U2.2 backport #1366
Merged
U2.2 backport #1366
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
error[vulnerability]: `openssl` `X509VerifyParamRef::set_host` buffer over-read
┌─ /github/workspace/Cargo.lock:122:1
│
122 │ openssl 0.10.48 registry+https://github.com/rust-lang/crates.io-index
│ --------------------------------------------------------------------- security vulnerability detected
│
= ID: RUSTSEC-2023-0044
= Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0044
= When this function was passed an empty string, `openssl` would attempt to call `strlen` on it, reading arbitrary memory until it reached a NUL byte.
= Announcement: sfackler/rust-openssl#1965
= Solution: Upgrade to >=0.10.55
Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
Upgrade base64 to v0.21, to avoid multiple versions of the base64 crate. Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
When merging io from same blob with different id, assertion breaks. The images without blob deduplication suffers from it. This pr removes the assertion that requires merging in same blob index. By design, it makes sense, because different blob layer may share same blob file. A continuous read from same blob for different layer is helpful for performance. Signed-off-by: 泰友 <cuichengxu.ccx@antgroup.com>
`NydusImage.Config.Config.ArgsEscaped` is present only for legacy compatibility with Docker and should not be used by new image builders. Nydusify (1.6 and above) ignores it, which is an expected behavior. This pr ignores comparision of it in nydusify checking, which leads to failure. Signed-off-by: 泰友 <cuichengxu.ccx@antgroup.com>
Signed-off-by: 泰友 <cuichengxu.ccx@antgroup.com>
The `pull_request_target` trigger will checkout the master branch codes by default, but we need to use the new PR codes on smoke test. See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target Signed-off-by: Yan Song <imeoer@linux.alibaba.com>
ccx1024cc
requested review from
liubogithub,
imeoer and
jiangliu
and removed request for
a team
|
@ccx1024cc , a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/84034 |
imeoer
approved these changes
Jul 11, 2023
|
@ccx1024cc , The CI test is completed, please check result:
Congratulations, your test job passed! |
||||||||||||||||||||||||
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport PRs
action: fix checkout on pull_request_target #1252
fix: deprecated docker field leads to failure of nydusify check #1349
fix: merge io from same blob panic #1347
Define new feature flags to control crate dependencies #1325
service: refine block device implementation #1332