Skip to content
This repository was archived by the owner on Feb 16, 2026. It is now read-only.

chore: update dependencies#4439

Open
reneleonhardt wants to merge 1 commit intovarnishcache:masterfrom
reneleonhardt:chore/update-dependencies
Open

chore: update dependencies#4439
reneleonhardt wants to merge 1 commit intovarnishcache:masterfrom
reneleonhardt:chore/update-dependencies

Conversation

@reneleonhardt
Copy link
Copy Markdown

Chores

  • Update GitHub Actions (use pinning to improve supply chain security)
  • Let Dependabot update github-actions and gitsubmodule (use cooldown to improve supply chain security)
  • Remove unsupported distributions (Ubuntu 20.04)
  • Add stable distributions (Debian Trixie)
  • Use apt --no-install-recommends to improve performance and reduce the attack surface

@reneleonhardt
Copy link
Copy Markdown
Author

reneleonhardt commented Jan 21, 2026

Notes

  • almalinux:10 has to be added (8 should be removed, active support ended 2 years ago)
  • Are Ubuntu 20.04 workarounds still needed in .circleci/make-deb-packages.sh?
# Ubuntu 20.04 aarch64 fails when using fakeroot-sysv with:
#    semop(1): encountered an error: Function not implemented
update-alternatives --set fakeroot /usr/bin/fakeroot-tcp

CI

  • I didn't change any code or test, but noble failed 😄
    Are there any recommended packages missing in the install list, which have been previously installed by install-recommends?

https://app.circleci.com/pipelines/github/varnishcache/varnish-cache/7730/workflows/aaa9f6e2-6ac5-4d43-bc84-67e142a316d3/jobs/99016

FAIL: tests/cookie_b00001.vtc
FAIL: tests/m00060.vtc

Both log

AddressSanitizer: CHECK failed: sanitizer_thread_registry.cpp:161

@gquintard
Copy link
Copy Markdown
Member

hi! Thank you for that. github actions are really only used for the fuzzer. So I believe we can just keep the dependabot here.

@gquintard
Copy link
Copy Markdown
Member

by the way, the packaging bits are handled by https://github.com/varnish/all-packager, I have a PR coming about the fakeroot for 20.04 fix that will land very very soon

@nigoroll
Copy link
Copy Markdown
Member

bugwash is asking @gquintard to handle this ticket

@reneleonhardt reneleonhardt force-pushed the chore/update-dependencies branch from b6dfe3b to f2c60cd Compare January 26, 2026 15:35
@gquintard
Copy link
Copy Markdown
Member

@nigoroll, @bsdphk, what is the plan for packaging going forward? My memory is a bit fuzzy, but we also have varnishcache/pkg-varnish-cache. Do you want the packaging scripts to be in or out-of-tree?

@gquintard
Copy link
Copy Markdown
Member

ok from my side, but as mentioned, I'd like some clarity on the CI platform we'd like to use, and and where the packaging scripts should live

@gquintard
Copy link
Copy Markdown
Member

to be clear, I've approve this, but I have no commit right

@reneleonhardt reneleonhardt force-pushed the chore/update-dependencies branch from f2c60cd to 0159b00 Compare February 6, 2026 18:14
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants