Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

shadowsocks-rust/1.22.0 package update #38627

Merged
merged 2 commits into from
Jan 4, 2025
Merged

shadowsocks-rust/1.22.0 package update #38627

merged 2 commits into from
Jan 4, 2025

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Jan 2, 2025

@wolfi-bot
shadowsocks-rust/1.22.0 package update
a8ea176 
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Jan 2, 2025
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Jan 2, 2025

Gen AI suggestions to solve the build error:

Based on the error logs and package details, let me analyze this build failure:

• Detected Error: cargo update -p idna@0.5.0 command execution failed

• Error Category: Dependency/Version

• Failure Point: Package update step in pipeline where cargo is trying to update the idna package

• Root Cause Analysis: The melange build file attempts to update two versions of idna (0.5.0 and 1.0.2) which is causing version conflicts. This is related to the cargo dependency resolution system.

• Suggested Fix:

  1. Remove the manual cargo update commands and replace with:
  - name: Update package with cargo
    runs: |
      cargo update
  1. Add cargo dependency overrides in a .cargo/config.toml file:
  - name: Configure cargo
    runs: |
      mkdir -p .cargo
      cat > .cargo/config.toml << EOF
      [dependencies]
      idna = "1.0"
      EOF

• Explanation:

  • The multiple version updates of idna are causing conflicts
  • Letting cargo handle dependency resolution automatically is safer
  • Using a cargo config file to pin the idna version will resolve version conflicts
  • This matches the dependency updates shown in the changelog

• Additional Notes:

  • The package has numerous dependency updates in the changelog
  • Recent commits show dependency version bumps
  • The idna crate specifically was updated multiple times

• References:

The fix removes manual version management and lets cargo handle dependencies with proper version constraints, which should resolve the build failure while maintaining compatibility with the latest release.

@kranurag7
fix build failure for shadowsocks-rust package
61201cf 
the CVEs which were coming dependent crate is merged into upstream
project.

this commit removes all the cargo bumps that we were doing for this
package.

Signed-off-by: kranurag7 <81210977+kranurag7@users.noreply.github.com>
@octo-sts octo-sts bot added bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed labels Jan 4, 2025
@kranurag7 kranurag7 self-assigned this Jan 4, 2025
@kranurag7 kranurag7 requested a review from a team January 4, 2025 08:05
@mamccorm mamccorm merged commit 5cdf71e into main Jan 4, 2025
21 checks passed
@mamccorm mamccorm deleted the wolfictl-208949d0-4709-4601-8550-4e45f8417f17 branch January 4, 2025 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mamccorm mamccorm mamccorm approved these changes

Assignees

@kranurag7 kranurag7

Labels
automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed request-version-update request for a newer version of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mamccorm @kranurag7 @wolfi-bot