Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zellij/0.41.2-r1: cve remediation #36239

Closed
wants to merge 1 commit into from
Closed

zellij/0.41.2-r1: cve remediation #36239

wants to merge 1 commit into from

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Dec 10, 2024
edited by mamccorm
Loading

GHSA-c2f5-jxjv-2hh8 has been raised as a false-positive advisory, since this PR was opened: wolfi-dev/advisories#11060.

GHSA-h97m-ww89-6jmq is covered in: #38689

zellij/0.41.2-r1: fix GHSA-h97m-ww89-6jmq/GHSA-c2f5-jxjv-2hh8/

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/zellij.advisories.yaml

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Dec 10, 2024

Gen AI suggestions to solve the build error:

Based on the error output and context, I'll analyze and provide a solution:

• Detected Error: [git checkout] execute: git clone --quiet --origin=origin --config=user.name=Melange Build [email protected] --config=advice.detachedHead=false --branch=v0.41.2 --depth=1 https://github.com/zellij-org/zellij /tmp/tmp.v7wbUk

• Error Category: Version/Git Checkout

• Failure Point: The git-checkout step in the pipeline

• Root Cause Analysis: The build is failing because it's trying to clone directly using the tag as a branch, which is not the correct way to fetch a specific tag in git.

• Suggested Fix: Modify the git-checkout step to use proper tag fetching:

  - uses: git-checkout
    with:
      repository: https://github.com/zellij-org/zellij
      tag: v${{package.version}}
      expected-commit: 40d49737d126eef60dd988f1fe60df4c42d23773
      fetch-depth: 1
      fetch-tags: true

• Explanation: The current approach tries to use the tag as a branch which doesn't work. The fix explicitly tells git to fetch tags and then checkout the specific tag. The fetch-tags: true ensures all tags are fetched before attempting to checkout.

• Additional Notes:

  • This is a common issue when working with tagged releases in git
  • The expected-commit hash verification will still work as intended
  • The fetch-depth: 1 keeps the clone minimal for better performance

• References:

@Dentrax
Copy link
Member

Dentrax commented Jan 5, 2025

Superseded by #38689

@Dentrax Dentrax closed this Jan 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
automated pr GHSA-c2f5-jxjv-2hh8 GHSA-h97m-ww89-6jmq request-cve-remediation rust/cargobump zellij/0.41.2-r1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Dentrax