Skip to content

Adding VersionStream for datadog-agent-7.73#75786

Merged
AmberArcadia merged 11 commits into
mainfrom
datadog-agent-7.73
Dec 22, 2025
Merged

Adding VersionStream for datadog-agent-7.73#75786
AmberArcadia merged 11 commits into
mainfrom
datadog-agent-7.73

Conversation

@octo-sts
Copy link
Copy Markdown
Contributor

@octo-sts octo-sts Bot commented Dec 12, 2025

No description provided.

@octo-sts
Copy link
Copy Markdown
Contributor Author

octo-sts Bot commented Dec 12, 2025
edited
Loading

🔄 Build Failed: Git Checkout Error

ERROR: expected-commit (c2376aa55bec2cca05988e6e29101b42d833c684) is not the latest commit on branch 7.73.x
Latest commit is: 750eee16611a2be2dedaffb2fe2fee45e3802c6a
Please update the expected-commit in datadog-agent.yaml

Build Details

Category Details
Build System Melange
Failure Point git-checkout step in datadog-agent-7.73-core-integrations subpackage pipeline

Root Cause Analysis 🔍

The build configuration specifies an expected commit hash (c2376aa55bec2cca05988e6e29101b42d833c684) that doesn't match the latest commit on the 7.73.x branch (750eee16611a2be2dedaffb2fe2fee45e3802c6a). This is a safety check to ensure reproducible builds, and it's failing because the repository has newer commits than what the build expects.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts Bot added the ai/skip-comment Stop AI from commenting on PR label Dec 12, 2025
@AmberArcadia AmberArcadia self-assigned this Dec 15, 2025
@octo-sts octo-sts Bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Dec 17, 2025
@AmberArcadia AmberArcadia requested a review from a team December 18, 2025 21:43
@aborrero
Copy link
Copy Markdown
Member

aborrero commented Dec 19, 2025

I have added a few additional tests for subpackages that didn't have any.

@aborrero
Copy link
Copy Markdown
Member

aborrero commented Dec 19, 2025 

├── 📄 /opt/datadog-agent/bin/agent/agent
│       📦 golang.org/x/crypto v0.44.0 (go-module)
│           Medium CVE-2025-47914 GHSA-f6x5-jh6r-wrfv fixed in 0.45.0
│           Medium CVE-2025-58181 GHSA-j5w8-q4qc-rx2x fixed in 0.45.0
└── 📄 /opt/datadog-agent/embedded/lib/python3.12/site-packages/pip/_vendor/vendor.txt
        📦 setuptools 70.3.0 (python)
            High CVE-2025-47273 GHSA-5rjg-fvgr-3xxf fixed in 78.1.1
        📦 urllib3 1.26.20 (python)
            High CVE-2025-66471 GHSA-2xpw-w6gg-jr37 fixed in 2.6.0
            High CVE-2025-66418 GHSA-gm62-xv2j-4w53 fixed in 2.6.0
            Medium CVE-2025-50181 GHSA-pq67-6m6q-mj2v fixed in 2.5.0

@aborrero
Copy link
Copy Markdown
Member

aborrero commented Dec 19, 2025 

├── 📄 /opt/datadog-agent/embedded/lib/python3.12/site-packages/filelock-3.19.1.dist-info/METADATA
│       📦 filelock 3.19.1 (python)
│           Medium CVE-2025-68146 GHSA-w853-jp5j-5j7f fixed in 3.20.1
└── 📄 /opt/datadog-agent/embedded/lib/python3.12/site-packages/pip/_vendor/vendor.txt
        📦 setuptools 70.3.0 (python)
            High CVE-2025-47273 GHSA-5rjg-fvgr-3xxf fixed in 78.1.1
        📦 urllib3 1.26.20 (python)
            High CVE-2025-66471 GHSA-2xpw-w6gg-jr37 fixed in 2.6.0
            High CVE-2025-66418 GHSA-gm62-xv2j-4w53 fixed in 2.6.0
            Medium CVE-2025-50181 GHSA-pq67-6m6q-mj2v fixed in 2.5.0

@aborrero
Copy link
Copy Markdown
Member

aborrero commented Dec 19, 2025 

└── 📄 /usr/bin/datadog-cluster-agent
        📦 golang.org/x/crypto v0.44.0 (go-module)
            Medium CVE-2025-47914 GHSA-f6x5-jh6r-wrfv fixed in 0.45.0
            Medium CVE-2025-58181 GHSA-j5w8-q4qc-rx2x fixed in 0.45.0

@OddBloke
Copy link
Copy Markdown
Member

OddBloke commented Dec 19, 2025

I should just have fixed the x/crypto detections. The urllib3 and setuptools detections are advisoried for 7.72, so the same will apply here. I think that a rebuild will pull the newer version of filelock that's now present in https://agent-int-packages.datadoghq.com/external/filelock/, but we'll see.

AmberArcadia and others added 3 commits December 19, 2025 14:31
@AmberArcadia
Updated 2nd commit
dcffcc6 
Signed-off-by: Amber Arcadia <amber.arcadia@chainguard.dev>
@OddBloke
datadog-agent-7.73: switch remaining Python 3.12 references to use var
e33bd1f
@OddBloke
datadog-agent-7.73: bump to using Python 3.13
4504efd 
Upstream no longer appear to be updating their requirements files for
3.12, which currently means we would be shipping a vulnerable version of
`filelock`.
AmberArcadia
AmberArcadia approved these changes Dec 22, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@AmberArcadia AmberArcadia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your assistance! :)

@AmberArcadia AmberArcadia merged commit 2ef1db9 into main Dec 22, 2025
18 of 19 checks passed
@AmberArcadia AmberArcadia deleted the datadog-agent-7.73 branch December 22, 2025 16:03
octo-sts-6 Bot pushed a commit that referenced this pull request Apr 30, 2026
@octo-sts-8
Right-size resources for openjdk-26 (#75786)
3d6ce88 
Co-authored-by: staging-vpa-bot <staging-vpa-bot@chainguard.dev>

Export:  e4b41a57336171ea5a9e2056820bc7e59a36242e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AmberArcadia AmberArcadia AmberArcadia approved these changes

Assignees

@AmberArcadia AmberArcadia

Labels

ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. service:version-stream

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aborrero @OddBloke @AmberArcadia @cmwilson21