Thanks to visit codestin.com
Credit goes to github.com

Skip to content

LCORE-2315: Fix CVE in idna#1771

Merged
tisnik merged 1 commit into
lightspeed-core:mainfrom
tisnik:lcore-2315-fix-cve-in-idna
May 20, 2026
Merged

LCORE-2315: Fix CVE in idna#1771
tisnik merged 1 commit into
lightspeed-core:mainfrom
tisnik:lcore-2315-fix-cve-in-idna

Conversation

@tisnik

@tisnik tisnik commented May 19, 2026

Copy link
Copy Markdown
Contributor

Description

LCORE-2315: Fix CVE in idna

Type of change

  • Refactor
  • New feature
  • Bug fix
  • CVE fix
  • Optimization
  • Documentation Update
  • Configuration Update
  • Bump-up service version
  • Bump-up dependent library
  • Bump-up library or tool used for development (does not change the final image)
  • CI configuration change
  • Konflux configuration change
  • Unit tests improvement
  • Integration tests improvement
  • End to end tests improvement
  • Benchmarks improvement

Tools used to create PR

  • Assisted-by: N/A
  • Generated by: N/A

Related Tickets & Documents

  • Related Issue #LCORE-2315

Summary by CodeRabbit

  • Chores
    • Updated internal dependency pinning and build system configurations for improved system stability.

Review Change Stack

@coderabbitai

coderabbitai Bot commented May 19, 2026

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. πŸŽ‰

ℹ️ Recent review info
βš™οΈ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 8628736a-fd4d-4558-910b-5cb6763cd118

πŸ“₯ Commits

Reviewing files that changed from the base of the PR and between 3fc3d4a and 1dedf81.

πŸ“’ Files selected for processing (4)
  • .konflux/requirements.hashes.source.txt
  • .konflux/requirements.hashes.wheel.txt
  • .tekton/lightspeed-stack-pull-request.yaml
  • .tekton/lightspeed-stack-push.yaml
πŸ’€ Files with no reviewable changes (1)
  • .konflux/requirements.hashes.wheel.txt
πŸ“œ Recent review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (16)
  • GitHub Check: radon
  • GitHub Check: Pylinter
  • GitHub Check: unit_tests (3.13)
  • GitHub Check: integration_tests (3.12)
  • GitHub Check: spectral
  • GitHub Check: integration_tests (3.13)
  • GitHub Check: unit_tests (3.12)
  • GitHub Check: build-pr
  • GitHub Check: E2E Tests for Lightspeed Evaluation job
  • GitHub Check: E2E: server mode / ci / group 2
  • GitHub Check: E2E: library mode / ci / group 2
  • GitHub Check: E2E: server mode / ci / group 1
  • GitHub Check: E2E: library mode / ci / group 1
  • GitHub Check: E2E: server mode / ci / group 3
  • GitHub Check: E2E: library mode / ci / group 3
  • GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-on-pull-request
πŸ”‡ Additional comments (3)
.konflux/requirements.hashes.source.txt (1)

503-505: LGTM!

.tekton/lightspeed-stack-pull-request.yaml (1)

61-61: LGTM!

.tekton/lightspeed-stack-push.yaml (1)

53-53: LGTM!


Walkthrough

This PR upgrades the idna dependency from version 3.11 to 3.15 by updating the pinned versions and hashes in the source and wheel requirements files, and removing idna from the Tekton pipeline prefetch configurations for both pull-request and push pipelines.

Changes

idna Dependency Upgrade

Layer / File(s) Summary
Dependency hash file updates
.konflux/requirements.hashes.source.txt, .konflux/requirements.hashes.wheel.txt
Source requirements adds idna==3.15 with corresponding SHA256 hash values; wheel requirements removes idna==3.11 with its hash values.
Tekton pipeline configuration updates
.tekton/lightspeed-stack-pull-request.yaml, .tekton/lightspeed-stack-push.yaml
Both pipeline configurations remove idna from the prefetch-input binary.packages lists in their dependency prefetching configurations.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

πŸš₯ Pre-merge checks | βœ… 5
βœ… Passed checks (5 passed)
Check name Status Explanation
Description Check βœ… Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check βœ… Passed The title clearly and specifically identifies the main change: fixing a CVE vulnerability in the idna dependency, which aligns with all four modified files (requirements and pipeline configuration updates).
Docstring Coverage βœ… Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check βœ… Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check βœ… Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
πŸ§ͺ Generate unit tests (beta)
  • Create PR with unit tests
✨ Simplify code
  • Create PR with simplified code

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❀️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@tisnik tisnik merged commit 9b2e821 into lightspeed-core:main May 20, 2026
31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant