Skip to content
This repository was archived by the owner on Feb 16, 2026. It is now read-only.

chore: update dependencies#4439

Open
reneleonhardt wants to merge 1 commit intovarnishcache:masterfrom
reneleonhardt:chore/update-dependencies
Open

chore: update dependencies#4439
reneleonhardt wants to merge 1 commit intovarnishcache:masterfrom
reneleonhardt:chore/update-dependencies

Conversation

@reneleonhardt
Copy link
Copy Markdown

@reneleonhardt reneleonhardt commented Jan 21, 2026

Chores

  • Update GitHub Actions (use pinning to improve supply chain security)
  • Let Dependabot update github-actions and gitsubmodule (use cooldown to improve supply chain security)
  • Remove unsupported distributions (Ubuntu 20.04)
  • Add stable distributions (Debian Trixie)
  • Use apt --no-install-recommends to improve performance and reduce the attack surface

@reneleonhardt
Copy link
Copy Markdown
Author

reneleonhardt commented Jan 21, 2026
edited
Loading

Notes

  • almalinux:10 has to be added (8 should be removed, active support ended 2 years ago)
  • Are Ubuntu 20.04 workarounds still needed in .circleci/make-deb-packages.sh?
# Ubuntu 20.04 aarch64 fails when using fakeroot-sysv with:
#    semop(1): encountered an error: Function not implemented
update-alternatives --set fakeroot /usr/bin/fakeroot-tcp

CI

  • I didn't change any code or test, but noble failed 😄
    Are there any recommended packages missing in the install list, which have been previously installed by install-recommends?

https://app.circleci.com/pipelines/github/varnishcache/varnish-cache/7730/workflows/aaa9f6e2-6ac5-4d43-bc84-67e142a316d3/jobs/99016

FAIL: tests/cookie_b00001.vtc
FAIL: tests/m00060.vtc

Both log

AddressSanitizer: CHECK failed: sanitizer_thread_registry.cpp:161

@gquintard
Copy link
Copy Markdown
Member

gquintard commented Jan 21, 2026

hi! Thank you for that. github actions are really only used for the fuzzer. So I believe we can just keep the dependabot here.

@gquintard
Copy link
Copy Markdown
Member

gquintard commented Jan 21, 2026

by the way, the packaging bits are handled by https://github.com/varnish/all-packager, I have a PR coming about the fakeroot for 20.04 fix that will land very very soon

@nigoroll
Copy link
Copy Markdown
Member

nigoroll commented Jan 26, 2026

bugwash is asking @gquintard to handle this ticket

@reneleonhardt reneleonhardt force-pushed the chore/update-dependencies branch from b6dfe3b to f2c60cd Compare January 26, 2026 15:35
@gquintard
Copy link
Copy Markdown
Member

gquintard commented Feb 5, 2026

@nigoroll, @bsdphk, what is the plan for packaging going forward? My memory is a bit fuzzy, but we also have varnishcache/pkg-varnish-cache. Do you want the packaging scripts to be in or out-of-tree?

@gquintard
Copy link
Copy Markdown
Member

gquintard commented Feb 5, 2026

ok from my side, but as mentioned, I'd like some clarity on the CI platform we'd like to use, and and where the packaging scripts should live

@gquintard
Copy link
Copy Markdown
Member

gquintard commented Feb 6, 2026

to be clear, I've approve this, but I have no commit right

@gquintard gquintard mentioned this pull request Feb 6, 2026
Open
@reneleonhardt reneleonhardt force-pushed the chore/update-dependencies branch from f2c60cd to 0159b00 Compare February 6, 2026 18:14
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@gquintard gquintard gquintard approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@reneleonhardt @gquintard @nigoroll