Skip to content

chore(image): remove libxml2 from release#14486

Closed
janisz wants to merge 1 commit intoremove_packages_with_depsfrom
remove_xml
Closed

chore(image): remove libxml2 from release#14486
janisz wants to merge 1 commit intoremove_packages_with_depsfrom
remove_xml

Conversation

@janisz
Copy link
Copy Markdown
Contributor

@janisz janisz commented Mar 4, 2025
edited
Loading

Description

This PR removes libxml2 and packages that depends on it. It's done to fix following reports:

|          libarchive           |     3.3.3-5.el8     | CVE-2024-57970 | MODERATE  |       -       |           https://access.redhat.com/security/cve/CVE-2024-57970            |
+-------------------------------+---------------------+----------------+-----------+---------------+----------------------------------------------------------------------------+
|            libxml2            |  2.9.7-18.el8_10.2  | CVE-2024-56171 | IMPORTANT |       -       |           https://access.redhat.com/security/cve/CVE-2024-56171            |
+                               +                     +----------------+-----------+---------------+----------------------------------------------------------------------------+
|                               |                     | CVE-2025-24928 | IMPORTANT |       -       |           https://access.redhat.com/security/cve/CVE-2025-24928            |
  • CHANGELOG update is not needed
  • Documentation is not needed

Testing

  • inspected CI results

Automated testing

  • modified existing tests
  • contributed no automated tests

How I validated my change

CI

@janisz
Copy link
Copy Markdown
Contributor Author

janisz commented Mar 4, 2025
edited
Loading

This change is part of the following stack:

Change managed by git-spice.

@janisz janisz mentioned this pull request Mar 4, 2025
Closed
5 tasks
@janisz janisz requested review from a team as code owners March 4, 2025 13:13
@github-actions github-actions bot added area/scanner konflux-build Run Konflux in PR. Push commit to trigger it. labels Mar 4, 2025
@rhacs-bot
Copy link
Copy Markdown
Contributor

rhacs-bot commented Mar 4, 2025
edited
Loading

Images are ready for the commit at ace1ace.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.8.x-257-gace1ace220.

This was referenced Mar 4, 2025
Merged
Merged
@janisz janisz changed the base branch from remove_packages_with_deps to master March 4, 2025 14:22
@janisz janisz changed the base branch from master to remove_packages_with_deps March 4, 2025 14:29
@janisz janisz mentioned this pull request Mar 4, 2025
Closed
5 tasks
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 4, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 49.17%. Comparing base (2f03a66) to head (ace1ace).

Additional details and impacted files 
@@                      Coverage Diff                      @@
##           remove_packages_with_deps   #14486      +/-   ##
=============================================================
- Coverage                      49.18%   49.17%   -0.01%     
=============================================================
  Files                           2532     2532              
  Lines                         185508   185508              
=============================================================
- Hits                           91237    91229       -8     
- Misses                         87036    87043       +7     
- Partials                        7235     7236       +1
Flag Coverage Δ
go-unit-tests 49.17% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Mar 4, 2025

@janisz: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/gke-scanner-v4-install-tests 8e10677 link false /test gke-scanner-v4-install-tests
ci/prow/ocp-4-17-scanner-v4-install-tests 8e10677 link false /test ocp-4-17-scanner-v4-install-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@janisz
chore(image): remove libxml2 from release
ace1ace 
Signed-off-by: Tomasz Janiszewski <tomek@redhat.com>
@janisz janisz force-pushed the remove_packages_with_deps branch from 8c0b578 to 2f03a66 Compare March 18, 2025 12:08
@janisz
Copy link
Copy Markdown
Contributor Author

janisz commented Mar 18, 2025

Closing as we will solve this issue by migration to ubi-micro instead of package pruning.

@janisz janisz closed this Mar 18, 2025
@janisz janisz deleted the remove_xml branch September 16, 2025 09:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/helm area/scanner konflux-build Run Konflux in PR. Push commit to trigger it.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@janisz @rhacs-bot