Conversation
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 299f883
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 1793632
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 0cac20d
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 209cd8c
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 6fdab71
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 08562d5
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 2026606
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 72140e3
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 42b487a
* Add omnibump package and unified pipeline system - Add omnibump package with support for Go, Rust, Java (Maven/Gradle) - Create unified pipelines at stereo root with backwards-compatible wrappers (go/bump, rust/cargobump, maven/pombump) - Update extra-packages to use unified pipelines for testing Signed-off-by: Kyle Steere <kyle.steere@chainguard.dev> * update to version 0.5.2 Signed-off-by: Kyle Steere <kyle.steere@chainguard.dev> --------- Signed-off-by: Kyle Steere <kyle.steere@chainguard.dev> Export: 1f50f6b
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: e7fa41e46dcc14bb1887c34d7fb5b674822c5c81
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 6b1cf91
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 496b255
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: fdf7335
…-bot/os/erofs-utils.yaml erofs-utils/1.9 package update Export: 0a4062f
…-bot/os/libcap-ng.yaml libcap-ng/0.9.1 package update Export: f9b527d
Signed-off-by: Sergio Durigan Junior <sergiodj@chainguard.dev> Export: 06a8926
PHP ships an empty `/var/run` directory, entangling it with the project to merge `/var/run` and `/run`. Looking at the upstream source, this is because the init scripts and systemd service files for `php-fpm` and `phpdbg` expect to be able to create PID files there. However, we don't actually ship those init scripts or systemd services anywhere, so there's no need to ship that empty directory either. Signed-off-by: Colin Watson <colin.watson@chainguard.dev> Export: ce2da29
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: c174ed9
…webui open-webui: CVE remediations Export: f8e8642
pdns-5.3: fix build failures Export: f0aa1ab
…3jmp-rvhc mlflow: bump epoch to rebuild and remediate CVE-2026-25990 Export: 45d881d
…web-app-GHSA-r6ph-v2qm-q3c2 kubeflow-volumes-web-app: bump epoch and rebuild to remediate CVE-2026-26007 Export: b5b040d
Co-authored-by: cve-remediation <cve-remediation@chainguard.dev> Export: 37d1eb8
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 4f3f901
Signed-off-by: Luca Di Maio <luca.dimaio1@gmail.com> Export: c7f5f93
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: ae878bf
…-reconciler/version_data/scala.yaml Add scala 3.8 version stream Export: c34a0d27d3efa2ba0784e471ea0d093eaf7794cd
The ceph-20.2 version stream was created in error; remove this stream and move the ceph-20 stream back to Wolfi OS. Withdraw APK's created by this errant version stream. Export: 7d9bd68
…-bot/os/cert-manager-csi-driver.yaml cert-manager-csi-driver/0.12.1 package update Export: 888a8b5acdf3ec0fa2930ef678a1ddd7ad68d4eb
…-bot/os/py3-peewee.yaml py3-peewee/4.0.0 package update Export: 420a1a0
…n/os/ipfs-cluster.yaml ipfs-cluster 1.1.5-r4: remediate GHSA-2f2x-8mwp-p2gc Export: ee2efd7
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: cf0ab3c
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 8385d1f
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: b2880c7
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 1b30c3f
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: d3a49a8
This remediates this:
└── 📄 /usr/bin/spegel
📦 github.com/pion/dtls/v3 v3.0.6 (go-module)
Medium CVE-2026-26014 GHSA-9f3f-wv7r-qc8r fixed in 3.0.11
📦 github.com/quic-go/webtransport-go v0.9.0 (go-module)
Medium CVE-2026-21438 GHSA-2f2x-8mwp-p2gc fixed in 0.10.0
Medium CVE-2026-21434 GHSA-g6x7-jq8p-6q9q fixed in 0.10.0
Medium CVE-2026-21435 GHSA-px4r-g4p3-hhqv fixed in 0.10.0
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero@chainguard.dev>
Export: 1509189
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: af3ed64
…fips-remed
spegel{-fips,}: remediate some CVEs
Export: 1ad36af
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 2fe5d85
…back-to-os chore(os): move ceph-20 back to Wolfi OS Export: 18abc5e
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: aebce25
Previous to this patch, the dependency was implicit (autogenerated) and could be satisfied by different libpq versions, resulting in package dependency conflicts at install time. Make the dependency explicit. While at it, refresh package tests. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero@chainguard.dev> Export: 0ea7622
…-bot/os/sops.yaml sops/3.12.1 package update Export: 17f1169
…-bot/os/rstudio.yaml rstudio/2026.01.1_p403 package update Export: cc381a4
…-bot/os/linkerd-await.yaml linkerd-await/0.3.2 package update Export: 47039c4
…-bot/os/goreleaser.yaml goreleaser/2.14.0 package update Export: c758b92
…explicit-d postgis: explicit dependency on libpq Export: 948b9fc
…ic-subpackages-llvm 6 packages: add test/tw/staticpackage to llvm -static subpackages Export: c6a5a04
…font-packages fontsproto, font-xproto: add XML validation tests via new test/tw/xml-syntax-check pipeline Export: 6d730ba
…l-completion-check test: add shell-syntax-check pipeline (bash/zsh/fish/sh) + 30 subpackages Export: 3f64e76
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: ad1dbb7
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: 8e2d83c
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: a0a3e8f
Co-authored-by: staging-update-bot <staging-update-bot@chainguard.dev> Export: d4f6400
Signed-off-by: ndinhbang <47777358+ndinhbang@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.