-
Notifications
You must be signed in to change notification settings - Fork 276
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zellij/0.41.2-r1: cve remediation #35025
base: main
Are you sure you want to change the base?
Conversation
Gen AI suggestions to solve the build error: • Detected Error:
• Error Category: Dependency/Version • Failure Point: rust/cargobump step when attempting to update the wasmtime dependency • Root Cause Analysis: The cargobump tool is trying to update wasmtime to a newer version, but zellij-server specifically requires wasmtime 21.0.2, while only version 24.0.2 is available in the crates.io index. • Suggested Fix: exclude:
- wasmtime • Explanation: • Additional Notes:
• References:
|
Signed-off-by: Hector Fernandez <[email protected]>
Gen AI suggestions to solve the build error: • Detected Error:
• Error Category: Dependency Version Conflict • Failure Point: rust/cargobump step during dependency update • Root Cause Analysis: The package requires wasmtime v21.0.2, but this version is no longer available in crates.io. The only available version is 25.0.0, which is incompatible with the current package version. • Suggested Fix:
dependencies:
- name: wasmtime
version: "25.0.0"
- uses: rust/cargobump
with:
packages:
- [email protected] • Explanation: The wasmtime dependency has undergone a major version update from 21.x to 25.x. Since this is a breaking change, we need to explicitly specify the version compatibility. The fix will allow the build system to use the newer version of wasmtime. • Additional Notes:
• References: |
Unfortunately we cannot remediate this one. Advisory filed: |
zellij/0.41.2-r1: fix GHSA-c2f5-jxjv-2hh8
Advisory data: https://github.com/wolfi-dev/advisories/blob/main/zellij.advisories.yaml