Skip to content

chore: update pvtr plugin to v0.24.0+2fixes#4314

Open
joanagmaia wants to merge 3 commits into
mainfrom
chore/update-pvtr-version
Open

chore: update pvtr plugin to v0.24.0+2fixes#4314
joanagmaia wants to merge 3 commits into
mainfrom
chore/update-pvtr-version

Conversation

@joanagmaia

@joanagmaia joanagmaia commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Bumps pvtr-github-repo-scanner commit from c7bd9538 (v0.23.2) to c1095c95 (post-v0.24.0 HEAD)
  • Includes two required bug fixes: fix(OSPS-BR-07.01) (consult Security Insights when security_and_analysis is null) and fix(OSPS-LE-02.01) (pass deprecated but OSI/FSF-approved SPDX IDs)
  • Updates plugin build stage from golang:1.26.3-alpine3.23 to golang:1.26.4-alpine3.22 — required by go.mod at new commit (go 1.26.4); matches pvtr's own Dockerfile
  • Privateer binary stays at 0.21.2 (confirmed compatible)

No breaking changes

All commits between v0.23.2 and the new HEAD are dependency bumps, CI fixes, and the two bug fixes above.

🤖 Generated with Claude Code


Note

Low Risk
Dependency pin and build-image bump only; no application code changes and the Privateer core version is unchanged.

Overview
Updates the security best practices worker image build so the Privateer github-repo plugin is pinned to v0.24.0 at commit c1095c95 (replacing v0.23.2 / c7bd9538), including post-release fixes for OSPS-BR-07.01 (Security Insights when security_and_analysis is null) and OSPS-LE-02.01 (deprecated OSI/FSF-approved SPDX IDs).

The plugin compile stage moves to golang:1.26.4-alpine3.22 to match the scanner’s go.mod; the Privateer core binary remains 0.21.2.

Reviewed by Cursor Bugbot for commit f41380e. Bugbot is set up for automated code reviews on this repo. Configure here.

Bumps pvtr-github-repo-scanner from v0.23.2 (c7bd9538) to commit
c1095c95, which is post-v0.24.0 and includes two required fixes:
- fix(OSPS-BR-07.01): consult Security Insights when security_and_analysis is null
- fix(OSPS-LE-02.01): pass deprecated but OSI/FSF-approved SPDX IDs

Also updates the plugin build stage to golang:1.26.4-alpine3.22, required
by go.mod at the new commit (go 1.26.4). Privateer binary stays at 0.21.2,
confirmed compatible by pvtr's own Dockerfile.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Joana Maia <jmaia@contractor.linuxfoundation.org>
Copilot AI review requested due to automatic review settings July 7, 2026 15:00
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

⚠️ Jira Issue Key Missing

Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability.

Example:

  • feat: add user authentication (CM-123)
  • feat: add user authentication (IN-123)

Projects:

  • CM: Community Data Platform
  • IN: Insights

Please add a Jira issue key to your PR title.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR bumps the pvtr-github-repo-scanner plugin used by the security_best_practices_worker image from the v0.23.2 pin (commit c7bd9538) to a post-v0.24.0 commit (c1095c95, labeled "v0.24.0+2fixes"), which pulls in two required OSPS bug fixes. The change is isolated to a single build Dockerfile and involves no application code. I verified the change against the upstream scanner repo at the pinned commit: its go.mod declares go 1.26.4 and its own Dockerfile uses golang:1.26.4-alpine3.22 (digest-pinned), so the base-image change and version bump are correct and consistent. No other references to the old version or commit exist elsewhere in the repo.

Changes:

  • Bump PVTR_VERSION to v0.24.0 and PVTR_COMMIT to c1095c95…, updating the accompanying comment to match.
  • Update the plugin build stage base image from golang:1.26.3-alpine3.23 to golang:1.26.4-alpine3.22 (matches upstream go 1.26.4 requirement).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@joanagmaia joanagmaia requested review from Copilot and gaspergrom and removed request for Copilot July 8, 2026 10:50
Copilot AI review requested due to automatic review settings July 9, 2026 08:11

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants