Skip to content

efs-utils/2.3.3-r0: cve remediation #62912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kbsteere merged 4 commits into from
Aug 14, 2025
Merged

efs-utils/2.3.3-r0: cve remediation #62912

kbsteere merged 4 commits into from
Aug 14, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Aug 12, 2025

efs-utils/2.3.3-r0: fix GHSA-qx2v-8332-m4fv

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/efs-utils.advisories.yaml

"Breadcrumbs" for this automated service

@octo-sts octo-sts bot added P0 This label indicates our scanning found CRITICAL CVEs for these packages. automated pr efs-utils GHSA-qx2v-8332-m4fv request-cve-remediation rust/cargobump labels Aug 12, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Aug 12, 2025
edited
Loading

⚙️ Build Failed: Configuration

Error: no packages or bump file provides, use --packages/--bump-file

Build Details

Category Details
Build System melange
Failure Point rust/cargobump pipeline step

Root Cause Analysis 🔍

The cargobump tool requires either a --packages parameter or a --bump-file parameter to specify which Rust dependencies to update, but neither was provided in the pipeline configuration. The step attempted to run 'cargobump --run-update=false' without the required parameters.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Aug 12, 2025
@dnegreira dnegreira self-assigned this Aug 14, 2025
@dnegreira dnegreira force-pushed the cve-efs-utils-2.3.3-r0-6b394d5bb77de650c7b3aa909246b697 branch from ff4d98a to 16f48c1 Compare August 14, 2025 09:17
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Aug 14, 2025
@dnegreira dnegreira force-pushed the cve-efs-utils-2.3.3-r0-6b394d5bb77de650c7b3aa909246b697 branch from 16f48c1 to 0f45e88 Compare August 14, 2025 09:46
@dnegreira
efs-utils: cargobump slab on ./src/proxy
63b85c4 
Signed-off-by: David Negreira <david.negreira@chainguard.dev>
@dnegreira dnegreira force-pushed the cve-efs-utils-2.3.3-r0-6b394d5bb77de650c7b3aa909246b697 branch from 0f45e88 to 63b85c4 Compare August 14, 2025 09:58
@dnegreira
efs-utils: update cve remediation patch and remove cargobumps
7c743fb 
Signed-off-by: David Negreira <david.negreira@chainguard.dev>
@dnegreira dnegreira force-pushed the cve-efs-utils-2.3.3-r0-6b394d5bb77de650c7b3aa909246b697 branch from 9cd50f1 to 7c743fb Compare August 14, 2025 11:01
@dnegreira dnegreira requested a review from a team August 14, 2025 11:20
@kbsteere kbsteere enabled auto-merge (squash) August 14, 2025 12:49
@kbsteere kbsteere merged commit df7e6ab into main Aug 14, 2025
18 checks passed
@kbsteere kbsteere deleted the cve-efs-utils-2.3.3-r0-6b394d5bb77de650c7b3aa909246b697 branch August 14, 2025 12:49
This was referenced Aug 30, 2025
Closed
Closed
@octo-sts octo-sts bot mentioned this pull request Dec 22, 2025
Closed
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kbsteere kbsteere kbsteere approved these changes

Assignees

@dnegreira dnegreira

Labels

ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. efs-utils GHSA-qx2v-8332-m4fv manual/review-needed P0 This label indicates our scanning found CRITICAL CVEs for these packages. request-cve-remediation rust/cargobump

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kbsteere @dnegreira