Skip to content

prometheus-3.0/3.0.1-r0: cve remediation #36782

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 15, 2024
Merged

prometheus-3.0/3.0.1-r0: cve remediation #36782

merged 1 commit into from
Dec 15, 2024

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Dec 13, 2024

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Dec 13, 2024

Gen AI suggestions to solve the build error:

• Detected Error: "npm error Internal error. Icu error."

• Error Category: Build/Dependency

• Failure Point: During npm install in the web/ui directory when running make assets-compress

• Root Cause Analysis:
The error appears to be related to ICU (International Components for Unicode) library incompatibility with the installed Node.js version. This typically occurs when there's a mismatch between the ICU versions used by Node.js and the system.

• Suggested Fix:

  1. Add icu package explicitly to environment dependencies:
environment:
  contents:
    packages:
      - bash
      - busybox
      - ca-certificates-bundle
      - go
      - nodejs
      - npm
      - icu
      - icu-libs
  1. Alternatively, try using an older Node.js version that matches the ICU version:
environment:
  contents:
    packages:
      - bash
      - busybox
      - ca-certificates-bundle
      - go
      - nodejs-20
      - npm

• Explanation:
Node.js has a dependency on ICU for internationalization support. The error suggests there's an incompatibility between the system ICU libraries and Node.js's expectations. Adding the explicit ICU dependencies or using a more stable Node.js version should resolve the conflict.

• Additional Notes:

  • Node.js 23 is very recent and might have stability issues
  • The error is occurring during the frontend build process
  • ICU-related issues are common when building Node.js applications in container environments

• References:

@kranurag7 kranurag7 force-pushed the cve-prometheus-3.0-24822774d1fcbfd4fb349645af912758 branch from f1abc03 to e55865c Compare December 15, 2024 17:22
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Dec 15, 2024
@kranurag7
Copy link
Member

we had issues with icu package which is resolved now, I rebased the PR to main and we should be good with merging this.

@octo-sts octo-sts bot enabled auto-merge (squash) December 15, 2024 18:01
@octo-sts octo-sts bot merged commit 4143acb into main Dec 15, 2024
14 checks passed
@octo-sts octo-sts bot deleted the cve-prometheus-3.0-24822774d1fcbfd4fb349645af912758 branch December 15, 2024 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
auto-approver-bot/approve automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. GHSA-v778-237x-gjrc go/bump prometheus-3.0/3.0.1-r0 request-cve-remediation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kranurag7