-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tools: disable automated libuv updates #51775
Conversation
Review requested:
|
6359c62
to
9f8e928
Compare
@@ -174,14 +173,6 @@ jobs: | |||
cat temp-output | |||
tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true | |||
rm temp-output | |||
- id: libuv |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we just comment this out instead of removing, I assume we will want to add it back at some point?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The other question is if we could have the update apply a patch required to re-apply the changes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know, technically we could, but we'll need to review it carefully all libuv automatic updates + resolve conflicts.
9f8e928
to
a2fba64
Compare
Because the previous security release modified the bundled version of libuv, we cannot automatically update libuv without potentially undoing those changes.
a2fba64
to
847748d
Compare
ping @nodejs/actions @nodejs/security-wg |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Landed in a492646 |
Because the previous security release modified the bundled version of libuv, we cannot automatically update libuv without potentially undoing those changes. PR-URL: #51775 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Because the previous security release modified the bundled version of libuv, we cannot automatically update libuv without potentially undoing those changes. PR-URL: #51775 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Because the previous security release modified the bundled version of libuv, we cannot automatically update libuv without potentially undoing those changes. PR-URL: #51775 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Because the previous security release modified the bundled version of libuv, we cannot automatically update libuv without potentially undoing those changes. PR-URL: #51775 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Because the previous security release modified the bundled version of libuv, we cannot automatically update libuv without potentially undoing those changes. PR-URL: #51775 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Because the previous security release modified the bundled version of libuv, we cannot automatically update libuv without potentially undoing those changes. PR-URL: nodejs#51775 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Because the previous security release modified the bundled version of libuv, we cannot automatically update libuv without potentially undoing those changes.
cc: @nodejs/security-wg