Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tools: disable automated libuv updates #51775

Merged
merged 1 commit into from
Feb 24, 2024

Conversation

RafaelGSS
Copy link
Member

Because the previous security release modified the bundled version of libuv, we cannot automatically update libuv without potentially undoing those changes.

cc: @nodejs/security-wg

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/actions
  • @nodejs/security-wg

@nodejs-github-bot nodejs-github-bot added the meta Issues and PRs related to the general management of the project. label Feb 15, 2024
@RafaelGSS RafaelGSS force-pushed the disable-libuv-update branch from 6359c62 to 9f8e928 Compare February 15, 2024 20:38
@@ -174,14 +173,6 @@ jobs:
cat temp-output
tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true
rm temp-output
- id: libuv
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we just comment this out instead of removing, I assume we will want to add it back at some point?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The other question is if we could have the update apply a patch required to re-apply the changes?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know, technically we could, but we'll need to review it carefully all libuv automatic updates + resolve conflicts.

@RafaelGSS RafaelGSS force-pushed the disable-libuv-update branch from 9f8e928 to a2fba64 Compare February 19, 2024 14:18
@RafaelGSS RafaelGSS requested a review from mhdawson February 19, 2024 14:19
.github/workflows/tools.yml Outdated Show resolved Hide resolved
Because the previous security release modified the bundled version of
libuv, we cannot automatically update libuv without potentially undoing
those changes.
@RafaelGSS RafaelGSS force-pushed the disable-libuv-update branch from a2fba64 to 847748d Compare February 19, 2024 21:16
@RafaelGSS
Copy link
Member Author

ping @nodejs/actions @nodejs/security-wg

Copy link
Member

@UlisesGascon UlisesGascon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@RafaelGSS RafaelGSS added the commit-queue Add this label to land a pull request using GitHub Actions. label Feb 24, 2024
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Feb 24, 2024
@nodejs-github-bot nodejs-github-bot merged commit a492646 into nodejs:main Feb 24, 2024
14 checks passed
@nodejs-github-bot
Copy link
Collaborator

Landed in a492646

marco-ippolito pushed a commit that referenced this pull request Feb 26, 2024
Because the previous security release modified the bundled version of
libuv, we cannot automatically update libuv without potentially undoing
those changes.

PR-URL: #51775
Reviewed-By: Joyee Cheung <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
marco-ippolito pushed a commit that referenced this pull request Feb 26, 2024
Because the previous security release modified the bundled version of
libuv, we cannot automatically update libuv without potentially undoing
those changes.

PR-URL: #51775
Reviewed-By: Joyee Cheung <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
marco-ippolito pushed a commit that referenced this pull request Feb 27, 2024
Because the previous security release modified the bundled version of
libuv, we cannot automatically update libuv without potentially undoing
those changes.

PR-URL: #51775
Reviewed-By: Joyee Cheung <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
@marco-ippolito marco-ippolito mentioned this pull request Mar 1, 2024
richardlau pushed a commit that referenced this pull request Mar 25, 2024
Because the previous security release modified the bundled version of
libuv, we cannot automatically update libuv without potentially undoing
those changes.

PR-URL: #51775
Reviewed-By: Joyee Cheung <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
richardlau pushed a commit that referenced this pull request Mar 25, 2024
Because the previous security release modified the bundled version of
libuv, we cannot automatically update libuv without potentially undoing
those changes.

PR-URL: #51775
Reviewed-By: Joyee Cheung <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
@richardlau richardlau mentioned this pull request Mar 25, 2024
rdw-msft pushed a commit to rdw-msft/node that referenced this pull request Mar 26, 2024
Because the previous security release modified the bundled version of
libuv, we cannot automatically update libuv without potentially undoing
those changes.

PR-URL: nodejs#51775
Reviewed-By: Joyee Cheung <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Issues and PRs related to the general management of the project.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants