Skip to content

Bump cURL to 8.16.0#21369

Merged
Kyle-Neale merged 2 commits intomasterfrom
kyle.neale/bump-curl-8.16
Sep 17, 2025
Merged

Bump cURL to 8.16.0#21369
Kyle-Neale merged 2 commits intomasterfrom
kyle.neale/bump-curl-8.16

Conversation

@Kyle-Neale
Copy link
Copy Markdown
Contributor

What does this PR do?

Bump version of cURL to 8.16.0 to address CVEs

Motivation

Review checklist (to be filled by reviewers)

  • Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
  • If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

@github-actions
Copy link
Copy Markdown
Contributor

⚠️ Recommendation: Add qa/skip-qa Label

This PR does not modify any files shipped with the agent.

To help streamline the release process, please consider adding the qa/skip-qa label if these changes do not require QA testing.

Copy link
Copy Markdown
Contributor

@AAraKKe AAraKKe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

My Feedback Legend

Here's a quick guide to the prefixes I use in my comments:

question: I need clarification or I'm seeking to understand your approach.
suggestion: I'm proposing an improvement. This is optional but recommended.
nit: A minor, non-blocking issue (e.g., style, typo). Feel free to ignore.
request: A change I believe is necessary before this can be merged.

$vcpkg_dir = "C:\vcpkg"
$librdkafka_dir = "C:\librdkafka\librdkafka-${kafka_version}"
$desired_commit = "a45a94f1217be182dbca7a0fde564854c79f1eb9"
$desired_commit = "7e19f3c64cb636ee21f41bfe8558a6dfaae6236f"
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: do we normally do it like this? I.e. getting a commit even before this has been formalized to a release? I guess it is ok but using a release instead would help to remove any bugs that need to be fixed before the release.

Not very important, just curious.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea we do! It's a race between us patching CVE's and waiting for vcpkg to make an official release. I agree that using a release instead would be preferable but in the case a release isn't cut and a patch needs to go out this is what we're left with.

@Kyle-Neale Kyle-Neale added this pull request to the merge queue Sep 17, 2025
Merged via the queue into master with commit 4566e78 Sep 17, 2025
60 of 62 checks passed
@Kyle-Neale Kyle-Neale deleted the kyle.neale/bump-curl-8.16 branch September 17, 2025 14:57
@datadog-agent-integrations-bot
Copy link
Copy Markdown
Contributor

The backport to 7.71.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-7.71.x 7.71.x
# Navigate to the new working tree
cd .worktrees/backport-7.71.x
# Create a new branch
git switch --create backport-21369-to-7.71.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 4566e78077e71e1e757d460df4abece2de2e8983
# Push it to GitHub
git push --set-upstream origin backport-21369-to-7.71.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-7.71.x

Then, create a pull request where the base branch is 7.71.x and the compare/head branch is backport-21369-to-7.71.x.

github-actions bot pushed a commit to voltusdev/datadog-integrations-core that referenced this pull request Sep 17, 2025
* Bump cURL to 8.16.0

* Updated vcpkg commit pointer 4566e78
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants