From 5f087af14d52387611dc19d840e2801bee580405 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Thu, 12 Feb 2026 13:09:15 +0000 Subject: [PATCH 1/3] chore(deps): refresh rpm lockfiles [SECURITY] Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- rpms.lock.yaml | 88 +++++++++++++++++++++++++------------------------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/rpms.lock.yaml b/rpms.lock.yaml index a2f674795b..a36ce552ba 100644 --- a/rpms.lock.yaml +++ b/rpms.lock.yaml @@ -95,13 +95,13 @@ arches: name: gcc-c++ evr: 8.5.0-28.el8_10 sourcerpm: gcc-8.5.0-28.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.1.aarch64.rpm repoid: rhel-8-for-aarch64-appstream-rpms - size: 8231540 - checksum: sha256:f0c98b4413654c946bbb2c8cfc76fd5a52644633cac44d6ce99e96c861a1b9b5 + size: 8230264 + checksum: sha256:e128ca3f0011fc6d76c5b62539707a7c1279e24d6c9308854d41a4f731f6c5c3 name: gcc-toolset-14-binutils - evr: 2.41-4.el8_10 - sourcerpm: gcc-toolset-14-binutils-2.41-4.el8_10.src.rpm + evr: 2.41-4.el8_10.1 + sourcerpm: gcc-toolset-14-binutils-2.41-4.el8_10.1.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/Packages/g/gcc-toolset-14-gcc-14.2.1-11.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-appstream-rpms size: 46005436 @@ -2227,12 +2227,12 @@ arches: checksum: sha256:e1b85010aaa1a68d78d6c82aa183ea4e394124a2847b7ca3b66dfd0079824dbe name: gcc-toolset-14 evr: 14.0-1.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/source/SRPMS/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/source/SRPMS/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.1.src.rpm repoid: rhel-8-for-aarch64-appstream-source-rpms - size: 27306519 - checksum: sha256:e28f5951e286b0619f976743ce7d525a12cc1eba1f7150a34a0d7ae8ab1047e5 + size: 27306724 + checksum: sha256:502c3ed2e479878a9d6ef7d0794ef556c05e970ec56253241fdc7528f0e7e092 name: gcc-toolset-14-binutils - evr: 2.41-4.el8_10 + evr: 2.41-4.el8_10.1 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/source/SRPMS/Packages/g/gcc-toolset-14-gcc-14.2.1-11.el8_10.src.rpm repoid: rhel-8-for-aarch64-appstream-source-rpms size: 93036534 @@ -3428,10 +3428,10 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/repodata/3d72f862f2de42dab8082b452696bff9ce2eb76d2809834a0c3207f216735ceb-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/repodata/e62c25503f03450a41570ead5fa1c0d47ad3b90ab4c55c5569808987760e63e9-modules.yaml.gz repoid: rhel-8-for-aarch64-appstream-rpms size: 766812 - checksum: sha256:3d72f862f2de42dab8082b452696bff9ce2eb76d2809834a0c3207f216735ceb + checksum: sha256:e62c25503f03450a41570ead5fa1c0d47ad3b90ab4c55c5569808987760e63e9 - arch: ppc64le packages: - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/Packages/a/autoconf-2.69-29.el8_10.1.noarch.rpm @@ -3525,13 +3525,13 @@ arches: name: gcc-c++ evr: 8.5.0-28.el8_10 sourcerpm: gcc-8.5.0-28.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.1.ppc64le.rpm repoid: rhel-8-for-ppc64le-appstream-rpms - size: 8180820 - checksum: sha256:2e551e308aeda0a2fa89fdfb586613e120fc77288c067eb28ab25fc5a3abada5 + size: 8179548 + checksum: sha256:0b2a1d8ffd27f48f29eef9380a05a5292c6b71e7ce9efa81c7d5d85a26215cf6 name: gcc-toolset-14-binutils - evr: 2.41-4.el8_10 - sourcerpm: gcc-toolset-14-binutils-2.41-4.el8_10.src.rpm + evr: 2.41-4.el8_10.1 + sourcerpm: gcc-toolset-14-binutils-2.41-4.el8_10.1.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/Packages/g/gcc-toolset-14-gcc-14.2.1-11.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-appstream-rpms size: 44179852 @@ -5664,12 +5664,12 @@ arches: checksum: sha256:e1b85010aaa1a68d78d6c82aa183ea4e394124a2847b7ca3b66dfd0079824dbe name: gcc-toolset-14 evr: 14.0-1.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/source/SRPMS/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/source/SRPMS/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.1.src.rpm repoid: rhel-8-for-ppc64le-appstream-source-rpms - size: 27306519 - checksum: sha256:e28f5951e286b0619f976743ce7d525a12cc1eba1f7150a34a0d7ae8ab1047e5 + size: 27306724 + checksum: sha256:502c3ed2e479878a9d6ef7d0794ef556c05e970ec56253241fdc7528f0e7e092 name: gcc-toolset-14-binutils - evr: 2.41-4.el8_10 + evr: 2.41-4.el8_10.1 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/source/SRPMS/Packages/g/gcc-toolset-14-gcc-14.2.1-11.el8_10.src.rpm repoid: rhel-8-for-ppc64le-appstream-source-rpms size: 93036534 @@ -6871,10 +6871,10 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/repodata/9b18459472b2f83bdf1393e092983daf106d3cafe9d6f0a68704dbd38980c09d-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/repodata/1438f2891237416f129a80fac502653deaa5406d15e683baa4e417b693034b6a-modules.yaml.gz repoid: rhel-8-for-ppc64le-appstream-rpms size: 761744 - checksum: sha256:9b18459472b2f83bdf1393e092983daf106d3cafe9d6f0a68704dbd38980c09d + checksum: sha256:1438f2891237416f129a80fac502653deaa5406d15e683baa4e417b693034b6a - arch: s390x packages: - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/Packages/a/autoconf-2.69-29.el8_10.1.noarch.rpm @@ -6968,13 +6968,13 @@ arches: name: gcc-c++ evr: 8.5.0-28.el8_10 sourcerpm: gcc-8.5.0-28.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.1.s390x.rpm repoid: rhel-8-for-s390x-appstream-rpms - size: 7579128 - checksum: sha256:2ad8dbb2da325e43dec133de47e33ef3c576d5ac754bcf4cc0ba2aa119bd8ae6 + size: 7577244 + checksum: sha256:557e2ed15345c252e650c13c58ae09427cdb118509d45e77b4a063fb83daeed6 name: gcc-toolset-14-binutils - evr: 2.41-4.el8_10 - sourcerpm: gcc-toolset-14-binutils-2.41-4.el8_10.src.rpm + evr: 2.41-4.el8_10.1 + sourcerpm: gcc-toolset-14-binutils-2.41-4.el8_10.1.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/Packages/g/gcc-toolset-14-gcc-14.2.1-11.el8_10.s390x.rpm repoid: rhel-8-for-s390x-appstream-rpms size: 42167412 @@ -9002,12 +9002,12 @@ arches: checksum: sha256:e1b85010aaa1a68d78d6c82aa183ea4e394124a2847b7ca3b66dfd0079824dbe name: gcc-toolset-14 evr: 14.0-1.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/source/SRPMS/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/source/SRPMS/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.1.src.rpm repoid: rhel-8-for-s390x-appstream-source-rpms - size: 27306519 - checksum: sha256:e28f5951e286b0619f976743ce7d525a12cc1eba1f7150a34a0d7ae8ab1047e5 + size: 27306724 + checksum: sha256:502c3ed2e479878a9d6ef7d0794ef556c05e970ec56253241fdc7528f0e7e092 name: gcc-toolset-14-binutils - evr: 2.41-4.el8_10 + evr: 2.41-4.el8_10.1 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/source/SRPMS/Packages/g/gcc-toolset-14-gcc-14.2.1-11.el8_10.src.rpm repoid: rhel-8-for-s390x-appstream-source-rpms size: 93036534 @@ -10155,10 +10155,10 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/repodata/d5f03c5acc6abbbeca6427f759aa0959efb8f9f3e4f48f594e1b0e35eae01b85-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/repodata/083a163ba4b761c25c802ab227b4c69bdffc58166a1d20fe8b3bc02d0d9e30d3-modules.yaml.gz repoid: rhel-8-for-s390x-appstream-rpms size: 763388 - checksum: sha256:d5f03c5acc6abbbeca6427f759aa0959efb8f9f3e4f48f594e1b0e35eae01b85 + checksum: sha256:083a163ba4b761c25c802ab227b4c69bdffc58166a1d20fe8b3bc02d0d9e30d3 - arch: x86_64 packages: - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/Packages/a/autoconf-2.69-29.el8_10.1.noarch.rpm @@ -10252,13 +10252,13 @@ arches: name: gcc-c++ evr: 8.5.0-28.el8_10 sourcerpm: gcc-8.5.0-28.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.1.x86_64.rpm repoid: rhel-8-for-x86_64-appstream-rpms - size: 7955476 - checksum: sha256:9080afc0bc11d10e759a00e99ffcf10c0721e01a295e81096dfb613d3b8acbd1 + size: 7954692 + checksum: sha256:81368162b0089377ac36cce35bd5f1557e142c64b9e33dda4ff4a60477730340 name: gcc-toolset-14-binutils - evr: 2.41-4.el8_10 - sourcerpm: gcc-toolset-14-binutils-2.41-4.el8_10.src.rpm + evr: 2.41-4.el8_10.1 + sourcerpm: gcc-toolset-14-binutils-2.41-4.el8_10.1.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/Packages/g/gcc-toolset-14-gcc-14.2.1-11.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-appstream-rpms size: 52912104 @@ -12370,12 +12370,12 @@ arches: checksum: sha256:e1b85010aaa1a68d78d6c82aa183ea4e394124a2847b7ca3b66dfd0079824dbe name: gcc-toolset-14 evr: 14.0-1.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/source/SRPMS/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/source/SRPMS/Packages/g/gcc-toolset-14-binutils-2.41-4.el8_10.1.src.rpm repoid: rhel-8-for-x86_64-appstream-source-rpms - size: 27306519 - checksum: sha256:e28f5951e286b0619f976743ce7d525a12cc1eba1f7150a34a0d7ae8ab1047e5 + size: 27306724 + checksum: sha256:502c3ed2e479878a9d6ef7d0794ef556c05e970ec56253241fdc7528f0e7e092 name: gcc-toolset-14-binutils - evr: 2.41-4.el8_10 + evr: 2.41-4.el8_10.1 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/source/SRPMS/Packages/g/gcc-toolset-14-gcc-14.2.1-11.el8_10.src.rpm repoid: rhel-8-for-x86_64-appstream-source-rpms size: 93036534 @@ -13571,7 +13571,7 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/e3966e91019bcda7a7989f7a65f764cb0b88760fc263ffee2fea6d737b3b7d22-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/fd8ae68519e0c8d8f4bfb4cb930438e94a8aafc0bb0379212c25ae227c72b89f-modules.yaml.gz repoid: rhel-8-for-x86_64-appstream-rpms size: 789386 - checksum: sha256:e3966e91019bcda7a7989f7a65f764cb0b88760fc263ffee2fea6d737b3b7d22 + checksum: sha256:fd8ae68519e0c8d8f4bfb4cb930438e94a8aafc0bb0379212c25ae227c72b89f From 89f79662749d7a5b3d6040640559df9041543809 Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Thu, 12 Feb 2026 16:31:09 -0800 Subject: [PATCH 2/3] X-Smart-Branch-Parent: konflux/mintmaker/release-3.22/lock-file-maintenance-vulnerability From 8e3ea3fdefb4035a975f7f44df9b3d848c5fb41b Mon Sep 17 00:00:00 2001 From: JoukoVirtanen Date: Thu, 12 Feb 2026 16:32:35 -0800 Subject: [PATCH 3/3] Trying to make a valid manifest --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 55d4840b1b..cf46826b82 100644 --- a/Makefile +++ b/Makefile @@ -24,6 +24,7 @@ container-dockerfile-dev: builder: ifneq ($(BUILD_BUILDER_IMAGE), false) docker buildx build --load --platform ${PLATFORM} \ + --provenance=false \ --build-arg COLLECTOR_BUILDER_DEBUG=$(COLLECTOR_BUILDER_DEBUG) \ -t quay.io/stackrox-io/collector-builder:$(COLLECTOR_BUILDER_TAG) \ -f "$(CURDIR)/builder/Dockerfile" \