Skip to content

ROX-34975: bump claircore to e018c5a585a0#21108

Merged
jschnath merged 1 commit into
release-4.9from
jvdm/rox-34975-bump-claircore-4.9
Jun 12, 2026
Merged

ROX-34975: bump claircore to e018c5a585a0#21108
jschnath merged 1 commit into
release-4.9from
jvdm/rox-34975-bump-claircore-4.9

Conversation

@jvdm

@jvdm jvdm commented Jun 12, 2026
edited by atlassian Bot
Loading

Copy link
Copy Markdown
Contributor

Description

Bumps claircore from v1.5.44 to v1.5.45-0.20260612075416-e018c5a585a0 on the release-4.9 branch to unblock the v2 vulnerability bundle stream.

This picks up quay/claircore#1913, the backport of quay/claircore#1908 to stable-1.5.44. The fix replaces a hard error on ECOSYSTEM range types for Go/npm with a warning-and-skip, preventing a single malformed advisory from blocking the entire vulnerability bundle pipeline.

Incident doc: ROX-34975

Generated with the assistance of AI.

User-facing documentation

  • CHANGELOG.md is updated OR update is not needed
  • documentation PR is created and is linked above OR is not needed

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

Dependency bump only — no stackrox code changes. The fix is tested upstream in quay/claircore#1913. Validation will be done by re-running the vulnerability updater workflow after merge.

@jvdm jvdm requested a review from a team as a code owner June 12, 2026 08:05
@github-actions github-actions Bot added the backport PR to backport changes from master to release branch label Jun 12, 2026
@coderabbitai

coderabbitai Bot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: fd18d8b4-916b-45cc-9353-60e31b17b4c5

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch jvdm/rox-34975-bump-claircore-4.9

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@jvdm jvdm requested a review from a team June 12, 2026 08:15
@rhacs-bot

rhacs-bot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Images are ready for the commit at e9b07be.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.9.8-rc.1-1-ge9b07be16e.

@codecov

codecov Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 48.88%. Comparing base (0d82c7b) to head (e9b07be).

Additional details and impacted files 
@@               Coverage Diff               @@
##           release-4.9   #21108      +/-   ##
===============================================
- Coverage        48.89%   48.88%   -0.02%     
===============================================
  Files             2719     2719              
  Lines           202937   202937              
===============================================
- Hits             99223    99197      -26     
- Misses           95955    95974      +19     
- Partials          7759     7766       +7
Flag Coverage Δ
go-unit-tests 48.88% <ø> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jschnath

jschnath commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Sounds like a good candidate to still add to the 4.9.8 patch, I'll open another RC for it

@jschnath jschnath added this to the 4.9.8-rc.2 milestone Jun 12, 2026
@jschnath jschnath merged commit a93e536 into release-4.9 Jun 12, 2026
100 of 114 checks passed
@jschnath jschnath deleted the jvdm/rox-34975-bump-claircore-4.9 branch June 12, 2026 09:50
@jvdm

jvdm commented Jun 12, 2026

Copy link
Copy Markdown
Contributor Author

Sounds like a good candidate to still add to the 4.9.8 patch, I'll open another RC for it

This is not required to be in the next patch, in case a new RC at this point is too expensive. Just hanging the change in the release branch suffice. Thanks!

@jvdm jvdm mentioned this pull request Jun 12, 2026
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jschnath jschnath jschnath approved these changes

Assignees

No one assigned

Labels

ai-assisted backport PR to backport changes from master to release branch

Projects

None yet

Milestone

4.9.8-rc.2

Development

Successfully merging this pull request may close these issues.

3 participants

@jvdm @rhacs-bot @jschnath