Conversation
| @miq-bot cross-repo-tests /all, ManageIQ/manageiq-automation_engine#580 |
From Pull Request: ManageIQ/manageiq#23630
Replaces ManageIQ#23261
| gem "uri", "~> 0.13.3" # CVE-2025-61594: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/ | ||
| # Avoid URI 1.0.0 for now due to: https://github.com/ruby/uri/issues/125 | ||
| gem "thor", ">= 1.4.0" # CVE-2025-54314: https://github.com/advisories/GHSA-mqcp-p2hv-vw6x | ||
| gem "uri", "~> 1.0.4" # CVE-2025-61594: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/ |
There was a problem hiding this comment.
URI is the only change here... sorted this group of gems and fixed the vertical alignment of the # comment
| Openstack failures look like they might be related. |
| Actually maybe not? I can't require "qpid_proton" locally even before this change (but maybe I don't have the right libs installed) |
yeah, I'm stumped... Can any of our 🐧 friends require qpid_proton? It was using 0.37.0: I'm seeing some warnings but am not sure if it's related to the failure: It's happening for both nuage and openstack on qpid_proton: |
This was on master, let me pull your PR down and test again |
|
This |
| @jrafanie yeah the test failures are definitely introduced by this gem bump, I pulled your branch down, |
| NOTE the most recent version of qpid_proton on rubygems is 0.37.0, but apache has released 0.40.0. It looks like the line that fails is the same on 0.37 and 0.40 though, |
| apache/qpid-proton@346c779 appears to have fixed this but it hasn't been released yet. I opened https://issues.apache.org/jira/browse/PROTON-2777 a while ago but so far haven't had any input from the apache team. |
| Ah @agrare, thanks! I vaguely remember this now. You're right. It worked with 0.13.3 but fails with 1.0.0+ vmdb(dev)> require 'uri' => false vmdb(dev)> URI::VERSION => "0.13.3" vmdb(dev)> URI::Parser.new(:HOSTNAME => /(?:#{URI::PATTERN::HOSTNAME})|/) => #<URI::RFC2396_Parser:0x0000000127b32068>vmdb(dev)> require 'uri' => false vmdb(dev)> URI::VERSION => "1.0.4" vmdb(dev)> URI::Parser.new(:HOSTNAME => /(?:#{URI::PATTERN::HOSTNAME})|/) uri (1.0.4) lib/uri/rfc3986_parser.rb:73:in `initialize': wrong number of arguments (given 1, expected 0) (ArgumentError) from (vmdb):8:in `new' from (vmdb):8:in `<main>' from <internal:kernel>:187:in `loop' from railties (7.2.2.2) lib/rails/commands/console/irb_console.rb:129:in `start' from railties (7.2.2.2) lib/rails/commands/console/console_command.rb:59:in `start' from railties (7.2.2.2) lib/rails/commands/console/console_command.rb:8:in `start' from railties (7.2.2.2) lib/rails/commands/console/console_command.rb:87:in `perform' from thor (1.4.0) lib/thor/command.rb:28:in `run' from thor (1.4.0) lib/thor/invocation.rb:127:in `invoke_command' from railties (7.2.2.2) lib/rails/command/base.rb:178:in `invoke_command' from thor (1.4.0) lib/thor.rb:538:in `dispatch' from railties (7.2.2.2) lib/rails/command/base.rb:73:in `perform' from railties (7.2.2.2) lib/rails/command.rb:71:in `block in invoke' from railties (7.2.2.2) lib/rails/command.rb:149:in `with_argv' from railties (7.2.2.2) lib/rails/command.rb:69:in `invoke' from railties (7.2.2.2) lib/rails/commands.rb:18:in `<main>' ... 4 levels... |
| If a new version is released but not pushed to rubygems we could build our own and host it on rubygems.manageiq.org |
| I updated the description based on @agrare's findings and marked it as WIP until a qpid_proton gem release. |
| Checked commits jrafanie/manageiq@be8d176~...43327ab with ruby 3.1.7, rubocop 1.56.3, haml-lint 0.64.0, and yamllint |
| This pull request is not mergeable. Please rebase and repush. |
4 participants
Replaces #23261
Merge AFTER 0.13.x / 1.x compatible change: