/workflows/build.yaml | 6 +++--- .github/workflows/ci-build.yaml | 8 ++++---- .github/workflows/lint-world.yaml | 2 +- Makefile | 4 ++-- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-world.yaml b/.github/workflows/build-world.yaml index ca7fb11641f..76794abc685 100644 --- a/.github/workflows/build-world.yaml +++ b/.github/workflows/build-world.yaml @@ -24,7 +24,7 @@ jobs: # permissions: container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 # TODO: Deprivilege options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 573d8983ab0..0f8626fe040 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -29,7 +29,7 @@ jobs: contents: read container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 # TODO: Deprivilege options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined @@ -142,7 +142,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 steps: - uses: actions/checkout@v4 @@ -254,7 +254,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 6bfbdc2324d..432da697c8d 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -33,7 +33,7 @@ jobs: run: | # Copy wolfictl out of the wolfictl image and onto PATH TMP=$(mktemp -d) - docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 -c "cp /usr/bin/wolfictl /out" + docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 -c "cp /usr/bin/wolfictl /out" echo "$TMP" >> $GITHUB_PATH # Assuming that we have a list of changed files such as `foo.yaml` and `bar.yaml`, this @@ -70,7 +70,7 @@ jobs: group: wolfi-builder-${{ matrix.arch }} needs: changes container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --security-opt seccomp=unconfined --security-opt apparmor:unconfined outputs: @@ -193,7 +193,7 @@ jobs: name: "ABI Compatibility check" runs-on: ubuntu-latest container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 needs: build if: needs.build.outputs.packages_were_built == 'true' @@ -232,7 +232,7 @@ jobs: name: "Scan packages for CVEs" runs-on: ubuntu-latest container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 needs: build if: needs.build.outputs.packages_were_built == 'true' diff --git a/.github/workflows/lint-world.yaml b/.github/workflows/lint-world.yaml index b5549e0c640..c1d953a78e2 100644 --- a/.github/workflows/lint-world.yaml +++ b/.github/workflows/lint-world.yaml @@ -29,7 +29,7 @@ jobs: group: wolfi-os-builder-${{ matrix.arch }} container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 steps: - uses: actions/checkout@v4 diff --git a/Makefile b/Makefile index 1cabce4847e..89fa9da279e 100644 --- a/Makefile +++ b/Makefile @@ -187,7 +187,7 @@ dev-container: -v "${PWD}:${PWD}" \ -w "${PWD}" \ -e SOURCE_DATE_EPOCH=0 \ - ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 PACKAGES_CONTAINER_FOLDER ?= /work/packages TMP_REPOSITORIES_DIR := $(shell mktemp -d) @@ -252,6 +252,6 @@ dev-container-wolfi: --mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \ --mount type=bind,source="$(TMP_REPOSITORIES_FILE)",destination="/etc/apk/repositories",readonly \ -w "$(PACKAGES_CONTAINER_FOLDER)" \ - ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 @rm "$(TMP_REPOSITORIES_FILE)" @rmdir "$(TMP_REPOSITORIES_DIR)" From 1f6ac0dfeb89ffddf0fa1648c5c58b7fa518322c Mon Sep 17 00:00:00 2001 From: ajayk Date: Wed, 28 Feb 2024 17:30:34 -0800 Subject: [PATCH 198/235] withdraw: cilium hubble relay --- withdrawn-packages.txt | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/withdrawn-packages.txt b/withdrawn-packages.txt index 67ed625d6ff..440a6a44716 100644 --- a/withdrawn-packages.txt +++ b/withdrawn-packages.txt @@ -181,17 +181,17 @@ cilium-operator-generic-1.14.5-r2.apk cilium-operator-generic-1.14.6-r0.apk cilium-operator-generic-1.15.0-r0.apk cilium-operator-generic-1.15.1-r0.apk -hubble-relay-1.14.2-r0 x86_64.apk -hubble-relay-1.14.3-r0 x86_64.apk -hubble-relay-1.14.3-r1 x86_64.apk -hubble-relay-1.14.3-r2 x86_64.apk -hubble-relay-1.14.4-r0 x86_64.apk -hubble-relay-1.14.4-r1 x86_64.apk -hubble-relay-1.14.4-r2 x86_64.apk -hubble-relay-1.14.4-r3 x86_64.apk -hubble-relay-1.14.5-r0 x86_64.apk -hubble-relay-1.14.5-r1 x86_64.apk -hubble-relay-1.14.5-r2 x86_64.apk -hubble-relay-1.14.6-r0 x86_64.apk -hubble-relay-1.15.0-r0 x86_64.apk -hubble-relay-1.15.1-r0 x86_64.apk \ No newline at end of file +hubble-relay-1.14.2-r0.apk +hubble-relay-1.14.3-r0.apk +hubble-relay-1.14.3-r1.apk +hubble-relay-1.14.3-r2.apk +hubble-relay-1.14.4-r0.apk +hubble-relay-1.14.4-r1.apk +hubble-relay-1.14.4-r2.apk +hubble-relay-1.14.4-r3.apk +hubble-relay-1.14.5-r0.apk +hubble-relay-1.14.5-r1.apk +hubble-relay-1.14.5-r2.apk +hubble-relay-1.14.6-r0.apk +hubble-relay-1.15.0-r0.apk +hubble-relay-1.15.1-r0.apk \ No newline at end of file From b26293bfe18287384592853146a432694bbd785a Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Thu, 29 Feb 2024 01:45:47 +0000 Subject: [PATCH 199/235] remediate cves in terraform-docs and kind Signed-off-by: Jason Hall --- kind.yaml | 13 +++++++++---- terraform-docs.yaml | 18 ++++++++++++++---- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/kind.yaml b/kind.yaml index 251db8cd2ef..f619259cd65 100644 --- a/kind.yaml +++ b/kind.yaml @@ -1,7 +1,7 @@ package: name: kind version: 0.22.0 - epoch: 0 + epoch: 1 description: Kubernetes IN Docker - local clusters for testing Kubernetes copyright: - license: Apache-2.0 @@ -15,10 +15,15 @@ environment: - go pipeline: - - uses: fetch + - uses: git-checkout with: - uri: https://github.com/kubernetes-sigs/kind/archive/refs/tags/v${{package.version}}.tar.gz - expected-sha256: e3e21c8d1c4566d0d255e16e65bbc39297c8f5db41e7ec38d9d62a1ac9e51980 + repository: https://github.com/kubernetes-sigs/kind + tag: v${{package.version}} + expected-commit: 2b248e7df157d4f1a44ecea114be3d58c9232930 + + - uses: go/bump + with: + deps: golang.org/x/sys@v0.0.0-20220412211240-33da011f77ad - runs: | make build diff --git a/terraform-docs.yaml b/terraform-docs.yaml index e7da8455398..b319b7360e6 100644 --- a/terraform-docs.yaml +++ b/terraform-docs.yaml @@ -1,16 +1,26 @@ package: name: terraform-docs version: 0.17.0 - epoch: 0 + epoch: 1 description: Generate documentation from Terraform modules in various output formats copyright: - license: MIT pipeline: - - uses: go/install + - uses: git-checkout with: - package: github.com/terraform-docs/terraform-docs - version: v${{package.version}} + repository: https://github.com/terraform-docs/terraform-docs + tag: v${{package.version}} + expected-commit: 795d369fdcfbadef3cfca311be03135f794998c5 + + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.17.0 + + - uses: go/build + with: + packages: ./cmd + output: terraform-docs test: pipeline: From 3b7dc66518768944bde32b0567afd6bc05d20a6d Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Thu, 29 Feb 2024 01:57:38 +0000 Subject: [PATCH 200/235] fix tf-docs Signed-off-by: Jason Hall --- terraform-docs.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform-docs.yaml b/terraform-docs.yaml index b319b7360e6..fbc065593be 100644 --- a/terraform-docs.yaml +++ b/terraform-docs.yaml @@ -19,12 +19,12 @@ pipeline: - uses: go/build with: - packages: ./cmd + packages: . output: terraform-docs test: pipeline: - - runs: terraform-docs --help + - runs: ls -lh /usr/bin && terraform-docs --help update: enabled: true From 6c368edca609a82e6483b7098456513e8c2f644b Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 02:12:27 +0000 Subject: [PATCH 201/235] gitlab-shell/14.34.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- gitlab-shell.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitlab-shell.yaml b/gitlab-shell.yaml index e4d4290935c..8d652339208 100644 --- a/gitlab-shell.yaml +++ b/gitlab-shell.yaml @@ -4,7 +4,7 @@ #nolint:git-checkout-must-use-github-updates package: name: gitlab-shell - version: 14.33.0 + version: 14.34.0 epoch: 0 description: SSH access for GitLab copyright: From df3c624e4d78e75e49cf4e1efe8480915f9acc1c Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 03:14:45 +0000 Subject: [PATCH 202/235] fulcio/1.4.4 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- fulcio.yaml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/fulcio.yaml b/fulcio.yaml index 44ff6653c29..7a13e5edc78 100644 --- a/fulcio.yaml +++ b/fulcio.yaml @@ -1,7 +1,7 @@ package: name: fulcio - version: 1.4.3 - epoch: 4 + version: 1.4.4 + epoch: 0 description: Sigstore OIDC PKI copyright: - license: Apache-2.0 @@ -13,15 +13,10 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 99cb25d0099dfd9d8e0b0da05d8cf129177ebaa0 + expected-commit: 5c9ae3ccebc6430309ea4c0181db9642b21f449f repository: https://github.com/sigstore/fulcio tag: v${{package.version}} - - uses: go/bump - with: - deps: github.com/go-jose/go-jose/v3@v3.0.1 golang.org/x/crypto@v0.17.0 - modroot: . - - uses: go/build with: ldflags: -s -w From b6eb775ba5a943ff3c139b2d5976f665369b1bd2 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 03:15:21 +0000 Subject: [PATCH 203/235] ingress-nginx-controller/1.10.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- ingress-nginx-controller.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/ingress-nginx-controller.yaml b/ingress-nginx-controller.yaml index 5e394bd4213..35561cec6bb 100644 --- a/ingress-nginx-controller.yaml +++ b/ingress-nginx-controller.yaml @@ -1,8 +1,8 @@ #nolint:valid-pipeline-fetch-digest package: name: ingress-nginx-controller - version: 1.9.6 - epoch: 1 + version: 1.10.0 + epoch: 0 description: "Ingress-NGINX Controller for Kubernetes" copyright: - license: Apache-2.0 @@ -137,11 +137,7 @@ pipeline: with: repository: https://github.com/kubernetes/ingress-nginx tag: controller-v${{package.version}} - expected-commit: 7d6fa0badf074389b41857424ef2e580f104582b - - - uses: go/bump - with: - deps: github.com/opencontainers/runc@v1.1.12 + expected-commit: 71f78d49f0a496c31d4c19f095469f3f23900f8a - name: Build ingress-nginx controller from source runs: | From a87ff964c22a4912122f49649d7d85c491b09eae Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 03:15:30 +0000 Subject: [PATCH 204/235] lean4/4.6.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- lean4.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lean4.yaml b/lean4.yaml index 84a77bbe1b4..22731841041 100644 --- a/lean4.yaml +++ b/lean4.yaml @@ -1,6 +1,6 @@ package: name: lean4 - version: 4.5.0 + version: 4.6.0 epoch: 0 description: "Secure Reliable Transport (SRT)" copyright: @@ -22,7 +22,7 @@ pipeline: with: repository: https://github.com/leanprover/lean4 tag: v${{package.version}} - expected-commit: 1a3021f98e55a274217b3bbf92b2d449bae843c3 + expected-commit: a5bc9013ab13f7b186cf154d396036b1d7c23370 - runs: | # This doesn't work with Ninja so we can't use our default pipelines. From aa6116e2fa0ebbf16c0a95fdf0259545d537bd1d Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 03:15:35 +0000 Subject: [PATCH 205/235] aws-c-s3/0.5.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- aws-c-s3.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws-c-s3.yaml b/aws-c-s3.yaml index 5dc60c11c21..821809d133b 100644 --- a/aws-c-s3.yaml +++ b/aws-c-s3.yaml @@ -1,6 +1,6 @@ package: name: aws-c-s3 - version: 0.5.1 + version: 0.5.2 epoch: 0 description: "AWS C99 library implementation for communicating with the S3 service" copyright: @@ -36,7 +36,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: b8737af410b66d20890bf446de3724722f7916f6a66114b1f79892dc83884ffb + expected-sha256: 57f048d850673587aa29960eb3227121c18baf2ab8efd720bc93b2ae54386604 uri: https://github.com/awslabs/aws-c-s3/archive/refs/tags/v${{package.version}}.tar.gz - runs: | From 28702b7d614803f076028f28226338dc2cff9590 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 03:15:40 +0000 Subject: [PATCH 206/235] task/3.35.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- task.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/task.yaml b/task.yaml index 01705ef71e1..8d90995c07c 100644 --- a/task.yaml +++ b/task.yaml @@ -1,6 +1,6 @@ package: name: task - version: 3.34.1 + version: 3.35.0 epoch: 0 description: A task runner / simpler Make alternative written in Go copyright: From 1d0c17fc731e22d04d4e7b4e8911cae0f79e5d81 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 03:15:44 +0000 Subject: [PATCH 207/235] py3-openai/1.13.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-openai.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-openai.yaml b/py3-openai.yaml index b7033fc9c83..6b8266be2c2 100644 --- a/py3-openai.yaml +++ b/py3-openai.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/openai/ package: name: py3-openai - version: 1.13.2 + version: 1.13.3 epoch: 0 description: Python client library for the OpenAI API copyright: @@ -36,7 +36,7 @@ pipeline: with: repository: https://github.com/openai/openai-python.git tag: v${{package.version}} - expected-commit: a7115b5f33acd27326e5f78e19beb0d73bd3268e + expected-commit: e41abf7b7dbc1e744d167f748e55d4dedfc0dca7 - name: Python Build uses: python/build-wheel From 8bc222db3dabd0de08bad1a3d1a48887330cf6f8 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 03:15:48 +0000 Subject: [PATCH 208/235] py3-sqlglot/22.1.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-sqlglot.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-sqlglot.yaml b/py3-sqlglot.yaml index 918f5b82a04..c88010eb067 100644 --- a/py3-sqlglot.yaml +++ b/py3-sqlglot.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/sqlglot/ package: name: py3-sqlglot - version: 22.0.2 + version: 22.1.0 epoch: 0 description: An easily customizable SQL parser and transpiler copyright: @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/tobymao/sqlglot tag: v${{package.version}} - expected-commit: c0d355a27d86539dfd95a87fea7e1bd75c4fabe4 + expected-commit: 63939796b39c69b25adfc6f224ccd4761f23cb66 - name: Python Build runs: python setup.py build From c83bab5bac28485b0bb2bc32f0e658f07605fa3d Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 03:15:56 +0000 Subject: [PATCH 209/235] vim/9.1.0143 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- vim.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vim.yaml b/vim.yaml index 3af004a2daa..da756b444eb 100644 --- a/vim.yaml +++ b/vim.yaml @@ -1,6 +1,6 @@ package: name: vim - version: 9.1.0140 + version: 9.1.0143 epoch: 0 description: "Improved vi-style text editor" copyright: @@ -21,7 +21,7 @@ pipeline: - uses: fetch with: uri: https://github.com/vim/vim/archive/v${{package.version}}.tar.gz - expected-sha256: be99e77183372b3da93d3b17342b3e8b2f8dcdd4dce6b3f8dce260b5d2e875b0 + expected-sha256: aeeb3531fb662910917a6f14c24f15b626f5eca27af1ce4b9bb7c8c12fc11ce9 - runs: | # vim seems to manually set FORTIFY_SOURCE=1, and setting both breaks the build From e1d24afa9b46f7555f5b69cbddd1be639195185c Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 03:16:29 +0000 Subject: [PATCH 210/235] loki/2.9.5 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- loki.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/loki.yaml b/loki.yaml index 8c6382e256c..39df971c8e0 100644 --- a/loki.yaml +++ b/loki.yaml @@ -1,6 +1,6 @@ package: name: loki - version: 2.9.4 + version: 2.9.5 epoch: 0 description: Like Prometheus, but for logs. copyright: @@ -17,13 +17,13 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: f599ebc5355e52099e2f52a74c1fee8baf28db53 + expected-commit: e759cae3b9b1e1c7378a451d1d5da209c5895f8c repository: https://github.com/grafana/loki tag: v${{package.version}} - uses: go/bump with: - deps: github.com/docker/docker@v24.0.7+incompatible github.com/prometheus/alertmanager@v0.25.1 + deps: github.com/docker/docker@v24.0.7+incompatible - uses: autoconf/make From c927a7e0c112e6ac4c0c4a807a66388ea19e5789 Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Wed, 28 Feb 2024 20:17:59 -0700 Subject: [PATCH 211/235] chore(chromium): Symlink chromedriver to the executable path Given chromedriver is an executable, it should be available in the execution path. Signed-off-by: RJ Sampson --- chromium.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/chromium.yaml b/chromium.yaml index cc1ede0475d..8089b167889 100644 --- a/chromium.yaml +++ b/chromium.yaml @@ -2,7 +2,7 @@ package: name: chromium version: 122.0.6261.99 - epoch: 1 + epoch: 2 description: "Open souce version of Google's chrome web browser" copyright: - license: BSD-3-Clause @@ -179,6 +179,7 @@ pipeline: mv locales ${{targets.destdir}}/usr/lib/${{package.name}} # links ln -sf /usr/lib/${{package.name}}/chrome ${{targets.destdir}}/usr/bin/chromium-browser + ln -sf /usr/lib/${{package.name}}/chromedriver ${{targets.destdir}}/usr/bin/chromedriver ln -sf chromium-browser ${{targets.destdir}}/usr/bin/chromium mkdir -p ${{targets.destdir}}/etc/chromium From 988c0f51ed322114692617df81baa4fdc48c5d27 Mon Sep 17 00:00:00 2001 From: Ajay Kemparaj Date: Wed, 28 Feb 2024 19:32:27 -0800 Subject: [PATCH 212/235] Update gitlab-shell.yaml Signed-off-by: Ajay Kemparaj --- gitlab-shell.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitlab-shell.yaml b/gitlab-shell.yaml index 8d652339208..edba3520640 100644 --- a/gitlab-shell.yaml +++ b/gitlab-shell.yaml @@ -28,7 +28,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: c1c3257797f0412848d55bcfe26cf5a79b1a56ce + expected-commit: 7118b75b3562c6593a16f5cd3ef6a5d9d2baed29 repository: https://gitlab.com/gitlab-org/gitlab-shell tag: v${{package.version}} From 3626be965f294aa764783483239f245d07df6900 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 07:59:03 +0000 Subject: [PATCH 213/235] up/0.24.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- up.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/up.yaml b/up.yaml index 8188e8e8892..4746d8bcdf2 100644 --- a/up.yaml +++ b/up.yaml @@ -1,7 +1,7 @@ package: name: up - version: 0.24.1 - epoch: 3 + version: 0.24.2 + epoch: 0 description: The Upbound CLI copyright: - license: Apache-2.0 @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/upbound/up tag: v${{package.version}} - expected-commit: aec0b04498b574f3745f3f4cfcb2048583f9ff07 + expected-commit: f0b10f4a163a7aa2b6ed2bf086e73e31fcf091bb - uses: go/bump with: From fc4573e02a51f48d54399cc939aa93470ba5e14c Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 07:59:13 +0000 Subject: [PATCH 214/235] eza/0.18.5 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- eza.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eza.yaml b/eza.yaml index 166c90debf3..0b3456bc272 100644 --- a/eza.yaml +++ b/eza.yaml @@ -1,6 +1,6 @@ package: name: eza - version: 0.18.4 + version: 0.18.5 epoch: 0 description: "A modern, maintained replacement for ls" copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/eza-community/eza tag: v${{package.version}} - expected-commit: 1a36ca2de59ec2506a6ee15c53180be63bbe3ea2 + expected-commit: 687a8bf633f7a0fcff7feba9d0e22f7405a2fb0e - runs: | cargo fetch From a2208b944159d023d7c2751292471a1174604887 Mon Sep 17 00:00:00 2001 From: debasishbsw Date: Thu, 29 Feb 2024 11:01:27 +0000 Subject: [PATCH 215/235] fix tcl Signed-off-by: debasishbsw --- tcl.yaml | 5 +++++ tcl/include_stdint.patch | 12 ++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 tcl/include_stdint.patch diff --git a/tcl.yaml b/tcl.yaml index 700492cd61b..1ba2ae3a4e3 100644 --- a/tcl.yaml +++ b/tcl.yaml @@ -24,6 +24,10 @@ pipeline: expected-sha256: 5880225babf7954c58d4fb0f5cf6279104ce1cd6aa9b71e9a6322540e1c4de66 uri: https://downloads.sourceforge.net/project/tcl/Tcl/${{package.version}}/tcl${{package.version}}-src.tar.gz + - uses: patch + with: + patches: include_stdint.patch + - uses: autoconf/configure with: dir: unix @@ -50,6 +54,7 @@ pipeline: ln -sf tclsh${TCL_VERSION%.*} ${{targets.destdir}}/usr/bin/tclsh install -Dm644 ../license.terms ${{targets.destdir}}/usr/share/licenses/tcl/LICENSE + chmod u+w ${{targets.destdir}}/usr/lib/libtcl${TCL_VERSION%.*}.so - uses: strip diff --git a/tcl/include_stdint.patch b/tcl/include_stdint.patch new file mode 100644 index 00000000000..1f82ca3e6ac --- /dev/null +++ b/tcl/include_stdint.patch @@ -0,0 +1,12 @@ +diff --git a/pkgs/sqlite3.44.2/generic/tclsqlite3.c b/pkgs/sqlite3.44.2/generic/tclsqlite3.c +index dd73fba..d4b589c 100644 +--- a/pkgs/sqlite3.44.2/generic/tclsqlite3.c ++++ b/pkgs/sqlite3.44.2/generic/tclsqlite3.c +@@ -59,6 +59,7 @@ + # include + # include + # include ++# include + typedef unsigned char u8; + # ifndef SQLITE_PTRSIZE + # if defined(__SIZEOF_POINTER__) From b0af9c2be4c6223f596a0622a6ad2508cc3a3d65 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 11:14:56 +0000 Subject: [PATCH 216/235] ruby3.2-jwt/2.8.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- ruby3.2-jwt.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ruby3.2-jwt.yaml b/ruby3.2-jwt.yaml index f17b2797203..a81fa2b2e23 100644 --- a/ruby3.2-jwt.yaml +++ b/ruby3.2-jwt.yaml @@ -1,7 +1,7 @@ # Generated from https://github.com/jwt/ruby-jwt package: name: ruby3.2-jwt - version: 2.8.0 + version: 2.8.1 epoch: 0 description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard. copyright: @@ -20,7 +20,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: d466bb5c940bb12ac33bfa03143ed151dc2ce68d5968ca5de08541feca4ef16c + expected-sha256: 35ce94394e4db19661c7771dc66a452de098b6fbae0d853b5d7a7f3a2756cff1 uri: https://github.com/jwt/ruby-jwt/archive/refs/tags/v${{package.version}}.tar.gz - uses: ruby/build From 5eef0a041fcdf8017c16ad833beda0c6fa1f70a2 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 12:16:50 +0000 Subject: [PATCH 217/235] kube-bench/0.7.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- kube-bench.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kube-bench.yaml b/kube-bench.yaml index 86ddc5444c9..a60e395b73b 100644 --- a/kube-bench.yaml +++ b/kube-bench.yaml @@ -1,6 +1,6 @@ package: name: kube-bench - version: 0.7.1 + version: 0.7.2 epoch: 0 description: Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/aquasecurity/kube-bench tag: v${{package.version}} - expected-commit: 445c1160cf8e3c54982f4a95d375ac712ed03f4c + expected-commit: abfa7d9613f0f5f9e628a3ec87fea3443fe57805 - uses: go/build with: From 89e542ffe7bbaa95eb925d86bd3662853235e553 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 12:16:55 +0000 Subject: [PATCH 218/235] newrelic-infrastructure-bundle/3.2.31 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- newrelic-infrastructure-bundle.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/newrelic-infrastructure-bundle.yaml b/newrelic-infrastructure-bundle.yaml index 5d6803c79d8..37d4d3a4cc3 100644 --- a/newrelic-infrastructure-bundle.yaml +++ b/newrelic-infrastructure-bundle.yaml @@ -1,6 +1,6 @@ package: name: newrelic-infrastructure-bundle - version: 3.2.30 + version: 3.2.31 epoch: 0 description: New Relic Infrastructure containerised agent bundle copyright: @@ -62,7 +62,7 @@ pipeline: with: repository: https://github.com/newrelic/infrastructure-bundle tag: v${{package.version}} - expected-commit: c7baa712e4ffdd3a53f39073f50c9123d8bf6a00 + expected-commit: 9e77c62dfd4ee200bc4abd1fb291a17c732285e5 destination: ${{package.name}} # NO-OP. We were using `go run downloader.go` to fetch the pre-compiled binaries From e44efbb478a89faa42743489ead42778d7736ce5 Mon Sep 17 00:00:00 2001 From: Mritunjay Date: Thu, 29 Feb 2024 17:58:59 +0530 Subject: [PATCH 219/235] reverts opensearch dashboard to 2.11.1 and withdraws 2.12 Signed-off-by: Mritunjay --- opensearch-dashboards-2.yaml | 38 +- ...1-Backport-Bump-typescript-and-axios.patch | 1058 ----------------- withdrawn-packages.txt | 198 +-- 3 files changed, 14 insertions(+), 1280 deletions(-) delete mode 100644 opensearch-dashboards-2/0001-Backport-Bump-typescript-and-axios.patch diff --git a/opensearch-dashboards-2.yaml b/opensearch-dashboards-2.yaml index 111386dfc98..bfa12100d28 100644 --- a/opensearch-dashboards-2.yaml +++ b/opensearch-dashboards-2.yaml @@ -1,7 +1,7 @@ package: name: opensearch-dashboards-2 - version: 2.12.0 - epoch: 0 + version: 2.11.1 + epoch: 2 description: Open source visualization dashboards for OpenSearch copyright: - license: Apache-2.0 @@ -20,7 +20,6 @@ environment: - gcc-12 - gcc-12-default - git - - jq - node-gyp - nodejs-18 - posix-libc-utils @@ -52,27 +51,15 @@ data: pipeline: - uses: git-checkout with: - repository: https://github.com/opensearch-project/OpenSearch-Dashboards + repository: https://github.com/opensearch-project/OpenSearch-Dashboards.git tag: ${{package.version}} - expected-commit: 9ec9a677af5f28e5450926ce07e9d6c3273717a7 - - - uses: patch - with: - patches: 0001-Backport-Bump-typescript-and-axios.patch + expected-commit: 989d8f41f37cca3275bf3fedc5c2057a717d1d64 - runs: | # Workaround for "OpenSearch Dashboards should not be run as root. Use --allow-root to continue." # This change will add the --allow-root when running the build_ts_refs and register_git_hook scripts sed -i 's/\("osd:bootstrap": "scripts\/use_node scripts\/build_ts_refs\)\( && scripts\/use_node scripts\/register_git_hook\)/\1 --allow-root\2 --allow-root/' package.json - - runs: | - # Create "resolutions" section of package.json - jq '.resolutions |= (if . then . else {} end)' package.json > temp.json && mv temp.json package.json - - for override in '"**/hoek"="npm:@hapi/hoek@>=8.5.1"'; do - jq ".resolutions.${override}" package.json > temp.json && mv temp.json package.json - done - - runs: | set -x @@ -102,7 +89,7 @@ subpackages: repository: https://github.com/opensearch-project/opensearch-build tag: ${{package.version}} destination: opensearch-build - expected-commit: 7e150e42bd47e989af58d508e9d7668e45bc31e8 # will need to be manually updated when opensearch dashboard auto update happens + expected-commit: dce080075c219010371c02e699e816dd4df7758f # will need to be manually updated when opensearch dashboard auto update happens - runs: | install -Dm755 opensearch-build/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-2.x.sh ${{targets.contextdir}}/usr/share/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh install -Dm666 opensearch-build/config/opensearch_dashboards-2.x.yml ${{targets.contextdir}}/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml @@ -121,18 +108,18 @@ subpackages: tag: ${{package.version}}.0 destination: ./plugins/${{range.value}} - runs: | + if [ ${{range.value}} = "ganttChartDashboards" ] + then + mv ./plugins/ganttChartDashboards/gantt-chart ./plugins/gantt-chart + rm -r ./plugins/ganttChartDashboards + mv ./plugins/gantt-chart ./plugins/ganttChartDashboards + fi + yarn osd bootstrap --allow-root cd ./plugins/${{range.value}} node /home/build/scripts/plugin_helpers build --allow-root --skip-archive - if [ ${{range.value}} = "reportsDashboards" ] - then - # Remove a test directory of the `resolver` package to prevent surfacing a false-positive. - # See https://github.com/browserify/resolve/issues/288 - rm -r build/opensearch-dashboards/${{range.value}}/node_modules/resolve/test - fi - mkdir -p "${{targets.contextdir}}/usr/share/opensearch-dashboards/plugins" cp -r build/opensearch-dashboards/${{range.value}} "${{targets.contextdir}}/usr/share/opensearch-dashboards/plugins/" @@ -146,6 +133,7 @@ test: environment: contents: packages: + - busybox - ${{package.name}}-config environment: OSD_NODE_HOME: /usr diff --git a/opensearch-dashboards-2/0001-Backport-Bump-typescript-and-axios.patch b/opensearch-dashboards-2/0001-Backport-Bump-typescript-and-axios.patch deleted file mode 100644 index 4f0ff0bba1a..00000000000 --- a/opensearch-dashboards-2/0001-Backport-Bump-typescript-and-axios.patch +++ /dev/null @@ -1,1058 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Philippe Deslauriers -Date: Wed, 21 Feb 2024 14:46:14 -0800 -Subject: [PATCH] Backport: Bump typescript and axios - -Signed-off-by: Philippe Deslauriers ---- - package.json | 2 +- - packages/osd-babel-preset/common_preset.js | 4 +- - packages/osd-cross-platform/src/repo_root.ts | 2 +- - packages/osd-dev-utils/package.json | 2 +- - .../src/osd_client/osd_client_requester.ts | 2 +- - packages/osd-opensearch-archiver/src/cli.ts | 2 +- - packages/osd-pm/dist/index.js | 6 +++ - .../extract_collectors.test.ts.snap | 38 +++++++++---------- - .../src/failed_tests_reporter/github_api.ts | 6 +-- - .../lib/lifecycle_phase.ts | 11 +++--- - packages/osd-ui-shared-deps/package.json | 2 +- - packages/osd-ui-shared-deps/webpack.config.js | 11 ++++++ - .../application/application_service.test.ts | 2 +- - .../application_service.test.tsx | 8 ++-- - .../application/ui/app_container.test.tsx | 2 +- - src/core/public/chrome/chrome_service.test.ts | 7 +++- - src/core/public/chrome/chrome_service.tsx | 2 +- - .../recently_accessed_service.test.ts | 2 - - src/core/public/context/context_service.ts | 2 +- - src/core/public/core_app/core_app.ts | 4 +- - .../public/doc_links/doc_links_service.ts | 2 +- - .../fatal_errors/fatal_errors_service.tsx | 2 +- - src/core/public/http/fetch.ts | 2 + - .../injected_metadata_service.ts | 10 +++-- - .../integrations/integrations_service.ts | 2 +- - .../notifications/notifications_service.ts | 4 +- - .../public/rendering/rendering_service.tsx | 2 +- - .../public/ui_settings/ui_settings_api.ts | 2 +- - .../public/ui_settings/ui_settings_client.ts | 2 +- - .../public/ui_settings/ui_settings_service.ts | 2 +- - src/core/server/context/context_service.ts | 2 +- - src/core/server/http/http_service.ts | 2 +- - .../server/http/router/response_adapter.ts | 4 +- - .../logging/appenders/file/file_appender.ts | 2 +- - src/core/server/logging/logging_service.ts | 2 +- - src/core/server/metrics/metrics_service.ts | 2 +- - .../opensearch/client/cluster_client.test.ts | 8 ++-- - .../server/opensearch/opensearch_service.ts | 4 +- - .../server/rendering/rendering_service.tsx | 5 +-- - src/core/server/status/status_service.ts | 2 +- - src/dev/build/lib/download.ts | 6 +-- - src/dev/build/lib/fs.ts | 18 ++++++--- - src/dev/jest/config.js | 2 +- - .../common/of.test.ts | 4 +- - tsconfig.base.json | 1 + - yarn.lock | 27 ++++++------- - 46 files changed, 133 insertions(+), 105 deletions(-) - -diff --git a/package.json b/package.json -index 351e33db12..29eb5f4e6f 100644 ---- a/package.json -+++ b/package.json -@@ -98,7 +98,7 @@ - "**/nth-check": "^2.0.1", - "**/qs": "^6.11.0", - "**/trim": "^0.0.3", -- "**/typescript": "4.0.2", -+ "**/typescript": "4.6.4", - "**/unset-value": "^2.0.1", - "**/minimatch": "^3.0.5", - "**/jest-config": "npm:@amoo-miki/jest-config@27.5.1", -diff --git a/packages/osd-babel-preset/common_preset.js b/packages/osd-babel-preset/common_preset.js -index 493c67afbc..dc324f6efd 100644 ---- a/packages/osd-babel-preset/common_preset.js -+++ b/packages/osd-babel-preset/common_preset.js -@@ -29,8 +29,8 @@ - */ - - const plugins = [ -- '@babel/plugin-transform-class-properties', -- '@babel/plugin-transform-private-methods', -+ require.resolve('@babel/plugin-transform-class-properties'), -+ require.resolve('@babel/plugin-transform-private-methods'), - require.resolve('babel-plugin-add-module-exports'), - - // Optional Chaining proposal is stage 4 (https://github.com/tc39/proposal-optional-chaining) -diff --git a/packages/osd-cross-platform/src/repo_root.ts b/packages/osd-cross-platform/src/repo_root.ts -index a7ffc19a7f..ea2975d19e 100644 ---- a/packages/osd-cross-platform/src/repo_root.ts -+++ b/packages/osd-cross-platform/src/repo_root.ts -@@ -41,7 +41,7 @@ const readOpenSearchDashboardsPkgJson = (dir: string) => { - return json; - } - } catch (error) { -- if (error && error.code === 'ENOENT') { -+ if (error?.code === 'ENOENT') { - return; - } - -diff --git a/packages/osd-dev-utils/package.json b/packages/osd-dev-utils/package.json -index 73c66c4009..f35b795bb9 100644 ---- a/packages/osd-dev-utils/package.json -+++ b/packages/osd-dev-utils/package.json -@@ -15,7 +15,7 @@ - "dependencies": { - "@babel/core": "^7.22.9", - "@osd/utils": "1.0.0", -- "axios": "^0.27.2", -+ "axios": "^1.6.1", - "chalk": "^4.1.0", - "cheerio": "1.0.0-rc.1", - "dedent": "^0.7.0", -diff --git a/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts b/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts -index effa5da6dd..dbda8d19ec 100644 ---- a/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts -+++ b/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts -@@ -37,7 +37,7 @@ import { ToolingLog } from '../tooling_log'; - - const isConcliftOnGetError = (error: any) => { - return ( -- isAxiosResponseError(error) && error.config.method === 'GET' && error.response.status === 409 -+ isAxiosResponseError(error) && error.config?.method === 'GET' && error.response.status === 409 - ); - }; - -diff --git a/packages/osd-opensearch-archiver/src/cli.ts b/packages/osd-opensearch-archiver/src/cli.ts -index bf652b3bf8..3c4f650a0f 100644 ---- a/packages/osd-opensearch-archiver/src/cli.ts -+++ b/packages/osd-opensearch-archiver/src/cli.ts -@@ -240,7 +240,7 @@ export function runCli() { - output: process.stdout, - }); - -- await new Promise((resolveInput) => { -+ await new Promise((resolveInput) => { - rl.question(`Press enter when you're done`, () => { - rl.close(); - resolveInput(); -diff --git a/packages/osd-pm/dist/index.js b/packages/osd-pm/dist/index.js -index 458aacd225..9c3ee9e700 100644 ---- a/packages/osd-pm/dist/index.js -+++ b/packages/osd-pm/dist/index.js -@@ -537,6 +537,7 @@ module.exports = require("path"); - "use strict"; - - -+ - /* - * SPDX-License-Identifier: Apache-2.0 - * -@@ -611,6 +612,7 @@ Object.defineProperty(exports, "ToolingLogCollectingWriter", { - "use strict"; - - -+ - /* - * SPDX-License-Identifier: Apache-2.0 - * -@@ -6769,6 +6771,7 @@ var ZipBufferIterator = /*@__PURE__*/ (function (_super) { - "use strict"; - - -+ - /* - * SPDX-License-Identifier: Apache-2.0 - * -@@ -8919,6 +8922,7 @@ exports.parseLogLevel = parseLogLevel; - "use strict"; - - -+ - /* - * SPDX-License-Identifier: Apache-2.0 - * -@@ -8994,6 +8998,7 @@ var _watch = __webpack_require__(463); - * GitHub history for details. - */ - -+ - /* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with -@@ -40212,6 +40217,7 @@ module.exports = process && support(supportLevel); - "use strict"; - - -+ - /* - * Copyright OpenSearch Contributors - * SPDX-License-Identifier: Apache-2.0 -diff --git a/packages/osd-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap b/packages/osd-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap -index 4725be7753..cf9cf12a75 100644 ---- a/packages/osd-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap -+++ b/packages/osd-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap -@@ -9,7 +9,7 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "locale": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -31,7 +31,7 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "locale": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -53,7 +53,7 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "locale": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -75,7 +75,7 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "locale": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -98,11 +98,11 @@ Array [ - "typeDescriptor": Object { - "@@INDEX@@": Object { - "count_1": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - "count_2": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - }, -@@ -127,7 +127,7 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "locale": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -149,21 +149,21 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "flat": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - "my_objects": Object { - "total": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - "type": Object { -- "kind": 131, -+ "kind": 133, - "type": "BooleanKeyword", - }, - }, - "my_str": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -196,44 +196,44 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "flat": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - "my_array": Object { - "items": Object { - "total": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - "type": Object { -- "kind": 131, -+ "kind": 133, - "type": "BooleanKeyword", - }, - }, - }, - "my_index_signature_prop": Object { - "@@INDEX@@": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - }, - "my_objects": Object { - "total": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - "type": Object { -- "kind": 131, -+ "kind": 133, - "type": "BooleanKeyword", - }, - }, - "my_str": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - "my_str_array": Object { - "items": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -diff --git a/packages/osd-test/src/failed_tests_reporter/github_api.ts b/packages/osd-test/src/failed_tests_reporter/github_api.ts -index c384d56eb1..766d4e14f1 100644 ---- a/packages/osd-test/src/failed_tests_reporter/github_api.ts -+++ b/packages/osd-test/src/failed_tests_reporter/github_api.ts -@@ -30,7 +30,7 @@ - - import Url from 'url'; - --import Axios, { AxiosRequestConfig, AxiosInstance } from 'axios'; -+import Axios, { AxiosRequestConfig, AxiosInstance, AxiosHeaderValue } from 'axios'; - import parseLinkHeader from 'parse-link-header'; - import { ToolingLog, isAxiosResponseError, isAxiosRequestError } from '@osd/dev-utils'; - -@@ -208,7 +208,7 @@ export class GithubApi { - ): Promise<{ - status: number; - statusText: string; -- headers: Record; -+ headers: Record; - data: T; - }> { - const executeRequest = !this.dryRun || options.safeForDryRun; -@@ -233,7 +233,7 @@ export class GithubApi { - const githubApiFailed = isAxiosResponseError(error) && error.response.status >= 500; - const errorResponseLog = - isAxiosResponseError(error) && -- `[${error.config.method} ${error.config.url}] ${error.response.status} ${error.response.statusText} Error`; -+ `[${error.config?.method} ${error.config?.url}] ${error.response.status} ${error.response.statusText} Error`; - - if ((unableToReachGithub || githubApiFailed) && attempt < maxAttempts) { - const waitMs = 1000 * attempt; -diff --git a/packages/osd-test/src/functional_test_runner/lib/lifecycle_phase.ts b/packages/osd-test/src/functional_test_runner/lib/lifecycle_phase.ts -index 02106a4b1d..f39f5ee642 100644 ---- a/packages/osd-test/src/functional_test_runner/lib/lifecycle_phase.ts -+++ b/packages/osd-test/src/functional_test_runner/lib/lifecycle_phase.ts -@@ -44,16 +44,17 @@ export class LifecyclePhase { - private readonly beforeSubj = new Rx.Subject(); - public readonly before$ = this.beforeSubj.asObservable(); - -- private readonly afterSubj = this.options.singular -- ? new Rx.ReplaySubject(1) -- : new Rx.Subject(); -- public readonly after$ = this.afterSubj.asObservable(); -+ private readonly afterSubj: Rx.Subject; -+ public readonly after$: Rx.Observable; - - constructor( - private readonly options: { - singular?: boolean; - } = {} -- ) {} -+ ) { -+ this.afterSubj = this.options.singular ? new Rx.ReplaySubject(1) : new Rx.Subject(); -+ this.after$ = this.afterSubj.asObservable(); -+ } - - public add(fn: (...args: Args) => Promise | void) { - this.handlers.push(fn); -diff --git a/packages/osd-ui-shared-deps/package.json b/packages/osd-ui-shared-deps/package.json -index 8a342a98f0..1c0a69be93 100644 ---- a/packages/osd-ui-shared-deps/package.json -+++ b/packages/osd-ui-shared-deps/package.json -@@ -16,7 +16,7 @@ - "@osd/i18n": "1.0.0", - "@osd/monaco": "1.0.0", - "abortcontroller-polyfill": "^1.4.0", -- "axios": "^0.27.2", -+ "axios": "^1.6.1", - "compression-webpack-plugin": "npm:@amoo-miki/compression-webpack-plugin@4.0.1-rc.1", - "core-js": "^3.6.5", - "custom-event-polyfill": "^0.3.0", -diff --git a/packages/osd-ui-shared-deps/webpack.config.js b/packages/osd-ui-shared-deps/webpack.config.js -index d9bfd81af5..80e7aeef9c 100644 ---- a/packages/osd-ui-shared-deps/webpack.config.js -+++ b/packages/osd-ui-shared-deps/webpack.config.js -@@ -131,6 +131,17 @@ exports.getWebpackConfig = ({ dev = false } = {}) => ({ - }, - ], - }, -+ { -+ test: /worker_proxy_service\.js$/, -+ exclude: /node_modules/, -+ use: { -+ loader: 'babel-loader', -+ options: { -+ babelrc: false, -+ presets: [require.resolve('@osd/babel-preset/webpack_preset')], -+ }, -+ }, -+ }, - ], - }, - -diff --git a/src/core/public/application/application_service.test.ts b/src/core/public/application/application_service.test.ts -index c03afbba27..691ba64cf0 100644 ---- a/src/core/public/application/application_service.test.ts -+++ b/src/core/public/application/application_service.test.ts -@@ -708,7 +708,7 @@ describe('#start()', () => { - // Create an app and a promise that allows us to control when the app completes mounting - const createWaitingApp = (props: Partial): [App, () => void] => { - let finishMount: () => void; -- const mountPromise = new Promise((resolve) => (finishMount = resolve)); -+ const mountPromise = new Promise((resolve) => (finishMount = resolve)); - const app = { - id: 'some-id', - title: 'some-title', -diff --git a/src/core/public/application/integration_tests/application_service.test.tsx b/src/core/public/application/integration_tests/application_service.test.tsx -index 1b659c0dec..9d53d99c9d 100644 ---- a/src/core/public/application/integration_tests/application_service.test.tsx -+++ b/src/core/public/application/integration_tests/application_service.test.tsx -@@ -77,7 +77,7 @@ describe('ApplicationService', () => { - const { register } = service.setup(setupDeps); - - let resolveMount: () => void; -- const promise = new Promise((resolve) => { -+ const promise = new Promise((resolve) => { - resolveMount = resolve; - }); - -@@ -111,7 +111,7 @@ describe('ApplicationService', () => { - const { register } = service.setup(setupDeps); - - let resolveMount: () => void; -- const promise = new Promise((resolve) => { -+ const promise = new Promise((resolve) => { - resolveMount = resolve; - }); - -@@ -453,7 +453,7 @@ describe('ApplicationService', () => { - const { register } = service.setup(setupDeps); - - let resolveMount: () => void; -- const promise = new Promise((resolve) => { -+ const promise = new Promise((resolve) => { - resolveMount = resolve; - }); - -@@ -491,7 +491,7 @@ describe('ApplicationService', () => { - const { register } = service.setup(setupDeps); - - let resolveMount: () => void; -- const promise = new Promise((resolve) => { -+ const promise = new Promise((resolve) => { - resolveMount = resolve; - }); - -diff --git a/src/core/public/application/ui/app_container.test.tsx b/src/core/public/application/ui/app_container.test.tsx -index e9e2caed02..3e658fa256 100644 ---- a/src/core/public/application/ui/app_container.test.tsx -+++ b/src/core/public/application/ui/app_container.test.tsx -@@ -50,7 +50,7 @@ describe('AppContainer', () => { - }); - - const flushPromises = async () => { -- await new Promise(async (resolve) => { -+ await new Promise(async (resolve) => { - setImmediate(() => resolve()); - }); - }; -diff --git a/src/core/public/chrome/chrome_service.test.ts b/src/core/public/chrome/chrome_service.test.ts -index f11b0f3965..e91056ed77 100644 ---- a/src/core/public/chrome/chrome_service.test.ts -+++ b/src/core/public/chrome/chrome_service.test.ts -@@ -43,9 +43,12 @@ import { ChromeService } from './chrome_service'; - import { getAppInfo } from '../application/utils'; - - class FakeApp implements App { -- public title = `${this.id} App`; -+ public title: string; - public mount = () => () => {}; -- constructor(public id: string, public chromeless?: boolean) {} -+ -+ constructor(public id: string, public chromeless?: boolean) { -+ this.title = `${this.id} App`; -+ } - } - const store = new Map(); - const originalLocalStorage = window.localStorage; -diff --git a/src/core/public/chrome/chrome_service.tsx b/src/core/public/chrome/chrome_service.tsx -index 7994c6dcc0..f2ffc8d14c 100644 ---- a/src/core/public/chrome/chrome_service.tsx -+++ b/src/core/public/chrome/chrome_service.tsx -@@ -90,7 +90,7 @@ interface ConstructorParams { - browserSupportsCsp: boolean; - } - --interface StartDeps { -+export interface StartDeps { - application: InternalApplicationStart; - docLinks: DocLinksStart; - http: HttpStart; -diff --git a/src/core/public/chrome/recently_accessed/recently_accessed_service.test.ts b/src/core/public/chrome/recently_accessed/recently_accessed_service.test.ts -index 7046d5efc2..90e72af356 100644 ---- a/src/core/public/chrome/recently_accessed/recently_accessed_service.test.ts -+++ b/src/core/public/chrome/recently_accessed/recently_accessed_service.test.ts -@@ -69,11 +69,9 @@ describe('RecentlyAccessed#start()', () => { - - // @ts-expect-error to allow redeclaring a readonly prop - delete window.localStorage; -- // @ts-expect-error - window.localStorage = new LocalStorageMock(); - }); - beforeEach(() => localStorage.clear()); -- // @ts-expect-error - afterAll(() => (window.localStorage = originalLocalStorage)); - - const getStart = async () => { -diff --git a/src/core/public/context/context_service.ts b/src/core/public/context/context_service.ts -index 5071288a14..433e96c48d 100644 ---- a/src/core/public/context/context_service.ts -+++ b/src/core/public/context/context_service.ts -@@ -32,7 +32,7 @@ import { PluginOpaqueId } from '../../server'; - import { IContextContainer, ContextContainer, HandlerFunction } from '../../utils/context'; - import { CoreContext } from '../core_system'; - --interface StartDeps { -+export interface StartDeps { - pluginDependencies: ReadonlyMap; - } - -diff --git a/src/core/public/core_app/core_app.ts b/src/core/public/core_app/core_app.ts -index fcbcc5de56..e1e91b7753 100644 ---- a/src/core/public/core_app/core_app.ts -+++ b/src/core/public/core_app/core_app.ts -@@ -43,14 +43,14 @@ import type { InjectedMetadataSetup } from '../injected_metadata'; - import { renderApp as renderErrorApp, setupUrlOverflowDetection } from './errors'; - import { renderApp as renderStatusApp } from './status'; - --interface SetupDeps { -+export interface SetupDeps { - application: InternalApplicationSetup; - http: HttpSetup; - injectedMetadata: InjectedMetadataSetup; - notifications: NotificationsSetup; - } - --interface StartDeps { -+export interface StartDeps { - application: InternalApplicationStart; - http: HttpStart; - notifications: NotificationsStart; -diff --git a/src/core/public/doc_links/doc_links_service.ts b/src/core/public/doc_links/doc_links_service.ts -index 0acf4524ab..d73a663a64 100644 ---- a/src/core/public/doc_links/doc_links_service.ts -+++ b/src/core/public/doc_links/doc_links_service.ts -@@ -32,7 +32,7 @@ import { deepFreeze } from '@osd/std'; - import { parse } from 'semver'; - import { InjectedMetadataSetup } from '../injected_metadata'; - --interface StartDeps { -+export interface StartDeps { - injectedMetadata: InjectedMetadataSetup; - } - -diff --git a/src/core/public/fatal_errors/fatal_errors_service.tsx b/src/core/public/fatal_errors/fatal_errors_service.tsx -index 59a23171ed..73159ff20e 100644 ---- a/src/core/public/fatal_errors/fatal_errors_service.tsx -+++ b/src/core/public/fatal_errors/fatal_errors_service.tsx -@@ -38,7 +38,7 @@ import { InjectedMetadataSetup } from '../injected_metadata'; - import { FatalErrorsScreen } from './fatal_errors_screen'; - import { FatalErrorInfo, getErrorInfo } from './get_error_info'; - --interface Deps { -+export interface Deps { - i18n: I18nStart; - injectedMetadata: InjectedMetadataSetup; - } -diff --git a/src/core/public/http/fetch.ts b/src/core/public/http/fetch.ts -index 9a25ecc5ea..03b01fc357 100644 ---- a/src/core/public/http/fetch.ts -+++ b/src/core/public/http/fetch.ts -@@ -220,6 +220,8 @@ export class Fetch { - } - - private shorthand(method: string): HttpHandler { -+ // ToDo: find why 'TResponseBody' of HttpHandler is not assignable to type 'HttpResponse' -+ // @ts-expect-error - return (pathOrOptions: string | HttpFetchOptionsWithPath, options?: HttpFetchOptions) => { - const optionsWithPath = validateFetchArguments(pathOrOptions, options); - return this.fetch({ ...optionsWithPath, method }); -diff --git a/src/core/public/injected_metadata/injected_metadata_service.ts b/src/core/public/injected_metadata/injected_metadata_service.ts -index f4c6a7f7b9..6be782c367 100644 ---- a/src/core/public/injected_metadata/injected_metadata_service.ts -+++ b/src/core/public/injected_metadata/injected_metadata_service.ts -@@ -88,11 +88,13 @@ export interface InjectedMetadataParams { - * @internal - */ - export class InjectedMetadataService { -- private state = deepFreeze( -- this.params.injectedMetadata -- ) as InjectedMetadataParams['injectedMetadata']; -+ private state: InjectedMetadataParams['injectedMetadata']; - -- constructor(private readonly params: InjectedMetadataParams) {} -+ constructor(private readonly params: InjectedMetadataParams) { -+ this.state = deepFreeze( -+ this.params.injectedMetadata -+ ) as InjectedMetadataParams['injectedMetadata']; -+ } - - public start(): InjectedMetadataStart { - return this.setup(); -diff --git a/src/core/public/integrations/integrations_service.ts b/src/core/public/integrations/integrations_service.ts -index df92f0b76d..4c133eff82 100644 ---- a/src/core/public/integrations/integrations_service.ts -+++ b/src/core/public/integrations/integrations_service.ts -@@ -34,7 +34,7 @@ import { CoreService } from '../../types'; - import { MomentService } from './moment'; - import { StylesService } from './styles'; - --interface Deps { -+export interface Deps { - uiSettings: IUiSettingsClient; - } - -diff --git a/src/core/public/notifications/notifications_service.ts b/src/core/public/notifications/notifications_service.ts -index fcdf746f2a..3f3d2bdf3a 100644 ---- a/src/core/public/notifications/notifications_service.ts -+++ b/src/core/public/notifications/notifications_service.ts -@@ -36,11 +36,11 @@ import { ToastsService, ToastsSetup, ToastsStart } from './toasts'; - import { IUiSettingsClient } from '../ui_settings'; - import { OverlayStart } from '../overlays'; - --interface SetupDeps { -+export interface SetupDeps { - uiSettings: IUiSettingsClient; - } - --interface StartDeps { -+export interface StartDeps { - i18n: I18nStart; - overlays: OverlayStart; - targetDomElement: HTMLElement; -diff --git a/src/core/public/rendering/rendering_service.tsx b/src/core/public/rendering/rendering_service.tsx -index ffb147bc39..83168bb745 100644 ---- a/src/core/public/rendering/rendering_service.tsx -+++ b/src/core/public/rendering/rendering_service.tsx -@@ -37,7 +37,7 @@ import { InternalApplicationStart } from '../application'; - import { OverlayStart } from '../overlays'; - import { AppWrapper, AppContainer } from './app_containers'; - --interface StartDeps { -+export interface StartDeps { - application: InternalApplicationStart; - chrome: InternalChromeStart; - overlays: OverlayStart; -diff --git a/src/core/public/ui_settings/ui_settings_api.ts b/src/core/public/ui_settings/ui_settings_api.ts -index d8a68ac035..62e06cf571 100644 ---- a/src/core/public/ui_settings/ui_settings_api.ts -+++ b/src/core/public/ui_settings/ui_settings_api.ts -@@ -66,7 +66,7 @@ export class UiSettingsApi { - * before sending the next request - */ - public batchSet(key: string, value: any) { -- return new Promise((resolve, reject) => { -+ return new Promise((resolve, reject) => { - const prev = this.pendingChanges || NOOP_CHANGES; - - this.pendingChanges = { -diff --git a/src/core/public/ui_settings/ui_settings_client.ts b/src/core/public/ui_settings/ui_settings_client.ts -index 8a5701de6b..4aaa4dcd50 100644 ---- a/src/core/public/ui_settings/ui_settings_client.ts -+++ b/src/core/public/ui_settings/ui_settings_client.ts -@@ -198,7 +198,7 @@ You can use \`IUiSettingsClient.get("${key}", defaultValue)\`, which will just r - this.setLocally(key, newVal); - - try { -- const { settings } = await this.api.batchSet(key, newVal); -+ const { settings } = (await this.api.batchSet(key, newVal)) || {}; - this.cache = defaultsDeep({}, defaults, settings); - this.saved$.next({ key, newValue: newVal, oldValue: initialVal }); - return true; -diff --git a/src/core/public/ui_settings/ui_settings_service.ts b/src/core/public/ui_settings/ui_settings_service.ts -index 9c677ff1c9..10c6b9ed78 100644 ---- a/src/core/public/ui_settings/ui_settings_service.ts -+++ b/src/core/public/ui_settings/ui_settings_service.ts -@@ -37,7 +37,7 @@ import { UiSettingsApi } from './ui_settings_api'; - import { UiSettingsClient } from './ui_settings_client'; - import { IUiSettingsClient } from './types'; - --interface UiSettingsServiceDeps { -+export interface UiSettingsServiceDeps { - http: HttpSetup; - injectedMetadata: InjectedMetadataSetup; - } -diff --git a/src/core/server/context/context_service.ts b/src/core/server/context/context_service.ts -index fd8ede37a8..2ec1234b75 100644 ---- a/src/core/server/context/context_service.ts -+++ b/src/core/server/context/context_service.ts -@@ -32,7 +32,7 @@ import { PluginOpaqueId } from '../../server'; - import { IContextContainer, ContextContainer, HandlerFunction } from '../../utils/context'; - import { CoreContext } from '../core_context'; - --interface SetupDeps { -+export interface SetupDeps { - pluginDependencies: ReadonlyMap; - } - -diff --git a/src/core/server/http/http_service.ts b/src/core/server/http/http_service.ts -index 8627557c73..ed1da87547 100644 ---- a/src/core/server/http/http_service.ts -+++ b/src/core/server/http/http_service.ts -@@ -56,7 +56,7 @@ import { - import { RequestHandlerContext } from '../../server'; - import { registerCoreHandlers } from './lifecycle_handlers'; - --interface SetupDeps { -+export interface SetupDeps { - context: ContextSetup; - } - -diff --git a/src/core/server/http/router/response_adapter.ts b/src/core/server/http/router/response_adapter.ts -index ff5ff5ca84..1597a2d7ab 100644 ---- a/src/core/server/http/router/response_adapter.ts -+++ b/src/core/server/http/router/response_adapter.ts -@@ -127,7 +127,9 @@ export class HapiResponseAdapter { - private toRedirect( - opensearchDashboardsResponse: OpenSearchDashboardsResponse - ) { -- const { headers } = opensearchDashboardsResponse.options; -+ const { -+ headers, -+ }: { headers?: Record } = opensearchDashboardsResponse.options; - if (!headers || typeof headers.location !== 'string') { - throw new Error("expected 'location' header to be set"); - } -diff --git a/src/core/server/logging/appenders/file/file_appender.ts b/src/core/server/logging/appenders/file/file_appender.ts -index 87959641e9..9d00d26fe6 100644 ---- a/src/core/server/logging/appenders/file/file_appender.ts -+++ b/src/core/server/logging/appenders/file/file_appender.ts -@@ -82,7 +82,7 @@ export class FileAppender implements DisposableAppender { - * Disposes `FileAppender`. Waits for the underlying file stream to be completely flushed and closed. - */ - public async dispose() { -- await new Promise((resolve) => { -+ await new Promise((resolve) => { - if (this.outputStream === undefined) { - return resolve(); - } -diff --git a/src/core/server/logging/logging_service.ts b/src/core/server/logging/logging_service.ts -index 7459d4b179..80a67f1265 100644 ---- a/src/core/server/logging/logging_service.ts -+++ b/src/core/server/logging/logging_service.ts -@@ -68,7 +68,7 @@ export interface InternalLoggingServiceSetup { - configure(contextParts: string[], config$: Observable): void; - } - --interface SetupDeps { -+export interface SetupDeps { - loggingSystem: ILoggingSystem; - } - -diff --git a/src/core/server/metrics/metrics_service.ts b/src/core/server/metrics/metrics_service.ts -index 62e1c97063..4181d40e4b 100644 ---- a/src/core/server/metrics/metrics_service.ts -+++ b/src/core/server/metrics/metrics_service.ts -@@ -38,7 +38,7 @@ import { InternalMetricsServiceSetup, InternalMetricsServiceStart, OpsMetrics } - import { OpsMetricsCollector } from './ops_metrics_collector'; - import { opsConfig, OpsConfigType } from './ops_config'; - --interface MetricsServiceSetupDeps { -+export interface MetricsServiceSetupDeps { - http: InternalHttpServiceSetup; - } - -diff --git a/src/core/server/opensearch/client/cluster_client.test.ts b/src/core/server/opensearch/client/cluster_client.test.ts -index 0d17326e44..f7cb5bbdba 100644 ---- a/src/core/server/opensearch/client/cluster_client.test.ts -+++ b/src/core/server/opensearch/client/cluster_client.test.ts -@@ -534,7 +534,7 @@ describe('ClusterClient', () => { - let closeScopedClientWithLongNumeralsSupport: () => void; - - internalClient.close.mockReturnValue( -- new Promise((resolve) => { -+ new Promise((resolve) => { - closeInternalClient = resolve; - }).then(() => { - expect(clusterClientClosed).toBe(false); -@@ -542,7 +542,7 @@ describe('ClusterClient', () => { - }) - ); - scopedClient.close.mockReturnValue( -- new Promise((resolve) => { -+ new Promise((resolve) => { - closeScopedClient = resolve; - }).then(() => { - expect(clusterClientClosed).toBe(false); -@@ -550,7 +550,7 @@ describe('ClusterClient', () => { - }) - ); - internalClientWithLongNumeralsSupport.close.mockReturnValue( -- new Promise((resolve) => { -+ new Promise((resolve) => { - closeInternalClientWithLongNumeralsSupport = resolve; - }).then(() => { - expect(clusterClientClosed).toBe(false); -@@ -558,7 +558,7 @@ describe('ClusterClient', () => { - }) - ); - scopedClientWithLongNumeralsSupport.close.mockReturnValue( -- new Promise((resolve) => { -+ new Promise((resolve) => { - closeScopedClientWithLongNumeralsSupport = resolve; - }).then(() => { - expect(clusterClientClosed).toBe(false); -diff --git a/src/core/server/opensearch/opensearch_service.ts b/src/core/server/opensearch/opensearch_service.ts -index bab3e7ede9..6881ce06a0 100644 ---- a/src/core/server/opensearch/opensearch_service.ts -+++ b/src/core/server/opensearch/opensearch_service.ts -@@ -48,11 +48,11 @@ import { InternalOpenSearchServiceSetup, InternalOpenSearchServiceStart } from ' - import { pollOpenSearchNodesVersion } from './version_check/ensure_opensearch_version'; - import { calculateStatus$ } from './status'; - --interface SetupDeps { -+export interface SetupDeps { - http: InternalHttpServiceSetup; - } - --interface StartDeps { -+export interface StartDeps { - auditTrail: AuditTrailStart; - } - -diff --git a/src/core/server/rendering/rendering_service.tsx b/src/core/server/rendering/rendering_service.tsx -index acaee7f42b..437d8e1e3d 100644 ---- a/src/core/server/rendering/rendering_service.tsx -+++ b/src/core/server/rendering/rendering_service.tsx -@@ -35,8 +35,7 @@ import { i18n } from '@osd/i18n'; - import { Agent as HttpsAgent } from 'https'; - - import Axios from 'axios'; --// @ts-expect-error untyped internal module used to prevent axios from using xhr adapter in tests --import AxiosHttpAdapter from 'axios/lib/adapters/http'; -+ - import { UiPlugins } from '../plugins'; - import { CoreContext } from '../core_context'; - import { Template } from './views'; -@@ -377,7 +376,7 @@ export class RenderingService { - } - return await Axios.get(url, { - httpsAgent: this.httpsAgent, -- adapter: AxiosHttpAdapter, -+ adapter: 'http', - maxRedirects: 0, - }) - .then(() => { -diff --git a/src/core/server/status/status_service.ts b/src/core/server/status/status_service.ts -index 10547e510f..d243aa4f50 100644 ---- a/src/core/server/status/status_service.ts -+++ b/src/core/server/status/status_service.ts -@@ -48,7 +48,7 @@ import { ServiceStatus, CoreStatus, InternalStatusServiceSetup } from './types'; - import { getSummaryStatus } from './get_summary_status'; - import { PluginsStatusService } from './plugins_status'; - --interface SetupDeps { -+export interface SetupDeps { - opensearch: Pick; - environment: InternalEnvironmentServiceSetup; - pluginDependencies: ReadonlyMap; -diff --git a/src/dev/build/lib/download.ts b/src/dev/build/lib/download.ts -index cf5c0f675f..65fd54583c 100644 ---- a/src/dev/build/lib/download.ts -+++ b/src/dev/build/lib/download.ts -@@ -36,10 +36,6 @@ import { createHash } from 'crypto'; - import Axios from 'axios'; - import { ToolingLog } from '@osd/dev-utils'; - --// https://github.com/axios/axios/tree/ffea03453f77a8176c51554d5f6c3c6829294649/lib/adapters --// @ts-expect-error untyped internal module used to prevent axios from using xhr adapter in tests --import AxiosHttpAdapter from 'axios/lib/adapters/http'; -- - import { mkdirp } from './fs'; - - function tryUnlink(path: string) { -@@ -77,7 +73,7 @@ export async function download(options: DownloadOptions): Promise { - const response = await Axios.request({ - url, - responseType: 'stream', -- adapter: AxiosHttpAdapter, -+ adapter: 'http', - }); - - if (response.status !== 200) { -diff --git a/src/dev/build/lib/fs.ts b/src/dev/build/lib/fs.ts -index b2313220f9..772db6689d 100644 ---- a/src/dev/build/lib/fs.ts -+++ b/src/dev/build/lib/fs.ts -@@ -114,13 +114,17 @@ export async function deleteAll(patterns: string[], log: ToolingLog) { - assertAbsolute(pattern.startsWith('!') ? pattern.slice(1) : pattern); - } - -- const files = await del(patterns, { -+ // Doing a dry run to get a list but `rm` will do the actual deleting -+ const filesToDelete = await del(patterns, { - concurrency: 4, -+ dryRun: true, - }); - -+ await Promise.all(filesToDelete.map((folder) => rm(folder, { force: true, recursive: true }))); -+ - if (log) { -- log.debug('Deleted %d files/directories', files.length); -- log.verbose('Deleted:', longInspect(files)); -+ log.debug('Deleted %d files/directories', filesToDelete.length); -+ log.verbose('Deleted:', longInspect(filesToDelete)); - } - } - -@@ -145,9 +149,11 @@ export async function deleteEmptyFolders( - dryRun: true, - }); - -- const foldersToDelete = emptyFoldersList.filter((folderToDelete) => { -- return !foldersToKeep.some((folderToKeep) => folderToDelete.includes(folderToKeep)); -- }); -+ const foldersToDelete = Array.isArray(emptyFoldersList) -+ ? emptyFoldersList.filter((folderToDelete: string[]) => { -+ return !foldersToKeep.some((folderToKeep) => folderToDelete.includes(folderToKeep)); -+ }) -+ : []; - - await Promise.all(foldersToDelete.map((folder) => rm(folder, { force: true, recursive: true }))); - -diff --git a/src/dev/jest/config.js b/src/dev/jest/config.js -index c9239710b3..b3f7fc0986 100644 ---- a/src/dev/jest/config.js -+++ b/src/dev/jest/config.js -@@ -186,7 +186,7 @@ export default { - transformIgnorePatterns: [ - // ignore all node_modules except those which require babel transforms to handle dynamic import() - // since ESM modules are not natively supported in Jest yet (https://github.com/facebook/jest/issues/4842) -- '[/\\\\]node_modules(?![\\/\\\\](monaco-editor|weak-lru-cache|ordered-binary|d3-color))[/\\\\].+\\.js$', -+ '[/\\\\]node_modules(?![\\/\\\\](monaco-editor|weak-lru-cache|ordered-binary|d3-color|axios))[/\\\\].+\\.js$', - 'packages/osd-pm/dist/index.js', - ], - snapshotSerializers: [ -diff --git a/src/plugins/opensearch_dashboards_utils/common/of.test.ts b/src/plugins/opensearch_dashboards_utils/common/of.test.ts -index 499f831042..66280559d9 100644 ---- a/src/plugins/opensearch_dashboards_utils/common/of.test.ts -+++ b/src/plugins/opensearch_dashboards_utils/common/of.test.ts -@@ -32,7 +32,7 @@ import { of } from './of'; - - describe('of()', () => { - describe('when promise resolves', () => { -- const promise = new Promise((resolve) => resolve()).then(() => 123); -+ const promise = new Promise((resolve) => resolve()).then(() => 123); - - test('first member of 3-tuple is the promise value', async () => { - const [result] = await of(promise); -@@ -51,7 +51,7 @@ describe('of()', () => { - }); - - describe('when promise rejects', () => { -- const promise = new Promise((resolve) => resolve()).then(() => { -+ const promise = new Promise((resolve) => resolve()).then(() => { - // eslint-disable-next-line no-throw-literal - throw 123; - }); -diff --git a/tsconfig.base.json b/tsconfig.base.json -index 5c31f795ff..5aba1b3bc5 100644 ---- a/tsconfig.base.json -+++ b/tsconfig.base.json -@@ -53,6 +53,7 @@ - "downlevelIteration": true, - // import tslib helpers rather than inlining helpers for iteration or spreading, for instance - "importHelpers": true, -+ "useUnknownInCatchVariables": false, - // adding global typings - "types": [ - "node", -diff --git a/yarn.lock b/yarn.lock -index 1843167afd..fdefb6aae9 100644 ---- a/yarn.lock -+++ b/yarn.lock -@@ -4909,14 +4909,6 @@ axe-core@^4.0.2, axe-core@^4.3.5: - resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.4.1.tgz#7dbdc25989298f9ad006645cd396782443757413" - integrity sha512-gd1kmb21kwNuWr6BQz8fv6GNECPBnUasepcoLbekws23NVBLODdsClRZ+bQ8+9Uomf3Sm3+Vwn0oYG9NvwnJCw== - --axios@^0.27.2: -- version "0.27.2" -- resolved "https://registry.yarnpkg.com/axios/-/axios-0.27.2.tgz#207658cc8621606e586c85db4b41a750e756d972" -- integrity sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ== -- dependencies: -- follow-redirects "^1.14.9" -- form-data "^4.0.0" -- - axios@^1.1.3: - version "1.2.0" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.2.0.tgz#1cb65bd75162c70e9f8d118a905126c4a201d383" -@@ -4926,6 +4918,15 @@ axios@^1.1.3: - form-data "^4.0.0" - proxy-from-env "^1.1.0" - -+axios@^1.6.1: -+ version "1.6.7" -+ resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.7.tgz#7b48c2e27c96f9c68a2f8f31e2ab19f59b06b0a7" -+ integrity sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA== -+ dependencies: -+ follow-redirects "^1.15.4" -+ form-data "^4.0.0" -+ proxy-from-env "^1.1.0" -+ - axobject-query@^2.2.0: - version "2.2.0" - resolved "https://registry.yarnpkg.com/axobject-query/-/axobject-query-2.2.0.tgz#943d47e10c0b704aa42275e20edf3722648989be" -@@ -8816,7 +8817,7 @@ focus-lock@^0.10.2: - dependencies: - tslib "^2.0.3" - --follow-redirects@^1.14.9, follow-redirects@^1.15.0, follow-redirects@^1.15.4: -+follow-redirects@^1.15.0, follow-redirects@^1.15.4: - version "1.15.5" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.5.tgz#54d4d6d062c0fa7d9d17feb008461550e3ba8020" - integrity sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw== -@@ -17363,10 +17364,10 @@ typedarray@^0.0.6: - resolved "https://registry.yarnpkg.com/typedarray/-/typedarray-0.0.6.tgz#867ac74e3864187b1d3d47d996a78ec5c8830777" - integrity sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c= - --typescript@4.0.2, typescript@~4.5.2: -- version "4.0.2" -- resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.0.2.tgz#7ea7c88777c723c681e33bf7988be5d008d05ac2" -- integrity sha512-e4ERvRV2wb+rRZ/IQeb3jm2VxBsirQLpQhdxplZ2MEzGvDkkMmPglecnNDfSUBivMjP93vRbngYYDQqQ/78bcQ== -+typescript@4.0.2, typescript@4.6.4, typescript@~4.5.2: -+ version "4.6.4" -+ resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.6.4.tgz#caa78bbc3a59e6a5c510d35703f6a09877ce45e9" -+ integrity sha512-9ia/jWHIEbo49HfjrLGfKbZSuWo9iTMwXO+Ca3pRsSpbsMbc7/IU8NKdCZVRRBafVPGnoJeFL76ZOAA84I9fEg== - - uc.micro@^1.0.1, uc.micro@^1.0.5: - version "1.0.6" diff --git a/withdrawn-packages.txt b/withdrawn-packages.txt index 440a6a44716..e56a896f58d 100644 --- a/withdrawn-packages.txt +++ b/withdrawn-packages.txt @@ -1,197 +1 @@ -argo-cd-2.8.0-r0.apk -argo-cd-2.8.0-r1.apk -argo-cd-2.8.1-r0.apk -argo-cd-2.8.2-r0.apk -cassandra-4.1.1-r0.apk -cassandra-4.1.1-r1.apk -cassandra-4.1.3-r0.apk -cassandra-4.1.3-r1.apk -cassandra-4.1.3-r2.apk -cassandra-4.1.3-r3.apk -cassandra-4.1.3-r4.apk -cassandra-4.1.3-r5.apk -cassandra-4.1.3-r6.apk -cassandra-4.1.3-r7.apk -cassandra-4.1.3-r8.apk -cassandra-4.1.3-r9.apk -cassandra-4.1.4-r0.apk -cassandra-compat-4.1.3-r1.apk -cassandra-compat-4.1.3-r2.apk -cassandra-compat-4.1.3-r3.apk -cassandra-compat-4.1.3-r4.apk -cassandra-compat-4.1.3-r5.apk -cassandra-compat-4.1.3-r6.apk -cassandra-compat-4.1.3-r7.apk -cassandra-compat-4.1.3-r8.apk -cassandra-compat-4.1.3-r9.apk -cassandra-compat-4.1.4-r0.apk -etcd-3.5.6-r0.apk -etcd-3.5.6-r1.apk -etcd-3.5.6-r2.apk -etcd-3.5.6-r3.apk -etcd-3.5.7-r0.apk -etcd-3.5.7-r1.apk -etcd-3.5.7-r2.apk -etcd-3.5.7-r3.apk -etcd-3.5.7-r4.apk -etcd-3.5.8-r0.apk -etcd-3.5.8-r1.apk -etcd-3.5.9-r0.apk -etcd-3.5.9-r1.apk -etcd-3.5.9-r2.apk -etcd-3.5.9-r3.apk -etcd-3.5.9-r4.apk -etcd-3.5.9-r5.apk -etcd-3.5.9-r6.apk -etcd-3.5.9-r7.apk -etcd-3.5.10-r0.apk -etcd-3.5.10-r1.apk -etcd-3.5.10-r2.apk -etcd-3.5.11-r0.apk -etcd-3.5.11-r1.apk -etcd-3.5.11-r2.apk -etcd-3.5.12-r0.apk -envoy-1.24.0-r0.apk -envoy-1.24.0-r1.apk -envoy-1.24.1-r0.apk -envoy-1.25.0-r0.apk -envoy-1.25.1-r0.apk -envoy-1.25.2-r0.apk -envoy-1.25.3-r0.apk -envoy-1.25.5-r0.apk -envoy-1.26.0-r0.apk -envoy-1.26.1-r0.apk -envoy-1.26.1-r1.apk -envoy-1.26.2-r0.apk -envoy-1.26.2-r1.apk -envoy-1.26.3-r0.apk -envoy-1.26.4-r0.apk -envoy-1.27.0-r0.apk -envoy-1.27.1-r0.apk -envoy-1.27.2-r0.apk -envoy-1.28.0-r0.apk -envoy-1.28.0-r1.apk -envoy-1.28.0-r2.apk -envoy-1.29.1-r0.apk -envoy-config-1.24.0-r1.apk -envoy-config-1.24.1-r0.apk -envoy-config-1.25.0-r0.apk -envoy-config-1.25.1-r0.apk -envoy-config-1.25.2-r0.apk -envoy-config-1.25.3-r0.apk -envoy-config-1.25.5-r0.apk -envoy-config-1.26.0-r0.apk -envoy-config-1.26.1-r0.apk -envoy-config-1.26.1-r1.apk -envoy-config-1.26.2-r0.apk -envoy-config-1.26.2-r1.apk -envoy-config-1.26.3-r0.apk -envoy-config-1.26.4-r0.apk -envoy-config-1.27.0-r0.apk -envoy-config-1.27.1-r0.apk -envoy-config-1.27.2-r0.apk -envoy-config-1.28.0-r0.apk -envoy-config-1.28.0-r1.apk -envoy-config-1.28.0-r2.apk -envoy-config-1.29.1-r0.apk -envoy-oci-entrypoint-1.24.0-r1.apk -envoy-oci-entrypoint-1.24.1-r0.apk -envoy-oci-entrypoint-1.25.0-r0.apk -envoy-oci-entrypoint-1.25.1-r0.apk -envoy-oci-entrypoint-1.25.2-r0.apk -envoy-oci-entrypoint-1.25.3-r0.apk -envoy-oci-entrypoint-1.25.5-r0.apk -envoy-oci-entrypoint-1.26.0-r0.apk -envoy-oci-entrypoint-1.26.1-r0.apk -envoy-oci-entrypoint-1.26.1-r1.apk -envoy-oci-entrypoint-1.26.2-r0.apk -envoy-oci-entrypoint-1.26.2-r1.apk -envoy-oci-entrypoint-1.26.3-r0.apk -envoy-oci-entrypoint-1.26.4-r0.apk -envoy-oci-entrypoint-1.27.0-r0.apk -envoy-oci-entrypoint-1.27.1-r0.apk -envoy-oci-entrypoint-1.27.2-r0.apk -envoy-oci-entrypoint-1.28.0-r0.apk -envoy-oci-entrypoint-1.28.0-r1.apk -envoy-oci-entrypoint-1.28.0-r2.apk -envoy-oci-entrypoint-1.29.1-r0.apk -cilium-1.14.2-r0.apk -cilium-1.14.3-r0.apk -cilium-1.14.3-r1.apk -cilium-1.14.3-r2.apk -cilium-1.14.4-r0.apk -cilium-1.14.4-r1.apk -cilium-1.14.4-r2.apk -cilium-1.14.4-r3.apk -cilium-1.14.5-r0.apk -cilium-1.14.5-r1.apk -cilium-1.14.5-r2.apk -cilium-1.14.6-r0.apk -cilium-1.15.0-r0.apk -cilium-1.15.1-r0.apk -cilium-container-init-1.14.3-r1.apk -cilium-container-init-1.14.3-r2.apk -cilium-container-init-1.14.4-r0.apk -cilium-container-init-1.14.4-r1.apk -cilium-container-init-1.14.4-r2.apk -cilium-container-init-1.14.4-r3.apk -cilium-container-init-1.14.5-r0.apk -cilium-container-init-1.14.5-r1.apk -cilium-container-init-1.14.5-r2.apk -cilium-container-init-1.14.6-r0.apk -cilium-container-init-1.15.0-r0.apk -cilium-container-init-1.15.1-r0.apk -cilium-container-init-compat-1.14.3-r1.apk -cilium-container-init-compat-1.14.3-r2.apk -cilium-container-init-compat-1.14.4-r0.apk -cilium-container-init-compat-1.14.4-r1.apk -cilium-container-init-compat-1.14.4-r2.apk -cilium-container-init-compat-1.14.4-r3.apk -cilium-container-init-compat-1.14.5-r0.apk -cilium-container-init-compat-1.14.5-r1.apk -cilium-container-init-compat-1.14.5-r2.apk -cilium-container-init-compat-1.14.6-r0.apk -cilium-container-init-compat-1.15.0-r0.apk -cilium-container-init-compat-1.15.1-r0.apk -cilium-iptables-1.14.2-r0.apk -cilium-iptables-1.14.3-r0.apk -cilium-iptables-1.14.3-r1.apk -cilium-iptables-1.14.3-r2.apk -cilium-iptables-1.14.4-r0.apk -cilium-iptables-1.14.4-r1.apk -cilium-iptables-1.14.4-r2.apk -cilium-iptables-1.14.4-r3.apk -cilium-iptables-1.14.5-r0.apk -cilium-iptables-1.14.5-r1.apk -cilium-iptables-1.14.5-r2.apk -cilium-iptables-1.14.6-r0.apk -cilium-iptables-1.15.0-r0.apk -cilium-iptables-1.15.1-r0.apk -cilium-operator-generic-1.14.2-r0.apk -cilium-operator-generic-1.14.3-r0.apk -cilium-operator-generic-1.14.3-r1.apk -cilium-operator-generic-1.14.3-r2.apk -cilium-operator-generic-1.14.4-r0.apk -cilium-operator-generic-1.14.4-r1.apk -cilium-operator-generic-1.14.4-r2.apk -cilium-operator-generic-1.14.4-r3.apk -cilium-operator-generic-1.14.5-r0.apk -cilium-operator-generic-1.14.5-r1.apk -cilium-operator-generic-1.14.5-r2.apk -cilium-operator-generic-1.14.6-r0.apk -cilium-operator-generic-1.15.0-r0.apk -cilium-operator-generic-1.15.1-r0.apk -hubble-relay-1.14.2-r0.apk -hubble-relay-1.14.3-r0.apk -hubble-relay-1.14.3-r1.apk -hubble-relay-1.14.3-r2.apk -hubble-relay-1.14.4-r0.apk -hubble-relay-1.14.4-r1.apk -hubble-relay-1.14.4-r2.apk -hubble-relay-1.14.4-r3.apk -hubble-relay-1.14.5-r0.apk -hubble-relay-1.14.5-r1.apk -hubble-relay-1.14.5-r2.apk -hubble-relay-1.14.6-r0.apk -hubble-relay-1.15.0-r0.apk -hubble-relay-1.15.1-r0.apk \ No newline at end of file +opensearch-dashboards-2-2.12.0-r0.apk \ No newline at end of file From 8ba409043748bde9de0cbb5632be06139c3c49b9 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 14:15:49 +0000 Subject: [PATCH 220/235] datadog-agent/7.51.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- datadog-agent.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/datadog-agent.yaml b/datadog-agent.yaml index 1c7a026e7b0..8cb45fd1a4c 100644 --- a/datadog-agent.yaml +++ b/datadog-agent.yaml @@ -1,7 +1,7 @@ package: name: datadog-agent - version: 7.51.0 - epoch: 1 + version: 7.51.1 + epoch: 0 description: "Collect events and metrics from your hosts that send data to Datadog." copyright: - license: Apache-2.0 @@ -52,7 +52,7 @@ pipeline: with: repository: https://github.com/DataDog/datadog-agent tag: ${{package.version}} - expected-commit: 5b3c5ccb394e61a7946f35ad0eeb4197dfcd5d68 + expected-commit: 024f4fb4b528f0eabaeeb4114744dd63edbe3553 - runs: | export PATH=$PATH:$GOPATH/bin From b1571bc48c7841fe88bbfb54e602be586c5acf01 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 14:16:28 +0000 Subject: [PATCH 221/235] pixi/0.15.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- pixi.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pixi.yaml b/pixi.yaml index eb29ab9633a..66254718b24 100644 --- a/pixi.yaml +++ b/pixi.yaml @@ -1,6 +1,6 @@ package: name: pixi - version: 0.15.1 + version: 0.15.2 epoch: 0 description: "Package management made easy" copyright: @@ -20,7 +20,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/prefix-dev/pixi - expected-commit: 745862373f60a90c77b70fb68365af54614d571e + expected-commit: bbf4d0c19e25b461d0ba262ee5243a2b136e710b tag: v${{package.version}} - name: Configure and build From cc396a74f277d334ce5b40e45209eeaecf7a64c8 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 17:08:23 +0000 Subject: [PATCH 222/235] pixman/0.43.4 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- pixman.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pixman.yaml b/pixman.yaml index 1da44012833..f7fbd8bccbe 100644 --- a/pixman.yaml +++ b/pixman.yaml @@ -1,6 +1,6 @@ package: name: pixman - version: 0.43.2 + version: 0.43.4 epoch: 0 description: Low-level pixel manipulation library copyright: @@ -20,7 +20,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: b43dc9549c02c598fb11321d6fca47151f739a076c73fcd8971b5c023a06949e + expected-sha256: 48d8539f35488d694a2fef3ce17394d1153ed4e71c05d1e621904d574be5df19 uri: https://www.x.org/releases/individual/lib/pixman-${{package.version}}.tar.xz - runs: | From cb31c0550c543ebcb193efe3b06fc43b72a9c4d0 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 17:15:22 +0000 Subject: [PATCH 223/235] keda/2.13.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- keda.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/keda.yaml b/keda.yaml index 28e0de141f6..c7d6c25ce67 100644 --- a/keda.yaml +++ b/keda.yaml @@ -1,8 +1,8 @@ # See https://github.com/kedacore/keda/blob/main/SECURITY.md#supported-versions for upstream-supported versions package: name: keda - version: 2.13.0 - epoch: 1 + version: 2.13.1 + epoch: 0 description: KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes copyright: - license: Apache-2.0 @@ -23,14 +23,10 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 367fcd32f1e72be504ada53165d07c33d75fc0f7 + expected-commit: 41dd7a8558fdb274f2c0861f6c6d1eba01f2dcd5 repository: https://github.com/kedacore/keda tag: v${{package.version}} - - uses: go/bump - with: - deps: github.com/go-jose/go-jose/v3@v3.0.1 github.com/cloudflare/circl@v1.3.7 - - runs: | ARCH=$(go env GOARCH) make build mkdir -p "${{targets.destdir}}/usr/bin" From 3c2bc538c3a23fe130011fe25c931b2f759bc2b8 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 17:15:38 +0000 Subject: [PATCH 224/235] ingress-nginx-controller/1.10.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- ingress-nginx-controller.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ingress-nginx-controller.yaml b/ingress-nginx-controller.yaml index 35561cec6bb..57feb0d88aa 100644 --- a/ingress-nginx-controller.yaml +++ b/ingress-nginx-controller.yaml @@ -2,7 +2,7 @@ package: name: ingress-nginx-controller version: 1.10.0 - epoch: 0 + epoch: 1 description: "Ingress-NGINX Controller for Kubernetes" copyright: - license: Apache-2.0 @@ -137,7 +137,7 @@ pipeline: with: repository: https://github.com/kubernetes/ingress-nginx tag: controller-v${{package.version}} - expected-commit: 71f78d49f0a496c31d4c19f095469f3f23900f8a + expected-commit: dc999d81da6d9258bf448874be5f1f0e2156ec94 - name: Build ingress-nginx controller from source runs: | From 27589ca38350af3900180b36370adf1eedc1b007 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 17:15:58 +0000 Subject: [PATCH 225/235] py3-awscrt/0.20.5 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-awscrt.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-awscrt.yaml b/py3-awscrt.yaml index c63d36812de..2b772e6d596 100644 --- a/py3-awscrt.yaml +++ b/py3-awscrt.yaml @@ -1,6 +1,6 @@ package: name: py3-awscrt - version: 0.20.4 + version: 0.20.5 epoch: 0 description: Python bindings for the AWS Common Runtime copyright: @@ -29,7 +29,7 @@ pipeline: with: repository: https://github.com/awslabs/aws-crt-python tag: v${{package.version}} - expected-commit: 258a8c8d23fbb7742cffc95ae7087a26e451e761 + expected-commit: 6b8b17726f00987cdf1cab739f5cc86325335b30 - runs: | # Allow linking to shared libraries From eda8f4dcbbb57133099f59d47b6de6163c962ea2 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 17:16:03 +0000 Subject: [PATCH 226/235] syft/1.0.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- syft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/syft.yaml b/syft.yaml index 8a9e58f8077..3596db8202d 100644 --- a/syft.yaml +++ b/syft.yaml @@ -1,6 +1,6 @@ package: name: syft - version: 0.105.1 + version: 1.0.0 epoch: 0 description: CLI tool and library for generating a Software Bill of Materials from container images and filesystems copyright: @@ -15,7 +15,7 @@ pipeline: with: repository: https://github.com/anchore/syft tag: v${{package.version}} - expected-commit: 928511ea0f1449e057e8057e38743d258b22476b + expected-commit: 356f7c92b464b69be3a2a898cd98a63037eeadcc - uses: go/build with: From 9153abd3c73591748aabc89c312a657aaffc60a9 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 17:16:08 +0000 Subject: [PATCH 227/235] dotty/3.4.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- dotty.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dotty.yaml b/dotty.yaml index 5171ef4a075..e8b56d73063 100644 --- a/dotty.yaml +++ b/dotty.yaml @@ -1,6 +1,6 @@ package: name: dotty - version: 3.3.1 + version: 3.4.0 epoch: 0 description: The Scala 3 compiler, also known as Dotty. copyright: @@ -24,7 +24,7 @@ pipeline: with: repository: https://github.com/lampepfl/dotty tag: ${{package.version}} - expected-commit: 721e7c87ee95b811984b7b992728729d7094c4c4 + expected-commit: a92a4639e1db7a1ad55633a436650a348dffa152 - runs: | sbt dist/pack From af28fb2875814e365f5f78b9521c5dfff6e1728e Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 17:16:19 +0000 Subject: [PATCH 228/235] aws-efs-csi-driver/1.7.6 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- aws-efs-csi-driver.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws-efs-csi-driver.yaml b/aws-efs-csi-driver.yaml index 5c24f50b6e6..bd916214331 100644 --- a/aws-efs-csi-driver.yaml +++ b/aws-efs-csi-driver.yaml @@ -1,6 +1,6 @@ package: name: aws-efs-csi-driver - version: 1.7.5 + version: 1.7.6 epoch: 0 description: CSI driver for Amazon EFS. copyright: @@ -30,7 +30,7 @@ pipeline: with: repository: https://github.com/kubernetes-sigs/aws-efs-csi-driver tag: v${{package.version}} - expected-commit: 38de3dda862327820eb0a507c3f034697f6204c9 + expected-commit: 7d87370ef6568d7e35e5645e775e0267ef92889a - uses: go/bump with: From e309d721eb3c3bec138f3e2647aa08ca01d756b4 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 18:15:59 +0000 Subject: [PATCH 229/235] wit-bindgen/0.20.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- wit-bindgen.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wit-bindgen.yaml b/wit-bindgen.yaml index 7c256dfbb93..5ade9caa6aa 100644 --- a/wit-bindgen.yaml +++ b/wit-bindgen.yaml @@ -1,6 +1,6 @@ package: name: wit-bindgen - version: 0.19.2 + version: 0.20.0 epoch: 0 description: "A language binding generator for WebAssembly interface types" copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/bytecodealliance/wit-bindgen tag: v${{package.version}} - expected-commit: a4387452abe52952e4c6ac10724235bb2e0f3ed2 + expected-commit: 561aa17d67cf6360e0453388897729b86ddd5154 - name: Configure and build runs: | From 1cb2e8d62b525c252dacad95aca9711199b2d04e Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 18:16:17 +0000 Subject: [PATCH 230/235] py3-sqlglot/22.1.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-sqlglot.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-sqlglot.yaml b/py3-sqlglot.yaml index c88010eb067..c88cefc0cdf 100644 --- a/py3-sqlglot.yaml +++ b/py3-sqlglot.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/sqlglot/ package: name: py3-sqlglot - version: 22.1.0 + version: 22.1.1 epoch: 0 description: An easily customizable SQL parser and transpiler copyright: @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/tobymao/sqlglot tag: v${{package.version}} - expected-commit: 63939796b39c69b25adfc6f224ccd4761f23cb66 + expected-commit: 00e9f6dfb6b49774bd0b256a075f247741ae323a - name: Python Build runs: python setup.py build From 6b26eefe7025dee69f52845aad7adb558b43b1db Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 18:16:21 +0000 Subject: [PATCH 231/235] tailscale/1.60.1 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- tailscale.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tailscale.yaml b/tailscale.yaml index f4579611bad..24280f6bf27 100644 --- a/tailscale.yaml +++ b/tailscale.yaml @@ -1,6 +1,6 @@ package: name: tailscale - version: 1.60.0 + version: 1.60.1 epoch: 0 description: The easiest, most secure way to use WireGuard and 2FA. copyright: @@ -18,7 +18,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: f4e3ee53ea4605d400df2ef6b6005b026661f96b + expected-commit: 2caffeeb460a7b69fc8e329821e5e2cbbc10af27 repository: https://github.com/tailscale/tailscale tag: v${{package.version}} From 6fca118789ae8396034755391101a16d34787f94 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 18:16:32 +0000 Subject: [PATCH 232/235] aws-c-mqtt/0.10.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- aws-c-mqtt.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws-c-mqtt.yaml b/aws-c-mqtt.yaml index 0def68ad972..6be91fa5d16 100644 --- a/aws-c-mqtt.yaml +++ b/aws-c-mqtt.yaml @@ -1,6 +1,6 @@ package: name: aws-c-mqtt - version: 0.10.2 + version: 0.10.3 epoch: 0 description: AWS C99 implementation of the MQTT 3.1.1 specification copyright: @@ -25,7 +25,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 0ac61e2ce08395e36598584222280b053d455429b26bfb5de057f91358bb3d25 + expected-sha256: bb938d794b0757d669b5877526363dc6f6f0e43869ca19fc196ffd0f7a35f5b9 uri: https://github.com/awslabs/aws-c-mqtt/archive/refs/tags/v${{package.version}}.tar.gz - runs: | From cddb1a8b09b6c3336f2ded7914eb1c52c4258d69 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 18:16:37 +0000 Subject: [PATCH 233/235] ruff/0.3.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- ruff.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ruff.yaml b/ruff.yaml index 2d04ec3a6f3..dd122a6aeef 100644 --- a/ruff.yaml +++ b/ruff.yaml @@ -1,6 +1,6 @@ package: name: ruff - version: 0.2.2 + version: 0.3.0 epoch: 0 description: An extremely fast Python linter, written in Rust. copyright: @@ -19,7 +19,7 @@ pipeline: with: repository: https://github.com/astral-sh/ruff tag: v${{package.version}} - expected-commit: 235cfb79769da2c435b9c88d8bae4a79f1234857 + expected-commit: b53118ed0016ac37233d3dadbcea9ed3ac1f538e - runs: | cargo build --release From 43170b445064ce557f1c41784e813df5f65df56f Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 18:16:41 +0000 Subject: [PATCH 234/235] aws-crt-cpp/0.26.3 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- aws-crt-cpp.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws-crt-cpp.yaml b/aws-crt-cpp.yaml index 1464c1ef728..07129cb0f47 100644 --- a/aws-crt-cpp.yaml +++ b/aws-crt-cpp.yaml @@ -1,6 +1,6 @@ package: name: aws-crt-cpp - version: 0.26.2 + version: 0.26.3 epoch: 0 description: "C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++" copyright: @@ -32,7 +32,7 @@ pipeline: with: repository: https://github.com/awslabs/aws-crt-cpp tag: v${{package.version}} - expected-commit: e4514b7fb8b1fe67429aa7b0e00f628999722174 + expected-commit: 98d68a1be424732ec1128ef2aadbf552ed653ed0 - runs: | if [ "$CBUILD" != "$CHOST" ]; then From a99201f1b5ba7771b0de8c219ab6eea22635509d Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 29 Feb 2024 20:16:08 +0000 Subject: [PATCH 235/235] vault-1.14/1.14.10 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- vault-1.14.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vault-1.14.yaml b/vault-1.14.yaml index 1c79e89844a..62f84069094 100644 --- a/vault-1.14.yaml +++ b/vault-1.14.yaml @@ -1,7 +1,7 @@ # package.dependecies.provides uses 1.14.999 because we had a 1.14.1 vault package, remove in 1.15+ package: name: vault-1.14 - version: 1.14.9 + version: 1.14.10 epoch: 0 description: Tool for encryption as a service, secrets and privileged access management copyright: @@ -24,7 +24,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 7c9990adc7b56d27ef5f461ee484764643ba16f7 + expected-commit: 7d15950da2e3d835077f5b896354de5c01f27570 repository: https://github.com/hashicorp/vault tag: v${{package.version}}