-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
caprine-bin: 2.58.0 -> 2.58.3 #257372
caprine-bin: 2.58.0 -> 2.58.3 #257372
Conversation
Unfortunately, the Electron update made by the upstream renders the app unusable. See sindresorhus/caprine#2074. |
cce35ae
to
7fd3c0b
Compare
Bump to patch for CVE-2023-4863 Vulnerability details: https://github.com/advisories/GHSA-j7hp-h8jx-5pp Upstream release notes: https://github.com/sindresorhus/caprine/releases/tag/v2.58.2 https://github.com/sindresorhus/caprine/releases/tag/v2.58.3
7fd3c0b
to
07107cf
Compare
The above issue is addressed in 2.58.3. This PR contains an emergency security update. Please help test it if you're available, and update caprine-bin to this version ASAP. Cc: @n3oney @khaneliman |
lgtm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Diff LGTM, didn't test running the app.
FYI it's better to use the GitHub review feature and explicitly mark as approved - it helps automation set the right labels for the PR and gives it better visibility (for example, it would show this one as "approved by package maintainer"). |
Backport failed for Please cherry-pick the changes locally. git fetch origin release-23.05
git worktree add -d .worktree/backport-257372-to-release-23.05 origin/release-23.05
cd .worktree/backport-257372-to-release-23.05
git checkout -b backport-257372-to-release-23.05
ancref=$(git merge-base b95afaec5a602daa50888c2213e0a11566256f87 07107cfb1fbcc2c28952b35bd7d0cb3360c6e8e2)
git cherry-pick -x $ancref..07107cfb1fbcc2c28952b35bd7d0cb3360c6e8e2 |
This needs a manual backport since the version on 23.05 wasn't kept up to date. @ShamrockLee can you also take care of this? Thanks! |
Description of changes
Bump to patch for CVE-2023-4863
Vulnerability details:
https://github.com/advisories/GHSA-j7hp-h8jx-5pp
Upstream release notes:
https://github.com/sindresorhus/caprine/releases/tag/v2.58.2
https://github.com/sindresorhus/caprine/releases/tag/v2.58.3
This PR needs to be backported to 23.05.
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)