diff --git a/.github/workflows/build-world.yaml b/.github/workflows/build-world.yaml index ca7fb11641..76794abc68 100644 --- a/.github/workflows/build-world.yaml +++ b/.github/workflows/build-world.yaml @@ -24,7 +24,7 @@ jobs: # permissions: container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 # TODO: Deprivilege options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 573d8983ab..0f8626fe04 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -29,7 +29,7 @@ jobs: contents: read container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 # TODO: Deprivilege options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined @@ -142,7 +142,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 steps: - uses: actions/checkout@v4 @@ -254,7 +254,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 6bfbdc2324..432da697c8 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -33,7 +33,7 @@ jobs: run: | # Copy wolfictl out of the wolfictl image and onto PATH TMP=$(mktemp -d) - docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 -c "cp /usr/bin/wolfictl /out" + docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 -c "cp /usr/bin/wolfictl /out" echo "$TMP" >> $GITHUB_PATH # Assuming that we have a list of changed files such as `foo.yaml` and `bar.yaml`, this @@ -70,7 +70,7 @@ jobs: group: wolfi-builder-${{ matrix.arch }} needs: changes container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --security-opt seccomp=unconfined --security-opt apparmor:unconfined outputs: @@ -193,7 +193,7 @@ jobs: name: "ABI Compatibility check" runs-on: ubuntu-latest container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 needs: build if: needs.build.outputs.packages_were_built == 'true' @@ -232,7 +232,7 @@ jobs: name: "Scan packages for CVEs" runs-on: ubuntu-latest container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 needs: build if: needs.build.outputs.packages_were_built == 'true' diff --git a/.github/workflows/lint-world.yaml b/.github/workflows/lint-world.yaml index b5549e0c64..c1d953a78e 100644 --- a/.github/workflows/lint-world.yaml +++ b/.github/workflows/lint-world.yaml @@ -29,7 +29,7 @@ jobs: group: wolfi-os-builder-${{ matrix.arch }} container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/withdraw-packages.yaml b/.github/workflows/withdraw-packages.yaml index db9df0d90f..32fabec06c 100644 --- a/.github/workflows/withdraw-packages.yaml +++ b/.github/workflows/withdraw-packages.yaml @@ -21,11 +21,7 @@ jobs: fetch-depth: 0 # We want the full history for uploading withdrawn-packages.txt to GCS. If this takes too long, we look at merging both files. - name: "Install wolfictl onto PATH" - run: | - # Copy wolfictl out of the wolfictl image and onto PATH - TMP=$(mktemp -d) - docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 -c "cp /usr/bin/wolfictl /out" - echo "$TMP" >> $GITHUB_PATH + uses: wolfi-dev/actions/install-wolfictl@main # This is managed here: https://github.com/chainguard-dev/secrets/blob/main/wolfi-dev.tf - uses: google-github-actions/auth@a6e2e39c0a0331da29f7fd2c2a20a427e8d3ad1f # v2.1.1 diff --git a/Makefile b/Makefile index be032c9acc..89fa9da279 100644 --- a/Makefile +++ b/Makefile @@ -34,6 +34,7 @@ MELANGE_TEST_OPTS += --arch ${ARCH} MELANGE_TEST_OPTS += --pipeline-dirs ./pipelines/ MELANGE_TEST_OPTS += --repository-append https://packages.wolfi.dev/os MELANGE_TEST_OPTS += --keyring-append https://packages.wolfi.dev/os/wolfi-signing.rsa.pub +MELANGE_TEST_OPTS += --test-package-append wolfi-base MELANGE_TEST_OPTS += --debug MELANGE_TEST_OPTS += ${MELANGE_EXTRA_OPTS} @@ -186,7 +187,7 @@ dev-container: -v "${PWD}:${PWD}" \ -w "${PWD}" \ -e SOURCE_DATE_EPOCH=0 \ - ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 PACKAGES_CONTAINER_FOLDER ?= /work/packages TMP_REPOSITORIES_DIR := $(shell mktemp -d) @@ -251,6 +252,6 @@ dev-container-wolfi: --mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \ --mount type=bind,source="$(TMP_REPOSITORIES_FILE)",destination="/etc/apk/repositories",readonly \ -w "$(PACKAGES_CONTAINER_FOLDER)" \ - ghcr.io/wolfi-dev/sdk:latest@sha256:7c1012eb43ee829351f3b33eb0f150ca2d2e176545bd58a398a7427f5645d9c9 + ghcr.io/wolfi-dev/sdk:latest@sha256:c7c6d703bfe60307bc982bf0b5437775e4cf6545def97ae94cd3f5cfc2212254 @rm "$(TMP_REPOSITORIES_FILE)" @rmdir "$(TMP_REPOSITORIES_DIR)" diff --git a/actions-runner-controller.yaml b/actions-runner-controller.yaml index 287f449ff6..88be2169c6 100644 --- a/actions-runner-controller.yaml +++ b/actions-runner-controller.yaml @@ -1,7 +1,7 @@ package: name: actions-runner-controller - version: 0.8.2 - epoch: 1 + version: 0.8.3 + epoch: 0 description: Kubernetes controller for GitHub Actions self-hosted runners copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ pipeline: with: repository: https://github.com/actions/actions-runner-controller tag: gha-runner-scale-set-${{package.version}} - expected-commit: d72774753c1ac24f927cac68b368f2abc9f65f40 + expected-commit: 309b53143e55d4ff7b1777561c20a70bc09c8da1 # Ref: https://github.com/actions/actions-runner-controller/blob/gha-runner-scale-set-0.5.0/Dockerfile#L35 - uses: go/bump diff --git a/atuin.yaml b/atuin.yaml index e7eeb386aa..4c059c8f56 100644 --- a/atuin.yaml +++ b/atuin.yaml @@ -1,6 +1,6 @@ package: name: atuin - version: 18.0.1 + version: 18.0.2 epoch: 0 description: Magical shell history copyright: @@ -19,7 +19,7 @@ pipeline: with: repository: https://github.com/atuinsh/atuin tag: v${{package.version}} - expected-commit: 1464cb657a47e7b5705194302532f3ecf37c7649 + expected-commit: a78aaa78e487b2499ffd7eed86bac15aa3df0960 - runs: | cargo build --locked --release @@ -44,10 +44,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | atuin -V diff --git a/aws-c-mqtt.yaml b/aws-c-mqtt.yaml index 0def68ad97..6be91fa5d1 100644 --- a/aws-c-mqtt.yaml +++ b/aws-c-mqtt.yaml @@ -1,6 +1,6 @@ package: name: aws-c-mqtt - version: 0.10.2 + version: 0.10.3 epoch: 0 description: AWS C99 implementation of the MQTT 3.1.1 specification copyright: @@ -25,7 +25,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 0ac61e2ce08395e36598584222280b053d455429b26bfb5de057f91358bb3d25 + expected-sha256: bb938d794b0757d669b5877526363dc6f6f0e43869ca19fc196ffd0f7a35f5b9 uri: https://github.com/awslabs/aws-c-mqtt/archive/refs/tags/v${{package.version}}.tar.gz - runs: | diff --git a/aws-c-s3.yaml b/aws-c-s3.yaml index 5dc60c11c2..821809d133 100644 --- a/aws-c-s3.yaml +++ b/aws-c-s3.yaml @@ -1,6 +1,6 @@ package: name: aws-c-s3 - version: 0.5.1 + version: 0.5.2 epoch: 0 description: "AWS C99 library implementation for communicating with the S3 service" copyright: @@ -36,7 +36,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: b8737af410b66d20890bf446de3724722f7916f6a66114b1f79892dc83884ffb + expected-sha256: 57f048d850673587aa29960eb3227121c18baf2ab8efd720bc93b2ae54386604 uri: https://github.com/awslabs/aws-c-s3/archive/refs/tags/v${{package.version}}.tar.gz - runs: | diff --git a/aws-cli.yaml b/aws-cli.yaml index a2fec36ee8..adaf23f8d0 100644 --- a/aws-cli.yaml +++ b/aws-cli.yaml @@ -1,6 +1,6 @@ package: name: aws-cli - version: 1.32.49 + version: 1.32.52 epoch: 0 description: "Universal Command Line Interface for Amazon Web Services" copyright: @@ -33,7 +33,7 @@ pipeline: - uses: fetch with: uri: https://github.com/aws/aws-cli/archive/${{package.version}}.tar.gz - expected-sha256: 68643326e9e060ddbd4deea32c1ac3ed5b60d0ed6496e3660b23b951ee385e54 + expected-sha256: 82e37bc74a7f49787cc8d22d6ab53f595e264f583522ee2805706d5d8b2d0272 - runs: | python3 setup.py build diff --git a/aws-crt-cpp.yaml b/aws-crt-cpp.yaml index 6f7f24fbeb..07129cb0f4 100644 --- a/aws-crt-cpp.yaml +++ b/aws-crt-cpp.yaml @@ -1,6 +1,6 @@ package: name: aws-crt-cpp - version: 0.26.1 + version: 0.26.3 epoch: 0 description: "C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++" copyright: @@ -32,7 +32,7 @@ pipeline: with: repository: https://github.com/awslabs/aws-crt-cpp tag: v${{package.version}} - expected-commit: c499dffd57058c1fe9c28bb56e720f4181ba5a7e + expected-commit: 98d68a1be424732ec1128ef2aadbf552ed653ed0 - runs: | if [ "$CBUILD" != "$CHOST" ]; then diff --git a/aws-efs-csi-driver.yaml b/aws-efs-csi-driver.yaml index 5c24f50b6e..bd91621433 100644 --- a/aws-efs-csi-driver.yaml +++ b/aws-efs-csi-driver.yaml @@ -1,6 +1,6 @@ package: name: aws-efs-csi-driver - version: 1.7.5 + version: 1.7.6 epoch: 0 description: CSI driver for Amazon EFS. copyright: @@ -30,7 +30,7 @@ pipeline: with: repository: https://github.com/kubernetes-sigs/aws-efs-csi-driver tag: v${{package.version}} - expected-commit: 38de3dda862327820eb0a507c3f034697f6204c9 + expected-commit: 7d87370ef6568d7e35e5645e775e0267ef92889a - uses: go/bump with: diff --git a/az.yaml b/az.yaml index 69e8e18346..95efa013b1 100644 --- a/az.yaml +++ b/az.yaml @@ -61,10 +61,6 @@ update: strip-prefix: azure-cli- test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | az --version diff --git a/bazel-6.yaml b/bazel-6.yaml index 1c225fde0a..3e833354e6 100644 --- a/bazel-6.yaml +++ b/bazel-6.yaml @@ -52,7 +52,6 @@ test: environment: contents: packages: - - wolfi-base - openjdk-17 - openjdk-17-default-jvm pipeline: diff --git a/binaryen.yaml b/binaryen.yaml index 3e541558f5..09b5900b53 100644 --- a/binaryen.yaml +++ b/binaryen.yaml @@ -1,6 +1,6 @@ package: name: binaryen - version: "116" + version: "117" epoch: 0 description: Optimizer and compiler/toolchain library for WebAssembly copyright: @@ -22,12 +22,17 @@ pipeline: with: repository: https://github.com/webassembly/binaryen tag: version_${{package.version}} - expected-commit: 11dba9b1c2ad988500b329727f39f4d8786918c5 + expected-commit: c62a0c97168e88f97bca4bd96298a5ffc041844d - uses: cmake/configure with: opts: | - -DBUILD_TESTS=OFF + -DBUILD_TESTS=OFF \ + -DCMAKE_C_COMPILER=gcc \ + -DCMAKE_CXX_COMPILER=g++ \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_CXX_STANDARD=20 - uses: cmake/build @@ -46,3 +51,22 @@ update: github: identifier: webassembly/binaryen strip-prefix: version_ + +test: + pipeline: + - runs: | + cat > hello_world.wat <<'EOF' + (module + (type $i32_i32_=>_i32 (func (param i32 i32) (result i32))) + (memory $0 256 256) + (export "add" (func $add)) + (func $add (param $x i32) (param $y i32) (result i32) + (i32.add + (local.get $x) + (local.get $y) + ) + ) + ) + EOF + /usr/bin/wasm2js hello_world.wat -o hello_world.js + cat hello_world.js diff --git a/brew.yaml b/brew.yaml index f3dc7922ec..b02bbc53d5 100644 --- a/brew.yaml +++ b/brew.yaml @@ -1,6 +1,6 @@ package: name: brew - version: 4.2.9 + version: 4.2.10 epoch: 0 description: "The homebrew package manager" copyright: @@ -48,7 +48,7 @@ pipeline: repository: https://github.com/Homebrew/brew tag: ${{package.version}} destination: ./brew - expected-commit: e5fefd73cd97cd36ae3af29551f529ae59b333d6 + expected-commit: c6d959218f143cd17b1fc3e0f10f143cbd273528 - runs: | set -x @@ -75,10 +75,6 @@ update: identifier: Homebrew/brew test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | . /etc/profile.d/brew.sh diff --git a/buildkitd.yaml b/buildkitd.yaml index bfdfaeee56..af9868b027 100644 --- a/buildkitd.yaml +++ b/buildkitd.yaml @@ -67,7 +67,6 @@ test: environment: contents: packages: - - busybox - runc pipeline: - runs: | diff --git a/bun-bootstrap.yaml b/bun-bootstrap.yaml index 66a644a642..edb049b6ae 100644 --- a/bun-bootstrap.yaml +++ b/bun-bootstrap.yaml @@ -25,10 +25,6 @@ update: enabled: false test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | bun --version diff --git a/bun.yaml b/bun.yaml index 8eb121c64f..7605b8ce53 100644 --- a/bun.yaml +++ b/bun.yaml @@ -69,10 +69,6 @@ update: strip-prefix: bun-v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | bun --version diff --git a/busybox.yaml b/busybox.yaml index 37e69736e2..9e54965a1e 100644 --- a/busybox.yaml +++ b/busybox.yaml @@ -123,10 +123,6 @@ subpackages: done test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | busybox --help diff --git a/ca-certificates.yaml b/ca-certificates.yaml index 06d216d205..9a3cf3d0cd 100644 --- a/ca-certificates.yaml +++ b/ca-certificates.yaml @@ -1,7 +1,7 @@ package: name: ca-certificates - version: "20230506" - epoch: 1 + version: "20240226" + epoch: 0 description: "CA certificates from the Mozilla trusted root program" copyright: - license: MPL-2.0 AND MIT @@ -19,7 +19,7 @@ pipeline: - uses: fetch with: uri: https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/${{package.version}}/ca-certificates-${{package.version}}.tar.gz - expected-sha256: 21e7247ed7200774625e603ad1998e57ad2e0a79b3c69fa7638063d00f77be3a + expected-sha256: dc73f462a05707aff7de706db1da740cb584658f420139bfa00c4e78d54644dd - runs: | make CC="${{host.triplet.gnu}}-gcc" @@ -61,6 +61,15 @@ subpackages: mv "${{targets.destdir}}"/etc/ssl/certs/ca-certificates.crt "${{targets.subpkgdir}}"/etc/ssl/certs ln -s certs/ca-certificates.crt "${{targets.subpkgdir}}"/etc/ssl/cert.pem +test: + environment: + contents: + packages: + - curl + - wolfi-base + pipeline: + - runs: curl -v https://packages.wolfi.dev + update: enabled: true release-monitor: diff --git a/cassandra.yaml b/cassandra-4.1.yaml similarity index 91% rename from cassandra.yaml rename to cassandra-4.1.yaml index e55f5e81d0..925f04a091 100644 --- a/cassandra.yaml +++ b/cassandra-4.1.yaml @@ -1,13 +1,15 @@ package: - name: cassandra + name: cassandra-4.1 version: 4.1.4 - epoch: 0 + epoch: 1 description: Open Source NoSQL Database copyright: - license: Apache-2.0 dependencies: runtime: - python-3.11 # needed for cqlsh + provides: + - cassandra=${{package.full-version}} environment: contents: @@ -57,7 +59,10 @@ pipeline: ln -sT /var/log/cassandra/ "${{targets.destdir}}"/usr/share/java/cassandra/logs subpackages: - - name: cassandra-compat + - name: ${{package.name}}-compat + dependencies: + provides: + - cassandra-compat=${{package.full-version}} pipeline: - runs: | install -d ${{targets.subpkgdir}}/etc/cassandra diff --git a/cassandra/build.properties b/cassandra-4.1/build.properties similarity index 100% rename from cassandra/build.properties rename to cassandra-4.1/build.properties diff --git a/cassandra/bumpdeps.patch b/cassandra-4.1/bumpdeps.patch similarity index 100% rename from cassandra/bumpdeps.patch rename to cassandra-4.1/bumpdeps.patch diff --git a/cbindgen.yaml b/cbindgen.yaml index f552d91933..003f07663f 100644 --- a/cbindgen.yaml +++ b/cbindgen.yaml @@ -29,7 +29,6 @@ test: environment: contents: packages: - - wolfi-base - rustup pipeline: - runs: | diff --git a/checksec.yaml b/checksec.yaml index d7457d0515..a3da887866 100644 --- a/checksec.yaml +++ b/checksec.yaml @@ -39,10 +39,6 @@ update: identifier: slimm609/checksec.sh test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | checksec --file=/bin/ls --format=csv | grep "Full RELRO,Canary found" diff --git a/chromium.yaml b/chromium.yaml new file mode 100644 index 0000000000..8089b16788 --- /dev/null +++ b/chromium.yaml @@ -0,0 +1,229 @@ +#nolint:git-checkout-must-use-github-updates +package: + name: chromium + version: 122.0.6261.99 + epoch: 2 + description: "Open souce version of Google's chrome web browser" + copyright: + - license: BSD-3-Clause + target-architecture: + - x86_64 + dependencies: + runtime: + - font-opensans + - fontconfig + - libnss + - mesa + +environment: + contents: + packages: + - alsa-lib-dev + - at-spi2-core-dev + - bash + - bison + - brotli-dev + - build-base + - busybox + - bzip2-dev + - ca-certificates-bundle + - cairo-dev + - cups-dev + - curl + - curl-dev + - dav1d-dev + - dbus-dev + - dbus-glib-dev + - elfutils + - elfutils-dev + - eudev-dev + - expat-dev + - ffmpeg-dev + - findutils + - flac-dev + - flex + - freetype-dev + - fribidi-dev + - git + - glib-dev + - gn + - gperf + - gtk-3-dev + - gzip + - harfbuzz-dev + - harfbuzz-static + - hwdata-dev + - krb5-dev + - lcms2-dev + - libbsd-dev + - libcap-dev + - libdrm-dev + - libevent-dev + - libffi-dev + - libgcrypt-dev + - libjpeg-turbo-dev + - libnspr-dev + - libnss-dev + - libsecret-dev + - libusb-dev + - libva-dev + - libwebp-dev + - libxcomposite-dev + - libxcursor-dev + - libxdamage + - libxdamage-dev + - libxft-dev + - libxi-dev + - libxinerama-dev + - libxkbcommon + - libxkbcommon-dev + - libxml2-dev + - libxrandr-dev + - libxshmfence-dev + - libxslt-dev + - libxtst + - libxtst-dev + - linux-headers + - mesa-dev + - mesa-gbm + - opus-dev + - pango + - pango-dev + - pciutils + - pciutils-dev + - perl + - pulseaudio-dev + - py3-httplib2 + - py3-setuptools + - python3 + - qt5-qtbase-dev + - rust + - samurai + - speex-dev + - sqlite-dev + - wget + - xcb-proto + - zlib-dev + - zstd-dev + +pipeline: + - uses: git-checkout + with: + # === INFO === Initial git clone: takes ~3 minutes, needs 6GB disk + repository: https://chromium.googlesource.com/chromium/src.git + tag: ${{package.version}} + depth: 1 + expected-commit: ae38870e15f9d99049aaaf0e7245bc3583ae6cf9 + destination: /home/src + + - runs: | + cd /home + time git clone --depth 1 https://chromium.googlesource.com/chromium/tools/depot_tools.git + export PATH="$PATH:/home/depot_tools" + # .gclient must be in one directory above chromium's src + cat </home/.gclient + # Setup a .gclient config (handled by 'fetch' in upstream instructions) + solutions = [ + { "name" : "src", + "url" : "https://chromium.googlesource.com/chromium/src.git", + "managed": False, + "custom_deps": {}, + "custom_vars": {}, + }, + ] + EOF + cat /home/.gclient + # === INFO === Sync dependencies: takes about 11 minutes, requires 30 GB of disk + # go back into our chromium src directory + cd /home/src + time gclient sync --no-history + # === INFO === Make node executable: works around permission denial + cd /home/src + chmod +x third_party/node/linux/node-linux-x64/bin/node + # === INFO === Generate config: takes about 30 minutes / + cd /home/src + time gn gen /home/src/out/Default --args=" + clang_use_chrome_plugins=false + chrome_pgo_phase=0 + enable_nocompile_tests_new=false + is_debug=false + is_official_build=true + symbol_level=0 + use_sysroot=false + use_system_freetype=true + use_system_harfbuzz=true + use_system_lcms2=true + use_system_libdrm=true + use_system_libffi=true + use_system_libjpeg=true + use_system_zlib=true + " + # === INFO === Compile: takes about 3 hours, 60 GB of disk (on a 32xXeon, 128GBxRAM, 2TBxNVME system) + cd /home/src + time autoninja -C /home/src/out/Default chrome chromedriver chrome_sandbox + # === INFO === Install the binaries and libraries + cd /home/src/out/Default + mkdir -p ${{targets.destdir}}/usr/bin ${{targets.destdir}}/usr/lib/${{package.name}} + mv *.so* ${{targets.destdir}}/usr/lib/${{package.name}} + mv chrome ${{targets.destdir}}/usr/lib/${{package.name}} + mv chrome_sandbox ${{targets.destdir}}/usr/lib/${{package.name}} + mv chromedriver ${{targets.destdir}}/usr/lib/${{package.name}} + # resources + mv snapshot_blob.bin ${{targets.destdir}}/usr/lib/${{package.name}} + mv v8_context_snapshot.bin ${{targets.destdir}}/usr/lib/${{package.name}} + mv icudtl.dat ${{targets.destdir}}/usr/lib/${{package.name}} + mv xdg-mime ${{targets.destdir}}/usr/lib/${{package.name}} + mv xdg-settings ${{targets.destdir}}/usr/lib/${{package.name}} + mv vk_swiftshader_icd.json ${{targets.destdir}}/usr/lib/${{package.name}} + mv *.pak ${{targets.destdir}}/usr/lib/${{package.name}} + mv locales ${{targets.destdir}}/usr/lib/${{package.name}} + # links + ln -sf /usr/lib/${{package.name}}/chrome ${{targets.destdir}}/usr/bin/chromium-browser + ln -sf /usr/lib/${{package.name}}/chromedriver ${{targets.destdir}}/usr/bin/chromedriver + ln -sf chromium-browser ${{targets.destdir}}/usr/bin/chromium + mkdir -p ${{targets.destdir}}/etc/chromium + + - uses: strip + with: + opts: -s + +subpackages: + - name: ${{package.name}}-qt + options: + no-depends: true + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/usr/lib/${{package.name}} + mv ${{targets.destdir}}/usr/lib/${{package.name}}/*qt* ${{targets.subpkgdir}}/usr/lib/${{package.name}} + + - name: ${{package.name}}-lang + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/usr/lib/${{package.name}} + mv ${{targets.destdir}}/usr/lib/${{package.name}}/locales ${{targets.subpkgdir}}/usr/lib/${{package.name}} + + # https://github.com/SeleniumHQ/docker-selenium/blob/trunk/NodeChrome/Dockerfile + - name: chromium-docker-selenium-compat + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/opt/selenium + + ln -sf /usr/lib/chromium/chromedriver ${{targets.subpkgdir}}/opt/selenium/chromedriver-${{package.version}} + + echo "chrome" > ${{targets.subpkgdir}}/opt/selenium/browser_name + echo ${{package.version}} > ${{targets.subpkgdir}}/opt/selenium/browser_version + echo "\"goog:chromeOptions\": {\"binary\": \"/usr/bin/chromium\"}" > ${{targets.subpkgdir}}/opt/selenium/browser_binary_location + +update: + enabled: true + release-monitor: + identifier: 13344 + +test: + environment: + contents: + packages: + - wolfi-base + pipeline: + - runs: | + chromium --no-sandbox --headless --disable-gpu --dump-dom https://www.chromestatus.com diff --git a/cilium.yaml b/cilium-1.14.yaml similarity index 51% rename from cilium.yaml rename to cilium-1.14.yaml index db7a6d10dc..494b1a5e96 100644 --- a/cilium.yaml +++ b/cilium-1.14.yaml @@ -1,7 +1,7 @@ package: - name: cilium - version: 1.15.1 - epoch: 0 + name: cilium-1.14 + version: 1.14.6 + epoch: 1 description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane copyright: - license: Apache-2.0 @@ -17,27 +17,49 @@ package: - kmod - llvm15 - llvm15-tools + provides: + - cilium=${{package.full-version}} environment: contents: packages: + - bash + - bazel-6 + - binutils - build-base - busybox - - clang + - ca-certificates-bundle + - clang~15 + - cmake - coreutils # for GNU install + # We need to stick to gcc 12 for now, envoy doesn't build with gcc >= 13 + - gcc-12-default - git - go - grep - iptables # for cilium-iptables + - libtool + - llvm-lld-15 - llvm15 + - llvm15-cmake-default + - llvm15-dev - llvm15-tools + - openjdk-11 + - patch + - python3-dev + - samurai + - wolfi-baselayout + +vars: + # https://github.com/cilium/cilium/blob/v1.14.6/images/cilium/Dockerfile + CILIUM_PROXY_COMMIT: "ad82c7c56e88989992fd25d8d67747de865c823b" pipeline: - uses: git-checkout with: repository: https://github.com/cilium/cilium tag: v${{package.version}} - expected-commit: a368c8f0f34dfe9a47e8a621af31ea94337f6fb5 + expected-commit: 4a4fa0587d1beb6abce883780957f9848dc50b60 - uses: patch with: @@ -51,11 +73,70 @@ pipeline: DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make build-container DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make install-container + - runs: | + # Check the Dockerfile for a SHA and match against the proxy SHA + ENVOY_SHA=$(grep 'FROM.*cilium-envoy' ./images/cilium/Dockerfile \ + | sed "s/^FROM.*:v[0-9.]\+-//g" | cut -d@ -f1) + + if [ "$ENVOY_SHA" != "${{vars.CILIUM_PROXY_COMMIT}}" ]; then + echo "Expected vars.CILIUM_PROXY_COMMIT to be $ENVOY_SHA. Please update" 1>&2 + exit 1 + fi + + - runs: | + # TODO: Replace with git-checkout when `commit` parameter + # is supported. + tmpdir=$(mktemp -d) + git config --global --add safe.directory $tmpdir + git config --global --add safe.directory /home/build + git clone https://github.com/cilium/proxy $tmpdir + cd $tmpdir + git reset --hard ${{vars.CILIUM_PROXY_COMMIT}} + + mkdir -p /home/build/envoy + tar -c . | (cd /home/build/envoy && tar -x) + rm -rf $tmpdir + + - uses: patch + with: + patches: toolchains-paths.patch + + - uses: go/bump + with: + modroot: /home/build/envoy + deps: golang.org/x/net@v0.17.0 + + - runs: | + cd /home/build/envoy/proxylib + make + mkdir -p ${{targets.destdir}}/usr/lib + cp -v libcilium.so ${{targets.destdir}}/usr/lib/libcilium.so + + cd /home/build/envoy + + export JAVA_HOME=/usr/lib/jvm/java-11-openjdk + mkdir -p .cache/bazel/_bazel_root + + ./bazel/setup_clang.sh /usr + + mkdir -p ${{targets.destdir}}/usr/bin + bazel build --fission=no --config=clang \ + --discard_analysis_cache \ + --nokeep_state_after_build \ + --notrack_incremental_state \ + --conlyopt="-Wno-strict-prototypes" \ + --verbose_failures -c opt //:cilium-envoy + + cp -v bazel-bin/cilium-envoy ${{targets.destdir}}/usr/bin/cilium-envoy + - uses: strip subpackages: - name: ${{package.name}}-container-init description: init scripts for cilium + dependencies: + provides: + - cilium-container-init=${{package.full-version}} pipeline: - runs: | mkdir -p ${{targets.subpkgdir}}/usr/bin @@ -69,6 +150,8 @@ subpackages: dependencies: runtime: - ${{package.name}}-container-init + provides: + - cilium-container-init-compat=${{package.full-version}} pipeline: - runs: | mkdir -p ${{targets.subpkgdir}} @@ -81,6 +164,8 @@ subpackages: dependencies: runtime: - iptables + provides: + - cilium-iptables=${{package.full-version}} pipeline: - runs: | # This script generates a wrapper based on the version @@ -95,6 +180,8 @@ subpackages: dependencies: runtime: - gops + provides: + - cilium-operator-generic=${{package.full-version}} pipeline: - runs: | cd /home/build/operator @@ -102,8 +189,11 @@ subpackages: DESTDIR=${{targets.subpkgdir}} make install-generic - uses: strip - - name: hubble-relay + - name: ${{package.name}}-hubble-relay description: Hubble relay + dependencies: + provides: + - cilium-hubble-relay=${{package.full-version}} pipeline: - runs: | cd /home/build/hubble-relay @@ -111,8 +201,14 @@ subpackages: DESTDIR=${{targets.subpkgdir}} make install - uses: strip +test: + pipeline: + - runs: cilium version + update: - enabled: true + # set to false until we figure out whats happening with the latest updates + enabled: false github: identifier: cilium/cilium strip-prefix: v + tag-filter-prefix: v1.14. diff --git a/cilium/loopback-location.patch b/cilium-1.14/loopback-location.patch similarity index 100% rename from cilium/loopback-location.patch rename to cilium-1.14/loopback-location.patch diff --git a/cilium-1.14/toolchains-paths.patch b/cilium-1.14/toolchains-paths.patch new file mode 100644 index 0000000000..d7195b715b --- /dev/null +++ b/cilium-1.14/toolchains-paths.patch @@ -0,0 +1,87 @@ +diff --git a/envoy/bazel/toolchains/BUILD b/envoy/bazel/toolchains/BUILD +index b806112b6..024d8882e 100644 +--- a/envoy/bazel/toolchains/BUILD ++++ b/envoy/bazel/toolchains/BUILD +@@ -48,6 +48,11 @@ cc_toolchain_config( + coverage_link_flags = ["--coverage"], + cpu = "aarch64", + cxx_builtin_include_directories = [ ++ # These aren't how we configure where to look, but which files ++ # Bazel allows us to use in the build. So we don't have to be ++ # super exact and specify the version in the path. ++ "/usr/lib64/gcc/aarch64-unknown-linux-gnu", ++ "/usr/lib/clang", + "/usr/lib/llvm-15", + "/usr/aarch64-linux-gnu/include", + "/usr/include", +@@ -76,18 +81,18 @@ cc_toolchain_config( + target_libc = "glibc", + target_system_name = "aarch64-linux-gnu", + tool_paths = { +- "ar": "/usr/bin/llvm-ar-15", +- "compat-ld": "/usr/bin/lld-15", +- "ld": "/usr/bin/lld-15", +- "gold": "/usr/bin/lld-15", ++ "ar": "/usr/bin/llvm-ar", ++ "compat-ld": "/usr/bin/lld", ++ "ld": "/usr/bin/lld", ++ "gold": "/usr/bin/lld", + "cpp": "/usr/bin/clang-cpp-15", + "gcc": "/usr/bin/clang-15", +- "dwp": "/usr/bin/llvm-dwp-15", +- "gcov": "/usr/bin/llvmcov-15", +- "nm": "/usr/bin/llvm-nm-15", +- "objcopy": "/usr/bin/llvm-objcopy-15", +- "objdump": "/usr/bin/llvm-objdump-15", +- "strip": "/usr/bin/llvm-strip-15", ++ "dwp": "/usr/bin/llvm-dwp", ++ "gcov": "/usr/bin/llvmcov", ++ "nm": "/usr/bin/llvm-nm", ++ "objcopy": "/usr/bin/llvm-objcopy", ++ "objdump": "/usr/bin/llvm-objdump", ++ "strip": "/usr/bin/llvm-strip", + }, + toolchain_identifier = "linux_aarch64", + unfiltered_compile_flags = [ +@@ -146,6 +151,11 @@ cc_toolchain_config( + coverage_link_flags = ["--coverage"], + cpu = "k8", + cxx_builtin_include_directories = [ ++ # These aren't how we configure where to look, but which files ++ # Bazel allows us to use in the build. So we don't have to be ++ # super exact and specify the version in the path. ++ "/usr/lib64/gcc/x86_64-pc-linux-gnu", ++ "/usr/lib/clang", + "/usr/lib/llvm-15", + "/usr/x86_64-linux-gnu/include", + "/usr/include", +@@ -174,18 +184,18 @@ cc_toolchain_config( + target_libc = "unknown", + target_system_name = "unknown", + tool_paths = { +- "ar": "/usr/bin/llvm-ar-15", +- "compat-ld": "/usr/bin/lld-15", +- "ld": "/usr/bin/lld-15", +- "gold": "/usr/bin/lld-15", +- "cpp": "/usr/bin/clang-cpp-15", ++ "ar": "/usr/bin/llvm-ar", ++ "compat-ld": "/usr/bin/lld", ++ "ld": "/usr/bin/lld", ++ "gold": "/usr/bin/lld", ++ "cpp": "/usr/bin/clang-cpp", + "gcc": "/usr/bin/clang-15", +- "dwp": "/usr/bin/llvm-dwp-15", +- "gcov": "/usr/bin/llvmcov-15", +- "nm": "/usr/bin/llvm-nm-15", +- "objcopy": "/usr/bin/llvm-objcopy-15", +- "objdump": "/usr/bin/llvm-objdump-15", +- "strip": "/usr/bin/llvm-strip-15", ++ "dwp": "/usr/bin/llvm-dwp", ++ "gcov": "/usr/bin/llvmcov", ++ "nm": "/usr/bin/llvm-nm", ++ "objcopy": "/usr/bin/llvm-objcopy", ++ "objdump": "/usr/bin/llvm-objdump", ++ "strip": "/usr/bin/llvm-strip", + }, + toolchain_identifier = "linux_x86_64", + unfiltered_compile_flags = [ diff --git a/clusterctl.yaml b/clusterctl.yaml index cd5cc02b5e..45dfadd35f 100644 --- a/clusterctl.yaml +++ b/clusterctl.yaml @@ -1,7 +1,7 @@ package: name: clusterctl version: 1.6.2 - epoch: 0 + epoch: 1 description: A command line tool to manage clusters created by cluster API copyright: - license: Apache-2.0 @@ -15,6 +15,8 @@ environment: - busybox - ca-certificates-bundle - go + environment: + CGO_ENABLED: "0" pipeline: - uses: git-checkout diff --git a/conda.yaml b/conda.yaml index 2090721939..bea248fd94 100644 --- a/conda.yaml +++ b/conda.yaml @@ -58,10 +58,6 @@ update: identifier: conda/conda test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | conda --version diff --git a/controller-gen.yaml b/controller-gen.yaml index 4c0a250b20..dbae9bce9c 100644 --- a/controller-gen.yaml +++ b/controller-gen.yaml @@ -30,10 +30,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | controller-gen --version diff --git a/coredns.yaml b/coredns.yaml index 1291263626..753246388e 100644 --- a/coredns.yaml +++ b/coredns.yaml @@ -1,7 +1,7 @@ package: name: coredns - version: 1.11.1 - epoch: 10 + version: 1.11.2 + epoch: 0 description: CoreDNS is a DNS server that chains plugins copyright: - license: Apache-2.0 @@ -25,7 +25,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: ae2bbc29be1aaae0b3ded5d188968a6c97bb3144 + expected-commit: 8868454177bdd3e70e71bd52d3c0e38bcf0d77fd repository: https://github.com/coredns/coredns tag: v${{package.version}} @@ -33,10 +33,6 @@ pipeline: # Ensures plugins get included make check - - uses: go/bump - with: - deps: golang.org/x/net@v0.17.0 google.golang.org/grpc@v1.58.3 golang.org/x/crypto@v0.17.0 github.com/quic-go/quic-go@v0.37.7 - - uses: go/build with: go-package: go-1.20 @@ -58,7 +54,6 @@ test: environment: contents: packages: - - busybox - bind-tools pipeline: - runs: | diff --git a/couchdb.yaml b/couchdb.yaml index 29a97ce699..ddf315711b 100644 --- a/couchdb.yaml +++ b/couchdb.yaml @@ -72,8 +72,6 @@ test: environment: contents: packages: - - busybox - - apk-tools - curl - jq pipeline: @@ -97,7 +95,7 @@ test: TIMEOUT=30 # Timeout in seconds START_TIME=$(date +%s) - while true; dos + while true; do # Check if the current time is past the timeout CURRENT_TIME=$(date +%s) if [ $((CURRENT_TIME - START_TIME)) -ge $TIMEOUT ]; then diff --git a/curl.yaml b/curl.yaml index 5609faa701..c81c411c31 100644 --- a/curl.yaml +++ b/curl.yaml @@ -76,10 +76,6 @@ update: strip-prefix: curl- test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | curl --version diff --git a/dask-gateway.yaml b/dask-gateway.yaml index 956a899bab..1878309911 100644 --- a/dask-gateway.yaml +++ b/dask-gateway.yaml @@ -1,10 +1,16 @@ package: name: dask-gateway version: 2024.1.0 - epoch: 0 + epoch: 1 description: "A multi-tenant server for securely deploying and managing Dask clusters." copyright: - license: BSD-3-Clause + options: + # We create a dependency on libpython even though we provide + # libpython in the virtual environment. This prevents python + # versions on the host from being swapped out. Enabling no- + # depends works around this + no-depends: true dependencies: runtime: - python3 @@ -16,15 +22,10 @@ environment: - busybox - ca-certificates-bundle - go - - py3-aiohttp - - py3-build - - py3-colorlog - - py3-cryptography - py3-gpep517 - py3-installer - py3-pip - py3-setuptools - - py3-traitlets - py3-wheel - python3 - python3-dev @@ -38,34 +39,104 @@ pipeline: expected-commit: 52a523041a509dd4aae3ff831cc09dbaf95bd32c - runs: | - cd dask-gateway - python3 -m gpep517 build-wheel --wheel-dir dist --output-fd 1 + cd ${{package.name}} - python3 -m installer -d "${{targets.destdir}}" dist/dask_gateway*.whl + # Build package + python -m gpep517 build-wheel --wheel-dir dist --output-fd 1 + + # Setup venv and install package + python -m venv .venv --system-site-packages + .venv/bin/pip install -I --no-compile dist/*.whl + + mkdir -p ${{targets.destdir}}/usr/share/${{package.name}} + mv .venv ${{targets.destdir}}/usr/share/${{package.name}}/ + + # Fix venv paths + sed -i "s|/home/build|/usr/share|g" ${{targets.destdir}}/usr/share/${{package.name}}/.venv/bin/* + + # Include system site-packages + sed -i "s|include-system-site-packages = false|include-system-site-packages = true|g" ${{targets.destdir}}/usr/share/${{package.name}}/.venv/pyvenv.cfg + + # Symlink scripts to PATH + mkdir -p ${{targets.destdir}}/usr/bin/ + ln -s /usr/share/${{package.name}}/.venv/bin/dask ${{targets.destdir}}/usr/bin/dask + ln -s /usr/share/${{package.name}}/.venv/bin/dask-scheduler ${{targets.destdir}}/usr/bin/dask-scheduler + ln -s /usr/share/${{package.name}}/.venv/bin/dask-ssh ${{targets.destdir}}/usr/bin/dask-ssh + ln -s /usr/share/${{package.name}}/.venv/bin/dask-worker ${{targets.destdir}}/usr/bin/dask-worker subpackages: - name: dask-gateway-server description: A multi-tenant server for securely deploying and managing Dask clusters + options: + no-depends: true + dependencies: + runtime: + - python3 pipeline: - name: Python Build runs: | - cd dask-gateway-server - python3 -m gpep517 build-wheel --wheel-dir dist --output-fd 1 - mkdir -p "${{targets.subpkgdir}}/usr/bin" - install -Dm755 ./dask_gateway_server/proxy/dask-gateway-proxy "${{targets.subpkgdir}}/usr/bin/" - python -m installer -d "${{targets.subpkgdir}}/" dist/dask_gateway_server*.whl - dependencies: - runtime: - - py3-sqlalchemy - - py3-typing-extensions - - py3-traitlets - - py3-colorlog - - py3-aiohttp - - py3-cryptography - - py3-kubernetes-asyncio + cd ${{package.name}}-server + + # Build package + python -m gpep517 build-wheel --wheel-dir dist --output-fd 1 + + # Setup venv and install package + python -m venv .venv --system-site-packages + .venv/bin/pip install -I --no-compile dist/*.whl + + # Install kubernetes asyncio, sqlalchemy, and typing extensions + .venv/bin/pip install kubernetes-asyncio sqlalchemy typing_extensions --no-compile + + mkdir -p ${{targets.subpkgdir}}/usr/share/${{package.name}}-server + mv .venv ${{targets.subpkgdir}}/usr/share/${{package.name}}-server/ + + # Fix venv paths + sed -i "s|/home/build|/usr/share|g" ${{targets.subpkgdir}}/usr/share/${{package.name}}-server/.venv/bin/* + + # Include system site-packages + sed -i "s|include-system-site-packages = false|include-system-site-packages = true|g" ${{targets.subpkgdir}}/usr/share/${{package.name}}-server/.venv/pyvenv.cfg + + # Symlink scripts to PATH + mkdir -p ${{targets.subpkgdir}}/usr/bin/ + ln -s /usr/share/${{package.name}}-server/.venv/bin/${{package.name}}-jobqueue-launcher ${{targets.subpkgdir}}/usr/bin/${{package.name}}-jobqueue-launcher + ln -s /usr/share/${{package.name}}-server/.venv/bin/${{package.name}}-server ${{targets.subpkgdir}}/usr/bin/${{package.name}}-server + test: + environment: + contents: + packages: + - wolfi-base + pipeline: + - runs: | + # Version check, also ensures executable paths are correct + dask-gateway-server --version + + # Test imports in virtual environment + source /usr/share/${{package.name}}-server/.venv/bin/activate + python -c "import dask_gateway_server" + python -c "import kubernetes_asyncio" + python -c "import sqlalchemy" + python -c "import typing_extensions" update: enabled: true github: identifier: dask/dask-gateway use-tag: true + +test: + environment: + contents: + packages: + - wolfi-base + pipeline: + - runs: | + # Version check, also ensures executable paths are correct + dask --version + dask-scheduler --version + dask-ssh --version + dask-worker --version + + # Test imports in virtual environment + source /usr/share/${{package.name}}/.venv/bin/activate + python -c "import dask_gateway" + python -c "from dask_gateway import Gateway" diff --git a/datadog-agent.yaml b/datadog-agent.yaml index 041ad558bd..8cb45fd1a4 100644 --- a/datadog-agent.yaml +++ b/datadog-agent.yaml @@ -1,7 +1,7 @@ package: name: datadog-agent - version: 7.51.0 - epoch: 1 + version: 7.51.1 + epoch: 0 description: "Collect events and metrics from your hosts that send data to Datadog." copyright: - license: Apache-2.0 @@ -52,7 +52,7 @@ pipeline: with: repository: https://github.com/DataDog/datadog-agent tag: ${{package.version}} - expected-commit: 5b3c5ccb394e61a7946f35ad0eeb4197dfcd5d68 + expected-commit: 024f4fb4b528f0eabaeeb4114744dd63edbe3553 - runs: | export PATH=$PATH:$GOPATH/bin @@ -116,10 +116,6 @@ update: - 'lambda-extension.*' test: - environment: - contents: - packages: - - busybox pipeline: - runs: | # Execute the help command and capture the output diff --git a/delta.yaml b/delta.yaml index 057fa09a6e..14c0f00c3f 100644 --- a/delta.yaml +++ b/delta.yaml @@ -28,10 +28,6 @@ pipeline: - uses: strip test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | delta --version diff --git a/direnv.yaml b/direnv.yaml index 58054fac1d..fc12fe2528 100644 --- a/direnv.yaml +++ b/direnv.yaml @@ -35,10 +35,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | direnv version diff --git a/docker-compose.yaml b/docker-compose.yaml index 160d360f12..5de5c31ddf 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -41,7 +41,6 @@ test: environment: contents: packages: - - wolfi-base - docker-cli pipeline: - runs: docker compose --help diff --git a/docker-selenium.yaml b/docker-selenium.yaml new file mode 100644 index 0000000000..9e02cf2c5d --- /dev/null +++ b/docker-selenium.yaml @@ -0,0 +1,186 @@ +package: + name: docker-selenium + # Officially they distribute the version with the following format: 4.16.1-20231219 + # But the '-' is not a valid character according to APK versioning spec; and resulting + # 'package format error' when trying to install the package. The workaround is + # to replace '-' with '.', then mangling the version to replace back. + version: 4.18.1.20240224 + epoch: 1 + description: Provides a simple way to run Selenium Grid with Chrome, Firefox, and Edge using Docker, making it easier to perform browser automation + copyright: + - license: Apache-2.0 + target-architecture: + # TODO: Enable aarch64 + # Requires aarch64 variant of Chromedriver + - x86_64 + dependencies: + runtime: + - Xvfb + - bash + - busybox + - chromium + - chromium-docker-selenium-compat + - coreutils + - fluxbox + - font-ipa + - font-liberation + - font-misc-cyrillic + - font-noto-emoji + - font-ubuntu + - font-wqy-zenhei + - fontconfig + - freetype + - glib + - glibc-locale-en + - libfontconfig1 + - libgcc + - libnss + - libnss-tools + - libxcb + - mcookie + - novnc + - openjdk-11 + - pulseaudio + - selenium-server-compat + - sudo-rs + - supervisor + - ttf-dejavu + - tzdata + - websockify + - x11vnc + - xauth + - xkbcomp + - xkeyboard-config + - xmessage + - xvfb-run + +environment: + contents: + packages: + - acl + - bash + - build-base + - busybox + - bzip2 + - ca-certificates-bundle + - curl + - git + - gnupg + - jq + - openjdk-11 + - openjdk-11-default-jvm + - openjdk-11-jre + - openssl + - x11vnc + - yq + environment: + JAVA_HOME: /usr/lib/jvm/java-11-openjdk + TC: UTC + SEL_USER: seluser + SEL_PASSWD: secret + +# Transform melange version to replace last dot "." with "-". +var-transforms: + - from: ${{package.version}} + match: ^(.+)\.(\d+)$ + replace: $1-$2 + to: mangled-package-version + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/SeleniumHQ/docker-selenium + tag: ${{vars.mangled-package-version}} + expected-commit: 9e99f2adf126979fe4a79ded70ff57e8da889ae3 + + - uses: patch + with: + patches: 0001-fix-paths.patch + + - runs: | + mkdir -p ${{targets.destdir}}/usr/bin + mkdir -p ${{targets.destdir}}/etc/supervisor/conf.d + mkdir -p ${{targets.destdir}}/var/tmp + + # https://github.com/SeleniumHQ/docker-selenium/blob/trunk/Base/Dockerfile + - working-directory: Base + pipeline: + - runs: | + mkdir -p ${{targets.destdir}}/opt/bin + install -Dm755 check-grid.sh ${{targets.destdir}}/opt/bin/ + install -Dm755 entry_point.sh ${{targets.destdir}}/opt/bin/ + install -Dm755f supervisord.conf ${{targets.destdir}}/etc + mkdir -p ${{targets.destdir}}/var/run/supervisor + - runs: | + mkdir -p ${{targets.destdir}}/opt/selenium + echo "${SEL_PASSWD}" > ${{targets.destdir}}/opt/selenium/initialPasswd + # TODO: Implement malware scan for jars retrieved by coursier + - runs: | + # Retrieve OpenTelemetry/GRPC Java versions + export OPENTELEMETRY_VERSION=$(curl "https://api.github.com/repos/open-telemetry/opentelemetry-java/releases/latest" | jq -r ".tag_name" | sed 's/v//') + export GRPC_VERSION=$(curl "https://api.github.com/repos/grpc/grpc-java/releases/latest" | jq -r ".tag_name" | sed 's/v//') + + mkdir -p ${{targets.destdir}}/external_jars + curl -sSLfO https://github.com/coursier/launchers/raw/master/coursier + chmod +x coursier + ./coursier fetch --classpath --cache ${{targets.destdir}}/external_jars \ + io.opentelemetry:opentelemetry-exporter-otlp:${OPENTELEMETRY_VERSION} \ + io.grpc:grpc-netty:${GRPC_VERSION} > ${{targets.destdir}}/external_jars/.classpath.txt + + # https://github.com/SeleniumHQ/docker-selenium/blob/trunk/NodeBase/Dockerfile + - working-directory: NodeBase + pipeline: + - runs: | + install -Dm755 start-selenium-node.sh ${{targets.destdir}}/opt/bin/ + install -Dm755 start-xvfb.sh ${{targets.destdir}}/opt/bin/ + install -Dm755 selenium.conf ${{targets.destdir}}/etc/supervisor/conf.d/ + install -Dm755 start-vnc.sh ${{targets.destdir}}/opt/bin/ + install -Dm755 start-novnc.sh ${{targets.destdir}}/opt/bin/ + install -Dm755 selenium_grid_logo.png ${{targets.destdir}}/usr/share/images/fluxbox/ubuntu-light.png + install -Dm755 generate_config ${{targets.destdir}}/opt/bin/generate_config + + mkdir -p ${{targets.destdir}}/home/$SEL_USER/.fluxbox + mkdir -p ${{targets.destdir}}/tmp/.X11-unix + mkdir -p ${{targets.destdir}}/home/$SEL_USER/.vnc + mkdir -p ${{targets.destdir}}/opt/selenium + x11vnc -storepasswd $(cat ${{targets.destdir}}/opt/selenium/initialPasswd) ${{targets.destdir}}/home/$SEL_USER/.vnc/passwd + + # https://github.com/SeleniumHQ/docker-selenium/blob/trunk/NodeChrome/Dockerfile + - working-directory: NodeChrome + pipeline: + - runs: | + install -Dm755 wrap_chrome_binary ${{targets.destdir}}/opt/bin/wrap_chrome_binary + + # https://github.com/SeleniumHQ/docker-selenium/blob/trunk/Standalone/Dockerfile + - working-directory: Standalone + pipeline: + - runs: | + install -Dm755 start-selenium-standalone.sh ${{targets.destdir}}/opt/bin/start-selenium-standalone.sh + install -Dm755 selenium.conf ${{targets.destdir}}/etc/supervisor/conf.d/ + install -Dm755 generate_config ${{targets.destdir}}/opt/bin/generate_config + + - uses: strip + +subpackages: + - name: docker-selenium-supervisor-config + description: Docker Selenium supervisor configuration + dependencies: + replaces: + - supervisor-config + provides: + - supervisor-config + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/etc + mv ${{targets.destdir}}/etc/supervisord.conf ${{targets.subpkgdir}}/etc + mv ${{targets.destdir}}/etc/supervisor ${{targets.subpkgdir}}/etc + +update: + enabled: true + ignore-regex-patterns: + - '.*grid.*' + version-transform: + - match: ^(.+)\-(\d+)$ + replace: $1.$2 + github: + identifier: SeleniumHQ/docker-selenium diff --git a/docker-selenium/0001-fix-paths.patch b/docker-selenium/0001-fix-paths.patch new file mode 100644 index 0000000000..e98e813f5a --- /dev/null +++ b/docker-selenium/0001-fix-paths.patch @@ -0,0 +1,31 @@ +From a46cb8f824d0b43270ebd8a5405ffe199afd9af0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Furkan=20T=C3=BCrkal?= +Date: Tue, 30 Jan 2024 13:54:17 +0300 +Subject: [PATCH] fix paths +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Furkan Türkal +--- + NodeBase/start-novnc.sh | 2 +- + NodeBase/start-vnc.sh | 2 +- + NodeBase/start-xvfb.sh | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/NodeBase/start-novnc.sh b/NodeBase/start-novnc.sh +index c3cb4ef..075e62d 100755 +--- a/NodeBase/start-novnc.sh ++++ b/NodeBase/start-novnc.sh +@@ -18,7 +18,7 @@ if [ "${START_XVFB:-$SE_START_XVFB}" = true ] ; then + fi + fi + +- /opt/bin/noVNC/utils/novnc_proxy --listen ${NO_VNC_PORT:-$SE_NO_VNC_PORT} --vnc localhost:${VNC_PORT:-$SE_VNC_PORT} ++ /usr/bin/novnc_server --web /usr/share/webapps/novnc --listen ${NO_VNC_PORT:-$SE_NO_VNC_PORT} --vnc localhost:${VNC_PORT:-$SE_VNC_PORT} + else + echo "noVNC won't start because SE_START_NO_VNC is false." + fi +-- +2.39.3 (Apple Git-145) + diff --git a/doppler-kubernetes-operator.yaml b/doppler-kubernetes-operator.yaml index 3c59e14eab..4303678e6b 100644 --- a/doppler-kubernetes-operator.yaml +++ b/doppler-kubernetes-operator.yaml @@ -41,10 +41,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | manager --help diff --git a/dotty.yaml b/dotty.yaml index 5171ef4a07..e8b56d7306 100644 --- a/dotty.yaml +++ b/dotty.yaml @@ -1,6 +1,6 @@ package: name: dotty - version: 3.3.1 + version: 3.4.0 epoch: 0 description: The Scala 3 compiler, also known as Dotty. copyright: @@ -24,7 +24,7 @@ pipeline: with: repository: https://github.com/lampepfl/dotty tag: ${{package.version}} - expected-commit: 721e7c87ee95b811984b7b992728729d7094c4c4 + expected-commit: a92a4639e1db7a1ad55633a436650a348dffa152 - runs: | sbt dist/pack diff --git a/dpkg.yaml b/dpkg.yaml index 2a370121c7..0957c34dac 100644 --- a/dpkg.yaml +++ b/dpkg.yaml @@ -1,6 +1,6 @@ package: name: dpkg - version: 1.22.4 + version: 1.22.5 epoch: 0 description: "The Debian Package Manager" copyright: @@ -25,7 +25,7 @@ pipeline: - uses: fetch with: uri: http://ftp.de.debian.org/debian/pool/main/d/dpkg/dpkg_${{package.version}}.tar.xz - expected-sha256: 40818c174e6074a190e0013fa0ea8b04db743b8e5e7a7818239510fbb4e6eb1d + expected-sha256: 26d27610536fdf951aa2be84503166c6ca8f6c36f71c049ab562ccca3233ca7e - runs: | ./configure \ diff --git a/dua.yaml b/dua.yaml index 6af23d1205..7ab2706c0a 100644 --- a/dua.yaml +++ b/dua.yaml @@ -37,10 +37,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | dua -V diff --git a/envoy.yaml b/envoy-1.29.yaml similarity index 85% rename from envoy.yaml rename to envoy-1.29.yaml index e2c6317e20..e33061c546 100644 --- a/envoy.yaml +++ b/envoy-1.29.yaml @@ -1,10 +1,13 @@ package: - name: envoy + name: envoy-1.29 version: 1.29.1 - epoch: 0 + epoch: 1 description: Cloud-native high-performance edge/middle/service proxy copyright: - license: Apache-2.0 + dependencies: + provides: + - envoy=${{package.full-version}} environment: contents: @@ -64,19 +67,24 @@ pipeline: - uses: strip subpackages: - - name: envoy-oci-entrypoint + - name: ${{package.name}}-oci-entrypoint description: Entrypoint for using Envoy in OCI containers dependencies: runtime: - busybox + provides: + - envoy-oci-entrypoint=${{package.full-version}} pipeline: - runs: | mkdir -p ${{targets.subpkgdir}}/var/lib/envoy/init cp envoy/ci/docker-entrypoint.sh ${{targets.subpkgdir}}/var/lib/envoy/init/envoy-entrypoint.sh chmod +x ${{targets.subpkgdir}}/var/lib/envoy/init/envoy-entrypoint.sh - - name: envoy-config + - name: ${{package.name}}-config description: Default Envoy configuration + dependencies: + provides: + - envoy-config=${{package.full-version}} pipeline: - runs: | mkdir -p ${{targets.subpkgdir}}/etc/envoy @@ -87,3 +95,5 @@ update: github: identifier: envoyproxy/envoy strip-prefix: v + use-tag: true + tag-filter-prefix: v1.29 diff --git a/envoy/luajit.patch b/envoy/luajit.patch deleted file mode 100644 index f7781067b4..0000000000 --- a/envoy/luajit.patch +++ /dev/null @@ -1,189 +0,0 @@ -diff --git a/src/Makefile b/src/Makefile -index 30d64be2..ae7ec875 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -27,7 +27,7 @@ NODOTABIVER= 51 - DEFAULT_CC = gcc - # - # LuaJIT builds as a native 32 or 64 bit binary by default. --CC= $(DEFAULT_CC) -+CC ?= $(DEFAULT_CC) - # - # Use this if you want to force a 32 bit build on a 64 bit multilib OS. - #CC= $(DEFAULT_CC) -m32 -@@ -71,10 +71,10 @@ CCWARN= -Wall - # as dynamic mode. - # - # Mixed mode creates a static + dynamic library and a statically linked luajit. --BUILDMODE= mixed -+#BUILDMODE= mixed - # - # Static mode creates a static library and a statically linked luajit. --#BUILDMODE= static -+BUILDMODE= static - # - # Dynamic mode creates a dynamic library and a dynamically linked luajit. - # Note: this executable will only run when the library is installed! -@@ -99,7 +99,7 @@ XCFLAGS= - # enabled by default. Some other features that *might* break some existing - # code (e.g. __pairs or os.execute() return values) can be enabled here. - # Note: this does not provide full compatibility with Lua 5.2 at this time. --#XCFLAGS+= -DLUAJIT_ENABLE_LUA52COMPAT -+XCFLAGS+= -DLUAJIT_ENABLE_LUA52COMPAT - # - # Disable the JIT compiler, i.e. turn LuaJIT into a pure interpreter. - #XCFLAGS+= -DLUAJIT_DISABLE_JIT -@@ -212,7 +212,7 @@ TARGET_STCC= $(STATIC_CC) - TARGET_DYNCC= $(DYNAMIC_CC) - TARGET_LD= $(CROSS)$(CC) - TARGET_AR= $(CROSS)ar rcus --TARGET_STRIP= $(CROSS)strip -+TARGET_STRIP?= $(CROSS)strip - - TARGET_LIBPATH= $(or $(PREFIX),/usr/local)/$(or $(MULTILIB),lib) - TARGET_SONAME= libluajit-$(ABIVER).so.$(MAJVER) -@@ -598,7 +598,7 @@ endif - - Q= @ - E= @echo --#Q= -+Q= - #E= @: - - ############################################################################## -diff --git a/src/msvcbuild.bat b/src/msvcbuild.bat -index d323d8d4..2e08a3a1 100644 ---- a/src/msvcbuild.bat -+++ b/src/msvcbuild.bat -@@ -13,9 +13,7 @@ - @if not defined INCLUDE goto :FAIL - - @setlocal --@rem Add more debug flags here, e.g. DEBUGCFLAGS=/DLUA_USE_APICHECK --@set DEBUGCFLAGS= --@set LJCOMPILE=cl /nologo /c /O2 /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline -+@set LJCOMPILE=cl /nologo /c /W3 /D_CRT_SECURE_NO_DEPRECATE /D_CRT_STDIO_INLINE=__declspec(dllexport)__inline /DLUAJIT_ENABLE_LUA52COMPAT - @set LJLINK=link /nologo - @set LJMT=mt /nologo - @set LJLIB=lib /nologo /nodefaultlib -@@ -24,10 +22,9 @@ - @set DASC=vm_x64.dasc - @set LJDLLNAME=lua51.dll - @set LJLIBNAME=lua51.lib --@set BUILDTYPE=release - @set ALL_LIB=lib_base.c lib_math.c lib_bit.c lib_string.c lib_table.c lib_io.c lib_os.c lib_package.c lib_debug.c lib_jit.c lib_ffi.c lib_buffer.c - --%LJCOMPILE% host\minilua.c -+%LJCOMPILE% /O2 host\minilua.c - @if errorlevel 1 goto :BAD - %LJLINK% /out:minilua.exe minilua.obj - @if errorlevel 1 goto :BAD -@@ -51,7 +48,7 @@ if exist minilua.exe.manifest^ - minilua %DASM% -LN %DASMFLAGS% -o host\buildvm_arch.h %DASC% - @if errorlevel 1 goto :BAD - --%LJCOMPILE% /I "." /I %DASMDIR% host\buildvm*.c -+%LJCOMPILE% /O2 /I "." /I %DASMDIR% host\buildvm*.c - @if errorlevel 1 goto :BAD - %LJLINK% /out:buildvm.exe buildvm*.obj - @if errorlevel 1 goto :BAD -@@ -75,26 +72,35 @@ buildvm -m folddef -o lj_folddef.h lj_opt_fold.c - - @if "%1" neq "debug" goto :NODEBUG - @shift --@set BUILDTYPE=debug --@set LJCOMPILE=%LJCOMPILE% /Zi %DEBUGCFLAGS% --@set LJLINK=%LJLINK% /opt:ref /opt:icf /incremental:no -+@set LJCOMPILE=%LJCOMPILE% /O0 /Z7 -+@set LJLINK=%LJLINK% /debug /opt:ref /opt:icf /incremental:no -+@set LJCRTDBG=d -+@goto :ENDDEBUG - :NODEBUG --@set LJLINK=%LJLINK% /%BUILDTYPE% -+@set LJCOMPILE=%LJCOMPILE% /O2 /Z7 -+@set LJLINK=%LJLINK% /release /incremental:no -+@set LJCRTDBG= -+:ENDDEBUG - @if "%1"=="amalg" goto :AMALGDLL - @if "%1"=="static" goto :STATIC --%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL lj_*.c lib_*.c -+@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% -+%LJCOMPILE% /DLUA_BUILD_AS_DLL lj_*.c lib_*.c - @if errorlevel 1 goto :BAD - %LJLINK% /DLL /out:%LJDLLNAME% lj_*.obj lib_*.obj - @if errorlevel 1 goto :BAD - @goto :MTDLL - :STATIC -+@shift -+@set LJCOMPILE=%LJCOMPILE% /MT%LJCRTDBG% - %LJCOMPILE% lj_*.c lib_*.c - @if errorlevel 1 goto :BAD - %LJLIB% /OUT:%LJLIBNAME% lj_*.obj lib_*.obj - @if errorlevel 1 goto :BAD - @goto :MTDLL - :AMALGDLL --%LJCOMPILE% /MD /DLUA_BUILD_AS_DLL ljamalg.c -+@shift -+@set LJCOMPILE=%LJCOMPILE% /MD%LJCRTDBG% -+%LJCOMPILE% /DLUA_BUILD_AS_DLL ljamalg.c - @if errorlevel 1 goto :BAD - %LJLINK% /DLL /out:%LJDLLNAME% ljamalg.obj lj_vm.obj - @if errorlevel 1 goto :BAD -diff --git a/build.py b/build.py -new file mode 100755 -index 00000000..1201542c ---- /dev/null -+++ b/build.py -@@ -0,0 +1,52 @@ -+#!/usr/bin/env python3 -+ -+import argparse -+import os -+import shutil -+ -+def main(): -+ parser = argparse.ArgumentParser() -+ parser.add_argument("--prefix") -+ args = parser.parse_args() -+ src_dir = os.path.dirname(os.path.realpath(__file__)) -+ shutil.copytree(src_dir, os.path.basename(src_dir)) -+ os.chdir(os.path.basename(src_dir)) -+ -+ os.environ["MACOSX_DEPLOYMENT_TARGET"] = "10.8" -+ os.environ["DEFAULT_CC"] = os.environ.get("CC", "") -+ os.environ["TARGET_CFLAGS"] = os.environ.get("CFLAGS", "") + " -fno-function-sections -fno-data-sections" -+ os.environ["TARGET_LDFLAGS"] = os.environ.get("CFLAGS", "") + " -fno-function-sections -fno-data-sections" -+ os.environ["CFLAGS"] = "" -+ os.environ["LDFLAGS"] = "" -+ -+ # Don't strip the binary - it doesn't work when cross-compiling, and we don't use it anyway. -+ os.environ["TARGET_STRIP"] = "@echo" -+ -+ # Remove LuaJIT from ASAN for now. -+ # TODO(htuch): Remove this when https://github.com/envoyproxy/envoy/issues/6084 is resolved. -+ if "ENVOY_CONFIG_ASAN" in os.environ or "ENVOY_CONFIG_MSAN" in os.environ: -+ os.environ["TARGET_CFLAGS"] += " -fsanitize-blacklist=%s/com_github_luajit_luajit/clang-asan-blocklist.txt" % os.environ["PWD"] -+ with open("clang-asan-blocklist.txt", "w") as f: -+ f.write("fun:*\n") -+ -+ os.system('"{}" -j{} V=1 PREFIX="{}" install'.format(os.environ["MAKE"], os.cpu_count(), args.prefix)) -+ -+def win_main(): -+ src_dir = os.path.dirname(os.path.realpath(__file__)) -+ dst_dir = os.getcwd() + "/luajit" -+ shutil.copytree(src_dir, os.path.basename(src_dir)) -+ os.chdir(os.path.basename(src_dir) + "/src") -+ os.system('msvcbuild.bat ' + os.getenv('WINDOWS_DBG_BUILD', '') + ' static') -+ os.makedirs(dst_dir + "/lib", exist_ok=True) -+ shutil.copy("lua51.lib", dst_dir + "/lib") -+ os.makedirs(dst_dir + "/include/luajit-2.1", exist_ok=True) -+ for header in ["lauxlib.h", "luaconf.h", "lua.h", "lua.hpp", "luajit.h", "lualib.h"]: -+ shutil.copy(header, dst_dir + "/include/luajit-2.1") -+ os.makedirs(dst_dir + "/bin", exist_ok=True) -+ shutil.copy("luajit.exe", dst_dir + "/bin") -+ -+if os.name == 'nt': -+ win_main() -+else: -+ main() -+ diff --git a/etcd.yaml b/etcd-3.5.yaml similarity index 54% rename from etcd.yaml rename to etcd-3.5.yaml index 4fb6efa601..3a416a0625 100644 --- a/etcd.yaml +++ b/etcd-3.5.yaml @@ -1,5 +1,5 @@ package: - name: etcd + name: etcd-3.5 version: 3.5.12 epoch: 0 description: A highly-available key value store for shared configuration and service discovery. @@ -9,6 +9,8 @@ package: runtime: - ca-certificates-bundle - glibc + provides: + - etcd=${{package.full-version}} environment: contents: @@ -41,3 +43,34 @@ update: github: identifier: etcd-io/etcd strip-prefix: v + tag-filter-prefix: v3.5 + use-tag: true + +test: + environment: + contents: + packages: + - busybox + pipeline: + - name: Verify etcd version + runs: | + etcd --version | grep "etcd Version: 3.5" + - name: Start etcd server and perform health check + runs: | + # Start etcd in the background + etcd & + ETCD_PID=$! + sleep 5 # Wait for etcd to start + # Perform a health check + etcdctl endpoint health + kill $ETCD_PID + - name: Set and get a key-value pair + runs: | + etcd & + ETCD_PID=$! + sleep 5 # Wait for etcd to start + # Set a key-value pair + etcdctl put mykey "Hello, etcd" + # Get the value + etcdctl get mykey | grep -q "Hello, etcd" + kill $ETCD_PID diff --git a/eza.yaml b/eza.yaml index 9f19cb707b..0b3456bc27 100644 --- a/eza.yaml +++ b/eza.yaml @@ -1,6 +1,6 @@ package: name: eza - version: 0.18.4 + version: 0.18.5 epoch: 0 description: "A modern, maintained replacement for ls" copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/eza-community/eza tag: v${{package.version}} - expected-commit: 1a36ca2de59ec2506a6ee15c53180be63bbe3ea2 + expected-commit: 687a8bf633f7a0fcff7feba9d0e22f7405a2fb0e - runs: | cargo fetch @@ -40,10 +40,6 @@ update: tag-filter-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | eza diff --git a/filebeat.yaml b/filebeat.yaml index 207c59fb17..3a3bddb916 100644 --- a/filebeat.yaml +++ b/filebeat.yaml @@ -70,11 +70,6 @@ update: identifier: elastic/beats test: - environment: - contents: - packages: - - wolfi-base - - filebeat pipeline: - runs: | filebeat version diff --git a/flannel-cni-plugin.yaml b/flannel-cni-plugin.yaml index df5d6a5cdd..31e338e19c 100644 --- a/flannel-cni-plugin.yaml +++ b/flannel-cni-plugin.yaml @@ -1,7 +1,7 @@ package: name: flannel-cni-plugin - version: 1.2.0 - epoch: 5 + version: 1.4.0 + epoch: 0 description: flannel cni plugin copyright: - license: Apache-2.0 @@ -18,8 +18,8 @@ pipeline: - uses: git-checkout with: repository: https://github.com/flannel-io/cni-plugin - tag: v${{package.version}} - expected-commit: 6464faacf5c00e25321573225d74638455ef03a0 + tag: v${{package.version}}-flannel1 + expected-commit: 28a4dca643b328ced681a5f9b587f2591b7bb4ce - runs: | # Ensure we build statically since CNI plugins often get moved onto the diff --git a/fulcio.yaml b/fulcio.yaml index 44ff6653c2..7a13e5edc7 100644 --- a/fulcio.yaml +++ b/fulcio.yaml @@ -1,7 +1,7 @@ package: name: fulcio - version: 1.4.3 - epoch: 4 + version: 1.4.4 + epoch: 0 description: Sigstore OIDC PKI copyright: - license: Apache-2.0 @@ -13,15 +13,10 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 99cb25d0099dfd9d8e0b0da05d8cf129177ebaa0 + expected-commit: 5c9ae3ccebc6430309ea4c0181db9642b21f449f repository: https://github.com/sigstore/fulcio tag: v${{package.version}} - - uses: go/bump - with: - deps: github.com/go-jose/go-jose/v3@v3.0.1 golang.org/x/crypto@v0.17.0 - modroot: . - - uses: go/build with: ldflags: -s -w diff --git a/gc.yaml b/gc.yaml index 4bc99c2433..c48cbf31ea 100644 --- a/gc.yaml +++ b/gc.yaml @@ -1,10 +1,10 @@ package: name: gc - version: 8.2.4 + version: 8.2.6 epoch: 0 description: garbage collector for C and C++ copyright: - - license: custom:GPL-like + - license: Boehm-GC environment: contents: @@ -18,7 +18,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 3d0d3cdbe077403d3106bb40f0cbb563413d6efdbb2a7e1cd6886595dec48fc2 + expected-sha256: b9183fe49d4c44c7327992f626f8eaa1d8b14de140f243edb1c9dcff7719a7fc uri: https://github.com/ivmai/bdwgc/releases/download/v${{package.version}}/gc-${{package.version}}.tar.gz - runs: | diff --git a/gcsfuse.yaml b/gcsfuse.yaml index a5ea41949f..89e87f39f0 100644 --- a/gcsfuse.yaml +++ b/gcsfuse.yaml @@ -1,6 +1,6 @@ package: name: gcsfuse - version: 1.4.1 + version: 1.4.2 epoch: 0 description: A user-space file system for interacting with Google Cloud Storage copyright: diff --git a/ggshield.yaml b/ggshield.yaml index c0fba489d7..13d4554897 100644 --- a/ggshield.yaml +++ b/ggshield.yaml @@ -1,6 +1,6 @@ package: name: ggshield - version: 1.24.0 + version: 1.25.0 epoch: 0 description: Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations. copyright: @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/GitGuardian/ggshield tag: v${{package.version}} - expected-commit: 278fdcc7cceba1f1f1678325f59ffd77cfa9b324 + expected-commit: a698c1ee4095620fe9c7ee626860a3dfc5ad02a8 - runs: | pip3 install certifi -U # https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 diff --git a/gh.yaml b/gh.yaml index 11e1dd86e8..c0cec955ae 100644 --- a/gh.yaml +++ b/gh.yaml @@ -33,10 +33,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | gh --version diff --git a/git.yaml b/git.yaml index 382aee2b2d..f34df33fb4 100644 --- a/git.yaml +++ b/git.yaml @@ -105,10 +105,6 @@ subpackages: - runs: ls /usr/local/etc/profile.d/*.bash test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: git --version diff --git a/gitlab-exporter.yaml b/gitlab-exporter.yaml index 5be6829e08..d96de6503c 100644 --- a/gitlab-exporter.yaml +++ b/gitlab-exporter.yaml @@ -4,8 +4,8 @@ #nolint:git-checkout-must-use-github-updates package: name: gitlab-exporter - version: 14.2.0 - epoch: 1 + version: 14.3.0 + epoch: 0 description: GitLab Exporter is a Prometheus Web exporter. copyright: - license: MIT @@ -59,7 +59,7 @@ pipeline: repository: https://gitlab.com/gitlab-org/ruby/gems/gitlab-exporter.git # inconsistent package versioning tag: ${{package.version}} - expected-commit: 8500f0bdac1512e39d9a11230c2395dc384f0796 + expected-commit: 5bcc07dc951f45c6fb41cc3b2b689f1f40698b2b - uses: ruby/unlock-spec diff --git a/gitlab-shell.yaml b/gitlab-shell.yaml index e4d4290935..edba352064 100644 --- a/gitlab-shell.yaml +++ b/gitlab-shell.yaml @@ -4,7 +4,7 @@ #nolint:git-checkout-must-use-github-updates package: name: gitlab-shell - version: 14.33.0 + version: 14.34.0 epoch: 0 description: SSH access for GitLab copyright: @@ -28,7 +28,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: c1c3257797f0412848d55bcfe26cf5a79b1a56ce + expected-commit: 7118b75b3562c6593a16f5cd3ef6a5d9d2baed29 repository: https://gitlab.com/gitlab-org/gitlab-shell tag: v${{package.version}} diff --git a/gitsign.yaml b/gitsign.yaml index b6f9fa8446..f2042c3966 100644 --- a/gitsign.yaml +++ b/gitsign.yaml @@ -1,19 +1,35 @@ package: name: gitsign version: 0.8.1 - epoch: 0 + epoch: 1 description: Keyless Git signing with Sigstore! copyright: - license: Apache-2.0 pipeline: - - uses: go/install + - uses: git-checkout with: - package: github.com/sigstore/gitsign@v${{package.version}} + repository: https://github.com/sigstore/gitsign/ + tag: v${{package.version}} + expected-commit: bbd2c9c4ca1e1684fbabdead79d903ddc6caca92 + + - uses: go/build + with: + packages: . + output: gitsign - uses: strip subpackages: + - name: gitsign-credential-cache + description: "helper binary that allows users to cache signing credentials" + pipeline: + - uses: go/build + with: + packages: ./cmd/gitsign-credential-cache + output: gitsign-credential-cache + - uses: strip + - name: "${{package.name}}-config" description: "GitSign config" pipeline: diff --git a/gnutar.yaml b/gnutar.yaml index c8e94dc971..ac8e779b2e 100644 --- a/gnutar.yaml +++ b/gnutar.yaml @@ -41,10 +41,6 @@ update: identifier: 4939 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | tar czf - $(dirname $(which tar)) | tar -tzv | grep tar diff --git a/gobject-introspection.yaml b/gobject-introspection.yaml index a149a4901e..8fc9aaddf7 100644 --- a/gobject-introspection.yaml +++ b/gobject-introspection.yaml @@ -81,5 +81,7 @@ subpackages: update: enabled: true + ignore-regex-patterns: + - (\d+)\.(\d*[13579])\.(\d+)$ # ignore "odd" numbered minor versions as these are development releases release-monitor: identifier: 1223 diff --git a/gobump.yaml b/gobump.yaml index e77180817d..e530b0de4c 100644 --- a/gobump.yaml +++ b/gobump.yaml @@ -1,6 +1,6 @@ package: name: gobump - version: 0.7.4 + version: 0.7.5 epoch: 0 description: Go tool to declaratively bump dependencies copyright: @@ -11,7 +11,7 @@ pipeline: with: repository: https://github.com/chainguard-dev/gobump.git tag: v${{package.version}} - expected-commit: 8b182eb15364022c87269b5f815a3d2a78505da5 + expected-commit: faace681622feee07310c1f1bd01f3570d974e39 - uses: go/build with: @@ -28,10 +28,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | gobump version diff --git a/google-cloud-sdk.yaml b/google-cloud-sdk.yaml index ba112c7cc8..594229a742 100644 --- a/google-cloud-sdk.yaml +++ b/google-cloud-sdk.yaml @@ -1,7 +1,7 @@ package: name: google-cloud-sdk version: 460.0.0 - epoch: 0 + epoch: 1 description: "Google Cloud Command Line Interface" copyright: - license: Apache-2.0 @@ -69,6 +69,10 @@ pipeline: find google-cloud-sdk/ -name "*.pyc" -exec rm -rf '{}' + rm -rf google-cloud-sdk/.install + # gcloud expects to find a directory called ".install" in its "Installation Root" (as reported by "gcloud info"). + # Without this, "gcloud components" doesn't work. + mkdir google-cloud-sdk/.install + mv google-cloud-sdk ${{targets.destdir}}/usr/share/ mkdir -p ${{targets.destdir}}/usr/bin @@ -79,13 +83,10 @@ pipeline: - uses: strip test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: gcloud --version - runs: gsutil --version + - runs: gcloud components list update: enabled: true diff --git a/gpsd.yaml b/gpsd.yaml index 83fb0e6843..68dd3747de 100644 --- a/gpsd.yaml +++ b/gpsd.yaml @@ -87,10 +87,6 @@ update: identifier: 6846 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | gpsd --version diff --git a/grafana-agent-operator.yaml b/grafana-agent-operator.yaml new file mode 100644 index 0000000000..3581b48fa3 --- /dev/null +++ b/grafana-agent-operator.yaml @@ -0,0 +1,45 @@ +package: + name: grafana-agent-operator + version: 0.40.0 + epoch: 0 + description: Grafana Agent Operator is a Kubernetes operator for the static mode of Grafana Agent. It makes it easier to deploy and configure static mode to collect telemetry data from Kubernetes resources. + copyright: + - license: Apache-2.0 + +environment: + contents: + packages: + - busybox + - ca-certificates-bundle + - go + environment: + CGO_ENABLED: "0" + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/grafana/agent + tag: v${{package.version}} + expected-commit: 9be969325c6dfe7d4b30d026645ffb1287d801c3 + + - uses: go/build + with: + packages: ./cmd/grafana-agent-operator + output: grafana-agent-operator + ldflags: -s -w + + - uses: strip + +test: + pipeline: + - runs: /usr/bin/grafana-agent-operator -version + +update: + enabled: true + ignore-regex-patterns: + - -rc + github: + identifier: grafana/agent + strip-prefix: v + use-tag: true + tag-filter-prefix: v diff --git a/grype.yaml b/grype.yaml index 5f2b99f671..295fd4ce73 100644 --- a/grype.yaml +++ b/grype.yaml @@ -1,6 +1,6 @@ package: name: grype - version: 0.74.6 + version: 0.74.7 epoch: 0 description: Vulnerability scanner for container images, filesystems, and SBOMs copyright: @@ -15,7 +15,7 @@ pipeline: with: repository: https://github.com/anchore/grype tag: v${{package.version}} - expected-commit: b9cf0e5cf89b47dc2d34315855d68542e817657c + expected-commit: 987238519b8d6e302130ab715f20daed6634da68 - uses: go/build with: @@ -32,10 +32,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | grype --version diff --git a/haproxy.yaml b/haproxy.yaml index 9a8098c177..e50e64c464 100644 --- a/haproxy.yaml +++ b/haproxy.yaml @@ -1,6 +1,6 @@ package: name: haproxy - version: 2.9.5 + version: 2.9.6 epoch: 0 description: "A TCP/HTTP reverse proxy for high availability environments" copyright: @@ -33,7 +33,7 @@ pipeline: - uses: fetch with: uri: https://www.haproxy.org/download/${{vars.mangled-package-version}}/src/haproxy-${{package.version}}.tar.gz - expected-sha256: 32b785b128838f4218b8d54690c86c48794d03f817cbb627fb48769f79efd59b + expected-sha256: 208adf47c8fa83c54978034ba5c0110b7463c47078f119bd052342171a3b9a0b - uses: autoconf/make with: diff --git a/hello-wolfi.yaml b/hello-wolfi.yaml index a71f74b2a7..019ebd59b2 100644 --- a/hello-wolfi.yaml +++ b/hello-wolfi.yaml @@ -44,10 +44,6 @@ update: identifier: 18057 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | hello diff --git a/hello-world-golang.yaml b/hello-world-golang.yaml new file mode 100644 index 0000000000..af56cb0213 --- /dev/null +++ b/hello-world-golang.yaml @@ -0,0 +1,48 @@ +package: + name: hello-world-golang + version: 1.3 + epoch: 0 + description: Simple go application that prints 'hello world' in a loop when built and invoked. + copyright: + - license: Apache-2.0 + +environment: + contents: + packages: + - busybox + - ca-certificates-bundle + - go + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/chainguard-dev/hello-world-golang.git + tag: v${{package.version}} + expected-commit: 618bb31108414cb031a29e6ca521e1192079c1af + + # Example of how to bump a dependency in the application: + - uses: go/bump + with: + deps: github.com/sirupsen/logrus@v1.9.0 + + - uses: go/build + with: + packages: . + output: hello-world + + - uses: strip + +test: + environment: + contents: + packages: + - wolfi-base + pipeline: + - runs: | + hello-world --version + +update: + enabled: true + github: + identifier: chainguard-dev/hello-world-golang + strip-prefix: v diff --git a/hugo-extended.yaml b/hugo-extended.yaml index ead3fc9868..8522cbb644 100644 --- a/hugo-extended.yaml +++ b/hugo-extended.yaml @@ -1,6 +1,6 @@ package: name: hugo-extended - version: 0.123.3 + version: 0.123.6 epoch: 0 description: The world's fastest framework for building websites. copyright: diff --git a/hugo.yaml b/hugo.yaml index 72822a27e1..738cbd8d53 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -1,6 +1,6 @@ package: name: hugo - version: 0.123.3 + version: 0.123.6 epoch: 0 description: The world's fastest framework for building websites. copyright: @@ -18,7 +18,7 @@ pipeline: with: repository: https://github.com/gohugoio/hugo tag: v${{package.version}} - expected-commit: a75a659f6fc0cb3a52b2b2ba666a81f79a459376 + expected-commit: 92684f9a26838a46d1a81e3c250fef5207bcb735 - uses: go/build with: diff --git a/ingress-nginx-controller.yaml b/ingress-nginx-controller.yaml index 5e394bd421..57feb0d88a 100644 --- a/ingress-nginx-controller.yaml +++ b/ingress-nginx-controller.yaml @@ -1,7 +1,7 @@ #nolint:valid-pipeline-fetch-digest package: name: ingress-nginx-controller - version: 1.9.6 + version: 1.10.0 epoch: 1 description: "Ingress-NGINX Controller for Kubernetes" copyright: @@ -137,11 +137,7 @@ pipeline: with: repository: https://github.com/kubernetes/ingress-nginx tag: controller-v${{package.version}} - expected-commit: 7d6fa0badf074389b41857424ef2e580f104582b - - - uses: go/bump - with: - deps: github.com/opencontainers/runc@v1.1.12 + expected-commit: dc999d81da6d9258bf448874be5f1f0e2156ec94 - name: Build ingress-nginx controller from source runs: | diff --git a/istio-operator-1.20.yaml b/istio-operator-1.20.yaml index 98956ec679..327163f0cd 100644 --- a/istio-operator-1.20.yaml +++ b/istio-operator-1.20.yaml @@ -1,7 +1,7 @@ package: name: istio-operator-1.20 version: 1.20.3 - epoch: 1 + epoch: 2 description: Istio operator provides user friendly options to operate the Istio service mesh copyright: - license: Apache-2.0 @@ -32,7 +32,7 @@ pipeline: - uses: go/bump with: - deps: helm.sh/helm/v3@v3.14.1 + deps: helm.sh/helm/v3@v3.14.2 - uses: go/build with: diff --git a/jenkins.yaml b/jenkins.yaml index 65e10d41d5..a8f54caf84 100644 --- a/jenkins.yaml +++ b/jenkins.yaml @@ -1,6 +1,6 @@ package: name: jenkins - version: "2.446" + version: "2.447" epoch: 0 description: copyright: @@ -34,7 +34,7 @@ pipeline: - uses: fetch with: uri: https://github.com/jenkinsci/jenkins/archive/refs/tags/jenkins-${{package.version}}.tar.gz - expected-sha256: 5955272b7ad03a2eef9cfa16c108922ad70b74628685dc0d1463cf62fc3e28d4 + expected-sha256: 27b4510e6e43bf72054f61748377001314bb1efb89df055864f395b04c6aee19 - uses: patch with: diff --git a/jq.yaml b/jq.yaml index 8dcec2c50d..543a998f80 100644 --- a/jq.yaml +++ b/jq.yaml @@ -46,10 +46,6 @@ update: tag-filter: jq- test: - environment: - contents: - packages: - - busybox pipeline: - name: Verify jq installation runs: | diff --git a/k8s-sidecar.yaml b/k8s-sidecar.yaml index d240ae493c..6c9484c867 100644 --- a/k8s-sidecar.yaml +++ b/k8s-sidecar.yaml @@ -1,6 +1,6 @@ package: name: k8s-sidecar - version: 1.25.4 + version: 1.26.0 epoch: 0 description: "container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder" copyright: @@ -25,7 +25,7 @@ pipeline: with: repository: https://github.com/kiwigrid/k8s-sidecar tag: ${{package.version}} - expected-commit: 8214130a91b90d4202c546ab2328f85a5da16c45 + expected-commit: ac2354adbc69afe932c45ab7ea7c4a51dd98dd1a - runs: | mkdir -p ${{targets.destdir}}/usr/share/app diff --git a/k9s.yaml b/k9s.yaml index f9be2d96d3..995bd9f8df 100644 --- a/k9s.yaml +++ b/k9s.yaml @@ -40,10 +40,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | k9s version diff --git a/kafka.yaml b/kafka.yaml index f4f0ae3e76..44fdc08bcd 100644 --- a/kafka.yaml +++ b/kafka.yaml @@ -1,7 +1,7 @@ package: name: kafka # When bumping check to see if the CVE mitigation can be removed. - version: 3.6.1 + version: 3.7.0 epoch: 0 description: Apache Kafka is a distributed event streaming platformm copyright: @@ -29,7 +29,7 @@ pipeline: with: repository: https://github.com/apache/kafka tag: ${{package.version}} - expected-commit: 5e3c2b738d253ff51a7a61fe08713f564ab647fa + expected-commit: 2ae524ed625438c5fee89e78648bd73e64a3ada0 - runs: | export JAVA_TOOL_OPTIONS=-Dfile.encoding=UTF8 diff --git a/keda.yaml b/keda.yaml index 28e0de141f..c7d6c25ce6 100644 --- a/keda.yaml +++ b/keda.yaml @@ -1,8 +1,8 @@ # See https://github.com/kedacore/keda/blob/main/SECURITY.md#supported-versions for upstream-supported versions package: name: keda - version: 2.13.0 - epoch: 1 + version: 2.13.1 + epoch: 0 description: KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes copyright: - license: Apache-2.0 @@ -23,14 +23,10 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 367fcd32f1e72be504ada53165d07c33d75fc0f7 + expected-commit: 41dd7a8558fdb274f2c0861f6c6d1eba01f2dcd5 repository: https://github.com/kedacore/keda tag: v${{package.version}} - - uses: go/bump - with: - deps: github.com/go-jose/go-jose/v3@v3.0.1 github.com/cloudflare/circl@v1.3.7 - - runs: | ARCH=$(go env GOARCH) make build mkdir -p "${{targets.destdir}}/usr/bin" diff --git a/kind.yaml b/kind.yaml index 251db8cd2e..f619259cd6 100644 --- a/kind.yaml +++ b/kind.yaml @@ -1,7 +1,7 @@ package: name: kind version: 0.22.0 - epoch: 0 + epoch: 1 description: Kubernetes IN Docker - local clusters for testing Kubernetes copyright: - license: Apache-2.0 @@ -15,10 +15,15 @@ environment: - go pipeline: - - uses: fetch + - uses: git-checkout with: - uri: https://github.com/kubernetes-sigs/kind/archive/refs/tags/v${{package.version}}.tar.gz - expected-sha256: e3e21c8d1c4566d0d255e16e65bbc39297c8f5db41e7ec38d9d62a1ac9e51980 + repository: https://github.com/kubernetes-sigs/kind + tag: v${{package.version}} + expected-commit: 2b248e7df157d4f1a44ecea114be3d58c9232930 + + - uses: go/bump + with: + deps: golang.org/x/sys@v0.0.0-20220412211240-33da011f77ad - runs: | make build diff --git a/kots.yaml b/kots.yaml index 9328aaf44f..b9fec97cd9 100644 --- a/kots.yaml +++ b/kots.yaml @@ -1,6 +1,6 @@ package: name: kots - version: 1.107.7 + version: 1.107.8 epoch: 0 description: Kubernetes Off-The-Shelf (KOTS) Software copyright: @@ -21,7 +21,7 @@ pipeline: - uses: fetch with: uri: https://github.com/replicatedhq/kots/archive/refs/tags/v${{package.version}}.tar.gz - expected-sha256: 3598db778e9be1ef518b5f344274250a8ef70f5f7b8fd06a05ccef6fa042918d + expected-sha256: 2d62746b6e96f8152983c1da96b3d543c1ef439d70a456eefc7ccc76c90dab02 - uses: go/bump with: diff --git a/kube-bench.yaml b/kube-bench.yaml index 86ddc5444c..a60e395b73 100644 --- a/kube-bench.yaml +++ b/kube-bench.yaml @@ -1,6 +1,6 @@ package: name: kube-bench - version: 0.7.1 + version: 0.7.2 epoch: 0 description: Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/aquasecurity/kube-bench tag: v${{package.version}} - expected-commit: 445c1160cf8e3c54982f4a95d375ac712ed03f4c + expected-commit: abfa7d9613f0f5f9e628a3ec87fea3443fe57805 - uses: go/build with: diff --git a/kube-fluentd-operator.yaml b/kube-fluentd-operator.yaml index dad87ddba4..6b655fdf60 100644 --- a/kube-fluentd-operator.yaml +++ b/kube-fluentd-operator.yaml @@ -1,7 +1,7 @@ package: name: kube-fluentd-operator version: 1.18.2 - epoch: 0 + epoch: 1 description: Auto-configuration of Fluentd daemon-set based on Kubernetes metadata copyright: - license: MIT @@ -71,7 +71,7 @@ pipeline: git checkout ${{vars.FLUENT_PLUGIN_GOOGLE_CLOUD_COMMIT}} # to fix some CVEs in the grpc - sed -e "s/'grpc', '1.52.0'/'grpc', '1.53.0'/g" -i fluent-plugin-google-cloud.gemspec + sed -e "s/'grpc', '1.52.0'/'grpc', '1.53.2'/g" -i fluent-plugin-google-cloud.gemspec bundle config set --local path ${GEM_DIR} bundle config set --local without 'development test' diff --git a/kubeflow-volumes-web-app.yaml b/kubeflow-volumes-web-app.yaml index 4035e890cf..ac018321eb 100644 --- a/kubeflow-volumes-web-app.yaml +++ b/kubeflow-volumes-web-app.yaml @@ -79,10 +79,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | python3 -c "import urllib3" diff --git a/kuberay-operator.yaml b/kuberay-operator.yaml index 466ed4a1b7..3bb29b3695 100644 --- a/kuberay-operator.yaml +++ b/kuberay-operator.yaml @@ -1,7 +1,7 @@ package: name: kuberay-operator version: 1.0.0 - epoch: 0 + epoch: 1 description: A toolkit to run Ray applications on Kubernetes copyright: - license: Apache-2.0 @@ -30,6 +30,15 @@ pipeline: - uses: strip +subpackages: + - name: kuberay-operator-compat + description: "Compatibility package to place binaries in the location expected by upstream helm charts" + pipeline: + - runs: | + # The helm chart expects the kuberay-operator binaries to be in / instead of /usr/bin + mkdir -p "${{targets.subpkgdir}}" + ln -sf /usr/bin/manager ${{targets.subpkgdir}}/manager + update: enabled: true github: @@ -38,10 +47,6 @@ update: tag-filter: v1.0.0 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | /usr/bin/manager --version diff --git a/kubescape.yaml b/kubescape.yaml index df29c76b53..59b5d6eede 100644 --- a/kubescape.yaml +++ b/kubescape.yaml @@ -1,7 +1,7 @@ package: name: kubescape version: 3.0.3 - epoch: 7 + epoch: 8 description: Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources. copyright: - license: Apache-2.0 AND MIT @@ -27,8 +27,8 @@ pipeline: - uses: go/bump with: - deps: github.com/containerd/containerd@v1.7.11 golang.org/x/crypto@v0.17.0 github.com/go-jose/go-jose/v3@v3.0.1 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 go.opentelemetry.io/otel@v1.21.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0 go.opentelemetry.io/otel/sdk@v1.21.0 github.com/docker/docker@v24.0.7 github.com/cloudflare/circl@v1.3.7 github.com/sigstore/cosign/v2@v2.2.1 github.com/lestrrat-go/jwx/v2@v2.0.19 github.com/anchore/stereoscope@v0.0.1 github.com/moby/buildkit@v0.12.5 github.com/opencontainers/runc@v1.1.12 - replaces: sigs.k8s.io/kustomize/kyaml=sigs.k8s.io/kustomize/kyaml@v0.14.1 k8s.io/kube-openapi=k8s.io/kube-openapi@v0.0.0-20230501164219-8b0f38b5fd1f github.com/google/gnostic=github.com/google/gnostic@v0.5.7-v3refs k8s.io/client-go=k8s.io/client-go@v0.27.4 k8s.io/api=k8s.io/api@v0.27.4 google.golang.org/grpc=google.golang.org/grpc@v1.58.3 + deps: github.com/containerd/containerd@v1.7.11 golang.org/x/crypto@v0.17.0 github.com/go-jose/go-jose/v3@v3.0.1 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 go.opentelemetry.io/otel@v1.21.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0 go.opentelemetry.io/otel/sdk@v1.21.0 github.com/docker/docker@v24.0.7 github.com/cloudflare/circl@v1.3.7 github.com/sigstore/cosign/v2@v2.2.1 github.com/lestrrat-go/jwx/v2@v2.0.19 github.com/anchore/stereoscope@v0.0.1 github.com/moby/buildkit@v0.12.5 github.com/opencontainers/runc@v1.1.12 helm.sh/helm/v3@v3.14.2 + replaces: sigs.k8s.io/kustomize/kyaml=sigs.k8s.io/kustomize/kyaml@v0.14.1 k8s.io/kube-openapi=k8s.io/kube-openapi@v0.0.0-20230501164219-8b0f38b5fd1f github.com/google/gnostic=github.com/google/gnostic@v0.7.0 k8s.io/client-go=k8s.io/client-go@v0.29.2 k8s.io/api=k8s.io/api@v0.29.2 google.golang.org/grpc=google.golang.org/grpc@v1.58.3 - runs: | export CGO_ENABLED=1 @@ -44,3 +44,8 @@ update: github: identifier: kubescape/kubescape strip-prefix: v + +test: + pipeline: + - runs: | + kubescape version diff --git a/kwok.yaml b/kwok.yaml index 9ac782e4d8..054c9feafd 100644 --- a/kwok.yaml +++ b/kwok.yaml @@ -41,7 +41,6 @@ test: environment: contents: packages: - - busybox - kubectl-default - kwokctl - kubernetes diff --git a/lazygit.yaml b/lazygit.yaml index 37cdb0579b..00b0d2ccbb 100644 --- a/lazygit.yaml +++ b/lazygit.yaml @@ -47,10 +47,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | lazygit --version diff --git a/lean4.yaml b/lean4.yaml index 84a77bbe1b..2273184104 100644 --- a/lean4.yaml +++ b/lean4.yaml @@ -1,6 +1,6 @@ package: name: lean4 - version: 4.5.0 + version: 4.6.0 epoch: 0 description: "Secure Reliable Transport (SRT)" copyright: @@ -22,7 +22,7 @@ pipeline: with: repository: https://github.com/leanprover/lean4 tag: v${{package.version}} - expected-commit: 1a3021f98e55a274217b3bbf92b2d449bae843c3 + expected-commit: a5bc9013ab13f7b186cf154d396036b1d7c23370 - runs: | # This doesn't work with Ninja so we can't use our default pipelines. diff --git a/less.yaml b/less.yaml index c9d97e115a..c68467fc0f 100644 --- a/less.yaml +++ b/less.yaml @@ -36,10 +36,6 @@ pipeline: - uses: strip test: - environment: - contents: - packages: - - wolfi-base pipeline: - name: Validate that lessecho runs runs: | diff --git a/libbsd.yaml b/libbsd.yaml index 0750191aef..0262e8de28 100644 --- a/libbsd.yaml +++ b/libbsd.yaml @@ -1,6 +1,6 @@ package: name: libbsd - version: 0.11.8 + version: 0.12.1 epoch: 0 description: commonly-used BSD functions not implemented by all libcs copyright: @@ -19,7 +19,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 55fdfa2696fb4d55a592fa9ad14a9df897c7b0008ddb3b30c419914841f85f33 + expected-sha256: d7747f8ec1baa6ff5c096a9dd587c061233dec90da0f1aedd66d830f6db6996a uri: https://libbsd.freedesktop.org/releases/libbsd-${{package.version}}.tar.xz - uses: autoconf/configure diff --git a/linkerd-await.yaml b/linkerd-await.yaml index cbcd5c8301..5472906924 100644 --- a/linkerd-await.yaml +++ b/linkerd-await.yaml @@ -36,10 +36,6 @@ update: strip-prefix: release/v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | linkerd-await --version | grep ${{package.version}} diff --git a/linkerd-network-validator.yaml b/linkerd-network-validator.yaml index 80f209f589..1409cc196a 100644 --- a/linkerd-network-validator.yaml +++ b/linkerd-network-validator.yaml @@ -40,10 +40,6 @@ update: tag-filter: validator/v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | linkerd-network-validator --version | grep ${{package.version}} diff --git a/linkerd2-proxy.yaml b/linkerd2-proxy.yaml index 8903b069fa..844b9da1f9 100644 --- a/linkerd2-proxy.yaml +++ b/linkerd2-proxy.yaml @@ -42,10 +42,6 @@ update: tag-filter: release/v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | # There aren't really any flags here to get the version so just run and look for the right error diff --git a/lint.sh b/lint.sh index 96ce2741dd..e4ca4d297b 100755 --- a/lint.sh +++ b/lint.sh @@ -24,4 +24,16 @@ for p in $(make list); do yq -i 'del(.environment.contents.repositories)' ${fn} yq -i 'del(.environment.contents.keyring)' ${fn} fi + + # Don't specify wolfi-base or any of its packages, or the main package, for test pipelines. + for pkg in wolfi-base busybox apk-tools wolfi-keys ${p}; do + yq -i 'del(.test.environment.contents.packages[] | select(. == "'${pkg}'"))' ${fn} + yam ${fn} + done + + # If .test.environment.contents.packages is empty, remove it all. + if [ "$(yq -r '.test.environment.contents.packages | length' ${fn})" == "0" ]; then + yq -i 'del(.test.environment)' ${fn} + yam ${fn} + fi done diff --git a/linux-pam.yaml b/linux-pam.yaml index ef778ffc2f..88a747cbaf 100644 --- a/linux-pam.yaml +++ b/linux-pam.yaml @@ -78,7 +78,6 @@ test: environment: contents: packages: - - wolfi-base - util-linux - shadow pipeline: diff --git a/logstash-exporter.yaml b/logstash-exporter.yaml index 162afae2ba..93d832862f 100644 --- a/logstash-exporter.yaml +++ b/logstash-exporter.yaml @@ -1,6 +1,6 @@ package: name: logstash-exporter - version: 1.6.2 + version: 1.6.3 epoch: 0 description: Prometheus exporter for Logstash written in Go copyright: @@ -18,7 +18,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 76b41045d8e5688eb3bacdcaece5b9dafe5a039e + expected-commit: 119ace0b38cd6b3a4662eb63a5d49143ef02699c repository: https://github.com/kuskoman/logstash-exporter tag: v${{package.version}} @@ -41,10 +41,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | logstash-exporter -version diff --git a/logstash-filter-xml.yaml b/logstash-filter-xml.yaml index 49bee5ae20..0b362e96d2 100644 --- a/logstash-filter-xml.yaml +++ b/logstash-filter-xml.yaml @@ -52,7 +52,6 @@ test: environment: contents: packages: - - wolfi-base - logstash - openjdk-17-default-jvm pipeline: diff --git a/logstash-integration-jdbc.yaml b/logstash-integration-jdbc.yaml index ac4c04d7b1..807fbe7c00 100644 --- a/logstash-integration-jdbc.yaml +++ b/logstash-integration-jdbc.yaml @@ -52,9 +52,8 @@ test: environment: contents: packages: - - wolfi-base - logstash - - openjdk-11-default-jvm + - openjdk-17-default-jvm - jruby-9.4 pipeline: - runs: | diff --git a/logstash-output-opensearch.yaml b/logstash-output-opensearch.yaml index 369d514799..519115e766 100644 --- a/logstash-output-opensearch.yaml +++ b/logstash-output-opensearch.yaml @@ -52,7 +52,6 @@ test: environment: contents: packages: - - wolfi-base - logstash - openjdk-17-default-jvm pipeline: diff --git a/logstash.yaml b/logstash.yaml index 58ead03db5..8196cac163 100644 --- a/logstash.yaml +++ b/logstash.yaml @@ -241,12 +241,6 @@ subpackages: grep 'message.*hello' test: - environment: - contents: - packages: - - wolfi-base - environment: - LS_JAVA_HOME: /usr/lib/jvm/default-jvm pipeline: - name: Ensure default plugins were actually installed runs: | diff --git a/loki.yaml b/loki.yaml index 8c6382e256..39df971c8e 100644 --- a/loki.yaml +++ b/loki.yaml @@ -1,6 +1,6 @@ package: name: loki - version: 2.9.4 + version: 2.9.5 epoch: 0 description: Like Prometheus, but for logs. copyright: @@ -17,13 +17,13 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: f599ebc5355e52099e2f52a74c1fee8baf28db53 + expected-commit: e759cae3b9b1e1c7378a451d1d5da209c5895f8c repository: https://github.com/grafana/loki tag: v${{package.version}} - uses: go/bump with: - deps: github.com/docker/docker@v24.0.7+incompatible github.com/prometheus/alertmanager@v0.25.1 + deps: github.com/docker/docker@v24.0.7+incompatible - uses: autoconf/make diff --git a/lua-luv.yaml b/lua-luv.yaml index 5d7e5c64bd..d7bdf185ad 100644 --- a/lua-luv.yaml +++ b/lua-luv.yaml @@ -1,6 +1,6 @@ package: name: lua-luv - version: 1.48.0.0 + version: 1.48.0.1 epoch: 0 description: "Bare libuv bindings for Lua" copyright: @@ -29,8 +29,8 @@ pipeline: - uses: git-checkout with: repository: https://github.com/luvit/luv - tag: v${{vars.mangled-package-version}} - expected-commit: 372da9de30482319d3cff9bcfa1a008506c6cd02 + tag: ${{vars.mangled-package-version}} + expected-commit: 693951ef762058a8a9fdc76ef7d9e465d6bdd8cc - runs: | # TODO: Package lua-compat5.3 @@ -61,8 +61,8 @@ subpackages: update: enabled: true version-transform: - - match: \.(\d+)$ - replace: .$1 + - match: \- + replace: . github: identifier: luvit/luv strip-prefix: v diff --git a/man-db.yaml b/man-db.yaml index e3bfa26920..ad51e1c1b4 100644 --- a/man-db.yaml +++ b/man-db.yaml @@ -57,7 +57,6 @@ test: environment: contents: packages: - - wolfi-base - man-db-doc pipeline: - runs: | diff --git a/mariadb-11.2.yaml b/mariadb-11.2.yaml index 60245f908a..27fbc1c602 100644 --- a/mariadb-11.2.yaml +++ b/mariadb-11.2.yaml @@ -1,13 +1,15 @@ package: name: mariadb-11.2 version: 11.2.3 - epoch: 0 + epoch: 1 description: "The MariaDB open source relational database" copyright: - license: GPL-3.0-or-later dependencies: runtime: - pwgen + provides: + - mariadb=${{package.full-version}} environment: contents: @@ -147,16 +149,23 @@ pipeline: subpackages: - name: "${{package.name}}-dev" description: "headers for mariadb" + dependencies: + provides: + - mariadb-dev=${{package.full-version}} pipeline: - uses: split/dev - dependencies: - name: "${{package.name}}-doc" + dependencies: + provides: + - mariadb-doc=${{package.full-version}} pipeline: - uses: split/manpages - name: "${{package.name}}-bench" dependencies: + provides: + - mariadb-bench=${{package.full-version}} pipeline: - runs: | mkdir -p "${{targets.subpkgdir}}"/usr/share/ @@ -164,6 +173,8 @@ subpackages: - name: "${{package.name}}-backup" dependencies: + provides: + - mariadb-backup=${{package.full-version}} pipeline: - runs: | mkdir -p "${{targets.subpkgdir}}"/usr/bin @@ -175,6 +186,8 @@ subpackages: - name: "${{package.name}}-oci-entrypoint" description: Entrypoint for using HAProxy in OCI containers dependencies: + provides: + - mariadb-oci-entrypoint=${{package.full-version}} runtime: - bash - busybox @@ -187,6 +200,8 @@ subpackages: - name: "${{package.name}}-embedded" description: Emedded library for mariadb dependencies: + provides: + - mariadb-embedded=${{package.full-version}} pipeline: - runs: | mkdir -p ${{targets.subpkgdir}}/usr/bin/ diff --git a/memcached.yaml b/memcached.yaml index 32149a9529..ce92a5b298 100644 --- a/memcached.yaml +++ b/memcached.yaml @@ -1,6 +1,6 @@ package: name: memcached - version: 1.6.23 + version: 1.6.24 epoch: 0 description: "Distributed memory object caching system" copyright: @@ -23,7 +23,7 @@ pipeline: - uses: fetch with: uri: https://www.memcached.org/files/memcached-${{package.version}}.tar.gz - expected-sha512: b531a58f8fd1ff9ae821319302093ccf44a6c911ad680a15cc29390144a153340814f45c0a1ea9eebf999743399579e655abea671b27b85c1202d70945ce902a + expected-sha512: e43386c2a6c0b95cefdccfe7f6b3890c59ca8b5c2636efc2e910b9617b20a5cf6de9bfedaafe0fb05c91bebb175fbdf033f5e0e512cb041b73af5af0d1854265 - uses: autoconf/configure with: diff --git a/mesa.yaml b/mesa.yaml index d292a613a7..1ed81b11ee 100644 --- a/mesa.yaml +++ b/mesa.yaml @@ -1,6 +1,6 @@ package: name: mesa - version: 24.0.1 + version: 24.0.2 epoch: 0 description: Mesa DRI OpenGL library copyright: @@ -57,7 +57,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: f387192b08c471c545590dd12230a2a343244804b5fe866fec6aea02eab57613 + expected-sha256: 94e28a8edad06d8ed2b83eb53f253b9eb5aa62c3080f939702e1b3039b56c9e8 uri: https://mesa.freedesktop.org/archive/mesa-${{package.version}}.tar.xz - runs: | diff --git a/mockery.yaml b/mockery.yaml index b6338cfed7..c72ac79efb 100644 --- a/mockery.yaml +++ b/mockery.yaml @@ -36,7 +36,6 @@ test: environment: contents: packages: - - wolfi-base - posix-libc-utils pipeline: - runs: | diff --git a/mods.yaml b/mods.yaml index 727e08348a..786bcae9c8 100644 --- a/mods.yaml +++ b/mods.yaml @@ -42,10 +42,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | mods --version diff --git a/neon.yaml b/neon.yaml index 2bba3c2ca5..c60c6f4ca7 100644 --- a/neon.yaml +++ b/neon.yaml @@ -1,6 +1,6 @@ package: name: neon - version: "4917" + version: "4983" epoch: 0 description: "Serverless Postgres. We separated storage and compute to offer autoscaling, branching, and bottomless storage." copyright: @@ -43,7 +43,7 @@ pipeline: with: repository: https://github.com/neondatabase/neon tag: release-${{package.version}} - expected-commit: 96a4e8de660be469fb00efd7d268120890ca06fd + expected-commit: 6460beffcd0d9c4d4a1ed17e39295a869510d29f recurse-submodules: true - runs: | diff --git a/newrelic-fluent-bit-output.yaml b/newrelic-fluent-bit-output.yaml index dd84f71ce1..4ce864a69e 100644 --- a/newrelic-fluent-bit-output.yaml +++ b/newrelic-fluent-bit-output.yaml @@ -1,6 +1,6 @@ package: name: newrelic-fluent-bit-output - version: 1.19.1 + version: 1.19.2 epoch: 0 description: A Fluent Bit output plugin that sends logs to New Relic copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/newrelic/newrelic-fluent-bit-output tag: v${{package.version}} - expected-commit: f180ae4147c8ca0b2fbd73599dcf38bb4486fd3b + expected-commit: f8b9de892b03956735881f9c4e67f39a2eb8831c - uses: patch with: diff --git a/newrelic-infra-operator.yaml b/newrelic-infra-operator.yaml index 508efd35a4..6d63ee0387 100644 --- a/newrelic-infra-operator.yaml +++ b/newrelic-infra-operator.yaml @@ -1,6 +1,6 @@ package: name: newrelic-infra-operator - version: 0.17.0 + version: 0.18.0 epoch: 0 description: Newrelic kubernetes operator of infrastructure copyright: @@ -19,7 +19,7 @@ pipeline: with: repository: https://github.com/newrelic/newrelic-infra-operator tag: v${{package.version}} - expected-commit: 14a254f3d01bfb7e0b32fd804b33b3e15adcce75 + expected-commit: 576f50101ba2cafd4d41ca478d4e48bdc37fcfbf - runs: | make build diff --git a/newrelic-infrastructure-agent.yaml b/newrelic-infrastructure-agent.yaml index e1e2878914..1c155486d6 100644 --- a/newrelic-infrastructure-agent.yaml +++ b/newrelic-infrastructure-agent.yaml @@ -1,6 +1,6 @@ package: name: newrelic-infrastructure-agent - version: 1.49.1 + version: 1.50.0 epoch: 0 description: New Relic Infrastructure Agent copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/newrelic/infrastructure-agent tag: ${{package.version}} - expected-commit: d05f4eb2c15998b480f67e6c074eb647e5398d08 + expected-commit: 1be5c0793dfacbc5afee76316dd141623a6f76ac - runs: | # Our global LDFLAGS conflict with a Makefile parameter: https://github.com/newrelic/infrastructure-agent/blob/07ab68f181e25a1552588a3953167e0b15f52372/build/build.mk#L20-L22 diff --git a/newrelic-infrastructure-bundle.yaml b/newrelic-infrastructure-bundle.yaml index 5d6803c79d..37d4d3a4cc 100644 --- a/newrelic-infrastructure-bundle.yaml +++ b/newrelic-infrastructure-bundle.yaml @@ -1,6 +1,6 @@ package: name: newrelic-infrastructure-bundle - version: 3.2.30 + version: 3.2.31 epoch: 0 description: New Relic Infrastructure containerised agent bundle copyright: @@ -62,7 +62,7 @@ pipeline: with: repository: https://github.com/newrelic/infrastructure-bundle tag: v${{package.version}} - expected-commit: c7baa712e4ffdd3a53f39073f50c9123d8bf6a00 + expected-commit: 9e77c62dfd4ee200bc4abd1fb291a17c732285e5 destination: ${{package.name}} # NO-OP. We were using `go run downloader.go` to fetch the pre-compiled binaries diff --git a/newrelic-nri-kube-events.yaml b/newrelic-nri-kube-events.yaml index 727ad32d50..8a6686ba9a 100644 --- a/newrelic-nri-kube-events.yaml +++ b/newrelic-nri-kube-events.yaml @@ -1,6 +1,6 @@ package: name: newrelic-nri-kube-events - version: 2.8.2 + version: 2.9.0 epoch: 0 description: New Relic integration that forwards Kubernetes events to New Relic copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/newrelic/nri-kube-events tag: v${{package.version}} - expected-commit: 81a18cac17d37f07d72129338003b3408d711c35 + expected-commit: fa4e083d3fee4ead6b92a398d8fc344292841de4 - uses: go/build with: diff --git a/newrelic-prometheus-configurator.yaml b/newrelic-prometheus-configurator.yaml index 122b593025..8a63ff2fb1 100644 --- a/newrelic-prometheus-configurator.yaml +++ b/newrelic-prometheus-configurator.yaml @@ -1,6 +1,6 @@ package: name: newrelic-prometheus-configurator - version: 1.13.0 + version: 1.14.0 epoch: 0 description: New Relic Prometheus Configurator copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/newrelic/newrelic-prometheus-configurator tag: v${{package.version}} - expected-commit: e6e9b572c180affd9e3aebf3a2a11ce6a9b91b35 + expected-commit: 1340547b6f3099e369391a0c280fb3335136f28e - runs: | GOOS=$(go env GOOS) diff --git a/node-problem-detector-0.8.yaml b/node-problem-detector-0.8.yaml index 22498a1a2f..8b0a457194 100644 --- a/node-problem-detector-0.8.yaml +++ b/node-problem-detector-0.8.yaml @@ -1,7 +1,7 @@ package: name: node-problem-detector-0.8 - version: 0.8.15 - epoch: 2 + version: 0.8.16 + epoch: 0 description: node-problem-detector aims to make various node problems visible to the upstream layers in the cluster management stack. copyright: - license: Apache-2.0 @@ -27,11 +27,7 @@ pipeline: with: repository: https://github.com/kubernetes/node-problem-detector tag: v${{package.version}} - expected-commit: 3704fa72a9baa124a82fc5b11371cc2b08786ab0 - - - uses: go/bump - with: - deps: google.golang.org/grpc@v1.58.3 golang.org/x/crypto@v0.17.0 + expected-commit: 855780c9c17d7483f2101f5f88d8d6861b436d0c # removes unnecessary maintain of patch files - runs: | diff --git a/nodejs-16.yaml b/nodejs-16.yaml index d9f5dc45bc..baa0f84a0c 100644 --- a/nodejs-16.yaml +++ b/nodejs-16.yaml @@ -90,10 +90,6 @@ update: tag-filter: v16. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | node --version | grep ${{package.version}} diff --git a/nodejs-18.yaml b/nodejs-18.yaml index 191885941f..0533347529 100644 --- a/nodejs-18.yaml +++ b/nodejs-18.yaml @@ -90,10 +90,6 @@ update: tag-filter: v18. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | node --version | grep ${{package.version}} diff --git a/nodejs-19.yaml b/nodejs-19.yaml index a6e4930e2a..6cc8b931ac 100644 --- a/nodejs-19.yaml +++ b/nodejs-19.yaml @@ -89,10 +89,6 @@ update: tag-filter: v19. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | node --version | grep ${{package.version}} diff --git a/nodejs-20.yaml b/nodejs-20.yaml index 891e0e606e..6ced82fa1a 100644 --- a/nodejs-20.yaml +++ b/nodejs-20.yaml @@ -90,10 +90,6 @@ update: tag-filter: v20. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | node --version | grep ${{package.version}} diff --git a/nodejs-21.yaml b/nodejs-21.yaml index 9f46e663a3..fc92327c62 100644 --- a/nodejs-21.yaml +++ b/nodejs-21.yaml @@ -87,10 +87,6 @@ update: tag-filter: v21. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | node --version | grep ${{package.version}} diff --git a/npm.yaml b/npm.yaml index 73fb8ea0d9..8f25c13e94 100644 --- a/npm.yaml +++ b/npm.yaml @@ -1,7 +1,7 @@ package: name: npm - version: 10.4.0 - epoch: 1 + version: 10.5.0 + epoch: 0 description: "the npm package manager for javascript, mainline" copyright: - license: Artistic-2.0 @@ -17,27 +17,13 @@ pipeline: - uses: fetch with: uri: https://registry.npmjs.org/npm/-/npm-${{package.version}}.tgz - expected-sha512: 452eccc743957d794e7102d178fb8321874509504f08d6a9587a650cafa687b18374ffd3be8af8a1cbb26d144f4af7dc45bdaf8d126dd5f1c2ab0ddcafca8009 + expected-sha512: 123c70bdf87d627595536c80e45ce860b4d6e76bf11c2cfe307ace160f4273c205805ffa7f90063c0bdbe564dacb90c850fd4d21f37754167470b9463b462cf8 delete: true - uses: patch with: patches: dont-check-for-last-version.patch - # Delete the ip package from the npm package to prepare for replacement. - - working-directory: /home/build/node_modules - runs: | - rm -rf ip - - # Replace the ip package with the seal-security fork, which is a drop-in replacement - # that resolves a CVE. - - uses: fetch - working-directory: /home/build/node_modules/ip - with: - uri: https://registry.npmjs.org/@seal-security/ip/-/ip-2.0.0-sp-1.tgz - expected-sha512: 652901950df430b0d6f484fc12be69ca6e88b0c3223ad3a97441c510a438437a7858c959c85cc4d03d98ab920c4919401114497fe7436b8e5942392582e7ab4f - delete: true - - runs: | # Wrapper scripts written in Bash and CMD. rm bin/npm bin/npx bin/*.cmd @@ -115,7 +101,6 @@ test: environment: contents: packages: - - wolfi-base - nodejs environment: HOME: /home/build diff --git a/nri-apache.yaml b/nri-apache.yaml index 102c651437..c1a7dd3519 100644 --- a/nri-apache.yaml +++ b/nri-apache.yaml @@ -1,6 +1,6 @@ package: name: nri-apache - version: 1.12.2 + version: 1.12.3 epoch: 0 description: New Relic Infrastructure Apache Integration copyright: @@ -18,7 +18,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-apache - expected-commit: 1e46f24e4e0a07a6cbb03b203a2a5aec924a9596 + expected-commit: cadfea94275a78aeb09589697e8a00343ac74305 tag: v${{package.version}} - uses: go/build diff --git a/nri-cassandra.yaml b/nri-cassandra.yaml index 7322cfaff5..3c29033333 100644 --- a/nri-cassandra.yaml +++ b/nri-cassandra.yaml @@ -1,7 +1,7 @@ package: name: nri-cassandra - version: 2.13.2 - epoch: 4 + version: 2.13.4 + epoch: 0 description: New Relic Infrastructure Cassandra Integration copyright: - license: Apache-2.0 @@ -14,7 +14,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-cassandra - expected-commit: b629c78b1fc76e8c6176aeb24f43e05d6dc6de8c + expected-commit: b66f1934b1d26d1d53e51b8a39041074883c39ed tag: v${{package.version}} - uses: go/build diff --git a/nri-elasticsearch.yaml b/nri-elasticsearch.yaml index f32ac33780..b375d7b387 100644 --- a/nri-elasticsearch.yaml +++ b/nri-elasticsearch.yaml @@ -1,7 +1,7 @@ package: name: nri-elasticsearch - version: 5.2.2 - epoch: 3 + version: 5.2.3 + epoch: 0 description: New Relic Infrastructure Elasticsearch Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-elasticsearch - expected-commit: 50c6fe0d6796c3dd8cf68f7bfb48cf922ca67e3b + expected-commit: 3d465692ee0bddd4968882c8a974376199889390 tag: v${{package.version}} - uses: go/build diff --git a/nri-f5.yaml b/nri-f5.yaml index 1be45ec832..a524fed731 100644 --- a/nri-f5.yaml +++ b/nri-f5.yaml @@ -1,7 +1,7 @@ package: name: nri-f5 - version: 2.7.2 - epoch: 4 + version: 2.7.3 + epoch: 0 description: New Relic Infrastructure F5 Integration copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-f5 - expected-commit: 5636886916efadc67d96febb36b57d90ffff830f + expected-commit: bad8bb7b4f63d831193d0e9dd4559e403f316504 tag: v${{package.version}} - uses: go/build diff --git a/nri-haproxy.yaml b/nri-haproxy.yaml index 5c042f8bbe..bcafce4dd3 100644 --- a/nri-haproxy.yaml +++ b/nri-haproxy.yaml @@ -1,7 +1,7 @@ package: name: nri-haproxy - version: 2.5.1 - epoch: 3 + version: 3.0.0 + epoch: 0 description: New Relic Infrastructure HAproxy Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-haproxy - expected-commit: 88607192565c57ca9dc6c134ae6d3d8503099b4b + expected-commit: be59cbe348c609c8fac699a3515a852662b6d328 tag: v${{package.version}} - uses: go/build diff --git a/nri-kafka.yaml b/nri-kafka.yaml index f7735c8a49..b14db2ee80 100644 --- a/nri-kafka.yaml +++ b/nri-kafka.yaml @@ -1,6 +1,6 @@ package: name: nri-kafka - version: 3.7.0 + version: 3.7.1 epoch: 0 description: New Relic Infrastructure Kafka Integration copyright: @@ -14,7 +14,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-kafka - expected-commit: 276d1c7c0e788061e3020d1f77c0d22d9afa4e37 + expected-commit: 501583e5405e136c4ff780a132d6f61a0471ee9e tag: v${{package.version}} - uses: go/build diff --git a/nri-kubernetes.yaml b/nri-kubernetes.yaml index 1ee22c6146..ba035e4359 100644 --- a/nri-kubernetes.yaml +++ b/nri-kubernetes.yaml @@ -1,6 +1,6 @@ package: name: nri-kubernetes - version: 3.25.2 + version: 3.26.0 epoch: 0 description: New Relic integration for Kubernetes copyright: @@ -19,7 +19,7 @@ pipeline: with: repository: https://github.com/newrelic/nri-kubernetes tag: v${{package.version}} - expected-commit: f202e6dd5e2813d7682b4673643bce8aa5a67edb + expected-commit: 2b2a1e0cd1c0590960089b96c0c708eeb19f6b5e - runs: | # Our global LDFLAGS conflict with a Makefile parameter diff --git a/nri-memcached.yaml b/nri-memcached.yaml index 2eb0755d17..68f6773e7d 100644 --- a/nri-memcached.yaml +++ b/nri-memcached.yaml @@ -1,7 +1,7 @@ package: name: nri-memcached - version: 2.5.1 - epoch: 4 + version: 2.5.3 + epoch: 0 description: New Relic Infrastructure memcached Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-memcached - expected-commit: df1824d0a43a011fce9ae51e46be27449dbd14ed + expected-commit: e451470f5f5dfc9b012a456f6da7d03791610bf7 tag: v${{package.version}} - uses: go/build diff --git a/nri-mysql.yaml b/nri-mysql.yaml index c5877c262c..b79050d04c 100644 --- a/nri-mysql.yaml +++ b/nri-mysql.yaml @@ -1,7 +1,7 @@ package: name: nri-mysql - version: 1.10.2 - epoch: 4 + version: 1.10.4 + epoch: 0 description: New Relic Infrastructure MySQL Integration copyright: - license: Apache-2.0 @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-mysql - expected-commit: 54fc0ed4811aaa36f7552ee0c7d551da8fd9523e + expected-commit: 580d18bbda6e107e98df1905be5534d528db9f63 tag: v${{package.version}} - uses: go/build diff --git a/nri-nagios.yaml b/nri-nagios.yaml index 495e1b0e96..8f2334fc4a 100644 --- a/nri-nagios.yaml +++ b/nri-nagios.yaml @@ -1,7 +1,7 @@ package: name: nri-nagios - version: 2.9.1 - epoch: 3 + version: 2.9.2 + epoch: 0 description: New Relic Infrastructure Nagios Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-nagios - expected-commit: b7b56a695b9c7cc5d343668aaa1214daced2bed4 + expected-commit: 21d2ec76f1ee51fb0b4d5a86a852fee7299cf001 tag: v${{package.version}} - uses: go/build diff --git a/nri-nginx.yaml b/nri-nginx.yaml index f96a63cbf2..0ed7b78dbd 100644 --- a/nri-nginx.yaml +++ b/nri-nginx.yaml @@ -1,7 +1,7 @@ package: name: nri-nginx - version: 3.4.1 - epoch: 4 + version: 3.4.3 + epoch: 0 description: New Relic Infrastructure Nginx Integration copyright: - license: Apache-2.0 @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-nginx - expected-commit: bfa3ad0a7bd7e928a31922f74eb8b1d8f232a019 + expected-commit: bc1bde6bb93e3feed5a150999c8e1babeda6af8c tag: v${{package.version}} - uses: go/build diff --git a/nri-postgresql.yaml b/nri-postgresql.yaml index 3e2bbb18af..1548f8765d 100644 --- a/nri-postgresql.yaml +++ b/nri-postgresql.yaml @@ -1,7 +1,7 @@ package: name: nri-postgresql - version: 2.13.0 - epoch: 4 + version: 2.13.1 + epoch: 0 description: New Relic Infrastructure Postgresql Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-postgresql - expected-commit: ee5e60b6e9af6c70339a500f0c111196680e26e2 + expected-commit: 5bbcff2c6b8b4f49bbd891a7a887ed0106bedbdc tag: v${{package.version}} - uses: go/build diff --git a/nri-rabbitmq.yaml b/nri-rabbitmq.yaml index a998f04ce0..ce8d2a0290 100644 --- a/nri-rabbitmq.yaml +++ b/nri-rabbitmq.yaml @@ -1,7 +1,7 @@ package: name: nri-rabbitmq - version: 2.13.2 - epoch: 3 + version: 2.13.3 + epoch: 0 description: New Relic Infrastructure RabbitMQ Integration copyright: - license: MIT @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-rabbitmq - expected-commit: d49f2fe2473788ae5c914061161318973db7766f + expected-commit: b886eb3cf211936eee8ae2e29a3e5cb702a37a6d tag: v${{package.version}} - uses: go/build diff --git a/nri-redis.yaml b/nri-redis.yaml index f8474d4310..9885730178 100644 --- a/nri-redis.yaml +++ b/nri-redis.yaml @@ -1,7 +1,7 @@ package: name: nri-redis - version: 1.11.2 - epoch: 4 + version: 1.11.4 + epoch: 0 description: New Relic Infrastructure Redis Integration copyright: - license: Apache-2.0 @@ -10,7 +10,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/newrelic/nri-redis - expected-commit: 088d1ba271e1d54494f4f9cdc51c0099cf54a48d + expected-commit: cc2fbf3e833231e5851af5a4ca557aae6b85772b tag: v${{package.version}} - uses: go/build diff --git a/nvm.yaml b/nvm.yaml index 83ee02f0ab..0f9f0afed2 100644 --- a/nvm.yaml +++ b/nvm.yaml @@ -37,10 +37,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | source /usr/share/nvm/nvm.sh diff --git a/openjpeg.yaml b/openjpeg.yaml index 8e07bee0f4..ebd6b33692 100644 --- a/openjpeg.yaml +++ b/openjpeg.yaml @@ -1,7 +1,7 @@ package: name: openjpeg - version: 2.5.0 - epoch: 1 + version: 2.5.2 + epoch: 0 description: "Open-source implementation of JPEG2000 image codec" copyright: - license: BSD-2-Clause @@ -24,12 +24,11 @@ pipeline: - uses: fetch with: uri: https://github.com/uclouvain/openjpeg/archive/v${{package.version}}/openjpeg-v${{package.version}}.tar.gz - expected-sha512: 08975a2dd79f1e29fd1824249a5fbe66026640ed787b3a3aa8807c2c69f994240ff33e2132f8bf15bbc2202bef7001f98e42d487231d4eebc8e503538658049a + expected-sha512: 24c058b3e0710e689ba7fd6bce8a88353ce64e825b2e5bbf6b00ca3f2a2ec1e9c70a72e0252a5c89d10c537cf84d55af54bf2f16c58ca01db98c2018cf132e1a # - uses: patch # with: # patches: fix-cmakelists.patch - - uses: cmake/configure with: opt: | diff --git a/opensearch-2.yaml b/opensearch-2.yaml index 809e1606a4..edd1c4ae60 100644 --- a/opensearch-2.yaml +++ b/opensearch-2.yaml @@ -258,7 +258,6 @@ test: environment: contents: packages: - - wolfi-base - openjdk-17-default-jvm - bash pipeline: diff --git a/opensearch-dashboards-2.yaml b/opensearch-dashboards-2.yaml index e8dd819e67..bfa12100d2 100644 --- a/opensearch-dashboards-2.yaml +++ b/opensearch-dashboards-2.yaml @@ -1,7 +1,7 @@ package: name: opensearch-dashboards-2 - version: 2.12.0 - epoch: 0 + version: 2.11.1 + epoch: 2 description: Open source visualization dashboards for OpenSearch copyright: - license: Apache-2.0 @@ -20,7 +20,6 @@ environment: - gcc-12 - gcc-12-default - git - - jq - node-gyp - nodejs-18 - posix-libc-utils @@ -52,27 +51,15 @@ data: pipeline: - uses: git-checkout with: - repository: https://github.com/opensearch-project/OpenSearch-Dashboards + repository: https://github.com/opensearch-project/OpenSearch-Dashboards.git tag: ${{package.version}} - expected-commit: 9ec9a677af5f28e5450926ce07e9d6c3273717a7 - - - uses: patch - with: - patches: 0001-Backport-Bump-typescript-and-axios.patch + expected-commit: 989d8f41f37cca3275bf3fedc5c2057a717d1d64 - runs: | # Workaround for "OpenSearch Dashboards should not be run as root. Use --allow-root to continue." # This change will add the --allow-root when running the build_ts_refs and register_git_hook scripts sed -i 's/\("osd:bootstrap": "scripts\/use_node scripts\/build_ts_refs\)\( && scripts\/use_node scripts\/register_git_hook\)/\1 --allow-root\2 --allow-root/' package.json - - runs: | - # Create "resolutions" section of package.json - jq '.resolutions |= (if . then . else {} end)' package.json > temp.json && mv temp.json package.json - - for override in '"**/hoek"="npm:@hapi/hoek@>=8.5.1"'; do - jq ".resolutions.${override}" package.json > temp.json && mv temp.json package.json - done - - runs: | set -x @@ -102,7 +89,7 @@ subpackages: repository: https://github.com/opensearch-project/opensearch-build tag: ${{package.version}} destination: opensearch-build - expected-commit: 7e150e42bd47e989af58d508e9d7668e45bc31e8 # will need to be manually updated when opensearch dashboard auto update happens + expected-commit: dce080075c219010371c02e699e816dd4df7758f # will need to be manually updated when opensearch dashboard auto update happens - runs: | install -Dm755 opensearch-build/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-2.x.sh ${{targets.contextdir}}/usr/share/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh install -Dm666 opensearch-build/config/opensearch_dashboards-2.x.yml ${{targets.contextdir}}/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml @@ -121,18 +108,18 @@ subpackages: tag: ${{package.version}}.0 destination: ./plugins/${{range.value}} - runs: | + if [ ${{range.value}} = "ganttChartDashboards" ] + then + mv ./plugins/ganttChartDashboards/gantt-chart ./plugins/gantt-chart + rm -r ./plugins/ganttChartDashboards + mv ./plugins/gantt-chart ./plugins/ganttChartDashboards + fi + yarn osd bootstrap --allow-root cd ./plugins/${{range.value}} node /home/build/scripts/plugin_helpers build --allow-root --skip-archive - if [ ${{range.value}} = "reportsDashboards" ] - then - # Remove a test directory of the `resolver` package to prevent surfacing a false-positive. - # See https://github.com/browserify/resolve/issues/288 - rm -r build/opensearch-dashboards/${{range.value}}/node_modules/resolve/test - fi - mkdir -p "${{targets.contextdir}}/usr/share/opensearch-dashboards/plugins" cp -r build/opensearch-dashboards/${{range.value}} "${{targets.contextdir}}/usr/share/opensearch-dashboards/plugins/" diff --git a/opensearch-dashboards-2/0001-Backport-Bump-typescript-and-axios.patch b/opensearch-dashboards-2/0001-Backport-Bump-typescript-and-axios.patch deleted file mode 100644 index 4f0ff0bba1..0000000000 --- a/opensearch-dashboards-2/0001-Backport-Bump-typescript-and-axios.patch +++ /dev/null @@ -1,1058 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Philippe Deslauriers -Date: Wed, 21 Feb 2024 14:46:14 -0800 -Subject: [PATCH] Backport: Bump typescript and axios - -Signed-off-by: Philippe Deslauriers ---- - package.json | 2 +- - packages/osd-babel-preset/common_preset.js | 4 +- - packages/osd-cross-platform/src/repo_root.ts | 2 +- - packages/osd-dev-utils/package.json | 2 +- - .../src/osd_client/osd_client_requester.ts | 2 +- - packages/osd-opensearch-archiver/src/cli.ts | 2 +- - packages/osd-pm/dist/index.js | 6 +++ - .../extract_collectors.test.ts.snap | 38 +++++++++---------- - .../src/failed_tests_reporter/github_api.ts | 6 +-- - .../lib/lifecycle_phase.ts | 11 +++--- - packages/osd-ui-shared-deps/package.json | 2 +- - packages/osd-ui-shared-deps/webpack.config.js | 11 ++++++ - .../application/application_service.test.ts | 2 +- - .../application_service.test.tsx | 8 ++-- - .../application/ui/app_container.test.tsx | 2 +- - src/core/public/chrome/chrome_service.test.ts | 7 +++- - src/core/public/chrome/chrome_service.tsx | 2 +- - .../recently_accessed_service.test.ts | 2 - - src/core/public/context/context_service.ts | 2 +- - src/core/public/core_app/core_app.ts | 4 +- - .../public/doc_links/doc_links_service.ts | 2 +- - .../fatal_errors/fatal_errors_service.tsx | 2 +- - src/core/public/http/fetch.ts | 2 + - .../injected_metadata_service.ts | 10 +++-- - .../integrations/integrations_service.ts | 2 +- - .../notifications/notifications_service.ts | 4 +- - .../public/rendering/rendering_service.tsx | 2 +- - .../public/ui_settings/ui_settings_api.ts | 2 +- - .../public/ui_settings/ui_settings_client.ts | 2 +- - .../public/ui_settings/ui_settings_service.ts | 2 +- - src/core/server/context/context_service.ts | 2 +- - src/core/server/http/http_service.ts | 2 +- - .../server/http/router/response_adapter.ts | 4 +- - .../logging/appenders/file/file_appender.ts | 2 +- - src/core/server/logging/logging_service.ts | 2 +- - src/core/server/metrics/metrics_service.ts | 2 +- - .../opensearch/client/cluster_client.test.ts | 8 ++-- - .../server/opensearch/opensearch_service.ts | 4 +- - .../server/rendering/rendering_service.tsx | 5 +-- - src/core/server/status/status_service.ts | 2 +- - src/dev/build/lib/download.ts | 6 +-- - src/dev/build/lib/fs.ts | 18 ++++++--- - src/dev/jest/config.js | 2 +- - .../common/of.test.ts | 4 +- - tsconfig.base.json | 1 + - yarn.lock | 27 ++++++------- - 46 files changed, 133 insertions(+), 105 deletions(-) - -diff --git a/package.json b/package.json -index 351e33db12..29eb5f4e6f 100644 ---- a/package.json -+++ b/package.json -@@ -98,7 +98,7 @@ - "**/nth-check": "^2.0.1", - "**/qs": "^6.11.0", - "**/trim": "^0.0.3", -- "**/typescript": "4.0.2", -+ "**/typescript": "4.6.4", - "**/unset-value": "^2.0.1", - "**/minimatch": "^3.0.5", - "**/jest-config": "npm:@amoo-miki/jest-config@27.5.1", -diff --git a/packages/osd-babel-preset/common_preset.js b/packages/osd-babel-preset/common_preset.js -index 493c67afbc..dc324f6efd 100644 ---- a/packages/osd-babel-preset/common_preset.js -+++ b/packages/osd-babel-preset/common_preset.js -@@ -29,8 +29,8 @@ - */ - - const plugins = [ -- '@babel/plugin-transform-class-properties', -- '@babel/plugin-transform-private-methods', -+ require.resolve('@babel/plugin-transform-class-properties'), -+ require.resolve('@babel/plugin-transform-private-methods'), - require.resolve('babel-plugin-add-module-exports'), - - // Optional Chaining proposal is stage 4 (https://github.com/tc39/proposal-optional-chaining) -diff --git a/packages/osd-cross-platform/src/repo_root.ts b/packages/osd-cross-platform/src/repo_root.ts -index a7ffc19a7f..ea2975d19e 100644 ---- a/packages/osd-cross-platform/src/repo_root.ts -+++ b/packages/osd-cross-platform/src/repo_root.ts -@@ -41,7 +41,7 @@ const readOpenSearchDashboardsPkgJson = (dir: string) => { - return json; - } - } catch (error) { -- if (error && error.code === 'ENOENT') { -+ if (error?.code === 'ENOENT') { - return; - } - -diff --git a/packages/osd-dev-utils/package.json b/packages/osd-dev-utils/package.json -index 73c66c4009..f35b795bb9 100644 ---- a/packages/osd-dev-utils/package.json -+++ b/packages/osd-dev-utils/package.json -@@ -15,7 +15,7 @@ - "dependencies": { - "@babel/core": "^7.22.9", - "@osd/utils": "1.0.0", -- "axios": "^0.27.2", -+ "axios": "^1.6.1", - "chalk": "^4.1.0", - "cheerio": "1.0.0-rc.1", - "dedent": "^0.7.0", -diff --git a/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts b/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts -index effa5da6dd..dbda8d19ec 100644 ---- a/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts -+++ b/packages/osd-dev-utils/src/osd_client/osd_client_requester.ts -@@ -37,7 +37,7 @@ import { ToolingLog } from '../tooling_log'; - - const isConcliftOnGetError = (error: any) => { - return ( -- isAxiosResponseError(error) && error.config.method === 'GET' && error.response.status === 409 -+ isAxiosResponseError(error) && error.config?.method === 'GET' && error.response.status === 409 - ); - }; - -diff --git a/packages/osd-opensearch-archiver/src/cli.ts b/packages/osd-opensearch-archiver/src/cli.ts -index bf652b3bf8..3c4f650a0f 100644 ---- a/packages/osd-opensearch-archiver/src/cli.ts -+++ b/packages/osd-opensearch-archiver/src/cli.ts -@@ -240,7 +240,7 @@ export function runCli() { - output: process.stdout, - }); - -- await new Promise((resolveInput) => { -+ await new Promise((resolveInput) => { - rl.question(`Press enter when you're done`, () => { - rl.close(); - resolveInput(); -diff --git a/packages/osd-pm/dist/index.js b/packages/osd-pm/dist/index.js -index 458aacd225..9c3ee9e700 100644 ---- a/packages/osd-pm/dist/index.js -+++ b/packages/osd-pm/dist/index.js -@@ -537,6 +537,7 @@ module.exports = require("path"); - "use strict"; - - -+ - /* - * SPDX-License-Identifier: Apache-2.0 - * -@@ -611,6 +612,7 @@ Object.defineProperty(exports, "ToolingLogCollectingWriter", { - "use strict"; - - -+ - /* - * SPDX-License-Identifier: Apache-2.0 - * -@@ -6769,6 +6771,7 @@ var ZipBufferIterator = /*@__PURE__*/ (function (_super) { - "use strict"; - - -+ - /* - * SPDX-License-Identifier: Apache-2.0 - * -@@ -8919,6 +8922,7 @@ exports.parseLogLevel = parseLogLevel; - "use strict"; - - -+ - /* - * SPDX-License-Identifier: Apache-2.0 - * -@@ -8994,6 +8998,7 @@ var _watch = __webpack_require__(463); - * GitHub history for details. - */ - -+ - /* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with -@@ -40212,6 +40217,7 @@ module.exports = process && support(supportLevel); - "use strict"; - - -+ - /* - * Copyright OpenSearch Contributors - * SPDX-License-Identifier: Apache-2.0 -diff --git a/packages/osd-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap b/packages/osd-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap -index 4725be7753..cf9cf12a75 100644 ---- a/packages/osd-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap -+++ b/packages/osd-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap -@@ -9,7 +9,7 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "locale": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -31,7 +31,7 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "locale": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -53,7 +53,7 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "locale": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -75,7 +75,7 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "locale": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -98,11 +98,11 @@ Array [ - "typeDescriptor": Object { - "@@INDEX@@": Object { - "count_1": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - "count_2": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - }, -@@ -127,7 +127,7 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "locale": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -149,21 +149,21 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "flat": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - "my_objects": Object { - "total": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - "type": Object { -- "kind": 131, -+ "kind": 133, - "type": "BooleanKeyword", - }, - }, - "my_str": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -@@ -196,44 +196,44 @@ Array [ - "fetch": Object { - "typeDescriptor": Object { - "flat": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - "my_array": Object { - "items": Object { - "total": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - "type": Object { -- "kind": 131, -+ "kind": 133, - "type": "BooleanKeyword", - }, - }, - }, - "my_index_signature_prop": Object { - "@@INDEX@@": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - }, - "my_objects": Object { - "total": Object { -- "kind": 143, -+ "kind": 146, - "type": "NumberKeyword", - }, - "type": Object { -- "kind": 131, -+ "kind": 133, - "type": "BooleanKeyword", - }, - }, - "my_str": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - "my_str_array": Object { - "items": Object { -- "kind": 146, -+ "kind": 149, - "type": "StringKeyword", - }, - }, -diff --git a/packages/osd-test/src/failed_tests_reporter/github_api.ts b/packages/osd-test/src/failed_tests_reporter/github_api.ts -index c384d56eb1..766d4e14f1 100644 ---- a/packages/osd-test/src/failed_tests_reporter/github_api.ts -+++ b/packages/osd-test/src/failed_tests_reporter/github_api.ts -@@ -30,7 +30,7 @@ - - import Url from 'url'; - --import Axios, { AxiosRequestConfig, AxiosInstance } from 'axios'; -+import Axios, { AxiosRequestConfig, AxiosInstance, AxiosHeaderValue } from 'axios'; - import parseLinkHeader from 'parse-link-header'; - import { ToolingLog, isAxiosResponseError, isAxiosRequestError } from '@osd/dev-utils'; - -@@ -208,7 +208,7 @@ export class GithubApi { - ): Promise<{ - status: number; - statusText: string; -- headers: Record; -+ headers: Record; - data: T; - }> { - const executeRequest = !this.dryRun || options.safeForDryRun; -@@ -233,7 +233,7 @@ export class GithubApi { - const githubApiFailed = isAxiosResponseError(error) && error.response.status >= 500; - const errorResponseLog = - isAxiosResponseError(error) && -- `[${error.config.method} ${error.config.url}] ${error.response.status} ${error.response.statusText} Error`; -+ `[${error.config?.method} ${error.config?.url}] ${error.response.status} ${error.response.statusText} Error`; - - if ((unableToReachGithub || githubApiFailed) && attempt < maxAttempts) { - const waitMs = 1000 * attempt; -diff --git a/packages/osd-test/src/functional_test_runner/lib/lifecycle_phase.ts b/packages/osd-test/src/functional_test_runner/lib/lifecycle_phase.ts -index 02106a4b1d..f39f5ee642 100644 ---- a/packages/osd-test/src/functional_test_runner/lib/lifecycle_phase.ts -+++ b/packages/osd-test/src/functional_test_runner/lib/lifecycle_phase.ts -@@ -44,16 +44,17 @@ export class LifecyclePhase { - private readonly beforeSubj = new Rx.Subject(); - public readonly before$ = this.beforeSubj.asObservable(); - -- private readonly afterSubj = this.options.singular -- ? new Rx.ReplaySubject(1) -- : new Rx.Subject(); -- public readonly after$ = this.afterSubj.asObservable(); -+ private readonly afterSubj: Rx.Subject; -+ public readonly after$: Rx.Observable; - - constructor( - private readonly options: { - singular?: boolean; - } = {} -- ) {} -+ ) { -+ this.afterSubj = this.options.singular ? new Rx.ReplaySubject(1) : new Rx.Subject(); -+ this.after$ = this.afterSubj.asObservable(); -+ } - - public add(fn: (...args: Args) => Promise | void) { - this.handlers.push(fn); -diff --git a/packages/osd-ui-shared-deps/package.json b/packages/osd-ui-shared-deps/package.json -index 8a342a98f0..1c0a69be93 100644 ---- a/packages/osd-ui-shared-deps/package.json -+++ b/packages/osd-ui-shared-deps/package.json -@@ -16,7 +16,7 @@ - "@osd/i18n": "1.0.0", - "@osd/monaco": "1.0.0", - "abortcontroller-polyfill": "^1.4.0", -- "axios": "^0.27.2", -+ "axios": "^1.6.1", - "compression-webpack-plugin": "npm:@amoo-miki/compression-webpack-plugin@4.0.1-rc.1", - "core-js": "^3.6.5", - "custom-event-polyfill": "^0.3.0", -diff --git a/packages/osd-ui-shared-deps/webpack.config.js b/packages/osd-ui-shared-deps/webpack.config.js -index d9bfd81af5..80e7aeef9c 100644 ---- a/packages/osd-ui-shared-deps/webpack.config.js -+++ b/packages/osd-ui-shared-deps/webpack.config.js -@@ -131,6 +131,17 @@ exports.getWebpackConfig = ({ dev = false } = {}) => ({ - }, - ], - }, -+ { -+ test: /worker_proxy_service\.js$/, -+ exclude: /node_modules/, -+ use: { -+ loader: 'babel-loader', -+ options: { -+ babelrc: false, -+ presets: [require.resolve('@osd/babel-preset/webpack_preset')], -+ }, -+ }, -+ }, - ], - }, - -diff --git a/src/core/public/application/application_service.test.ts b/src/core/public/application/application_service.test.ts -index c03afbba27..691ba64cf0 100644 ---- a/src/core/public/application/application_service.test.ts -+++ b/src/core/public/application/application_service.test.ts -@@ -708,7 +708,7 @@ describe('#start()', () => { - // Create an app and a promise that allows us to control when the app completes mounting - const createWaitingApp = (props: Partial): [App, () => void] => { - let finishMount: () => void; -- const mountPromise = new Promise((resolve) => (finishMount = resolve)); -+ const mountPromise = new Promise((resolve) => (finishMount = resolve)); - const app = { - id: 'some-id', - title: 'some-title', -diff --git a/src/core/public/application/integration_tests/application_service.test.tsx b/src/core/public/application/integration_tests/application_service.test.tsx -index 1b659c0dec..9d53d99c9d 100644 ---- a/src/core/public/application/integration_tests/application_service.test.tsx -+++ b/src/core/public/application/integration_tests/application_service.test.tsx -@@ -77,7 +77,7 @@ describe('ApplicationService', () => { - const { register } = service.setup(setupDeps); - - let resolveMount: () => void; -- const promise = new Promise((resolve) => { -+ const promise = new Promise((resolve) => { - resolveMount = resolve; - }); - -@@ -111,7 +111,7 @@ describe('ApplicationService', () => { - const { register } = service.setup(setupDeps); - - let resolveMount: () => void; -- const promise = new Promise((resolve) => { -+ const promise = new Promise((resolve) => { - resolveMount = resolve; - }); - -@@ -453,7 +453,7 @@ describe('ApplicationService', () => { - const { register } = service.setup(setupDeps); - - let resolveMount: () => void; -- const promise = new Promise((resolve) => { -+ const promise = new Promise((resolve) => { - resolveMount = resolve; - }); - -@@ -491,7 +491,7 @@ describe('ApplicationService', () => { - const { register } = service.setup(setupDeps); - - let resolveMount: () => void; -- const promise = new Promise((resolve) => { -+ const promise = new Promise((resolve) => { - resolveMount = resolve; - }); - -diff --git a/src/core/public/application/ui/app_container.test.tsx b/src/core/public/application/ui/app_container.test.tsx -index e9e2caed02..3e658fa256 100644 ---- a/src/core/public/application/ui/app_container.test.tsx -+++ b/src/core/public/application/ui/app_container.test.tsx -@@ -50,7 +50,7 @@ describe('AppContainer', () => { - }); - - const flushPromises = async () => { -- await new Promise(async (resolve) => { -+ await new Promise(async (resolve) => { - setImmediate(() => resolve()); - }); - }; -diff --git a/src/core/public/chrome/chrome_service.test.ts b/src/core/public/chrome/chrome_service.test.ts -index f11b0f3965..e91056ed77 100644 ---- a/src/core/public/chrome/chrome_service.test.ts -+++ b/src/core/public/chrome/chrome_service.test.ts -@@ -43,9 +43,12 @@ import { ChromeService } from './chrome_service'; - import { getAppInfo } from '../application/utils'; - - class FakeApp implements App { -- public title = `${this.id} App`; -+ public title: string; - public mount = () => () => {}; -- constructor(public id: string, public chromeless?: boolean) {} -+ -+ constructor(public id: string, public chromeless?: boolean) { -+ this.title = `${this.id} App`; -+ } - } - const store = new Map(); - const originalLocalStorage = window.localStorage; -diff --git a/src/core/public/chrome/chrome_service.tsx b/src/core/public/chrome/chrome_service.tsx -index 7994c6dcc0..f2ffc8d14c 100644 ---- a/src/core/public/chrome/chrome_service.tsx -+++ b/src/core/public/chrome/chrome_service.tsx -@@ -90,7 +90,7 @@ interface ConstructorParams { - browserSupportsCsp: boolean; - } - --interface StartDeps { -+export interface StartDeps { - application: InternalApplicationStart; - docLinks: DocLinksStart; - http: HttpStart; -diff --git a/src/core/public/chrome/recently_accessed/recently_accessed_service.test.ts b/src/core/public/chrome/recently_accessed/recently_accessed_service.test.ts -index 7046d5efc2..90e72af356 100644 ---- a/src/core/public/chrome/recently_accessed/recently_accessed_service.test.ts -+++ b/src/core/public/chrome/recently_accessed/recently_accessed_service.test.ts -@@ -69,11 +69,9 @@ describe('RecentlyAccessed#start()', () => { - - // @ts-expect-error to allow redeclaring a readonly prop - delete window.localStorage; -- // @ts-expect-error - window.localStorage = new LocalStorageMock(); - }); - beforeEach(() => localStorage.clear()); -- // @ts-expect-error - afterAll(() => (window.localStorage = originalLocalStorage)); - - const getStart = async () => { -diff --git a/src/core/public/context/context_service.ts b/src/core/public/context/context_service.ts -index 5071288a14..433e96c48d 100644 ---- a/src/core/public/context/context_service.ts -+++ b/src/core/public/context/context_service.ts -@@ -32,7 +32,7 @@ import { PluginOpaqueId } from '../../server'; - import { IContextContainer, ContextContainer, HandlerFunction } from '../../utils/context'; - import { CoreContext } from '../core_system'; - --interface StartDeps { -+export interface StartDeps { - pluginDependencies: ReadonlyMap; - } - -diff --git a/src/core/public/core_app/core_app.ts b/src/core/public/core_app/core_app.ts -index fcbcc5de56..e1e91b7753 100644 ---- a/src/core/public/core_app/core_app.ts -+++ b/src/core/public/core_app/core_app.ts -@@ -43,14 +43,14 @@ import type { InjectedMetadataSetup } from '../injected_metadata'; - import { renderApp as renderErrorApp, setupUrlOverflowDetection } from './errors'; - import { renderApp as renderStatusApp } from './status'; - --interface SetupDeps { -+export interface SetupDeps { - application: InternalApplicationSetup; - http: HttpSetup; - injectedMetadata: InjectedMetadataSetup; - notifications: NotificationsSetup; - } - --interface StartDeps { -+export interface StartDeps { - application: InternalApplicationStart; - http: HttpStart; - notifications: NotificationsStart; -diff --git a/src/core/public/doc_links/doc_links_service.ts b/src/core/public/doc_links/doc_links_service.ts -index 0acf4524ab..d73a663a64 100644 ---- a/src/core/public/doc_links/doc_links_service.ts -+++ b/src/core/public/doc_links/doc_links_service.ts -@@ -32,7 +32,7 @@ import { deepFreeze } from '@osd/std'; - import { parse } from 'semver'; - import { InjectedMetadataSetup } from '../injected_metadata'; - --interface StartDeps { -+export interface StartDeps { - injectedMetadata: InjectedMetadataSetup; - } - -diff --git a/src/core/public/fatal_errors/fatal_errors_service.tsx b/src/core/public/fatal_errors/fatal_errors_service.tsx -index 59a23171ed..73159ff20e 100644 ---- a/src/core/public/fatal_errors/fatal_errors_service.tsx -+++ b/src/core/public/fatal_errors/fatal_errors_service.tsx -@@ -38,7 +38,7 @@ import { InjectedMetadataSetup } from '../injected_metadata'; - import { FatalErrorsScreen } from './fatal_errors_screen'; - import { FatalErrorInfo, getErrorInfo } from './get_error_info'; - --interface Deps { -+export interface Deps { - i18n: I18nStart; - injectedMetadata: InjectedMetadataSetup; - } -diff --git a/src/core/public/http/fetch.ts b/src/core/public/http/fetch.ts -index 9a25ecc5ea..03b01fc357 100644 ---- a/src/core/public/http/fetch.ts -+++ b/src/core/public/http/fetch.ts -@@ -220,6 +220,8 @@ export class Fetch { - } - - private shorthand(method: string): HttpHandler { -+ // ToDo: find why 'TResponseBody' of HttpHandler is not assignable to type 'HttpResponse' -+ // @ts-expect-error - return (pathOrOptions: string | HttpFetchOptionsWithPath, options?: HttpFetchOptions) => { - const optionsWithPath = validateFetchArguments(pathOrOptions, options); - return this.fetch({ ...optionsWithPath, method }); -diff --git a/src/core/public/injected_metadata/injected_metadata_service.ts b/src/core/public/injected_metadata/injected_metadata_service.ts -index f4c6a7f7b9..6be782c367 100644 ---- a/src/core/public/injected_metadata/injected_metadata_service.ts -+++ b/src/core/public/injected_metadata/injected_metadata_service.ts -@@ -88,11 +88,13 @@ export interface InjectedMetadataParams { - * @internal - */ - export class InjectedMetadataService { -- private state = deepFreeze( -- this.params.injectedMetadata -- ) as InjectedMetadataParams['injectedMetadata']; -+ private state: InjectedMetadataParams['injectedMetadata']; - -- constructor(private readonly params: InjectedMetadataParams) {} -+ constructor(private readonly params: InjectedMetadataParams) { -+ this.state = deepFreeze( -+ this.params.injectedMetadata -+ ) as InjectedMetadataParams['injectedMetadata']; -+ } - - public start(): InjectedMetadataStart { - return this.setup(); -diff --git a/src/core/public/integrations/integrations_service.ts b/src/core/public/integrations/integrations_service.ts -index df92f0b76d..4c133eff82 100644 ---- a/src/core/public/integrations/integrations_service.ts -+++ b/src/core/public/integrations/integrations_service.ts -@@ -34,7 +34,7 @@ import { CoreService } from '../../types'; - import { MomentService } from './moment'; - import { StylesService } from './styles'; - --interface Deps { -+export interface Deps { - uiSettings: IUiSettingsClient; - } - -diff --git a/src/core/public/notifications/notifications_service.ts b/src/core/public/notifications/notifications_service.ts -index fcdf746f2a..3f3d2bdf3a 100644 ---- a/src/core/public/notifications/notifications_service.ts -+++ b/src/core/public/notifications/notifications_service.ts -@@ -36,11 +36,11 @@ import { ToastsService, ToastsSetup, ToastsStart } from './toasts'; - import { IUiSettingsClient } from '../ui_settings'; - import { OverlayStart } from '../overlays'; - --interface SetupDeps { -+export interface SetupDeps { - uiSettings: IUiSettingsClient; - } - --interface StartDeps { -+export interface StartDeps { - i18n: I18nStart; - overlays: OverlayStart; - targetDomElement: HTMLElement; -diff --git a/src/core/public/rendering/rendering_service.tsx b/src/core/public/rendering/rendering_service.tsx -index ffb147bc39..83168bb745 100644 ---- a/src/core/public/rendering/rendering_service.tsx -+++ b/src/core/public/rendering/rendering_service.tsx -@@ -37,7 +37,7 @@ import { InternalApplicationStart } from '../application'; - import { OverlayStart } from '../overlays'; - import { AppWrapper, AppContainer } from './app_containers'; - --interface StartDeps { -+export interface StartDeps { - application: InternalApplicationStart; - chrome: InternalChromeStart; - overlays: OverlayStart; -diff --git a/src/core/public/ui_settings/ui_settings_api.ts b/src/core/public/ui_settings/ui_settings_api.ts -index d8a68ac035..62e06cf571 100644 ---- a/src/core/public/ui_settings/ui_settings_api.ts -+++ b/src/core/public/ui_settings/ui_settings_api.ts -@@ -66,7 +66,7 @@ export class UiSettingsApi { - * before sending the next request - */ - public batchSet(key: string, value: any) { -- return new Promise((resolve, reject) => { -+ return new Promise((resolve, reject) => { - const prev = this.pendingChanges || NOOP_CHANGES; - - this.pendingChanges = { -diff --git a/src/core/public/ui_settings/ui_settings_client.ts b/src/core/public/ui_settings/ui_settings_client.ts -index 8a5701de6b..4aaa4dcd50 100644 ---- a/src/core/public/ui_settings/ui_settings_client.ts -+++ b/src/core/public/ui_settings/ui_settings_client.ts -@@ -198,7 +198,7 @@ You can use \`IUiSettingsClient.get("${key}", defaultValue)\`, which will just r - this.setLocally(key, newVal); - - try { -- const { settings } = await this.api.batchSet(key, newVal); -+ const { settings } = (await this.api.batchSet(key, newVal)) || {}; - this.cache = defaultsDeep({}, defaults, settings); - this.saved$.next({ key, newValue: newVal, oldValue: initialVal }); - return true; -diff --git a/src/core/public/ui_settings/ui_settings_service.ts b/src/core/public/ui_settings/ui_settings_service.ts -index 9c677ff1c9..10c6b9ed78 100644 ---- a/src/core/public/ui_settings/ui_settings_service.ts -+++ b/src/core/public/ui_settings/ui_settings_service.ts -@@ -37,7 +37,7 @@ import { UiSettingsApi } from './ui_settings_api'; - import { UiSettingsClient } from './ui_settings_client'; - import { IUiSettingsClient } from './types'; - --interface UiSettingsServiceDeps { -+export interface UiSettingsServiceDeps { - http: HttpSetup; - injectedMetadata: InjectedMetadataSetup; - } -diff --git a/src/core/server/context/context_service.ts b/src/core/server/context/context_service.ts -index fd8ede37a8..2ec1234b75 100644 ---- a/src/core/server/context/context_service.ts -+++ b/src/core/server/context/context_service.ts -@@ -32,7 +32,7 @@ import { PluginOpaqueId } from '../../server'; - import { IContextContainer, ContextContainer, HandlerFunction } from '../../utils/context'; - import { CoreContext } from '../core_context'; - --interface SetupDeps { -+export interface SetupDeps { - pluginDependencies: ReadonlyMap; - } - -diff --git a/src/core/server/http/http_service.ts b/src/core/server/http/http_service.ts -index 8627557c73..ed1da87547 100644 ---- a/src/core/server/http/http_service.ts -+++ b/src/core/server/http/http_service.ts -@@ -56,7 +56,7 @@ import { - import { RequestHandlerContext } from '../../server'; - import { registerCoreHandlers } from './lifecycle_handlers'; - --interface SetupDeps { -+export interface SetupDeps { - context: ContextSetup; - } - -diff --git a/src/core/server/http/router/response_adapter.ts b/src/core/server/http/router/response_adapter.ts -index ff5ff5ca84..1597a2d7ab 100644 ---- a/src/core/server/http/router/response_adapter.ts -+++ b/src/core/server/http/router/response_adapter.ts -@@ -127,7 +127,9 @@ export class HapiResponseAdapter { - private toRedirect( - opensearchDashboardsResponse: OpenSearchDashboardsResponse - ) { -- const { headers } = opensearchDashboardsResponse.options; -+ const { -+ headers, -+ }: { headers?: Record } = opensearchDashboardsResponse.options; - if (!headers || typeof headers.location !== 'string') { - throw new Error("expected 'location' header to be set"); - } -diff --git a/src/core/server/logging/appenders/file/file_appender.ts b/src/core/server/logging/appenders/file/file_appender.ts -index 87959641e9..9d00d26fe6 100644 ---- a/src/core/server/logging/appenders/file/file_appender.ts -+++ b/src/core/server/logging/appenders/file/file_appender.ts -@@ -82,7 +82,7 @@ export class FileAppender implements DisposableAppender { - * Disposes `FileAppender`. Waits for the underlying file stream to be completely flushed and closed. - */ - public async dispose() { -- await new Promise((resolve) => { -+ await new Promise((resolve) => { - if (this.outputStream === undefined) { - return resolve(); - } -diff --git a/src/core/server/logging/logging_service.ts b/src/core/server/logging/logging_service.ts -index 7459d4b179..80a67f1265 100644 ---- a/src/core/server/logging/logging_service.ts -+++ b/src/core/server/logging/logging_service.ts -@@ -68,7 +68,7 @@ export interface InternalLoggingServiceSetup { - configure(contextParts: string[], config$: Observable): void; - } - --interface SetupDeps { -+export interface SetupDeps { - loggingSystem: ILoggingSystem; - } - -diff --git a/src/core/server/metrics/metrics_service.ts b/src/core/server/metrics/metrics_service.ts -index 62e1c97063..4181d40e4b 100644 ---- a/src/core/server/metrics/metrics_service.ts -+++ b/src/core/server/metrics/metrics_service.ts -@@ -38,7 +38,7 @@ import { InternalMetricsServiceSetup, InternalMetricsServiceStart, OpsMetrics } - import { OpsMetricsCollector } from './ops_metrics_collector'; - import { opsConfig, OpsConfigType } from './ops_config'; - --interface MetricsServiceSetupDeps { -+export interface MetricsServiceSetupDeps { - http: InternalHttpServiceSetup; - } - -diff --git a/src/core/server/opensearch/client/cluster_client.test.ts b/src/core/server/opensearch/client/cluster_client.test.ts -index 0d17326e44..f7cb5bbdba 100644 ---- a/src/core/server/opensearch/client/cluster_client.test.ts -+++ b/src/core/server/opensearch/client/cluster_client.test.ts -@@ -534,7 +534,7 @@ describe('ClusterClient', () => { - let closeScopedClientWithLongNumeralsSupport: () => void; - - internalClient.close.mockReturnValue( -- new Promise((resolve) => { -+ new Promise((resolve) => { - closeInternalClient = resolve; - }).then(() => { - expect(clusterClientClosed).toBe(false); -@@ -542,7 +542,7 @@ describe('ClusterClient', () => { - }) - ); - scopedClient.close.mockReturnValue( -- new Promise((resolve) => { -+ new Promise((resolve) => { - closeScopedClient = resolve; - }).then(() => { - expect(clusterClientClosed).toBe(false); -@@ -550,7 +550,7 @@ describe('ClusterClient', () => { - }) - ); - internalClientWithLongNumeralsSupport.close.mockReturnValue( -- new Promise((resolve) => { -+ new Promise((resolve) => { - closeInternalClientWithLongNumeralsSupport = resolve; - }).then(() => { - expect(clusterClientClosed).toBe(false); -@@ -558,7 +558,7 @@ describe('ClusterClient', () => { - }) - ); - scopedClientWithLongNumeralsSupport.close.mockReturnValue( -- new Promise((resolve) => { -+ new Promise((resolve) => { - closeScopedClientWithLongNumeralsSupport = resolve; - }).then(() => { - expect(clusterClientClosed).toBe(false); -diff --git a/src/core/server/opensearch/opensearch_service.ts b/src/core/server/opensearch/opensearch_service.ts -index bab3e7ede9..6881ce06a0 100644 ---- a/src/core/server/opensearch/opensearch_service.ts -+++ b/src/core/server/opensearch/opensearch_service.ts -@@ -48,11 +48,11 @@ import { InternalOpenSearchServiceSetup, InternalOpenSearchServiceStart } from ' - import { pollOpenSearchNodesVersion } from './version_check/ensure_opensearch_version'; - import { calculateStatus$ } from './status'; - --interface SetupDeps { -+export interface SetupDeps { - http: InternalHttpServiceSetup; - } - --interface StartDeps { -+export interface StartDeps { - auditTrail: AuditTrailStart; - } - -diff --git a/src/core/server/rendering/rendering_service.tsx b/src/core/server/rendering/rendering_service.tsx -index acaee7f42b..437d8e1e3d 100644 ---- a/src/core/server/rendering/rendering_service.tsx -+++ b/src/core/server/rendering/rendering_service.tsx -@@ -35,8 +35,7 @@ import { i18n } from '@osd/i18n'; - import { Agent as HttpsAgent } from 'https'; - - import Axios from 'axios'; --// @ts-expect-error untyped internal module used to prevent axios from using xhr adapter in tests --import AxiosHttpAdapter from 'axios/lib/adapters/http'; -+ - import { UiPlugins } from '../plugins'; - import { CoreContext } from '../core_context'; - import { Template } from './views'; -@@ -377,7 +376,7 @@ export class RenderingService { - } - return await Axios.get(url, { - httpsAgent: this.httpsAgent, -- adapter: AxiosHttpAdapter, -+ adapter: 'http', - maxRedirects: 0, - }) - .then(() => { -diff --git a/src/core/server/status/status_service.ts b/src/core/server/status/status_service.ts -index 10547e510f..d243aa4f50 100644 ---- a/src/core/server/status/status_service.ts -+++ b/src/core/server/status/status_service.ts -@@ -48,7 +48,7 @@ import { ServiceStatus, CoreStatus, InternalStatusServiceSetup } from './types'; - import { getSummaryStatus } from './get_summary_status'; - import { PluginsStatusService } from './plugins_status'; - --interface SetupDeps { -+export interface SetupDeps { - opensearch: Pick; - environment: InternalEnvironmentServiceSetup; - pluginDependencies: ReadonlyMap; -diff --git a/src/dev/build/lib/download.ts b/src/dev/build/lib/download.ts -index cf5c0f675f..65fd54583c 100644 ---- a/src/dev/build/lib/download.ts -+++ b/src/dev/build/lib/download.ts -@@ -36,10 +36,6 @@ import { createHash } from 'crypto'; - import Axios from 'axios'; - import { ToolingLog } from '@osd/dev-utils'; - --// https://github.com/axios/axios/tree/ffea03453f77a8176c51554d5f6c3c6829294649/lib/adapters --// @ts-expect-error untyped internal module used to prevent axios from using xhr adapter in tests --import AxiosHttpAdapter from 'axios/lib/adapters/http'; -- - import { mkdirp } from './fs'; - - function tryUnlink(path: string) { -@@ -77,7 +73,7 @@ export async function download(options: DownloadOptions): Promise { - const response = await Axios.request({ - url, - responseType: 'stream', -- adapter: AxiosHttpAdapter, -+ adapter: 'http', - }); - - if (response.status !== 200) { -diff --git a/src/dev/build/lib/fs.ts b/src/dev/build/lib/fs.ts -index b2313220f9..772db6689d 100644 ---- a/src/dev/build/lib/fs.ts -+++ b/src/dev/build/lib/fs.ts -@@ -114,13 +114,17 @@ export async function deleteAll(patterns: string[], log: ToolingLog) { - assertAbsolute(pattern.startsWith('!') ? pattern.slice(1) : pattern); - } - -- const files = await del(patterns, { -+ // Doing a dry run to get a list but `rm` will do the actual deleting -+ const filesToDelete = await del(patterns, { - concurrency: 4, -+ dryRun: true, - }); - -+ await Promise.all(filesToDelete.map((folder) => rm(folder, { force: true, recursive: true }))); -+ - if (log) { -- log.debug('Deleted %d files/directories', files.length); -- log.verbose('Deleted:', longInspect(files)); -+ log.debug('Deleted %d files/directories', filesToDelete.length); -+ log.verbose('Deleted:', longInspect(filesToDelete)); - } - } - -@@ -145,9 +149,11 @@ export async function deleteEmptyFolders( - dryRun: true, - }); - -- const foldersToDelete = emptyFoldersList.filter((folderToDelete) => { -- return !foldersToKeep.some((folderToKeep) => folderToDelete.includes(folderToKeep)); -- }); -+ const foldersToDelete = Array.isArray(emptyFoldersList) -+ ? emptyFoldersList.filter((folderToDelete: string[]) => { -+ return !foldersToKeep.some((folderToKeep) => folderToDelete.includes(folderToKeep)); -+ }) -+ : []; - - await Promise.all(foldersToDelete.map((folder) => rm(folder, { force: true, recursive: true }))); - -diff --git a/src/dev/jest/config.js b/src/dev/jest/config.js -index c9239710b3..b3f7fc0986 100644 ---- a/src/dev/jest/config.js -+++ b/src/dev/jest/config.js -@@ -186,7 +186,7 @@ export default { - transformIgnorePatterns: [ - // ignore all node_modules except those which require babel transforms to handle dynamic import() - // since ESM modules are not natively supported in Jest yet (https://github.com/facebook/jest/issues/4842) -- '[/\\\\]node_modules(?![\\/\\\\](monaco-editor|weak-lru-cache|ordered-binary|d3-color))[/\\\\].+\\.js$', -+ '[/\\\\]node_modules(?![\\/\\\\](monaco-editor|weak-lru-cache|ordered-binary|d3-color|axios))[/\\\\].+\\.js$', - 'packages/osd-pm/dist/index.js', - ], - snapshotSerializers: [ -diff --git a/src/plugins/opensearch_dashboards_utils/common/of.test.ts b/src/plugins/opensearch_dashboards_utils/common/of.test.ts -index 499f831042..66280559d9 100644 ---- a/src/plugins/opensearch_dashboards_utils/common/of.test.ts -+++ b/src/plugins/opensearch_dashboards_utils/common/of.test.ts -@@ -32,7 +32,7 @@ import { of } from './of'; - - describe('of()', () => { - describe('when promise resolves', () => { -- const promise = new Promise((resolve) => resolve()).then(() => 123); -+ const promise = new Promise((resolve) => resolve()).then(() => 123); - - test('first member of 3-tuple is the promise value', async () => { - const [result] = await of(promise); -@@ -51,7 +51,7 @@ describe('of()', () => { - }); - - describe('when promise rejects', () => { -- const promise = new Promise((resolve) => resolve()).then(() => { -+ const promise = new Promise((resolve) => resolve()).then(() => { - // eslint-disable-next-line no-throw-literal - throw 123; - }); -diff --git a/tsconfig.base.json b/tsconfig.base.json -index 5c31f795ff..5aba1b3bc5 100644 ---- a/tsconfig.base.json -+++ b/tsconfig.base.json -@@ -53,6 +53,7 @@ - "downlevelIteration": true, - // import tslib helpers rather than inlining helpers for iteration or spreading, for instance - "importHelpers": true, -+ "useUnknownInCatchVariables": false, - // adding global typings - "types": [ - "node", -diff --git a/yarn.lock b/yarn.lock -index 1843167afd..fdefb6aae9 100644 ---- a/yarn.lock -+++ b/yarn.lock -@@ -4909,14 +4909,6 @@ axe-core@^4.0.2, axe-core@^4.3.5: - resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.4.1.tgz#7dbdc25989298f9ad006645cd396782443757413" - integrity sha512-gd1kmb21kwNuWr6BQz8fv6GNECPBnUasepcoLbekws23NVBLODdsClRZ+bQ8+9Uomf3Sm3+Vwn0oYG9NvwnJCw== - --axios@^0.27.2: -- version "0.27.2" -- resolved "https://registry.yarnpkg.com/axios/-/axios-0.27.2.tgz#207658cc8621606e586c85db4b41a750e756d972" -- integrity sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ== -- dependencies: -- follow-redirects "^1.14.9" -- form-data "^4.0.0" -- - axios@^1.1.3: - version "1.2.0" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.2.0.tgz#1cb65bd75162c70e9f8d118a905126c4a201d383" -@@ -4926,6 +4918,15 @@ axios@^1.1.3: - form-data "^4.0.0" - proxy-from-env "^1.1.0" - -+axios@^1.6.1: -+ version "1.6.7" -+ resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.7.tgz#7b48c2e27c96f9c68a2f8f31e2ab19f59b06b0a7" -+ integrity sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA== -+ dependencies: -+ follow-redirects "^1.15.4" -+ form-data "^4.0.0" -+ proxy-from-env "^1.1.0" -+ - axobject-query@^2.2.0: - version "2.2.0" - resolved "https://registry.yarnpkg.com/axobject-query/-/axobject-query-2.2.0.tgz#943d47e10c0b704aa42275e20edf3722648989be" -@@ -8816,7 +8817,7 @@ focus-lock@^0.10.2: - dependencies: - tslib "^2.0.3" - --follow-redirects@^1.14.9, follow-redirects@^1.15.0, follow-redirects@^1.15.4: -+follow-redirects@^1.15.0, follow-redirects@^1.15.4: - version "1.15.5" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.5.tgz#54d4d6d062c0fa7d9d17feb008461550e3ba8020" - integrity sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw== -@@ -17363,10 +17364,10 @@ typedarray@^0.0.6: - resolved "https://registry.yarnpkg.com/typedarray/-/typedarray-0.0.6.tgz#867ac74e3864187b1d3d47d996a78ec5c8830777" - integrity sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c= - --typescript@4.0.2, typescript@~4.5.2: -- version "4.0.2" -- resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.0.2.tgz#7ea7c88777c723c681e33bf7988be5d008d05ac2" -- integrity sha512-e4ERvRV2wb+rRZ/IQeb3jm2VxBsirQLpQhdxplZ2MEzGvDkkMmPglecnNDfSUBivMjP93vRbngYYDQqQ/78bcQ== -+typescript@4.0.2, typescript@4.6.4, typescript@~4.5.2: -+ version "4.6.4" -+ resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.6.4.tgz#caa78bbc3a59e6a5c510d35703f6a09877ce45e9" -+ integrity sha512-9ia/jWHIEbo49HfjrLGfKbZSuWo9iTMwXO+Ca3pRsSpbsMbc7/IU8NKdCZVRRBafVPGnoJeFL76ZOAA84I9fEg== - - uc.micro@^1.0.1, uc.micro@^1.0.5: - version "1.0.6" diff --git a/orc.yaml b/orc.yaml index fc05dda20d..198aaae6f3 100644 --- a/orc.yaml +++ b/orc.yaml @@ -1,6 +1,6 @@ package: name: orc - version: 0.4.37 + version: 0.4.38 epoch: 0 description: Oil Run-time Compiler copyright: @@ -18,7 +18,7 @@ environment: pipeline: - uses: fetch with: - expected-sha512: 73c1e6e3bf66ceda94eb009675b0728ec844acc238959a4e741cbd6b69b7231b544fb85bb093641319d761bcfc0a9f84da864ab7bcf5dd1c263aa75f7b9d2310 + expected-sha512: 49f34be85f6980e4b5e94f848016f5788b658323f3a120110bc237722ac99938c02976efbe96022d148054330432899533305d4dd21be8fab76fd1995179339a uri: https://gstreamer.freedesktop.org/src/orc/orc-${{package.version}}.tar.xz - uses: meson/configure diff --git a/parallel.yaml b/parallel.yaml index 9b07972174..0546c70a90 100644 --- a/parallel.yaml +++ b/parallel.yaml @@ -1,6 +1,6 @@ package: name: parallel - version: "20240122" + version: "20240222" epoch: 0 description: "GNU parallel is a shell tool for executing jobs in parallel using one or more computers" copyright: @@ -18,7 +18,7 @@ pipeline: - uses: fetch with: uri: https://ftp.gnu.org/gnu/parallel/parallel-${{package.version}}.tar.bz2 - expected-sha256: 859688cbb5641cd7b6b16b2b960be24aa4e37e655cc8ffcd8af971cd7d5b449f + expected-sha256: eba09b6a7e238f622293f7d461597f35075cb56f170d0a73148f53d259ec8556 - uses: autoconf/configure diff --git a/pdftk.yaml b/pdftk.yaml index 0888038458..7994dbd015 100644 --- a/pdftk.yaml +++ b/pdftk.yaml @@ -46,7 +46,6 @@ test: environment: contents: packages: - - wolfi-base - openjdk-8-default-jvm pipeline: - runs: | diff --git a/perl-b-hooks-endofscope.yaml b/perl-b-hooks-endofscope.yaml index 8ca040207f..09414d4ccb 100644 --- a/perl-b-hooks-endofscope.yaml +++ b/perl-b-hooks-endofscope.yaml @@ -1,8 +1,8 @@ # Generated from https://git.alpinelinux.org/aports/plain/main/perl-b-hooks-endofscope/APKBUILD package: name: perl-b-hooks-endofscope - version: "0.26" - epoch: 1 + version: "0.27" + epoch: 0 description: Execute code after a scope finished compilation copyright: - license: GPL-1.0-or-later OR Artistic-1.0-Perl @@ -27,7 +27,7 @@ pipeline: - uses: fetch with: uri: https://cpan.metacpan.org/authors/id/E/ET/ETHER/B-Hooks-EndOfScope-${{package.version}}.tar.gz - expected-sha512: e7333f061889d5d97cd793ad557ec1a2c5a918c977f1af22ce004d5d67f7781fcf171f427c31ed6a2a2d02d12e6ad3e15e1c80cad498f83263ff384ab0ec297c + expected-sha512: a05b47e446cc05f6adadd7597fc96eca5066302d3241e2c032574c64a87215fd9272ce5b1f338e0df9c39bed51aeac126547dd0cfb5f154a23721513f09894fe - uses: perl/make diff --git a/php-8.2-memcached.yaml b/php-8.2-memcached.yaml new file mode 100644 index 0000000000..1c800b7f83 --- /dev/null +++ b/php-8.2-memcached.yaml @@ -0,0 +1,69 @@ +package: + name: php-8.2-memcached + version: 3.2.0 + epoch: 0 + description: "A PHP extension for Memcached" + copyright: + - license: PHP-3.01 + dependencies: + runtime: + - ${{package.name}}-config + - php-8.2 + provides: + - php-memcached=${{package.full-version}} + +environment: + contents: + packages: + - autoconf + - build-base + - busybox + - libmemcached-dev + - php-8.2 + - php-8.2-dev + - php-8.2-igbinary-dev + - zlib-dev + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/php-memcached-dev/php-memcached + tag: v${{package.version}} + expected-commit: d1cb3ae87be5382444322118f87324f4044d13b0 + + - name: Prepare build + runs: phpize + + - name: Configure + runs: ./configure + + - uses: autoconf/make + + - name: Make install + runs: | + INSTALL_ROOT="${{targets.destdir}}" DESTDIR="${{targets.destdir}}" make install + +subpackages: + - name: ${{package.name}}-config + dependencies: + provides: + - php-memcached-config=${{package.full-version}} + pipeline: + - runs: | + mkdir -p "${{targets.subpkgdir}}/etc/php/conf.d" + echo "extension=memcached.so" > "${{targets.subpkgdir}}/etc/php/conf.d/memcached.ini" + + - name: ${{package.name}}-dev + description: PHP 8.2 memcached development headers + dependencies: + provides: + - php-memcached-dev=${{package.full-version}} + pipeline: + - uses: split/dev + +update: + enabled: true + github: + identifier: php-memcached-dev/php-memcached + strip-prefix: v + tag-filter: v diff --git a/pixi.yaml b/pixi.yaml index e7e62b9cc5..66254718b2 100644 --- a/pixi.yaml +++ b/pixi.yaml @@ -1,6 +1,6 @@ package: name: pixi - version: 0.14.0 + version: 0.15.2 epoch: 0 description: "Package management made easy" copyright: @@ -20,7 +20,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/prefix-dev/pixi - expected-commit: 44240e8815cf74e7f1ebf4ca6f6d7e1ef86a6cb9 + expected-commit: bbf4d0c19e25b461d0ba262ee5243a2b136e710b tag: v${{package.version}} - name: Configure and build diff --git a/pixman.yaml b/pixman.yaml index 1da4401283..f7fbd8bccb 100644 --- a/pixman.yaml +++ b/pixman.yaml @@ -1,6 +1,6 @@ package: name: pixman - version: 0.43.2 + version: 0.43.4 epoch: 0 description: Low-level pixel manipulation library copyright: @@ -20,7 +20,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: b43dc9549c02c598fb11321d6fca47151f739a076c73fcd8971b5c023a06949e + expected-sha256: 48d8539f35488d694a2fef3ce17394d1153ed4e71c05d1e621904d574be5df19 uri: https://www.x.org/releases/individual/lib/pixman-${{package.version}}.tar.xz - runs: | diff --git a/pombump.yaml b/pombump.yaml index 9bd12a8f9c..852cec4236 100644 --- a/pombump.yaml +++ b/pombump.yaml @@ -1,6 +1,6 @@ package: name: pombump - version: 0.0.9 + version: 0.0.10 epoch: 0 description: Go tool for bumping versions in pom.xml files copyright: @@ -11,7 +11,7 @@ pipeline: with: repository: https://github.com/chainguard-dev/pombump.git tag: v${{package.version}} - expected-commit: c18f3617e009085e8479eabecf9bbeca9f2df781 + expected-commit: 25249008fd8205e5d011ce09d37f7e18718a6051 - uses: go/build with: @@ -28,10 +28,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | pombump version diff --git a/prometheus-alertmanager.yaml b/prometheus-alertmanager.yaml index 22dad4cb85..7833c13b10 100644 --- a/prometheus-alertmanager.yaml +++ b/prometheus-alertmanager.yaml @@ -1,8 +1,8 @@ package: name: prometheus-alertmanager # When bumping this version you can remove the `go get` line in the build script - version: 0.26.0 - epoch: 6 + version: 0.27.0 + epoch: 0 description: Prometheus Alertmanager copyright: - license: Apache-2.0 @@ -16,17 +16,15 @@ environment: - ca-certificates-bundle - curl - go + - nodejs + - npm pipeline: - uses: git-checkout with: repository: https://github.com/prometheus/alertmanager tag: v${{package.version}} - expected-commit: d7b4f0c7322e7151d6e3b1e31cbc15361e295d8d - - - uses: go/bump - with: - deps: golang.org/x/net@v0.17.0 golang.org/x/crypto@v0.17.0 + expected-commit: 0aa3c2aad14cff039931923ab16b26b7481783b5 - runs: | make build diff --git a/prometheus-beat-exporter.yaml b/prometheus-beat-exporter.yaml index dba390047b..6bd8ac0c53 100644 --- a/prometheus-beat-exporter.yaml +++ b/prometheus-beat-exporter.yaml @@ -42,10 +42,6 @@ update: identifier: trustpilot/beat-exporter test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | beat-exporter --version diff --git a/prometheus.yaml b/prometheus.yaml index 0db81d6672..581eeaa6ab 100644 --- a/prometheus.yaml +++ b/prometheus.yaml @@ -1,6 +1,6 @@ package: name: prometheus - version: 2.50.0 + version: 2.50.1 epoch: 0 description: The Prometheus monitoring system and time series database. copyright: @@ -18,7 +18,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 814b920e8a6345d35712b5857ebd4cb5e90fc107 + expected-commit: 8c9b0285360a0b6288d76214a75ce3025bce4050 repository: https://github.com/prometheus/prometheus tag: v${{package.version}} diff --git a/pstack.yaml b/pstack.yaml index d58955b023..5a1068fb9d 100644 --- a/pstack.yaml +++ b/pstack.yaml @@ -1,6 +1,6 @@ package: name: pstack - version: 2.4.6 + version: 2.4.7 epoch: 0 description: "Print stack traces from running processes, or core files." copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/peadar/pstack tag: v${{package.version}} - expected-commit: 542da7ec3b0b4f6bd107de13f06ff0a02bfabbe3 + expected-commit: abbca2ce52122be4487d0a9bdda9bc928c48ac58 - name: Set directories runs: | diff --git a/py3-absl-py.yaml b/py3-absl-py.yaml index 4f789ac83f..cc820316c8 100644 --- a/py3-absl-py.yaml +++ b/py3-absl-py.yaml @@ -41,10 +41,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="absl" diff --git a/py3-agate.yaml b/py3-agate.yaml index 300fc8a4ac..76f4ecd78a 100644 --- a/py3-agate.yaml +++ b/py3-agate.yaml @@ -46,10 +46,6 @@ update: identifier: wireservice/agate test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="agate" diff --git a/py3-aiofiles.yaml b/py3-aiofiles.yaml index 6a76a93b6e..416de0fc34 100644 --- a/py3-aiofiles.yaml +++ b/py3-aiofiles.yaml @@ -35,10 +35,6 @@ update: identifier: 12743 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="aiofiles" diff --git a/py3-aiohttp.yaml b/py3-aiohttp.yaml index e7969f0daf..381d0f86b4 100644 --- a/py3-aiohttp.yaml +++ b/py3-aiohttp.yaml @@ -74,10 +74,6 @@ update: identifier: 6713 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="aiohttp" diff --git a/py3-aiosignal.yaml b/py3-aiosignal.yaml index b320e2ef77..b405d7f021 100644 --- a/py3-aiosignal.yaml +++ b/py3-aiosignal.yaml @@ -41,10 +41,6 @@ update: identifier: 41889 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="aiosignal" diff --git a/py3-alabaster.yaml b/py3-alabaster.yaml index c9588dda65..a4f042228a 100644 --- a/py3-alabaster.yaml +++ b/py3-alabaster.yaml @@ -37,10 +37,6 @@ update: identifier: bitprophet/alabaster test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="alabaster" diff --git a/py3-anyio.yaml b/py3-anyio.yaml index 22bf6edaf4..f283d6eb2f 100644 --- a/py3-anyio.yaml +++ b/py3-anyio.yaml @@ -48,10 +48,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="anyio" diff --git a/py3-appdirs.yaml b/py3-appdirs.yaml index 7cb9f335d2..ae83600f4f 100644 --- a/py3-appdirs.yaml +++ b/py3-appdirs.yaml @@ -39,10 +39,6 @@ update: identifier: 6278 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="appdirs" diff --git a/py3-appnope.yaml b/py3-appnope.yaml index a672c6aa9e..aad07c1f1a 100644 --- a/py3-appnope.yaml +++ b/py3-appnope.yaml @@ -39,10 +39,6 @@ update: identifier: minrk/appnope test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="appnope" diff --git a/py3-archspec.yaml b/py3-archspec.yaml index 312308d579..ceb7221908 100644 --- a/py3-archspec.yaml +++ b/py3-archspec.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/archspec/ package: name: py3-archspec - version: 0.2.2 + version: 0.2.3 epoch: 0 description: A library to query system architecture copyright: @@ -21,7 +21,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 1dc58a5776dd77e6fc6e4ba5626af5b1fb24996e + expected-commit: 7b8fe60b69e2861e7dac104bc1c183decfcd3daf repository: https://github.com/archspec/archspec tag: v${{package.version}} recurse-submodules: true @@ -38,10 +38,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | archspec --version diff --git a/py3-argcomplete.yaml b/py3-argcomplete.yaml index 4dbb0adc5b..0ad734f33f 100644 --- a/py3-argcomplete.yaml +++ b/py3-argcomplete.yaml @@ -36,10 +36,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="argcomplete" diff --git a/py3-asgiref.yaml b/py3-asgiref.yaml index e69865905f..14c750f8b8 100644 --- a/py3-asgiref.yaml +++ b/py3-asgiref.yaml @@ -40,10 +40,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | python3 ./test.py > output.out 2>&1 diff --git a/py3-asn1crypto.yaml b/py3-asn1crypto.yaml index 7fd2a2c794..b60a96d5de 100644 --- a/py3-asn1crypto.yaml +++ b/py3-asn1crypto.yaml @@ -42,10 +42,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="asn1crypto" diff --git a/py3-asttokens.yaml b/py3-asttokens.yaml index 41e69b8e59..d788a472ce 100644 --- a/py3-asttokens.yaml +++ b/py3-asttokens.yaml @@ -43,10 +43,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="asttokens" diff --git a/py3-astunparse.yaml b/py3-astunparse.yaml index fa11a9f311..56c8900abe 100644 --- a/py3-astunparse.yaml +++ b/py3-astunparse.yaml @@ -43,10 +43,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="astunparse" diff --git a/py3-async-generator.yaml b/py3-async-generator.yaml index f30a031d06..fb28b17754 100644 --- a/py3-async-generator.yaml +++ b/py3-async-generator.yaml @@ -44,7 +44,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 pipeline: - runs: | diff --git a/py3-awscrt.yaml b/py3-awscrt.yaml index c63d36812d..2b772e6d59 100644 --- a/py3-awscrt.yaml +++ b/py3-awscrt.yaml @@ -1,6 +1,6 @@ package: name: py3-awscrt - version: 0.20.4 + version: 0.20.5 epoch: 0 description: Python bindings for the AWS Common Runtime copyright: @@ -29,7 +29,7 @@ pipeline: with: repository: https://github.com/awslabs/aws-crt-python tag: v${{package.version}} - expected-commit: 258a8c8d23fbb7742cffc95ae7087a26e451e761 + expected-commit: 6b8b17726f00987cdf1cab739f5cc86325335b30 - runs: | # Allow linking to shared libraries diff --git a/py3-babel.yaml b/py3-babel.yaml index 9f7155086a..515115550b 100644 --- a/py3-babel.yaml +++ b/py3-babel.yaml @@ -40,10 +40,6 @@ update: identifier: 11984 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="babel" diff --git a/py3-backcall.yaml b/py3-backcall.yaml index 0c78b37f84..850c843ba6 100644 --- a/py3-backcall.yaml +++ b/py3-backcall.yaml @@ -39,10 +39,6 @@ update: identifier: takluyver/backcall test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="backcall" diff --git a/py3-backoff.yaml b/py3-backoff.yaml index 4e8f77a014..2b4b09f945 100644 --- a/py3-backoff.yaml +++ b/py3-backoff.yaml @@ -35,10 +35,6 @@ update: identifier: 44448 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="backoff" diff --git a/py3-beartype.yaml b/py3-beartype.yaml index e2132b3446..25d42b6c42 100644 --- a/py3-beartype.yaml +++ b/py3-beartype.yaml @@ -42,7 +42,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 pipeline: - runs: | diff --git a/py3-beautifulsoup4.yaml b/py3-beautifulsoup4.yaml index 919817db3b..e88fef8850 100644 --- a/py3-beautifulsoup4.yaml +++ b/py3-beautifulsoup4.yaml @@ -41,10 +41,6 @@ update: identifier: 3779 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="beautifulsoup4" diff --git a/py3-beniget.yaml b/py3-beniget.yaml index c486b6913d..e47c5b19f6 100644 --- a/py3-beniget.yaml +++ b/py3-beniget.yaml @@ -42,10 +42,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="beniget" diff --git a/py3-bleach.yaml b/py3-bleach.yaml index e9ba5e0483..75ff64c44f 100644 --- a/py3-bleach.yaml +++ b/py3-bleach.yaml @@ -43,10 +43,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="bleach" diff --git a/py3-blinker.yaml b/py3-blinker.yaml index 7a9a6097c7..1cec806e58 100644 --- a/py3-blinker.yaml +++ b/py3-blinker.yaml @@ -44,10 +44,6 @@ update: identifier: pallets-eco/blinker test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="blinker" diff --git a/py3-bokeh.yaml b/py3-bokeh.yaml index b201d5de21..ccd5e9d16f 100644 --- a/py3-bokeh.yaml +++ b/py3-bokeh.yaml @@ -46,10 +46,6 @@ update: identifier: 78655 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="bokeh" diff --git a/py3-boltons.yaml b/py3-boltons.yaml index c039e7832e..7eda64c8cf 100644 --- a/py3-boltons.yaml +++ b/py3-boltons.yaml @@ -45,10 +45,6 @@ update: identifier: mahmoud/boltons test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="boltons" diff --git a/py3-boolean.py.yaml b/py3-boolean.py.yaml index 3f7879ad36..cd340f1e6a 100644 --- a/py3-boolean.py.yaml +++ b/py3-boolean.py.yaml @@ -45,7 +45,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 pipeline: - runs: | diff --git a/py3-boto3.yaml b/py3-boto3.yaml index 0c1628d0b1..59a393011a 100644 --- a/py3-boto3.yaml +++ b/py3-boto3.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/boto3/ package: name: py3-boto3 - version: 1.34.49 + version: 1.34.52 epoch: 0 description: The AWS SDK for Python copyright: @@ -24,7 +24,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 96b9dc85ce8d52619b56ca7b1ac1423eaf0af5ce132904bcc8aa81396eec2abf + expected-sha256: 66303b5f26d92afb72656ff490b22ea72dfff8bf1a29e4a0c5d5f11ec56245dd uri: https://files.pythonhosted.org/packages/source/b/boto3/boto3-${{package.version}}.tar.gz - name: Python Build diff --git a/py3-botocore.yaml b/py3-botocore.yaml index 9ea930b2bb..b6513a99d4 100644 --- a/py3-botocore.yaml +++ b/py3-botocore.yaml @@ -1,6 +1,6 @@ package: name: py3-botocore - version: 1.34.49 + version: 1.34.52 epoch: 0 description: The low-level, core functionality of Boto3 copyright: @@ -27,7 +27,7 @@ pipeline: - uses: fetch with: uri: https://files.pythonhosted.org/packages/source/b/botocore/botocore-${{package.version}}.tar.gz - expected-sha256: d89410bc60673eaff1699f3f1fdcb0e3a5e1f7a6a048c0d88c3ce5c3549433ec + expected-sha256: 187da93aec3f2e87d8a31eced16fa2cb9c71fe2d69b0a797f9f7a9220f5bf7ae - runs: | python3 setup.py build @@ -43,10 +43,6 @@ update: identifier: 29738 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="botocore" diff --git a/py3-bracex.yaml b/py3-bracex.yaml index e44db55f15..40e260cc24 100644 --- a/py3-bracex.yaml +++ b/py3-bracex.yaml @@ -50,10 +50,6 @@ update: strip-suffix: .post1 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="bracex" diff --git a/py3-build.yaml b/py3-build.yaml index 8dfc03f57c..46e8ceac41 100644 --- a/py3-build.yaml +++ b/py3-build.yaml @@ -46,10 +46,6 @@ update: strip-suffix: .post1 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="build" diff --git a/py3-cachecontrol.yaml b/py3-cachecontrol.yaml index 93a7ef645b..53e417c2bd 100644 --- a/py3-cachecontrol.yaml +++ b/py3-cachecontrol.yaml @@ -45,10 +45,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cachecontrol" diff --git a/py3-cachetools.yaml b/py3-cachetools.yaml index fe9c452b5a..dc6ab42b82 100644 --- a/py3-cachetools.yaml +++ b/py3-cachetools.yaml @@ -40,10 +40,6 @@ update: identifier: tkem/cachetools test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cachetools" diff --git a/py3-cairo.yaml b/py3-cairo.yaml index d057cb4dc6..e8c61298d3 100644 --- a/py3-cairo.yaml +++ b/py3-cairo.yaml @@ -58,10 +58,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cairo" diff --git a/py3-canonicaljson.yaml b/py3-canonicaljson.yaml index 470aba4940..a709ba6860 100644 --- a/py3-canonicaljson.yaml +++ b/py3-canonicaljson.yaml @@ -39,10 +39,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="canonicaljson" diff --git a/py3-certifi.yaml b/py3-certifi.yaml index 32b12043f4..6aee448171 100644 --- a/py3-certifi.yaml +++ b/py3-certifi.yaml @@ -61,10 +61,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="certifi" diff --git a/py3-cffi.yaml b/py3-cffi.yaml index c4dce9b1c6..a650a00299 100644 --- a/py3-cffi.yaml +++ b/py3-cffi.yaml @@ -43,10 +43,6 @@ update: identifier: 5536 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cffi" diff --git a/py3-click.yaml b/py3-click.yaml index fcb24b6659..e9706134e2 100644 --- a/py3-click.yaml +++ b/py3-click.yaml @@ -43,10 +43,6 @@ update: identifier: pallets/click test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="click" diff --git a/py3-cloudpickle.yaml b/py3-cloudpickle.yaml index 907bb67146..02aa991967 100644 --- a/py3-cloudpickle.yaml +++ b/py3-cloudpickle.yaml @@ -43,10 +43,6 @@ update: tag-filter: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cloudpickle" diff --git a/py3-cmaes.yaml b/py3-cmaes.yaml index dd72de70ef..8fd0a49c58 100644 --- a/py3-cmaes.yaml +++ b/py3-cmaes.yaml @@ -43,10 +43,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cmaes" diff --git a/py3-codeowners.yaml b/py3-codeowners.yaml index e0f6b1de34..e0f941342f 100644 --- a/py3-codeowners.yaml +++ b/py3-codeowners.yaml @@ -38,10 +38,6 @@ update: identifier: sbdchd/codeowners test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="codeowners" diff --git a/py3-colorama.yaml b/py3-colorama.yaml index e4c023fa7c..bdc437d062 100644 --- a/py3-colorama.yaml +++ b/py3-colorama.yaml @@ -51,10 +51,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="colorama" diff --git a/py3-colorlog.yaml b/py3-colorlog.yaml index 6b34698cbd..a47ec5e2c5 100644 --- a/py3-colorlog.yaml +++ b/py3-colorlog.yaml @@ -42,10 +42,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="colorlog" diff --git a/py3-configargparse.yaml b/py3-configargparse.yaml index bf93e04f7b..b2e5bd7bf5 100644 --- a/py3-configargparse.yaml +++ b/py3-configargparse.yaml @@ -41,10 +41,6 @@ update: identifier: bw2/ConfigArgParse test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | DBSNP_PATH=./package_test_here python ./config_test.py --my-config ./config.txt f1.vcf f2.vcf diff --git a/py3-configobj.yaml b/py3-configobj.yaml index 3cfbd8681c..c6e09dcde0 100644 --- a/py3-configobj.yaml +++ b/py3-configobj.yaml @@ -44,10 +44,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="configobj" diff --git a/py3-contextlib2.yaml b/py3-contextlib2.yaml index 8744bde5e7..19357786dc 100644 --- a/py3-contextlib2.yaml +++ b/py3-contextlib2.yaml @@ -39,10 +39,6 @@ update: identifier: 6215 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="contextlib2" diff --git a/py3-contourpy.yaml b/py3-contourpy.yaml index 0eb30f995f..e91ce37bd6 100644 --- a/py3-contourpy.yaml +++ b/py3-contourpy.yaml @@ -48,10 +48,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="contourpy" diff --git a/py3-crcmod.yaml b/py3-crcmod.yaml index c234378b58..3794ea6e17 100644 --- a/py3-crcmod.yaml +++ b/py3-crcmod.yaml @@ -44,10 +44,6 @@ update: identifier: 12017 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="crcmod" diff --git a/py3-cryptography.yaml b/py3-cryptography.yaml index 9b54f5a2e8..634b818a11 100644 --- a/py3-cryptography.yaml +++ b/py3-cryptography.yaml @@ -45,10 +45,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cryptography" diff --git a/py3-cycler.yaml b/py3-cycler.yaml index 1f67850f9d..63fa7de91d 100644 --- a/py3-cycler.yaml +++ b/py3-cycler.yaml @@ -44,10 +44,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="cycler" diff --git a/py3-datadog.yaml b/py3-datadog.yaml index 18e27f1f68..529e6f9b1b 100644 --- a/py3-datadog.yaml +++ b/py3-datadog.yaml @@ -37,10 +37,6 @@ update: identifier: 35391 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="datadog" diff --git a/py3-debugpy.yaml b/py3-debugpy.yaml index 2403105edc..f65aabc4e5 100644 --- a/py3-debugpy.yaml +++ b/py3-debugpy.yaml @@ -42,10 +42,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="debugpy" diff --git a/py3-defusedxml.yaml b/py3-defusedxml.yaml index 77ab47780c..c445d95a66 100644 --- a/py3-defusedxml.yaml +++ b/py3-defusedxml.yaml @@ -46,10 +46,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="defusedxml" diff --git a/py3-deprecated.yaml b/py3-deprecated.yaml index 91dde8a6fc..3b34875551 100644 --- a/py3-deprecated.yaml +++ b/py3-deprecated.yaml @@ -40,10 +40,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="deprecated" diff --git a/py3-deprecation.yaml b/py3-deprecation.yaml index 80738c510e..dd16a2ff32 100644 --- a/py3-deprecation.yaml +++ b/py3-deprecation.yaml @@ -40,10 +40,6 @@ update: identifier: briancurtin/deprecation test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="deprecation" diff --git a/py3-dill.yaml b/py3-dill.yaml index 7171eb3fc9..0ae638b18c 100644 --- a/py3-dill.yaml +++ b/py3-dill.yaml @@ -40,10 +40,6 @@ update: identifier: uqfoundation/dill test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="dill" diff --git a/py3-distlib.yaml b/py3-distlib.yaml index 332d0c2315..7c7b050b90 100644 --- a/py3-distlib.yaml +++ b/py3-distlib.yaml @@ -43,10 +43,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="distlib" diff --git a/py3-distro.yaml b/py3-distro.yaml index 6aed8febf4..d59496bf52 100644 --- a/py3-distro.yaml +++ b/py3-distro.yaml @@ -44,10 +44,6 @@ update: identifier: 12202 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="distro" diff --git a/py3-django.yaml b/py3-django.yaml index 6dbdc361ef..ed04656f2c 100644 --- a/py3-django.yaml +++ b/py3-django.yaml @@ -42,10 +42,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | python3 ./test.py > output.out 2>&1 diff --git a/py3-docker.yaml b/py3-docker.yaml index fe9ad0bb12..cbf2671a95 100644 --- a/py3-docker.yaml +++ b/py3-docker.yaml @@ -41,10 +41,6 @@ update: identifier: docker/docker-py test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="docker" diff --git a/py3-docopt.yaml b/py3-docopt.yaml index 68646201f0..d177816fef 100644 --- a/py3-docopt.yaml +++ b/py3-docopt.yaml @@ -37,10 +37,6 @@ update: identifier: 8436 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="docopt" diff --git a/py3-docutils.yaml b/py3-docutils.yaml index 8eb3b32a00..38832451d1 100644 --- a/py3-docutils.yaml +++ b/py3-docutils.yaml @@ -45,10 +45,6 @@ update: identifier: 3849 test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="docutils" diff --git a/py3-dulwich.yaml b/py3-dulwich.yaml index 73a4ff203f..746e85397e 100644 --- a/py3-dulwich.yaml +++ b/py3-dulwich.yaml @@ -40,10 +40,6 @@ update: strip-prefix: dulwich- test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="dulwich" diff --git a/py3-escapism.yaml b/py3-escapism.yaml index 45980b549b..2fdc12876c 100644 --- a/py3-escapism.yaml +++ b/py3-escapism.yaml @@ -39,10 +39,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="escapism" diff --git a/py3-exceptiongroup.yaml b/py3-exceptiongroup.yaml index 894b592a46..fd788c01d9 100644 --- a/py3-exceptiongroup.yaml +++ b/py3-exceptiongroup.yaml @@ -43,10 +43,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - busybox pipeline: - runs: | LIBRARY="exceptiongroup" diff --git a/py3-google-cloud-pubsub.yaml b/py3-google-cloud-pubsub.yaml index 4069f5df90..dccff491cc 100644 --- a/py3-google-cloud-pubsub.yaml +++ b/py3-google-cloud-pubsub.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/google-cloud-pubsub/ package: name: py3-google-cloud-pubsub - version: 2.19.6 + version: 2.19.7 epoch: 0 description: Google Cloud Pub/Sub API client library copyright: @@ -29,7 +29,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 2aecd601113386d677ea6faa31f096407926ef48 + expected-commit: 706eee6489c2a7d1b6bcb22824c7cf4f1b5f22e3 repository: https://github.com/googleapis/python-pubsub tag: v${{package.version}} diff --git a/py3-ipykernel.yaml b/py3-ipykernel.yaml index 0fa268c1af..90f45ab397 100644 --- a/py3-ipykernel.yaml +++ b/py3-ipykernel.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/ipykernel/ package: name: py3-ipykernel - version: 6.29.2 + version: 6.29.3 epoch: 0 description: IPython Kernel for Jupyter copyright: @@ -36,7 +36,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 3bade28004e3ff624ed57974948116670604ac5f676d12339693f3142176d3f0 + expected-sha256: e14c250d1f9ea3989490225cc1a542781b095a18a19447fcf2b5eaf7d0ac5bd2 uri: https://files.pythonhosted.org/packages/source/i/ipykernel/ipykernel-${{package.version}}.tar.gz - name: Python Build diff --git a/py3-jinja2.yaml b/py3-jinja2.yaml index d808019312..daa7cb30e8 100644 --- a/py3-jinja2.yaml +++ b/py3-jinja2.yaml @@ -45,9 +45,5 @@ update: identifier: 3894 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: python -c 'import jinja2' diff --git a/py3-jupyter-client.yaml b/py3-jupyter-client.yaml index e9eb074435..28225ce994 100644 --- a/py3-jupyter-client.yaml +++ b/py3-jupyter-client.yaml @@ -52,7 +52,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 pipeline: - runs: | diff --git a/py3-jupyter-lsp.yaml b/py3-jupyter-lsp.yaml index a5c50eb3b3..5cfbe183e4 100644 --- a/py3-jupyter-lsp.yaml +++ b/py3-jupyter-lsp.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/jupyter-lsp/ package: name: py3-jupyter-lsp - version: 2.2.2 + version: 2.2.3 epoch: 0 description: Multi-Language Server WebSocket proxy for Jupyter Notebook/Lab server copyright: @@ -25,7 +25,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 256d24620542ae4bba04a50fc1f6ffe208093a07d8e697fea0a8d1b8ca1b7e5b + expected-sha256: 33dbcbc5df24237ff5c8b696b04ff4689fcd316cb8d4957d620fe5504d7d2c3f uri: https://files.pythonhosted.org/packages/source/j/jupyter-lsp/jupyter-lsp-${{package.version}}.tar.gz - name: Python Build diff --git a/py3-jupyterhub-idle-culler.yaml b/py3-jupyterhub-idle-culler.yaml index 2aed917f55..e6ffd51f5c 100644 --- a/py3-jupyterhub-idle-culler.yaml +++ b/py3-jupyterhub-idle-culler.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/jupyterhub-idle-culler/ package: name: py3-jupyterhub-idle-culler - version: 1.3.0 + version: 1.3.1 epoch: 0 copyright: - license: BSD-3-Clause @@ -24,7 +24,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 10e9cb99e174542339b71f081f561f4ec36d8021 + expected-commit: 37aa612767c1b0d0a969395b329d286e7cf6c074 repository: https://github.com/jupyterhub/jupyterhub-idle-culler tag: ${{package.version}} diff --git a/py3-keyring.yaml b/py3-keyring.yaml index a0eede507f..bcb71a7f5c 100644 --- a/py3-keyring.yaml +++ b/py3-keyring.yaml @@ -1,8 +1,8 @@ # Generated from https://pypi.org/project/keyring/ package: name: py3-keyring - version: 24.3.0 - epoch: 1 + version: 24.3.1 + epoch: 0 description: Store and access your passwords safely. copyright: - license: "MIT" @@ -33,7 +33,7 @@ pipeline: with: repository: https://github.com/jaraco/keyring tag: v${{package.version}} - expected-commit: 9056f4ac3c3d20fb1cb3648b02bf9607bb49995d + expected-commit: 3727268f0de9d5ab56d94e2cff0a794153769c18 - name: Python Build uses: python/build-wheel diff --git a/py3-minimal-snowplow-tracker.yaml b/py3-minimal-snowplow-tracker.yaml index e4483044fc..564860bbc7 100644 --- a/py3-minimal-snowplow-tracker.yaml +++ b/py3-minimal-snowplow-tracker.yaml @@ -1,8 +1,8 @@ # Generated from https://pypi.org/project/minimal-snowplow-tracker/ package: name: py3-minimal-snowplow-tracker - version: 1.0.1 - epoch: 1 + version: 1.0.2 + epoch: 0 description: A minimal snowplow event tracker for Python. Add analytics to your Python and Django apps, webapps and games copyright: - license: Apache-2.0 @@ -27,7 +27,7 @@ pipeline: with: repository: https://github.com/snowplow/snowplow-python-tracker tag: ${{package.version}} - expected-commit: b29a57d91ebe88c4fa104f905c12040d3d7296c6 + expected-commit: cb7e434be13af1f5dfe5b6b3416d062c477f8de1 - name: Python Build uses: python/build-wheel diff --git a/py3-oauth2client.yaml b/py3-oauth2client.yaml index 77ddfb6d95..d06c33d65e 100644 --- a/py3-oauth2client.yaml +++ b/py3-oauth2client.yaml @@ -48,7 +48,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 pipeline: - runs: | diff --git a/py3-openai.yaml b/py3-openai.yaml index b7033fc9c8..6b8266be2c 100644 --- a/py3-openai.yaml +++ b/py3-openai.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/openai/ package: name: py3-openai - version: 1.13.2 + version: 1.13.3 epoch: 0 description: Python client library for the OpenAI API copyright: @@ -36,7 +36,7 @@ pipeline: with: repository: https://github.com/openai/openai-python.git tag: v${{package.version}} - expected-commit: a7115b5f33acd27326e5f78e19beb0d73bd3268e + expected-commit: e41abf7b7dbc1e744d167f748e55d4dedfc0dca7 - name: Python Build uses: python/build-wheel diff --git a/py3-poetry.yaml b/py3-poetry.yaml index 01826b2a9f..64f6751264 100644 --- a/py3-poetry.yaml +++ b/py3-poetry.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/poetry/ package: name: py3-poetry - version: 1.8.0 + version: 1.8.1 epoch: 0 description: Python dependency management and packaging made easy. copyright: @@ -50,11 +50,11 @@ pipeline: with: repository: https://github.com/python-poetry/poetry tag: ${{package.version}} - expected-commit: a3789fec54390e8cca8a6b399b59b8b45cc26dd3 + expected-commit: 78f7dd6b762b78e657ee9c74cf0ae50ccb0904ec - uses: fetch with: - expected-sha256: 27676b30e17c44b836cc002bf3cf8472f01fce886bddb4987caf14aeb4663165 + expected-sha256: 23519cc45eb3cf48e899145bc762425a141e3afd52ecc53ec443ca635122327f uri: https://files.pythonhosted.org/packages/source/p/poetry/poetry-${{package.version}}.tar.gz - name: Python Build diff --git a/py3-psutil.yaml b/py3-psutil.yaml index 083e1d0834..9acd11fdf0 100644 --- a/py3-psutil.yaml +++ b/py3-psutil.yaml @@ -47,7 +47,6 @@ test: environment: contents: packages: - - wolfi-base - python3 pipeline: - runs: | diff --git a/py3-pycparser.yaml b/py3-pycparser.yaml index 9d4a41ea31..45e98133fe 100644 --- a/py3-pycparser.yaml +++ b/py3-pycparser.yaml @@ -52,7 +52,6 @@ test: environment: contents: packages: - - wolfi-base - python3 pipeline: - runs: | diff --git a/py3-pydantic.yaml b/py3-pydantic.yaml index 7ef6273a63..5641af6e4e 100644 --- a/py3-pydantic.yaml +++ b/py3-pydantic.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/pydantic/ package: name: py3-pydantic - version: 2.6.2 + version: 2.6.3 epoch: 0 description: Data validation using Python type hints copyright: @@ -28,7 +28,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 511d862ec9895de6999d260ac4c790d0b233e316 + expected-commit: 88451f3a09f6cc34e66fcb78f0e76755fc6a89bc repository: https://github.com/pydantic/pydantic tag: v${{package.version}} diff --git a/py3-pytest-timeout.yaml b/py3-pytest-timeout.yaml index a75d0fae38..74a9cc8864 100644 --- a/py3-pytest-timeout.yaml +++ b/py3-pytest-timeout.yaml @@ -39,10 +39,6 @@ update: tag-filter: 2. test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | rc=0 diff --git a/py3-pytest.yaml b/py3-pytest.yaml index f6dacb6014..63dd0e9e43 100644 --- a/py3-pytest.yaml +++ b/py3-pytest.yaml @@ -44,10 +44,6 @@ update: identifier: pytest-dev/pytest test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | pytest ./test_capitalize.py diff --git a/py3-pywinpty.yaml b/py3-pywinpty.yaml index a02665557c..29f95e2dcb 100644 --- a/py3-pywinpty.yaml +++ b/py3-pywinpty.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/pywinpty/ package: name: py3-pywinpty - version: 2.0.12 + version: 2.0.13 epoch: 0 description: Pseudo terminal support for Windows from Python. copyright: @@ -24,7 +24,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 8197de460ae8ebb7f5d1701dfa1b5df45b157bb832e92acba316305e18ca00dd + expected-sha256: c34e32351a3313ddd0d7da23d27f835c860d32fe4ac814d372a3ea9594f41dde uri: https://files.pythonhosted.org/packages/source/p/pywinpty/pywinpty-${{package.version}}.tar.gz - name: Python Build diff --git a/py3-rich.yaml b/py3-rich.yaml index d52821d889..5faf987682 100644 --- a/py3-rich.yaml +++ b/py3-rich.yaml @@ -1,10 +1,10 @@ package: name: py3-rich - version: 13.7.0 + version: 13.7.1 epoch: 0 description: "Rich is a Python library for rich text and beautiful formatting in the terminal." copyright: - - license: LGPL-2.1 + - license: LGPL-2.1-or-later dependencies: runtime: - py3-markdown-it-py @@ -27,7 +27,7 @@ pipeline: with: repository: https://github.com/Textualize/rich tag: v${{package.version}} - expected-commit: fd981823644ccf50d685ac9c0cfe8e1e56c9dd35 + expected-commit: 7f580bdcf07a3b269a0e786b6a3aa9c804f393cf - runs: | export SETUPTOOLS_SCM_PRETEND_VERSION=${{package.version}} diff --git a/py3-soupsieve.yaml b/py3-soupsieve.yaml index 60dba2b7fe..18fdebec84 100644 --- a/py3-soupsieve.yaml +++ b/py3-soupsieve.yaml @@ -47,7 +47,6 @@ test: environment: contents: packages: - - wolfi-base - python-3 - py3-beautifulsoup4 pipeline: diff --git a/py3-sqlglot.yaml b/py3-sqlglot.yaml index e7295e9f10..c88cefc0cd 100644 --- a/py3-sqlglot.yaml +++ b/py3-sqlglot.yaml @@ -1,7 +1,7 @@ # Generated from https://pypi.org/project/sqlglot/ package: name: py3-sqlglot - version: 21.2.1 + version: 22.1.1 epoch: 0 description: An easily customizable SQL parser and transpiler copyright: @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/tobymao/sqlglot tag: v${{package.version}} - expected-commit: c23ac05379e2aa5cb5681e26e2c0b8137300baa3 + expected-commit: 00e9f6dfb6b49774bd0b256a075f247741ae323a - name: Python Build runs: python setup.py build diff --git a/py3-tinydb.yaml b/py3-tinydb.yaml index b6041bd231..2eecf7ca76 100644 --- a/py3-tinydb.yaml +++ b/py3-tinydb.yaml @@ -39,10 +39,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | python3 ./test.py > output.out 2>&1 diff --git a/py3-tomlkit.yaml b/py3-tomlkit.yaml index b6fb40a3f0..0284bd4ba4 100644 --- a/py3-tomlkit.yaml +++ b/py3-tomlkit.yaml @@ -1,8 +1,8 @@ # Generated from https://pypi.org/project/tomlkit/ package: name: py3-tomlkit - version: 0.12.3 - epoch: 1 + version: 0.12.4 + epoch: 0 description: Style preserving TOML library copyright: - license: MIT @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/sdispater/tomlkit tag: ${{package.version}} - expected-commit: a678c2f665a2f52c43b204dd70b2aa677331a423 + expected-commit: 911cccd630965ff423316e25b4685ecf7df0ec0a - name: Python Build runs: | diff --git a/py3-typing-extensions.yaml b/py3-typing-extensions.yaml index d34be9d7d8..f12ce3671f 100644 --- a/py3-typing-extensions.yaml +++ b/py3-typing-extensions.yaml @@ -1,8 +1,8 @@ # Generated from https://pypi.org/project/typing-extensions/ package: name: py3-typing-extensions - version: 4.9.0 - epoch: 1 + version: 4.10.0 + epoch: 0 description: Backported and Experimental Type Hints for Python 3.7+ copyright: - license: PSF-2.0 @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/python/typing_extensions tag: ${{package.version}} - expected-commit: fc461d6faf4585849b561f2e4cbb06e9db095307 + expected-commit: ed81f2b2043f60b0c159914e264e127f5d0b4cda - name: Python Build runs: | diff --git a/python-3.10.yaml b/python-3.10.yaml index 30ab8c4587..48c5c1f42d 100644 --- a/python-3.10.yaml +++ b/python-3.10.yaml @@ -110,10 +110,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | python3 --version diff --git a/python-3.11.yaml b/python-3.11.yaml index e895a1ba21..edbe1ae71f 100644 --- a/python-3.11.yaml +++ b/python-3.11.yaml @@ -1,7 +1,7 @@ package: name: python-3.11 version: 3.11.8 - epoch: 0 + epoch: 1 description: "the Python programming language" copyright: - license: PSF-2.0 @@ -41,6 +41,14 @@ pipeline: Modules/_ctypes/darwin* \ Modules/_ctypes/libffi* + - uses: patch + with: + patches: CVE-2023-27043.patch + + - uses: patch + with: + patches: CVE-2023-27043-enable-disable.patch + - name: Configure runs: | ./configure \ @@ -79,6 +87,11 @@ pipeline: - uses: strip +test: + pipeline: + - runs: | + python3.11 CVE-2023-27043-unittest.py + subpackages: - name: "python-3.11-doc" description: "python3 documentation" diff --git a/python-3.11/CVE-2023-27043-enable-disable.patch b/python-3.11/CVE-2023-27043-enable-disable.patch new file mode 100644 index 0000000000..6b84c80317 --- /dev/null +++ b/python-3.11/CVE-2023-27043-enable-disable.patch @@ -0,0 +1,149 @@ +From 9e6732965b10ef8c0abfe799c208f14a23861340 Mon Sep 17 00:00:00 2001 +From: Scott Moser +Date: Tue, 27 Feb 2024 17:13:23 +0000 +Subject: [PATCH 2/2] Change default value for strict to be dependent on + environment var + +This follows the general solution described at: +https://access.redhat.com/articles/7051467 + +The differences are: +1. it does not support /etc/python/email.cfg +2. environment variable is named PYTHON_EMAIL_STRICT_PARSING_DEFAULT + It loosely controls the default 'strict' value of getaddresses and + parseaddr. + + If the variable is unset or set to any value other than 'false' + or '0', then strict=True is used. + +To opt out of this security fix, set the environment variable + + PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false +--- + Lib/email/utils.py | 29 ++++++++++++++-- + Lib/test/test_email/test_email_notstrict.py | 38 +++++++++++++++++++++ + 2 files changed, 65 insertions(+), 2 deletions(-) + create mode 100644 Lib/test/test_email/test_email_notstrict.py + +diff --git a/Lib/email/utils.py b/Lib/email/utils.py +index 94ead0e91f..ce34122a83 100644 +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,8 @@ + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++_parseaddr_strict_default = None ++ + + def _has_surrogates(s): + """Return True if s may contain surrogate-escaped binary data.""" +@@ -149,7 +151,7 @@ def _strip_quoted_realnames(addr): + + supports_strict_parsing = True + +-def getaddresses(fieldvalues, *, strict=True): ++def getaddresses(fieldvalues, *, strict=None): + """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. + + When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in +@@ -157,6 +159,7 @@ def getaddresses(fieldvalues, *, strict=True): + + If strict is true, use a strict parser which rejects malformed inputs. + """ ++ strict = _get_default_parseaddr_strict(strict) + + # If strict is true, if the resulting list of parsed addresses is greater + # than the number of fieldvalues in the input list, a parsing error has +@@ -321,7 +324,7 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr, *, strict=True): ++def parseaddr(addr, *, strict=None): + """ + Parse addr into its constituent realname and email address parts. + +@@ -330,6 +333,8 @@ def parseaddr(addr, *, strict=True): + + If strict is True, use a strict parser which rejects malformed inputs. + """ ++ strict = _get_default_parseaddr_strict(strict) ++ + if not strict: + addrs = _AddressList(addr).addresslist + if not addrs: +@@ -351,6 +356,26 @@ def parseaddr(addr, *, strict=True): + return addrs[0] + + ++# get default value for strict parameter in parseaddr and getaddresses ++def _get_default_parseaddr_strict(val): ++ # non-None value passed into function, use it. ++ if val is not None: ++ return val ++ ++ # consult or update the cached global. ++ global _parseaddr_strict_default ++ ++ if _parseaddr_strict_default is None: ++ val = os.environ.get("PYTHON_EMAIL_STRICT_PARSING_DEFAULT", "true") ++ # env var with 'false' explicitly disables the disabling (meaning strict=true) ++ if val in ("false", "0"): ++ _parseaddr_strict_default = False ++ else: ++ _parseaddr_strict_default = True ++ ++ return _parseaddr_strict_default ++ ++ + # rfc822.unquote() doesn't properly de-backslash-ify in Python pre-2.3. + def unquote(str): + """Remove quotes from a string.""" +diff --git a/Lib/test/test_email/test_email_notstrict.py b/Lib/test/test_email/test_email_notstrict.py +new file mode 100644 +index 0000000000..fe8617cfcb +--- /dev/null ++++ b/Lib/test/test_email/test_email_notstrict.py +@@ -0,0 +1,38 @@ ++""" ++This is the test_getaddresses_nasty function with the triggering ++test case that was added for this fix. We test that ++setting PYTHON_EMAIL_STRICT_PARSING_DEFAULT to false gives ++the old behavior and to true gives new behavior ++""" ++ ++import unittest ++ ++from unittest.mock import patch ++ ++from email import utils ++ ++expected_strict = [('', '')] ++expected_nonstrict = [('', ''), ('', ''), ('', '*--')] ++ ++@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "false"}) ++@patch('email.utils._parseaddr_strict_default', None) ++class TestNonstrictParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_nonstrict) ++ ++@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "true"}) ++@patch('email.utils._parseaddr_strict_default', None) ++class TestStrictParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_strict) ++ ++"""This test would fail if env had PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false""" ++class TestStrictNoEnvParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_strict) ++ ++if __name__ == '__main__': ++ unittest.main() +-- +2.44.0 + diff --git a/python-3.11/CVE-2023-27043-unittest.py b/python-3.11/CVE-2023-27043-unittest.py new file mode 100644 index 0000000000..fe8617cfcb --- /dev/null +++ b/python-3.11/CVE-2023-27043-unittest.py @@ -0,0 +1,38 @@ +""" +This is the test_getaddresses_nasty function with the triggering +test case that was added for this fix. We test that +setting PYTHON_EMAIL_STRICT_PARSING_DEFAULT to false gives +the old behavior and to true gives new behavior +""" + +import unittest + +from unittest.mock import patch + +from email import utils + +expected_strict = [('', '')] +expected_nonstrict = [('', ''), ('', ''), ('', '*--')] + +@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "false"}) +@patch('email.utils._parseaddr_strict_default', None) +class TestNonstrictParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_nonstrict) + +@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "true"}) +@patch('email.utils._parseaddr_strict_default', None) +class TestStrictParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_strict) + +"""This test would fail if env had PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false""" +class TestStrictNoEnvParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_strict) + +if __name__ == '__main__': + unittest.main() diff --git a/python-3.11/CVE-2023-27043.patch b/python-3.11/CVE-2023-27043.patch new file mode 100644 index 0000000000..f3cb5f61c9 --- /dev/null +++ b/python-3.11/CVE-2023-27043.patch @@ -0,0 +1,504 @@ +From 3eb81705ca7111fd36e0447e7fc2e737080e16b4 Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Fri, 15 Dec 2023 16:10:40 +0100 +Subject: [PATCH 1/2] [CVE-2023-27043] gh-102988: Reject malformed addresses in + email.parseaddr() (#111116) + +Detect email address parsing errors and return empty tuple to +indicate the parsing error (old API). Add an optional 'strict' +parameter to getaddresses() and parseaddr() functions. Patch by +Thomas Dwyer. + +Co-Authored-By: Thomas Dwyer +(cherry picked from commit 4a153a1d3b18803a684cd1bcc2cdf3ede3dbae19) +--- + Doc/library/email.utils.rst | 19 +- + Lib/email/utils.py | 151 ++++++++++++- + Lib/test/test_email/test_email.py | 204 +++++++++++++++++- + ...-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 + + 4 files changed, 361 insertions(+), 21 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst + +diff --git a/Doc/library/email.utils.rst b/Doc/library/email.utils.rst +index 0e266b6a45..6723dc4f13 100644 +--- a/Doc/library/email.utils.rst ++++ b/Doc/library/email.utils.rst +@@ -60,13 +60,18 @@ of the new API. + begins with angle brackets, they are stripped off. + + +-.. function:: parseaddr(address) ++.. function:: parseaddr(address, *, strict=True) + + Parse address -- which should be the value of some address-containing field such + as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and + *email address* parts. Returns a tuple of that information, unless the parse + fails, in which case a 2-tuple of ``('', '')`` is returned. + ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: formataddr(pair, charset='utf-8') + +@@ -84,12 +89,15 @@ of the new API. + Added the *charset* option. + + +-.. function:: getaddresses(fieldvalues) ++.. function:: getaddresses(fieldvalues, *, strict=True) + + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. + *fieldvalues* is a sequence of header field values as might be returned by +- :meth:`Message.get_all `. Here's a simple +- example that gets all the recipients of a message:: ++ :meth:`Message.get_all `. ++ ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ Here's a simple example that gets all the recipients of a message:: + + from email.utils import getaddresses + +@@ -99,6 +107,9 @@ of the new API. + resent_ccs = msg.get_all('resent-cc', []) + all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) + ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: parsedate(date) + +diff --git a/Lib/email/utils.py b/Lib/email/utils.py +index 8993858ab4..94ead0e91f 100644 +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,7 @@ + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++ + def _has_surrogates(s): + """Return True if s may contain surrogate-escaped binary data.""" + # This check is based on the fact that unless there are surrogates, utf8 +@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): + return address + + ++def _iter_escaped_chars(addr): ++ pos = 0 ++ escape = False ++ for pos, ch in enumerate(addr): ++ if escape: ++ yield (pos, '\\' + ch) ++ escape = False ++ elif ch == '\\': ++ escape = True ++ else: ++ yield (pos, ch) ++ if escape: ++ yield (pos, '\\') ++ ++ ++def _strip_quoted_realnames(addr): ++ """Strip real names between quotes.""" ++ if '"' not in addr: ++ # Fast path ++ return addr ++ ++ start = 0 ++ open_pos = None ++ result = [] ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '"': ++ if open_pos is None: ++ open_pos = pos ++ else: ++ if start != open_pos: ++ result.append(addr[start:open_pos]) ++ start = pos + 1 ++ open_pos = None ++ ++ if start < len(addr): ++ result.append(addr[start:]) ++ ++ return ''.join(result) + +-def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" +- all = COMMASPACE.join(str(v) for v in fieldvalues) +- a = _AddressList(all) +- return a.addresslist ++ ++supports_strict_parsing = True ++ ++def getaddresses(fieldvalues, *, strict=True): ++ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. ++ ++ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in ++ its place. ++ ++ If strict is true, use a strict parser which rejects malformed inputs. ++ """ ++ ++ # If strict is true, if the resulting list of parsed addresses is greater ++ # than the number of fieldvalues in the input list, a parsing error has ++ # occurred and consequently a list containing a single empty 2-tuple [('', ++ # '')] is returned in its place. This is done to avoid invalid output. ++ # ++ # Malformed input: getaddresses(['alice@example.com ']) ++ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')] ++ # Safe output: [('', '')] ++ ++ if not strict: ++ all = COMMASPACE.join(str(v) for v in fieldvalues) ++ a = _AddressList(all) ++ return a.addresslist ++ ++ fieldvalues = [str(v) for v in fieldvalues] ++ fieldvalues = _pre_parse_validation(fieldvalues) ++ addr = COMMASPACE.join(fieldvalues) ++ a = _AddressList(addr) ++ result = _post_parse_validation(a.addresslist) ++ ++ # Treat output as invalid if the number of addresses is not equal to the ++ # expected number of addresses. ++ n = 0 ++ for v in fieldvalues: ++ # When a comma is used in the Real Name part it is not a deliminator. ++ # So strip those out before counting the commas. ++ v = _strip_quoted_realnames(v) ++ # Expected number of addresses: 1 + number of commas ++ n += 1 + v.count(',') ++ if len(result) != n: ++ return [('', '')] ++ ++ return result ++ ++ ++def _check_parenthesis(addr): ++ # Ignore parenthesis in quoted real names. ++ addr = _strip_quoted_realnames(addr) ++ ++ opens = 0 ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '(': ++ opens += 1 ++ elif ch == ')': ++ opens -= 1 ++ if opens < 0: ++ return False ++ return (opens == 0) ++ ++ ++def _pre_parse_validation(email_header_fields): ++ accepted_values = [] ++ for v in email_header_fields: ++ if not _check_parenthesis(v): ++ v = "('', '')" ++ accepted_values.append(v) ++ ++ return accepted_values ++ ++ ++def _post_parse_validation(parsed_email_header_tuples): ++ accepted_values = [] ++ # The parser would have parsed a correctly formatted domain-literal ++ # The existence of an [ after parsing indicates a parsing failure ++ for v in parsed_email_header_tuples: ++ if '[' in v[1]: ++ v = ('', '') ++ accepted_values.append(v) ++ ++ return accepted_values + + + def _format_timetuple_and_zone(timetuple, zone): +@@ -205,16 +321,33 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr): ++def parseaddr(addr, *, strict=True): + """ + Parse addr into its constituent realname and email address parts. + + Return a tuple of realname and email address, unless the parse fails, in + which case return a 2-tuple of ('', ''). ++ ++ If strict is True, use a strict parser which rejects malformed inputs. + """ +- addrs = _AddressList(addr).addresslist +- if not addrs: +- return '', '' ++ if not strict: ++ addrs = _AddressList(addr).addresslist ++ if not addrs: ++ return ('', '') ++ return addrs[0] ++ ++ if isinstance(addr, list): ++ addr = addr[0] ++ ++ if not isinstance(addr, str): ++ return ('', '') ++ ++ addr = _pre_parse_validation([addr])[0] ++ addrs = _post_parse_validation(_AddressList(addr).addresslist) ++ ++ if not addrs or len(addrs) > 1: ++ return ('', '') ++ + return addrs[0] + + +diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py +index 677f2094b8..20b67792ea 100644 +--- a/Lib/test/test_email/test_email.py ++++ b/Lib/test/test_email/test_email.py +@@ -17,6 +17,7 @@ + + import email + import email.policy ++import email.utils + + from email.charset import Charset + from email.generator import Generator, DecodedGenerator, BytesGenerator +@@ -3321,15 +3322,154 @@ def test_getaddresses(self): + [('Al Person', 'aperson@dom.ain'), + ('Bud Person', 'bperson@dom.ain')]) + ++ def test_getaddresses_comma_in_name(self): ++ """GH-106669 regression test.""" ++ self.assertEqual( ++ utils.getaddresses( ++ [ ++ '"Bud, Person" ', ++ 'aperson@dom.ain (Al Person)', ++ '"Mariusz Felisiak" ', ++ ] ++ ), ++ [ ++ ('Bud, Person', 'bperson@dom.ain'), ++ ('Al Person', 'aperson@dom.ain'), ++ ('Mariusz Felisiak', 'to@example.com'), ++ ], ++ ) ++ ++ def test_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056""" ++ alice = 'alice@example.org' ++ bob = 'bob@example.com' ++ empty = ('', '') ++ ++ # Test utils.getaddresses() and utils.parseaddr() on malformed email ++ # addresses: default behavior (strict=True) rejects malformed address, ++ # and strict=False which tolerates malformed address. ++ for invalid_separator, expected_non_strict in ( ++ ('(', [(f'<{bob}>', alice)]), ++ (')', [('', alice), empty, ('', bob)]), ++ ('<', [('', alice), empty, ('', bob), empty]), ++ ('>', [('', alice), empty, ('', bob)]), ++ ('[', [('', f'{alice}[<{bob}>]')]), ++ (']', [('', alice), empty, ('', bob)]), ++ ('@', [empty, empty, ('', bob)]), ++ (';', [('', alice), empty, ('', bob)]), ++ (':', [('', alice), ('', bob)]), ++ ('.', [('', alice + '.'), ('', bob)]), ++ ('"', [('', alice), ('', f'<{bob}>')]), ++ ): ++ address = f'{alice}{invalid_separator}<{bob}>' ++ with self.subTest(address=address): ++ self.assertEqual(utils.getaddresses([address]), ++ [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ expected_non_strict) ++ ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Comma (',') is treated differently depending on strict parameter. ++ # Comma without quotes. ++ address = f'{alice},<{bob}>' ++ self.assertEqual(utils.getaddresses([address]), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Real name between quotes containing comma. ++ address = '"Alice, alice@example.org" ' ++ expected_strict = ('Alice, alice@example.org', 'bob@example.com') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Valid parenthesis in comments. ++ address = 'alice@example.org (Alice)' ++ expected_strict = ('Alice', 'alice@example.org') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Invalid parenthesis in comments. ++ address = 'alice@example.org )Alice(' ++ self.assertEqual(utils.getaddresses([address]), [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', 'alice@example.org'), ('', ''), ('', 'Alice')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Two addresses with quotes separated by comma. ++ address = '"Jane Doe" , "John Doe" ' ++ self.assertEqual(utils.getaddresses([address]), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Test email.utils.supports_strict_parsing attribute ++ self.assertEqual(email.utils.supports_strict_parsing, True) ++ + def test_getaddresses_nasty(self): +- eq = self.assertEqual +- eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq(utils.getaddresses( +- ['[]*-- =~$']), +- [('', ''), ('', ''), ('', '*--')]) +- eq(utils.getaddresses( +- ['foo: ;', '"Jason R. Mastaler" ']), +- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) ++ for addresses, expected in ( ++ (['"Sürname, Firstname" '], ++ [('Sürname, Firstname', 'to@example.com')]), ++ ++ (['foo: ;'], ++ [('', '')]), ++ ++ (['foo: ;', '"Jason R. Mastaler" '], ++ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]), ++ ++ ([r'Pete(A nice \) chap) '], ++ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]), ++ ++ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'], ++ [('', '')]), ++ ++ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'], ++ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]), ++ ++ (['John Doe '], ++ [('John Doe (comment)', 'jdoe@machine.example')]), ++ ++ (['"Mary Smith: Personal Account" '], ++ [('Mary Smith: Personal Account', 'smith@home.example')]), ++ ++ (['Undisclosed recipients:;'], ++ [('', '')]), ++ ++ ([r', "Giant; \"Big\" Box" '], ++ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]), ++ ): ++ with self.subTest(addresses=addresses): ++ self.assertEqual(utils.getaddresses(addresses), ++ expected) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ expected) ++ ++ addresses = ['[]*-- =~$'] ++ self.assertEqual(utils.getaddresses(addresses), ++ [('', '')]) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ [('', ''), ('', ''), ('', '*--')]) + + def test_getaddresses_embedded_comment(self): + """Test proper handling of a nested comment""" +@@ -3520,6 +3660,54 @@ def test_mime_classes_policy_argument(self): + m = cls(*constructor, policy=email.policy.default) + self.assertIs(m.policy, email.policy.default) + ++ def test_iter_escaped_chars(self): ++ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')), ++ [(0, 'a'), ++ (2, '\\\\'), ++ (3, 'b'), ++ (5, '\\"'), ++ (6, 'c'), ++ (8, '\\\\'), ++ (9, '"'), ++ (10, 'd')]) ++ self.assertEqual(list(utils._iter_escaped_chars('a\\')), ++ [(0, 'a'), (1, '\\')]) ++ ++ def test_strip_quoted_realnames(self): ++ def check(addr, expected): ++ self.assertEqual(utils._strip_quoted_realnames(addr), expected) ++ ++ check('"Jane Doe" , "John Doe" ', ++ ' , ') ++ check(r'"Jane \"Doe\"." ', ++ ' ') ++ ++ # special cases ++ check(r'before"name"after', 'beforeafter') ++ check(r'before"name"', 'before') ++ check(r'b"name"', 'b') # single char ++ check(r'"name"after', 'after') ++ check(r'"name"a', 'a') # single char ++ check(r'"name"', '') ++ ++ # no change ++ for addr in ( ++ 'Jane Doe , John Doe ', ++ 'lone " quote', ++ ): ++ self.assertEqual(utils._strip_quoted_realnames(addr), addr) ++ ++ ++ def test_check_parenthesis(self): ++ addr = 'alice@example.net' ++ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice(')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)')) ++ ++ # Ignore real name between quotes ++ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}')) ++ + + # Test the iterator/generators + class TestIterators(TestEmailBase): +diff --git a/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +new file mode 100644 +index 0000000000..3d0e9e4078 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +@@ -0,0 +1,8 @@ ++:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now ++return ``('', '')`` 2-tuples in more situations where invalid email ++addresses are encountered instead of potentially inaccurate values. Add ++optional *strict* parameter to these two functions: use ``strict=False`` to ++get the old behavior, accept malformed inputs. ++``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check ++if the *strict* paramater is available. Patch by Thomas Dwyer and Victor ++Stinner to improve the CVE-2023-27043 fix. +-- +2.44.0 + diff --git a/python-3.12.yaml b/python-3.12.yaml index 2c15c8e25b..36708f320f 100644 --- a/python-3.12.yaml +++ b/python-3.12.yaml @@ -1,7 +1,7 @@ package: name: python-3.12 version: 3.12.2 - epoch: 0 + epoch: 1 description: "the Python programming language" copyright: - license: PSF-2.0 @@ -41,6 +41,14 @@ pipeline: Modules/_ctypes/darwin* \ Modules/_ctypes/libffi* + - uses: patch + with: + patches: CVE-2023-27043.patch + + - uses: patch + with: + patches: CVE-2023-27043-enable-disable.patch + - name: Configure runs: | ./configure \ @@ -79,6 +87,11 @@ pipeline: - uses: strip +test: + pipeline: + - runs: | + python3.12 CVE-2023-27043-unittest.py + subpackages: - name: "python-3.12-doc" description: "python3 documentation" diff --git a/python-3.12/CVE-2023-27043-enable-disable.patch b/python-3.12/CVE-2023-27043-enable-disable.patch new file mode 100644 index 0000000000..41bd018037 --- /dev/null +++ b/python-3.12/CVE-2023-27043-enable-disable.patch @@ -0,0 +1,149 @@ +From 8ea32b439336ef0270b2af9f7b1b67b59fd29cd0 Mon Sep 17 00:00:00 2001 +From: Scott Moser +Date: Tue, 27 Feb 2024 17:13:23 +0000 +Subject: [PATCH 2/2] Change default value for strict to be dependent on + environment var + +This follows the general solution described at: +https://access.redhat.com/articles/7051467 + +The differences are: +1. it does not support /etc/python/email.cfg +2. environment variable is named PYTHON_EMAIL_STRICT_PARSING_DEFAULT + It loosely controls the default 'strict' value of getaddresses and + parseaddr. + + If the variable is unset or set to any value other than 'false' + or '0', then strict=True is used. + +To opt out of this security fix, set the environment variable + + PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false +--- + Lib/email/utils.py | 29 ++++++++++++++-- + Lib/test/test_email/test_email_notstrict.py | 38 +++++++++++++++++++++ + 2 files changed, 65 insertions(+), 2 deletions(-) + create mode 100644 Lib/test/test_email/test_email_notstrict.py + +diff --git a/Lib/email/utils.py b/Lib/email/utils.py +index af2fb14754..80798ecb2b 100644 +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,8 @@ + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++_parseaddr_strict_default = None ++ + + def _has_surrogates(s): + """Return True if s may contain surrogate-escaped binary data.""" +@@ -149,7 +151,7 @@ def _strip_quoted_realnames(addr): + + supports_strict_parsing = True + +-def getaddresses(fieldvalues, *, strict=True): ++def getaddresses(fieldvalues, *, strict=None): + """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. + + When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in +@@ -157,6 +159,7 @@ def getaddresses(fieldvalues, *, strict=True): + + If strict is true, use a strict parser which rejects malformed inputs. + """ ++ strict = _get_default_parseaddr_strict(strict) + + # If strict is true, if the resulting list of parsed addresses is greater + # than the number of fieldvalues in the input list, a parsing error has +@@ -321,7 +324,7 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr, *, strict=True): ++def parseaddr(addr, *, strict=None): + """ + Parse addr into its constituent realname and email address parts. + +@@ -330,6 +333,8 @@ def parseaddr(addr, *, strict=True): + + If strict is True, use a strict parser which rejects malformed inputs. + """ ++ strict = _get_default_parseaddr_strict(strict) ++ + if not strict: + addrs = _AddressList(addr).addresslist + if not addrs: +@@ -351,6 +356,26 @@ def parseaddr(addr, *, strict=True): + return addrs[0] + + ++# get default value for strict parameter in parseaddr and getaddresses ++def _get_default_parseaddr_strict(val): ++ # non-None value passed into function, use it. ++ if val is not None: ++ return val ++ ++ # consult or update the cached global. ++ global _parseaddr_strict_default ++ ++ if _parseaddr_strict_default is None: ++ val = os.environ.get("PYTHON_EMAIL_STRICT_PARSING_DEFAULT", "true") ++ # env var with 'false' explicitly disables the disabling (meaning strict=true) ++ if val in ("false", "0"): ++ _parseaddr_strict_default = False ++ else: ++ _parseaddr_strict_default = True ++ ++ return _parseaddr_strict_default ++ ++ + # rfc822.unquote() doesn't properly de-backslash-ify in Python pre-2.3. + def unquote(str): + """Remove quotes from a string.""" +diff --git a/Lib/test/test_email/test_email_notstrict.py b/Lib/test/test_email/test_email_notstrict.py +new file mode 100644 +index 0000000000..fe8617cfcb +--- /dev/null ++++ b/Lib/test/test_email/test_email_notstrict.py +@@ -0,0 +1,38 @@ ++""" ++This is the test_getaddresses_nasty function with the triggering ++test case that was added for this fix. We test that ++setting PYTHON_EMAIL_STRICT_PARSING_DEFAULT to false gives ++the old behavior and to true gives new behavior ++""" ++ ++import unittest ++ ++from unittest.mock import patch ++ ++from email import utils ++ ++expected_strict = [('', '')] ++expected_nonstrict = [('', ''), ('', ''), ('', '*--')] ++ ++@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "false"}) ++@patch('email.utils._parseaddr_strict_default', None) ++class TestNonstrictParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_nonstrict) ++ ++@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "true"}) ++@patch('email.utils._parseaddr_strict_default', None) ++class TestStrictParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_strict) ++ ++"""This test would fail if env had PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false""" ++class TestStrictNoEnvParsing(unittest.TestCase): ++ def test_getaddresses_nasty(self): ++ self.assertEqual(utils.getaddresses( ++ ['[]*-- =~$']), expected_strict) ++ ++if __name__ == '__main__': ++ unittest.main() +-- +2.44.0 + diff --git a/python-3.12/CVE-2023-27043-unittest.py b/python-3.12/CVE-2023-27043-unittest.py new file mode 100644 index 0000000000..fe8617cfcb --- /dev/null +++ b/python-3.12/CVE-2023-27043-unittest.py @@ -0,0 +1,38 @@ +""" +This is the test_getaddresses_nasty function with the triggering +test case that was added for this fix. We test that +setting PYTHON_EMAIL_STRICT_PARSING_DEFAULT to false gives +the old behavior and to true gives new behavior +""" + +import unittest + +from unittest.mock import patch + +from email import utils + +expected_strict = [('', '')] +expected_nonstrict = [('', ''), ('', ''), ('', '*--')] + +@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "false"}) +@patch('email.utils._parseaddr_strict_default', None) +class TestNonstrictParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_nonstrict) + +@patch('os.environ', {"PYTHON_EMAIL_STRICT_PARSING_DEFAULT": "true"}) +@patch('email.utils._parseaddr_strict_default', None) +class TestStrictParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_strict) + +"""This test would fail if env had PYTHON_EMAIL_STRICT_PARSING_DEFAULT=false""" +class TestStrictNoEnvParsing(unittest.TestCase): + def test_getaddresses_nasty(self): + self.assertEqual(utils.getaddresses( + ['[]*-- =~$']), expected_strict) + +if __name__ == '__main__': + unittest.main() diff --git a/python-3.12/CVE-2023-27043.patch b/python-3.12/CVE-2023-27043.patch new file mode 100644 index 0000000000..832fa9af4b --- /dev/null +++ b/python-3.12/CVE-2023-27043.patch @@ -0,0 +1,487 @@ +From 3818e8e7036092b9a31c985a61dc5f60414e05ea Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Fri, 15 Dec 2023 16:10:40 +0100 +Subject: [PATCH 1/2] [CVE-2023-27043] gh-102988: Reject malformed addresses in + email.parseaddr() (#111116) + +Detect email address parsing errors and return empty tuple to +indicate the parsing error (old API). Add an optional 'strict' +parameter to getaddresses() and parseaddr() functions. Patch by +Thomas Dwyer. + +Co-Authored-By: Thomas Dwyer +(cherry picked from commit 4a153a1d3b18803a684cd1bcc2cdf3ede3dbae19) +--- + Doc/library/email.utils.rst | 19 +- + Lib/email/utils.py | 151 +++++++++++++- + Lib/test/test_email/test_email.py | 187 +++++++++++++++++- + ...-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 + + 4 files changed, 344 insertions(+), 21 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst + +diff --git a/Doc/library/email.utils.rst b/Doc/library/email.utils.rst +index 345b64001c..d693a9bc39 100644 +--- a/Doc/library/email.utils.rst ++++ b/Doc/library/email.utils.rst +@@ -58,13 +58,18 @@ of the new API. + begins with angle brackets, they are stripped off. + + +-.. function:: parseaddr(address) ++.. function:: parseaddr(address, *, strict=True) + + Parse address -- which should be the value of some address-containing field such + as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and + *email address* parts. Returns a tuple of that information, unless the parse + fails, in which case a 2-tuple of ``('', '')`` is returned. + ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: formataddr(pair, charset='utf-8') + +@@ -82,12 +87,15 @@ of the new API. + Added the *charset* option. + + +-.. function:: getaddresses(fieldvalues) ++.. function:: getaddresses(fieldvalues, *, strict=True) + + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. + *fieldvalues* is a sequence of header field values as might be returned by +- :meth:`Message.get_all `. Here's a simple +- example that gets all the recipients of a message:: ++ :meth:`Message.get_all `. ++ ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ Here's a simple example that gets all the recipients of a message:: + + from email.utils import getaddresses + +@@ -97,6 +105,9 @@ of the new API. + resent_ccs = msg.get_all('resent-cc', []) + all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) + ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: parsedate(date) + +diff --git a/Lib/email/utils.py b/Lib/email/utils.py +index aa949aa933..af2fb14754 100644 +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,7 @@ + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++ + def _has_surrogates(s): + """Return True if s may contain surrogate-escaped binary data.""" + # This check is based on the fact that unless there are surrogates, utf8 +@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): + return address + + ++def _iter_escaped_chars(addr): ++ pos = 0 ++ escape = False ++ for pos, ch in enumerate(addr): ++ if escape: ++ yield (pos, '\\' + ch) ++ escape = False ++ elif ch == '\\': ++ escape = True ++ else: ++ yield (pos, ch) ++ if escape: ++ yield (pos, '\\') ++ ++ ++def _strip_quoted_realnames(addr): ++ """Strip real names between quotes.""" ++ if '"' not in addr: ++ # Fast path ++ return addr ++ ++ start = 0 ++ open_pos = None ++ result = [] ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '"': ++ if open_pos is None: ++ open_pos = pos ++ else: ++ if start != open_pos: ++ result.append(addr[start:open_pos]) ++ start = pos + 1 ++ open_pos = None ++ ++ if start < len(addr): ++ result.append(addr[start:]) ++ ++ return ''.join(result) + +-def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" +- all = COMMASPACE.join(str(v) for v in fieldvalues) +- a = _AddressList(all) +- return a.addresslist ++ ++supports_strict_parsing = True ++ ++def getaddresses(fieldvalues, *, strict=True): ++ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. ++ ++ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in ++ its place. ++ ++ If strict is true, use a strict parser which rejects malformed inputs. ++ """ ++ ++ # If strict is true, if the resulting list of parsed addresses is greater ++ # than the number of fieldvalues in the input list, a parsing error has ++ # occurred and consequently a list containing a single empty 2-tuple [('', ++ # '')] is returned in its place. This is done to avoid invalid output. ++ # ++ # Malformed input: getaddresses(['alice@example.com ']) ++ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')] ++ # Safe output: [('', '')] ++ ++ if not strict: ++ all = COMMASPACE.join(str(v) for v in fieldvalues) ++ a = _AddressList(all) ++ return a.addresslist ++ ++ fieldvalues = [str(v) for v in fieldvalues] ++ fieldvalues = _pre_parse_validation(fieldvalues) ++ addr = COMMASPACE.join(fieldvalues) ++ a = _AddressList(addr) ++ result = _post_parse_validation(a.addresslist) ++ ++ # Treat output as invalid if the number of addresses is not equal to the ++ # expected number of addresses. ++ n = 0 ++ for v in fieldvalues: ++ # When a comma is used in the Real Name part it is not a deliminator. ++ # So strip those out before counting the commas. ++ v = _strip_quoted_realnames(v) ++ # Expected number of addresses: 1 + number of commas ++ n += 1 + v.count(',') ++ if len(result) != n: ++ return [('', '')] ++ ++ return result ++ ++ ++def _check_parenthesis(addr): ++ # Ignore parenthesis in quoted real names. ++ addr = _strip_quoted_realnames(addr) ++ ++ opens = 0 ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '(': ++ opens += 1 ++ elif ch == ')': ++ opens -= 1 ++ if opens < 0: ++ return False ++ return (opens == 0) ++ ++ ++def _pre_parse_validation(email_header_fields): ++ accepted_values = [] ++ for v in email_header_fields: ++ if not _check_parenthesis(v): ++ v = "('', '')" ++ accepted_values.append(v) ++ ++ return accepted_values ++ ++ ++def _post_parse_validation(parsed_email_header_tuples): ++ accepted_values = [] ++ # The parser would have parsed a correctly formatted domain-literal ++ # The existence of an [ after parsing indicates a parsing failure ++ for v in parsed_email_header_tuples: ++ if '[' in v[1]: ++ v = ('', '') ++ accepted_values.append(v) ++ ++ return accepted_values + + + def _format_timetuple_and_zone(timetuple, zone): +@@ -205,16 +321,33 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr): ++def parseaddr(addr, *, strict=True): + """ + Parse addr into its constituent realname and email address parts. + + Return a tuple of realname and email address, unless the parse fails, in + which case return a 2-tuple of ('', ''). ++ ++ If strict is True, use a strict parser which rejects malformed inputs. + """ +- addrs = _AddressList(addr).addresslist +- if not addrs: +- return '', '' ++ if not strict: ++ addrs = _AddressList(addr).addresslist ++ if not addrs: ++ return ('', '') ++ return addrs[0] ++ ++ if isinstance(addr, list): ++ addr = addr[0] ++ ++ if not isinstance(addr, str): ++ return ('', '') ++ ++ addr = _pre_parse_validation([addr])[0] ++ addrs = _post_parse_validation(_AddressList(addr).addresslist) ++ ++ if not addrs or len(addrs) > 1: ++ return ('', '') ++ + return addrs[0] + + +diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py +index 2a237095b9..4672b790d8 100644 +--- a/Lib/test/test_email/test_email.py ++++ b/Lib/test/test_email/test_email.py +@@ -16,6 +16,7 @@ + + import email + import email.policy ++import email.utils + + from email.charset import Charset + from email.generator import Generator, DecodedGenerator, BytesGenerator +@@ -3337,15 +3338,137 @@ def test_getaddresses_comma_in_name(self): + ], + ) + ++ def test_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056""" ++ alice = 'alice@example.org' ++ bob = 'bob@example.com' ++ empty = ('', '') ++ ++ # Test utils.getaddresses() and utils.parseaddr() on malformed email ++ # addresses: default behavior (strict=True) rejects malformed address, ++ # and strict=False which tolerates malformed address. ++ for invalid_separator, expected_non_strict in ( ++ ('(', [(f'<{bob}>', alice)]), ++ (')', [('', alice), empty, ('', bob)]), ++ ('<', [('', alice), empty, ('', bob), empty]), ++ ('>', [('', alice), empty, ('', bob)]), ++ ('[', [('', f'{alice}[<{bob}>]')]), ++ (']', [('', alice), empty, ('', bob)]), ++ ('@', [empty, empty, ('', bob)]), ++ (';', [('', alice), empty, ('', bob)]), ++ (':', [('', alice), ('', bob)]), ++ ('.', [('', alice + '.'), ('', bob)]), ++ ('"', [('', alice), ('', f'<{bob}>')]), ++ ): ++ address = f'{alice}{invalid_separator}<{bob}>' ++ with self.subTest(address=address): ++ self.assertEqual(utils.getaddresses([address]), ++ [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ expected_non_strict) ++ ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Comma (',') is treated differently depending on strict parameter. ++ # Comma without quotes. ++ address = f'{alice},<{bob}>' ++ self.assertEqual(utils.getaddresses([address]), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Real name between quotes containing comma. ++ address = '"Alice, alice@example.org" ' ++ expected_strict = ('Alice, alice@example.org', 'bob@example.com') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Valid parenthesis in comments. ++ address = 'alice@example.org (Alice)' ++ expected_strict = ('Alice', 'alice@example.org') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Invalid parenthesis in comments. ++ address = 'alice@example.org )Alice(' ++ self.assertEqual(utils.getaddresses([address]), [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', 'alice@example.org'), ('', ''), ('', 'Alice')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Two addresses with quotes separated by comma. ++ address = '"Jane Doe" , "John Doe" ' ++ self.assertEqual(utils.getaddresses([address]), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Test email.utils.supports_strict_parsing attribute ++ self.assertEqual(email.utils.supports_strict_parsing, True) ++ + def test_getaddresses_nasty(self): +- eq = self.assertEqual +- eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq(utils.getaddresses( +- ['[]*-- =~$']), +- [('', ''), ('', ''), ('', '*--')]) +- eq(utils.getaddresses( +- ['foo: ;', '"Jason R. Mastaler" ']), +- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) ++ for addresses, expected in ( ++ (['"Sürname, Firstname" '], ++ [('Sürname, Firstname', 'to@example.com')]), ++ ++ (['foo: ;'], ++ [('', '')]), ++ ++ (['foo: ;', '"Jason R. Mastaler" '], ++ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]), ++ ++ ([r'Pete(A nice \) chap) '], ++ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]), ++ ++ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'], ++ [('', '')]), ++ ++ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'], ++ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]), ++ ++ (['John Doe '], ++ [('John Doe (comment)', 'jdoe@machine.example')]), ++ ++ (['"Mary Smith: Personal Account" '], ++ [('Mary Smith: Personal Account', 'smith@home.example')]), ++ ++ (['Undisclosed recipients:;'], ++ [('', '')]), ++ ++ ([r', "Giant; \"Big\" Box" '], ++ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]), ++ ): ++ with self.subTest(addresses=addresses): ++ self.assertEqual(utils.getaddresses(addresses), ++ expected) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ expected) ++ ++ addresses = ['[]*-- =~$'] ++ self.assertEqual(utils.getaddresses(addresses), ++ [('', '')]) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ [('', ''), ('', ''), ('', '*--')]) + + def test_getaddresses_embedded_comment(self): + """Test proper handling of a nested comment""" +@@ -3536,6 +3659,54 @@ def test_mime_classes_policy_argument(self): + m = cls(*constructor, policy=email.policy.default) + self.assertIs(m.policy, email.policy.default) + ++ def test_iter_escaped_chars(self): ++ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')), ++ [(0, 'a'), ++ (2, '\\\\'), ++ (3, 'b'), ++ (5, '\\"'), ++ (6, 'c'), ++ (8, '\\\\'), ++ (9, '"'), ++ (10, 'd')]) ++ self.assertEqual(list(utils._iter_escaped_chars('a\\')), ++ [(0, 'a'), (1, '\\')]) ++ ++ def test_strip_quoted_realnames(self): ++ def check(addr, expected): ++ self.assertEqual(utils._strip_quoted_realnames(addr), expected) ++ ++ check('"Jane Doe" , "John Doe" ', ++ ' , ') ++ check(r'"Jane \"Doe\"." ', ++ ' ') ++ ++ # special cases ++ check(r'before"name"after', 'beforeafter') ++ check(r'before"name"', 'before') ++ check(r'b"name"', 'b') # single char ++ check(r'"name"after', 'after') ++ check(r'"name"a', 'a') # single char ++ check(r'"name"', '') ++ ++ # no change ++ for addr in ( ++ 'Jane Doe , John Doe ', ++ 'lone " quote', ++ ): ++ self.assertEqual(utils._strip_quoted_realnames(addr), addr) ++ ++ ++ def test_check_parenthesis(self): ++ addr = 'alice@example.net' ++ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice(')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)')) ++ ++ # Ignore real name between quotes ++ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}')) ++ + + # Test the iterator/generators + class TestIterators(TestEmailBase): +diff --git a/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +new file mode 100644 +index 0000000000..3d0e9e4078 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +@@ -0,0 +1,8 @@ ++:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now ++return ``('', '')`` 2-tuples in more situations where invalid email ++addresses are encountered instead of potentially inaccurate values. Add ++optional *strict* parameter to these two functions: use ``strict=False`` to ++get the old behavior, accept malformed inputs. ++``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check ++if the *strict* paramater is available. Patch by Thomas Dwyer and Victor ++Stinner to improve the CVE-2023-27043 fix. +-- +2.44.0 + diff --git a/pytorch.yaml b/pytorch.yaml index 1a7b0aeef5..22217d8306 100644 --- a/pytorch.yaml +++ b/pytorch.yaml @@ -102,7 +102,6 @@ test: environment: contents: packages: - - wolfi-base - python-3.11 pipeline: - runs: | diff --git a/qpdf.yaml b/qpdf.yaml index 2dbbdc2a80..7ca2a8f075 100644 --- a/qpdf.yaml +++ b/qpdf.yaml @@ -66,10 +66,6 @@ subpackages: description: Repair PDF files in QDF form after editing test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | qpdf -version diff --git a/redis-7.0.yaml b/redis-7.0.yaml index aee5531b69..8d0f100d43 100644 --- a/redis-7.0.yaml +++ b/redis-7.0.yaml @@ -149,7 +149,6 @@ test: environment: contents: packages: - - busybox - redis-cli pipeline: - runs: | diff --git a/redis-7.2.yaml b/redis-7.2.yaml index 71a3d82e1e..0a97f056ed 100644 --- a/redis-7.2.yaml +++ b/redis-7.2.yaml @@ -151,7 +151,6 @@ test: environment: contents: packages: - - busybox - redis-cli pipeline: - runs: | diff --git a/reflex.yaml b/reflex.yaml index 649b47cecf..90ad06a598 100644 --- a/reflex.yaml +++ b/reflex.yaml @@ -1,6 +1,6 @@ package: name: reflex - version: 0.4.1 + version: 0.4.2 epoch: 0 description: "Web apps in pure Python" copyright: @@ -32,7 +32,7 @@ pipeline: with: repository: https://github.com/reflex-dev/reflex tag: v${{package.version}} - expected-commit: 6384c62e51cc354b0c1071c8a7ffa66cabd51a17 + expected-commit: b13a25c1f697b2de961cdfc8b3d4db7ad131205d - runs: | poetry build diff --git a/renovate.yaml b/renovate.yaml index 3d38ea97e5..eddcf820a6 100644 --- a/renovate.yaml +++ b/renovate.yaml @@ -1,6 +1,6 @@ package: name: renovate - version: 37.214.0 + version: 37.219.0 epoch: 0 description: "Automated dependency updates. Multi-platform and multi-language." copyright: diff --git a/rook.yaml b/rook.yaml index 59810844b1..beb4cb3006 100644 --- a/rook.yaml +++ b/rook.yaml @@ -70,10 +70,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | rook version diff --git a/rpm.yaml b/rpm.yaml index 593b6a32b1..53d9aea9aa 100644 --- a/rpm.yaml +++ b/rpm.yaml @@ -107,10 +107,6 @@ update: strip-suffix: -release test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | rpm --version diff --git a/rqlite.yaml b/rqlite.yaml index a3450a5185..ef94c0172c 100644 --- a/rqlite.yaml +++ b/rqlite.yaml @@ -1,7 +1,7 @@ package: name: rqlite # When bumping the version, you can remove the `go get` line in the build. - version: 8.21.3 + version: 8.22.1 epoch: 0 description: The lightweight, distributed relational database built on SQLite copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/rqlite/rqlite tag: v${{package.version}} - expected-commit: 17b3269f8c7410fff1dee64d88b3f51fdd92e457 + expected-commit: aea705a521c069badd949237ddc38ca592bfea01 - runs: | mkdir -p ${{targets.destdir}}/usr/bin diff --git a/rstudio.yaml b/rstudio.yaml index 842183972a..939578417b 100644 --- a/rstudio.yaml +++ b/rstudio.yaml @@ -98,10 +98,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | rstudio-server version diff --git a/ruby3.2-concurrent-ruby.yaml b/ruby3.2-concurrent-ruby.yaml index 512a378b64..93c3b21588 100644 --- a/ruby3.2-concurrent-ruby.yaml +++ b/ruby3.2-concurrent-ruby.yaml @@ -88,10 +88,11 @@ subpackages: test: environment: + environment: + HOME: /home/build contents: packages: - ruby3.2-bundler - - wolfi-base # Install the subpackages for testing - ruby3.2-concurrent-ruby-ext - ruby3.2-concurrent-ruby-edge diff --git a/ruby3.2-jrjackson.yaml b/ruby3.2-jrjackson.yaml index 3dcd490678..0cf8de3a06 100644 --- a/ruby3.2-jrjackson.yaml +++ b/ruby3.2-jrjackson.yaml @@ -57,7 +57,6 @@ test: environment: contents: packages: - - busybox - jruby-9.4 - openjdk-11-default-jvm pipeline: diff --git a/ruby3.2-jruby-openssl.yaml b/ruby3.2-jruby-openssl.yaml index d790fc687e..dbf446dbe3 100644 --- a/ruby3.2-jruby-openssl.yaml +++ b/ruby3.2-jruby-openssl.yaml @@ -1,11 +1,11 @@ # Generated from https://github.com/jruby/jruby-openssl package: name: ruby3.2-jruby-openssl - version: 0.14.2 + version: 0.14.3 epoch: 0 description: JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. copyright: - - license: GPL-2.0-or-later AND EPL-1.0-or-later AND LGPL-2.1-or-later + - license: GPL-2.0-or-later AND EPL-1.0 AND LGPL-2.1-or-later dependencies: runtime: - ruby3.2-bouncy-castle-java @@ -24,7 +24,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: b0ca8d8a0d5cb58ca7f8b9e37eb1fda69bfeba7a + expected-commit: 055f5756c424276a1ecf0ec7327a049bb147ea9a repository: https://github.com/jruby/jruby-openssl tag: v${{package.version}} diff --git a/ruby3.2-jwt.yaml b/ruby3.2-jwt.yaml index f17b279720..a81fa2b2e2 100644 --- a/ruby3.2-jwt.yaml +++ b/ruby3.2-jwt.yaml @@ -1,7 +1,7 @@ # Generated from https://github.com/jwt/ruby-jwt package: name: ruby3.2-jwt - version: 2.8.0 + version: 2.8.1 epoch: 0 description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard. copyright: @@ -20,7 +20,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: d466bb5c940bb12ac33bfa03143ed151dc2ce68d5968ca5de08541feca4ef16c + expected-sha256: 35ce94394e4db19661c7771dc66a452de098b6fbae0d853b5d7a7f3a2756cff1 uri: https://github.com/jwt/ruby-jwt/archive/refs/tags/v${{package.version}}.tar.gz - uses: ruby/build diff --git a/ruff.yaml b/ruff.yaml index 2d04ec3a6f..dd122a6aee 100644 --- a/ruff.yaml +++ b/ruff.yaml @@ -1,6 +1,6 @@ package: name: ruff - version: 0.2.2 + version: 0.3.0 epoch: 0 description: An extremely fast Python linter, written in Rust. copyright: @@ -19,7 +19,7 @@ pipeline: with: repository: https://github.com/astral-sh/ruff tag: v${{package.version}} - expected-commit: 235cfb79769da2c435b9c88d8bae4a79f1234857 + expected-commit: b53118ed0016ac37233d3dadbcea9ed3ac1f538e - runs: | cargo build --release diff --git a/rye.yaml b/rye.yaml index 8c86096076..dd170dc35c 100644 --- a/rye.yaml +++ b/rye.yaml @@ -1,6 +1,6 @@ package: name: rye - version: 0.26.0 + version: 0.27.0 epoch: 0 description: "An Experimental Package Management Solution for Python" copyright: @@ -21,7 +21,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/mitsuhiko/rye - expected-commit: d245f625ed1e48b794863cc3a69d0a83daf74c5c + expected-commit: 43ee4fce00021b4cc15dfc3fb92a97b9b156a981 tag: ${{package.version}} - name: Configure and build diff --git a/s5cmd.yaml b/s5cmd.yaml index 4f4ca4173b..33bdd5a36b 100644 --- a/s5cmd.yaml +++ b/s5cmd.yaml @@ -35,10 +35,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | s5cmd version diff --git a/scala-2.yaml b/scala-2.yaml index b2c785129a..f5055e1823 100644 --- a/scala-2.yaml +++ b/scala-2.yaml @@ -1,6 +1,6 @@ package: name: scala-2 - version: 2.13.12 + version: 2.13.13 epoch: 0 description: Scala 2 compiler and standard library. copyright: @@ -24,7 +24,7 @@ pipeline: with: repository: https://github.com/scala/scala tag: v${{package.version}} - expected-commit: 80514f73a6c7db32df9887d9a5ca9ae921e25118 + expected-commit: fcc67cd56c67851bf31019ec25ccb09d08b9561b - uses: patch with: diff --git a/screen.yaml b/screen.yaml index 1b66a1f99c..8088a1371e 100644 --- a/screen.yaml +++ b/screen.yaml @@ -41,10 +41,6 @@ subpackages: description: screen manpages test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: screen -v diff --git a/selenium.yaml b/selenium.yaml index 3a58ee0911..1fbcfbb671 100644 --- a/selenium.yaml +++ b/selenium.yaml @@ -107,7 +107,6 @@ test: environment: contents: packages: - - wolfi-base - openjdk-11-default-jvm pipeline: - runs: | diff --git a/shfmt.yaml b/shfmt.yaml index a2fedc634f..fff7dc321e 100644 --- a/shfmt.yaml +++ b/shfmt.yaml @@ -33,10 +33,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | shfmt --version diff --git a/skaffold.yaml b/skaffold.yaml index 01c69e14f3..c415bf12c3 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -1,7 +1,7 @@ package: name: skaffold - version: 2.10.0 - epoch: 4 + version: 2.10.1 + epoch: 0 description: Easy and Repeatable Kubernetes Development copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: cbc665bfc1fe7253df466e70dd48e3851d935a3e + expected-commit: df0264229733d654ae0f43466e760dae936b12e7 repository: https://github.com/GoogleContainerTools/skaffold tag: v${{package.version}} diff --git a/spark.yaml b/spark.yaml index 5b1f59c3da..007a9c78ac 100644 --- a/spark.yaml +++ b/spark.yaml @@ -83,10 +83,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | /usr/lib/spark/bin/spark-submit --version diff --git a/speedtest-go.yaml b/speedtest-go.yaml index c52cb3230f..62cf0e8c67 100644 --- a/speedtest-go.yaml +++ b/speedtest-go.yaml @@ -20,10 +20,6 @@ pipeline: ldflags: -s -w test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: speedtest-go diff --git a/sqlite.yaml b/sqlite.yaml index e34af73d8f..64cf7d5a29 100644 --- a/sqlite.yaml +++ b/sqlite.yaml @@ -84,10 +84,6 @@ update: identifier: 4877 test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | sqlite3 --version diff --git a/sqlpad.yaml b/sqlpad.yaml index 28b316c9a0..048d86a916 100644 --- a/sqlpad.yaml +++ b/sqlpad.yaml @@ -1,7 +1,7 @@ package: name: sqlpad version: 7.4.1 # when updating check the patch below as it contains dependency version updates which may downgrade if upstream upgrades them - epoch: 0 + epoch: 1 description: Web-based SQL editor. Legacy project in maintenance mode. copyright: - license: MIT @@ -16,6 +16,7 @@ environment: - build-base - busybox - nodejs-18 + - python3 - yarn pipeline: diff --git a/sqlpad/server-package-json.patch b/sqlpad/server-package-json.patch index 2b445b59f6..09cc18286c 100644 --- a/sqlpad/server-package-json.patch +++ b/sqlpad/server-package-json.patch @@ -1,14 +1,91 @@ diff --git a/server/package.json b/server/package.json -index 19d52f20..4956d34d 100644 +index ecff486d..f96c921c 100644 --- a/server/package.json +++ b/server/package.json -@@ -126,6 +126,8 @@ +@@ -61,6 +61,7 @@ + "format-link-header": "^3.1.1", + "hdb": "^0.19.0", + "helmet": "^7.0.0", ++ "ip": "^2.0.1", + "jsonwebtoken": "^9.0.0", + "ldapjs": "^2.3.2", + "lodash": "^4.17.20", +@@ -127,6 +128,9 @@ "traverse": "^0.6.6" }, "resolutions": { - "supertest/**/cookiejar": "^2.1.4" + "supertest/**/cookiejar": "^2.1.4", + "semver": "6.3.1", -+ "@node-saml/node-saml": "4.0.5" ++ "@node-saml/node-saml": "4.0.5", ++ "ip": "2.0.1" } - } \ No newline at end of file + } +diff --git a/server/yarn.lock b/server/yarn.lock +index e9f0019f..12eb780f 100644 +--- a/server/yarn.lock ++++ b/server/yarn.lock +@@ -304,10 +304,10 @@ + semver "^7.3.5" + tar "^6.1.11" + +-"@node-saml/node-saml@^4.0.4": +- version "4.0.4" +- resolved "https://registry.yarnpkg.com/@node-saml/node-saml/-/node-saml-4.0.4.tgz#472a6b17021a0c9d8261964bf6e1dd686ae2d515" +- integrity sha512-oybUBWBYVsHGckQxzyzlpRM4E2iuW3I2Ok/J9SwlotdmjvmZxSo6Ub74D9wltG8C9daJZYI57uy+1UK4FtcGXA== ++"@node-saml/node-saml@4.0.5", "@node-saml/node-saml@^4.0.4": ++ version "4.0.5" ++ resolved "https://registry.yarnpkg.com/@node-saml/node-saml/-/node-saml-4.0.5.tgz#039e387095b54639b06df62b1b4a6d8941c6d907" ++ integrity sha512-J5DglElbY1tjOuaR1NPtjOXkXY5bpUhDoKVoeucYN98A3w4fwgjIOPqIGcb6cQsqFq2zZ6vTCeKn5C/hvefSaw== + dependencies: + "@types/debug" "^4.1.7" + "@types/passport" "^1.0.11" +@@ -2668,10 +2668,10 @@ internal-slot@^1.0.5: + hasown "^2.0.0" + side-channel "^1.0.4" + +-ip@^2.0.0: +- version "2.0.0" +- resolved "https://registry.yarnpkg.com/ip/-/ip-2.0.0.tgz#4cf4ab182fee2314c75ede1276f8c80b479936da" +- integrity sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ== ++ip@2.0.1, ip@^2.0.0, ip@^2.0.1: ++ version "2.0.1" ++ resolved "https://registry.yarnpkg.com/ip/-/ip-2.0.1.tgz#e8f3595d33a3ea66490204234b77636965307105" ++ integrity sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ== + + ipaddr.js@0.1.3: + version "0.1.3" +@@ -4573,32 +4573,11 @@ secure-json-parse@^2.4.0: + resolved "https://registry.yarnpkg.com/secure-json-parse/-/secure-json-parse-2.7.0.tgz#5a5f9cd6ae47df23dba3151edd06855d47e09862" + integrity sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw== + +-semver@^6.0.0, semver@^6.3.0, semver@^6.3.1: ++semver@6.3.1, semver@^6.0.0, semver@^6.3.0, semver@^6.3.1, semver@^7.3.2, semver@^7.3.5, semver@^7.3.7, semver@^7.3.8, semver@^7.5.4: + version "6.3.1" + resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" + integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== + +-semver@^7.3.2, semver@^7.3.7: +- version "7.5.2" +- resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.2.tgz#5b851e66d1be07c1cdaf37dfc856f543325a2beb" +- integrity sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ== +- dependencies: +- lru-cache "^6.0.0" +- +-semver@^7.3.5, semver@^7.3.8: +- version "7.5.4" +- resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e" +- integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== +- dependencies: +- lru-cache "^6.0.0" +- +-semver@^7.5.4: +- version "7.6.0" +- resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.0.tgz#1a46a4db4bffcccd97b743b5005c8325f23d4e2d" +- integrity sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg== +- dependencies: +- lru-cache "^6.0.0" +- + send@0.18.0: + version "0.18.0" + resolved "https://registry.yarnpkg.com/send/-/send-0.18.0.tgz#670167cc654b05f5aa4a767f9113bb371bc706be" \ No newline at end of file diff --git a/src-fingerprint.yaml b/src-fingerprint.yaml index d0cad42580..c1b759b335 100644 --- a/src-fingerprint.yaml +++ b/src-fingerprint.yaml @@ -37,10 +37,6 @@ update: use-tag: true test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | src-fingerprint --version diff --git a/ssh-import-id.yaml b/ssh-import-id.yaml index 223a908102..28e59a099b 100644 --- a/ssh-import-id.yaml +++ b/ssh-import-id.yaml @@ -44,10 +44,6 @@ update: enabled: false # Need support for git.launchpad.net test: - environment: - contents: - packages: - - busybox pipeline: - runs: | ssh-import-id kirkland diff --git a/starship.yaml b/starship.yaml index ef03697111..c3a4501ec0 100644 --- a/starship.yaml +++ b/starship.yaml @@ -35,10 +35,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | starship --version diff --git a/syft.yaml b/syft.yaml index ec70c65d6d..3596db8202 100644 --- a/syft.yaml +++ b/syft.yaml @@ -1,6 +1,6 @@ package: name: syft - version: 0.105.0 + version: 1.0.0 epoch: 0 description: CLI tool and library for generating a Software Bill of Materials from container images and filesystems copyright: @@ -15,7 +15,7 @@ pipeline: with: repository: https://github.com/anchore/syft tag: v${{package.version}} - expected-commit: 65cadda48653d2452a7e41a47a60d2934e8fcb07 + expected-commit: 356f7c92b464b69be3a2a898cd98a63037eeadcc - uses: go/build with: @@ -32,10 +32,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | syft --version diff --git a/tailscale.yaml b/tailscale.yaml index f4579611ba..24280f6bf2 100644 --- a/tailscale.yaml +++ b/tailscale.yaml @@ -1,6 +1,6 @@ package: name: tailscale - version: 1.60.0 + version: 1.60.1 epoch: 0 description: The easiest, most secure way to use WireGuard and 2FA. copyright: @@ -18,7 +18,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: f4e3ee53ea4605d400df2ef6b6005b026661f96b + expected-commit: 2caffeeb460a7b69fc8e329821e5e2cbbc10af27 repository: https://github.com/tailscale/tailscale tag: v${{package.version}} diff --git a/task.yaml b/task.yaml index 01705ef71e..8d90995c07 100644 --- a/task.yaml +++ b/task.yaml @@ -1,6 +1,6 @@ package: name: task - version: 3.34.1 + version: 3.35.0 epoch: 0 description: A task runner / simpler Make alternative written in Go copyright: diff --git a/tcl.yaml b/tcl.yaml index e8e58e96a5..1ba2ae3a4e 100644 --- a/tcl.yaml +++ b/tcl.yaml @@ -1,6 +1,6 @@ package: name: tcl - version: 8.6.13 + version: 8.6.14 epoch: 0 description: The Tcl scripting language copyright: @@ -21,9 +21,13 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 43a1fae7412f61ff11de2cfd05d28cfc3a73762f354a417c62370a54e2caf066 + expected-sha256: 5880225babf7954c58d4fb0f5cf6279104ce1cd6aa9b71e9a6322540e1c4de66 uri: https://downloads.sourceforge.net/project/tcl/Tcl/${{package.version}}/tcl${{package.version}}-src.tar.gz + - uses: patch + with: + patches: include_stdint.patch + - uses: autoconf/configure with: dir: unix @@ -50,6 +54,7 @@ pipeline: ln -sf tclsh${TCL_VERSION%.*} ${{targets.destdir}}/usr/bin/tclsh install -Dm644 ../license.terms ${{targets.destdir}}/usr/share/licenses/tcl/LICENSE + chmod u+w ${{targets.destdir}}/usr/lib/libtcl${TCL_VERSION%.*}.so - uses: strip diff --git a/tcl/include_stdint.patch b/tcl/include_stdint.patch new file mode 100644 index 0000000000..1f82ca3e6a --- /dev/null +++ b/tcl/include_stdint.patch @@ -0,0 +1,12 @@ +diff --git a/pkgs/sqlite3.44.2/generic/tclsqlite3.c b/pkgs/sqlite3.44.2/generic/tclsqlite3.c +index dd73fba..d4b589c 100644 +--- a/pkgs/sqlite3.44.2/generic/tclsqlite3.c ++++ b/pkgs/sqlite3.44.2/generic/tclsqlite3.c +@@ -59,6 +59,7 @@ + # include + # include + # include ++# include + typedef unsigned char u8; + # ifndef SQLITE_PTRSIZE + # if defined(__SIZEOF_POINTER__) diff --git a/terraform-docs.yaml b/terraform-docs.yaml index 4493b759fc..fbc065593b 100644 --- a/terraform-docs.yaml +++ b/terraform-docs.yaml @@ -1,24 +1,30 @@ package: name: terraform-docs version: 0.17.0 - epoch: 0 + epoch: 1 description: Generate documentation from Terraform modules in various output formats copyright: - license: MIT pipeline: - - uses: go/install + - uses: git-checkout with: - package: github.com/terraform-docs/terraform-docs - version: v${{package.version}} + repository: https://github.com/terraform-docs/terraform-docs + tag: v${{package.version}} + expected-commit: 795d369fdcfbadef3cfca311be03135f794998c5 + + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.17.0 + + - uses: go/build + with: + packages: . + output: terraform-docs test: - environment: - contents: - packages: - - wolfi-base pipeline: - - runs: terraform-docs --help + - runs: ls -lh /usr/bin && terraform-docs --help update: enabled: true diff --git a/terraform-provider-google.yaml b/terraform-provider-google.yaml index d69db20af6..3c0bcb5e32 100644 --- a/terraform-provider-google.yaml +++ b/terraform-provider-google.yaml @@ -1,7 +1,7 @@ package: name: terraform-provider-google - version: 5.17.0 - epoch: 0 + version: 5.18.0 + epoch: 1 description: Terraform GCP provider copyright: - license: MPL-2.0 @@ -20,7 +20,11 @@ pipeline: with: repository: https://github.com/hashicorp/terraform-provider-google tag: v${{package.version}} - expected-commit: f93541ea0299b66e1ac6b5c88912e573ae809307 + expected-commit: 0a4166fa7d540cb48f1e0c9883456dbabfeafdda + + - uses: go/bump + with: + deps: github.com/cloudflare/circl@v1.3.7 - uses: go/build with: diff --git a/terragrunt.yaml b/terragrunt.yaml index 6ee47babc1..8667b7db9f 100644 --- a/terragrunt.yaml +++ b/terragrunt.yaml @@ -1,6 +1,6 @@ package: name: terragrunt - version: 0.55.9 + version: 0.55.10 epoch: 0 description: Thin wrapper for Terraform providing extra tools copyright: @@ -20,7 +20,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 79043c3bbed2bee61b6c71f77fc7998d09d45565c08fa1e6013c417b675ffcf0 + expected-sha256: fbf14cb884031de1d0a122da2e5e096aaa97ce4417b7f21d87377e6a3b23701f uri: https://github.com/gruntwork-io/terragrunt/archive/refs/tags/v${{package.version}}.tar.gz - uses: go/bump diff --git a/tigerbeetle.yaml b/tigerbeetle.yaml index ddc4215f1b..972e172a6f 100644 --- a/tigerbeetle.yaml +++ b/tigerbeetle.yaml @@ -1,6 +1,6 @@ package: name: tigerbeetle - version: 0.14.180 + version: 0.14.181 epoch: 0 description: "The distributed financial accounting database designed for mission critical safety and performance." copyright: @@ -19,7 +19,7 @@ pipeline: with: repository: https://github.com/tigerbeetledb/tigerbeetle tag: ${{package.version}} - expected-commit: a2366a6c26eac5ab94f815384a4e9e386ebefc4d + expected-commit: 998301b0e8923307aebac5a83f65782457a3fba6 - runs: | # cpu values from here: https://github.com/tigerbeetle/tigerbeetle/blob/2ab9fd620e53a6d61cb119e48ece4008bedd777d/tools/docker/Dockerfile#L30C79-L30C92 diff --git a/tk.yaml b/tk.yaml index 9f7c13a635..0ee34a2aaa 100644 --- a/tk.yaml +++ b/tk.yaml @@ -1,6 +1,6 @@ package: name: tk - version: 8.6.13 + version: 8.6.14 epoch: 0 description: GUI toolkit for the Tcl scripting language copyright: @@ -23,7 +23,7 @@ pipeline: - uses: fetch with: uri: https://downloads.sourceforge.net/sourceforge/tcl/tk${{package.version}}-src.tar.gz - expected-sha256: 2e65fa069a23365440a3c56c556b8673b5e32a283800d8d9b257e3f584ce0675 + expected-sha256: 8ffdb720f47a6ca6107eac2dd877e30b0ef7fac14f3a84ebbd0b3612cee41a94 - runs: | cd unix diff --git a/traefik.yaml b/traefik.yaml index 82adef4049..680aac8187 100644 --- a/traefik.yaml +++ b/traefik.yaml @@ -46,10 +46,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | traefik version diff --git a/up.yaml b/up.yaml index 8188e8e889..4746d8bcdf 100644 --- a/up.yaml +++ b/up.yaml @@ -1,7 +1,7 @@ package: name: up - version: 0.24.1 - epoch: 3 + version: 0.24.2 + epoch: 0 description: The Upbound CLI copyright: - license: Apache-2.0 @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/upbound/up tag: v${{package.version}} - expected-commit: aec0b04498b574f3745f3f4cfcb2048583f9ff07 + expected-commit: f0b10f4a163a7aa2b6ed2bf086e73e31fcf091bb - uses: go/bump with: diff --git a/uv.yaml b/uv.yaml index 18a3aa28ff..864ecf9884 100644 --- a/uv.yaml +++ b/uv.yaml @@ -1,6 +1,6 @@ package: name: uv - version: 0.1.10 + version: 0.1.12 epoch: 0 description: An extremely fast Python package installer and resolver, written in Rust. copyright: @@ -22,7 +22,7 @@ pipeline: with: repository: https://github.com/astral-sh/uv tag: ${{package.version}} - expected-commit: daa8565a75249305821fdc34ace085060c082ba3 + expected-commit: f68b2d1d5efc05acb9fe48c558d631081eff26d9 - runs: | cargo build --locked --release @@ -36,10 +36,6 @@ update: identifier: astral-sh/uv test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | uv --version | grep ${{package.version}} diff --git a/vault-1.14.yaml b/vault-1.14.yaml index dab9161f4e..62f8406909 100644 --- a/vault-1.14.yaml +++ b/vault-1.14.yaml @@ -1,8 +1,8 @@ # package.dependecies.provides uses 1.14.999 because we had a 1.14.1 vault package, remove in 1.15+ package: name: vault-1.14 - version: 1.14.8 - epoch: 2 + version: 1.14.10 + epoch: 0 description: Tool for encryption as a service, secrets and privileged access management copyright: - license: MPL-2.0 @@ -24,15 +24,12 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 446f213c47cabf47d52d065647ef666ce4bf8692 + expected-commit: 7d15950da2e3d835077f5b896354de5c01f27570 repository: https://github.com/hashicorp/vault tag: v${{package.version}} - - uses: go/bump - with: - deps: golang.org/x/crypto@v0.17.0 github.com/dvsekhvalnov/jose2go@v1.5.1-0.20231206184617-48ba0b76bc88 github.com/cloudflare/circl@v1.3.7 - - runs: | + go mod tidy go generate $(go list ./... | grep -v /vendor/) # Build plugins diff --git a/vim.yaml b/vim.yaml index d369011081..da756b444e 100644 --- a/vim.yaml +++ b/vim.yaml @@ -1,6 +1,6 @@ package: name: vim - version: 9.1.0136 + version: 9.1.0143 epoch: 0 description: "Improved vi-style text editor" copyright: @@ -21,7 +21,7 @@ pipeline: - uses: fetch with: uri: https://github.com/vim/vim/archive/v${{package.version}}.tar.gz - expected-sha256: b28d671da210459ea50a8b7dc1c46fb96300c273d130a2944a72659b342ded1d + expected-sha256: aeeb3531fb662910917a6f14c24f15b626f5eca27af1ce4b9bb7c8c12fc11ce9 - runs: | # vim seems to manually set FORTIFY_SOURCE=1, and setting both breaks the build diff --git a/w3m.yaml b/w3m.yaml index 055e5a7005..f6027bca57 100644 --- a/w3m.yaml +++ b/w3m.yaml @@ -51,10 +51,6 @@ update: # Basic test, requires newtork access, to dump https://example.com to stdout test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | w3m -dump https://example.com diff --git a/wasm-tools.yaml b/wasm-tools.yaml index e974553adb..69c4708d59 100644 --- a/wasm-tools.yaml +++ b/wasm-tools.yaml @@ -1,6 +1,6 @@ package: name: wasm-tools - version: 1.200.0 + version: 1.201.0 epoch: 0 description: "Low level tooling for WebAssembly in Rust" copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/bytecodealliance/wasm-tools tag: v${{package.version}} - expected-commit: 69a397f99a3775c0a20a4ad68aaf193b85e23213 + expected-commit: 90161a9b5fbfeaa40e9b4ba2339d7cd1bd52deff - name: Configure and build runs: | diff --git a/wasmtime.yaml b/wasmtime.yaml index fd2e581008..a3d3f45274 100644 --- a/wasmtime.yaml +++ b/wasmtime.yaml @@ -1,6 +1,6 @@ package: name: wasmtime - version: 18.0.1 + version: 18.0.2 epoch: 0 description: "A fast and secure runtime for WebAssembly" copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/bytecodealliance/wasmtime tag: v${{package.version}} - expected-commit: 446862c70ce87201ca5438ebdd054977dd2eed5b + expected-commit: 90db6e99f03d9cdd4cd45679df9b9124d6277d9c - name: Configure and build runs: | diff --git a/wit-bindgen.yaml b/wit-bindgen.yaml index f120eb666a..5ade9caa6a 100644 --- a/wit-bindgen.yaml +++ b/wit-bindgen.yaml @@ -1,6 +1,6 @@ package: name: wit-bindgen - version: 0.19.1 + version: 0.20.0 epoch: 0 description: "A language binding generator for WebAssembly interface types" copyright: @@ -21,7 +21,7 @@ pipeline: with: repository: https://github.com/bytecodealliance/wit-bindgen tag: v${{package.version}} - expected-commit: e0319e9cf138c71743e425c95adba394b7469778 + expected-commit: 561aa17d67cf6360e0453388897729b86ddd5154 - name: Configure and build runs: | diff --git a/withdrawn-packages.txt b/withdrawn-packages.txt index ad03776618..e56a896f58 100644 --- a/withdrawn-packages.txt +++ b/withdrawn-packages.txt @@ -1,4 +1 @@ -argo-cd-2.8.0-r0.apk -argo-cd-2.8.0-r1.apk -argo-cd-2.8.1-r0.apk -argo-cd-2.8.2-r0.apk +opensearch-dashboards-2-2.12.0-r0.apk \ No newline at end of file diff --git a/xorg-server.yaml b/xorg-server.yaml index c3cadfb3a3..7693a0cac7 100644 --- a/xorg-server.yaml +++ b/xorg-server.yaml @@ -1,7 +1,7 @@ package: name: xorg-server - version: 21.1.10 - epoch: 5 + version: 21.1.11 + epoch: 0 description: "X Server" copyright: - license: SGI-B-2.0 @@ -56,19 +56,7 @@ pipeline: - uses: fetch with: uri: https://www.x.org/releases/individual/xserver/xorg-server-${{package.version}}.tar.xz - expected-sha256: ceb0b3a2efc57ac3ccf388d3dc88b97615068639fb284d469689ae3d105611d0 - - - uses: patch # We can remove this once we update to 21.1.11. - with: - patches: CVE-2023-6816.patch - - - uses: patch # We can remove this once we update to 21.1.11. - with: - patches: CVE-2024-0408.patch - - - uses: patch # We can remove this once we update to 21.1.11. - with: - patches: CVE-2024-0409.patch + expected-sha256: 1d3dadbd57fb86b16a018e9f5f957aeeadf744f56c0553f55737628d06d326ef - uses: autoconf/configure with: @@ -124,8 +112,8 @@ subpackages: - uses: git-checkout with: repository: https://salsa.debian.org/xorg-team/xserver/xorg-server - tag: xorg-server-2_${{package.version}}-1 - expected-commit: 8db596f78a4cc8dcbb0422d0f833b1c58b9f9f7b + branch: debian-unstable + expected-commit: b6acc2e6eb9f4bf97e7fc4b4da3ef3d9489267e4 - working-directory: debian/local pipeline: - runs: | diff --git a/yazi.yaml b/yazi.yaml index 93ab1a49ab..50fb4285cb 100644 --- a/yazi.yaml +++ b/yazi.yaml @@ -38,10 +38,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | yazi --version diff --git a/yq.yaml b/yq.yaml index 8344eac520..a6db7bcc0d 100644 --- a/yq.yaml +++ b/yq.yaml @@ -1,11 +1,15 @@ package: name: yq version: 4.42.1 - epoch: 0 + epoch: 1 description: "yq is a portable command-line YAML, JSON, XML, CSV and properties processor" copyright: - license: Apache-2.0 +environment: + environment: + CGO_ENABLED: "0" + pipeline: - uses: git-checkout with: diff --git a/zarf.yaml b/zarf.yaml index 51bd9448b4..169fcb89d3 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -1,7 +1,7 @@ package: name: zarf - version: 0.32.3 - epoch: 1 + version: 0.32.4 + epoch: 0 description: DevSecOps for Air Gap & Limited-Connection Systems. copyright: - license: Apache-2.0 @@ -18,14 +18,10 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 1320831270fe4f2b78c5cae2fa6719633742cdeb + expected-commit: f6b83e1c272a22ffd1815b7d38fb6c5f0f1003f9 repository: https://github.com/defenseunicorns/zarf tag: v${{package.version}} - - uses: go/bump - with: - deps: helm.sh/helm/v3@v3.14.1 - - uses: go/build with: ldflags: -s -w -X 'github.com/defenseunicorns/zarf/src/config.CLIVersion=v${{package.version}}' diff --git a/zellij.yaml b/zellij.yaml index a6328cde78..76229999b9 100644 --- a/zellij.yaml +++ b/zellij.yaml @@ -86,10 +86,6 @@ update: strip-prefix: v test: - environment: - contents: - packages: - - wolfi-base pipeline: - runs: | zellij --version diff --git a/zstd.yaml b/zstd.yaml index 969e3a1961..d33e8cc938 100644 --- a/zstd.yaml +++ b/zstd.yaml @@ -62,7 +62,6 @@ test: environment: contents: packages: - - wolfi-base - pkgconf - zstd-dev pipeline: