Skip to content

fix(buck2): Remediate GHSA-rhfx-m35p-ff5j by bumping lru #77957

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Ankush-Pathak merged 1 commit into from
Jan 13, 2026
Merged

fix(buck2): Remediate GHSA-rhfx-m35p-ff5j by bumping lru #77957

Ankush-Pathak merged 1 commit into from
Jan 13, 2026

Conversation

@Ankush-Pathak
Copy link
Member

@Ankush-Pathak Ankush-Pathak commented Jan 13, 2026

Signed-off-by: Ankush Pathak ankush.pathak@chainguard.dev

@Ankush-Pathak Ankush-Pathak force-pushed the buck2/GHSA-rhfx-m35p-ff5j branch from 6fc4adc to 2e7d622 Compare January 13, 2026 05:19
@octo-sts
Copy link
Contributor

octo-sts bot commented Jan 13, 2026
edited
Loading

❓ Build Failed: Unknown

Failed to run command "/bin/sh -c 'set -e \n[ -d '/home/build' ] || mkdir -p '/home/build'\ncd '/home/build'\nsed -i 's/lru = "0.12.3"/lru = "0.16.3"/' Cargo.toml\nexit 1\n\nexit 0'": Process exited with status 1

Build Details

Category Details
Build System melange
Failure Point Bump dependency for CVE remediation

Root Cause Analysis 🔍

The build script contains an unconditional 'exit 1' command that causes the process to fail regardless of the sed operation outcome. This appears to be a script logic error where the script is designed to always exit with status 1, making the build step always fail.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Jan 13, 2026
@Ankush-Pathak Ankush-Pathak force-pushed the buck2/GHSA-rhfx-m35p-ff5j branch 3 times, most recently from 6cd9e73 to f9c2399 Compare January 13, 2026 05:58
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Jan 13, 2026
@Ankush-Pathak
fix(buck2): Remediate GHSA-rhfx-m35p-ff5j by bumping lru
f296f4a 
Signed-off-by: Ankush Pathak <ankush.pathak@chainguard.dev>
@Ankush-Pathak Ankush-Pathak force-pushed the buck2/GHSA-rhfx-m35p-ff5j branch from f9c2399 to f296f4a Compare January 13, 2026 06:47
@Ankush-Pathak Ankush-Pathak marked this pull request as ready for review January 13, 2026 06:51
@Ankush-Pathak Ankush-Pathak enabled auto-merge (squash) January 13, 2026 06:51
@Ankush-Pathak Ankush-Pathak requested a review from a team January 13, 2026 06:51
@Ankush-Pathak Ankush-Pathak merged commit 848311c into wolfi-dev:main Jan 13, 2026
17 checks passed
@brianmcarey brianmcarey mentioned this pull request Jan 13, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dnegreira dnegreira dnegreira approved these changes

Assignees

No one assigned

Labels

ai/skip-comment Stop AI from commenting on PR bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ankush-Pathak @dnegreira