GH-41100: [Python][Packaging] Update vcpkg to avoid compromised version of xz #41106
Conversation
|
|
|
@github-actions crossbow submit -g wheel |
|
Revision: 9226c87 Submitted crossbow builds: ursacomputing/crossbow @ actions-d9ae2f8864
|
| @@ -92,13 +92,13 @@ DEVTOOLSET_VERSION= | |||
| # Used through docker-compose.yml and serves as the default version for the | |||
| # ci/scripts/install_vcpkg.sh script. Prefer to use short SHAs to keep the | |||
| # docker tags more readable. | |||
| VCPKG="a42af01b72c28a8e1d7b48107b33e4f286a55ef6" # 2023.11.20 Release | |||
| VCPKG="a34c873a9717a888f58dc05268dea15592c2f0ff" # 2024.03.25 Release | |||
There was a problem hiding this comment.
We should not use this revision. Because this uses xz 5.6.0: https://github.com/microsoft/vcpkg/tree/2024.03.25/ports/liblzma
There was a problem hiding this comment.
Thanks @kou , so this is the newer we can use until vcpkg creates a new tag:
https://github.com/microsoft/vcpkg/tree/2024.02.14/ports/liblzma
There was a problem hiding this comment.
Yes. But it seems that we don't need this PR because https://github.com/tukaani-project/xz is enabled again.
There was a problem hiding this comment.
Indeed: microsoft/vcpkg#37841 (comment). That should mean it should just work again (the vcpkg version we are currently using is an older one that has non-affected version of liblzma)
github-actions
bot
added
awaiting changes
|
I am closing this PR as unnecessary then. I'll try to update vcpkg once a new tag is created. |
It's good to update the vcpkg tag from time to time, but that's not critical for the release I think (we updated it relatively recently) |
Rationale for this change
New wheels are currently failing to build.
What changes are included in this PR?
Updating vcpkg
Are these changes tested?
Via archery
Are there any user-facing changes?
No