rpms/abseil-cpp
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Policy review: blocked upstream update: abseil-cpp 20250512.1 → 20260526.0 #2

New issue
Open
opened 2026-06-04 02:02:07 +03:00 by sbelikov · 0 comments
sbelikov commented 2026-06-04 02:02:07 +03:00
Owner
Copy link

Policy review: blocked upstream update: abseil-cpp 20250512.120260526.0

Package

  • Package: abseil-cpp
  • RPM name: abseil-cpp
  • Branch: niceos-5.2
  • Current EVR: 20250512.1-1
  • Update class: major
  • Compare method: python_rpm
  • Update policy: leaf
  • Risk tags: github-upstream

Upstream

Signals

  • Security-relevant keywords detected: False
  • Policy blocked: True
  • Policy reason: package appears to be a library/API dependency
  • Labels: ai-summary, bot, needs-policy-decision, policy/blocked, policy/major-blocked, priority/high, update/major, upstream-update, upstream/github

NiceOS policy decision

This upstream update is blocked by NiceOS policy. Do not update automatically.

Blocked upstream updates require explicit maintainer review. For pinned upstream series, only versions within the allowed series should be used automatically; cross-series updates require ABI/API compatibility review, reverse-dependency impact analysis and controlled rebuild planning.

NiceSOFT AI preliminary stability analysis

Analysis of Upstream Update for abseil-cpp in NAIOS.OS

Key Details

  • Version Update:

    • Current Version: 20250512.1
    • Latest Version: 20260526.0
    • Type: Major release (major version increment)
    • Policy: leaf (not recommended for automatic updates)

  • Risk Tags:

    • github-upstream (indicating dependency risk)
    • Security Keywords: False (no known security vulnerabilities detected)

Risk Assessment

  1. Potential Risks:

    • Dependency Risk: The update is a library (abseil-cpp), which may introduce compatibility issues with existing codebases or dependencies.
    • Feature Gaps: While the release notes mention improvements (e.g., new features, performance optimizations), no specific security fixes or critical bug fixes are highlighted.
    • Policy Constraint: The leaf policy prevents automatic updates, requiring manual evaluation.

  2. Benefits:

    • New Features: The release includes enhancements (e.g., improved performance, expanded functionality).
    • Stability: The update may address minor bugs or improve stability, though no explicit claims are made.

Recommendations

  1. Evaluate Use Case:

    • If the application relies on abseil-cpp for core functionality, assess whether the update's benefits (e.g., performance improvements) outweigh potential risks.
    • Consider testing the update in a staging environment before deploying to production.

  2. Dependency Management:

    • Ensure compatibility with existing dependencies.
    • Monitor for any unintended side effects (e.g., API changes, breaking changes).

  3. Policy Compliance:

    • Follow the leaf policy by applying the update only after thorough testing and validation.

Conclusion

The update to abseil-cpp is a major release with potential benefits but also risks due to its dependency nature. While no security vulnerabilities are reported, the decision to apply the update should balance the benefits against the risks. Manual evaluation and testing are recommended to ensure stability and compatibility.

Источники, найденные web_search

  1. GitHub release API: abseil/abseil-cpp 20260526.0
  2. GitHub tag page: abseil/abseil-cpp 20260526.0
  3. GitHub releases page: abseil/abseil-cpp
  4. GitHub compare page: abseil/abseil-cpp 20250512.1...20260526.0
  5. tanio.cymru
  6. 20260526.0 · Releases · abseil/abseil-cpp · GitHub
  7. external/github.com/abseil/abseil-cpp - Git at Google
  8. YouTube

Upstream release notes / description

Abseil LTS 20260526.0

What's New

  • status_macros.h: Helper macros and methods to return and propagate errors with absl::Status.
  • absl::StatusBuilder: A builder type that implicitly converts to absl::Status and absl::StatusOr<T> that helps add additional information.
  • absl::SourceLocation: A type that provides source-code location info for C++17 and later. It differs from std::source_location in several ways. See source_location.h for more information.
  • absl::ClockInterface: An abstract interface representing a clock, allowing decoupling code that uses time from the code that creates a point in time. Useful for injecting clocks into interfaces, especially for testing purposes.
  • absl::SimulatedClock: A concrete clock implementation that does not "tick" on its own. Useful for manipulating time for testing purposes.
  • absl::AnySpan: A type that provides a view of any random access container.
  • absl::optional_ref: A type that provides a std::optional-like interface around T*.
  • absl::bind_back: A drop-in replacement for C++23's std::bind_back().
  • absl::CopyCordToSpan: A safer way to copy the contents of an absl::Cord to a buffer.
  • absl::HighPrecision: An absl::StrCat formatter that produces strings that would parse to the exact original floating point value (except in the case of NaNs).
  • throw_delegate.h: Helper functions that allow throwing exceptions consistently from anywhere without risking ODR violations.

Breaking Changes

  • For GCC users, Abseil now requires at least GCC 10 following Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools.
  • Many pre-C++17 polyfill types are marked deprecated. Users should migrate to the std:: equivalent.

Known Issues

Baseline: b29e7f9d7f4016e668647e5c2f27a1dc1e0b5243
Cherry-pick: 5650e9cf76d3be4318d5fa3af38ee483ddfd5e4a

NiceOS maintainer checklist

  • Confirm that the detected version is a stable upstream release.
  • Check upstream changelog for security fixes, ABI/API changes and build-system changes.
  • Check ABI/API compatibility and reverse dependencies.
  • Download source into NiceOS lookaside storage.
  • Update Version and related fields in SPECS/*.spec only if policy allows it.
  • Regenerate SOURCES/sources.lock.json, manifests, metadata and SBOM.
  • Build SRPM/RPM in a clean NiceOS buildroot.
  • Run package smoke tests.
  • Link PR/build logs and close this issue after update or triage.

Bot metadata

  • Tool: niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages
  • Generated at: 2026-06-11T23:03:52Z
<!-- niceos-upstream-monitor:fingerprint=upstream-update:abseil-cpp:20260526.0 --> <!-- niceos-upstream-monitor:package=abseil-cpp --> <!-- niceos-upstream-monitor:current=20250512.1 --> <!-- niceos-upstream-monitor:latest=20260526.0 --> # Policy review: blocked upstream update: `abseil-cpp` `20250512.1` → `20260526.0` ## Package - Package: `abseil-cpp` - RPM name: `abseil-cpp` - Branch: `niceos-5.2` - Current EVR: `20250512.1-1` - Update class: `major` - Compare method: `python_rpm` - Update policy: `leaf` - Risk tags: `github-upstream` ## Upstream - Upstream type: `github` - Upstream project: `abseil/abseil-cpp` - Upstream URL: <a href="https://github.com/abseil/abseil-cpp" target="_blank" rel="noopener noreferrer">github.com — abseil cpp</a> - Detected version: `20260526.0` - Tag/release: `20260526.0` - Source: `github_release_latest` - Published: `2026-06-01T18:54:11Z` - Release URL: <a href="https://github.com/abseil/abseil-cpp/releases/tag/20260526.0" target="_blank" rel="noopener noreferrer">github.com — 20260526.0</a> - Source URL: <a href="https://api.github.com/repos/abseil/abseil-cpp/tarball/20260526.0" target="_blank" rel="noopener noreferrer">api.github.com — 20260526.0</a> - Pre-release: `False` ## Signals - Security-relevant keywords detected: `False` - Policy blocked: `True` - Policy reason: `package appears to be a library/API dependency` - Labels: `ai-summary, bot, needs-policy-decision, policy/blocked, policy/major-blocked, priority/high, update/major, upstream-update, upstream/github` ## NiceOS policy decision **This upstream update is blocked by NiceOS policy. Do not update automatically.** Blocked upstream updates require explicit maintainer review. For pinned upstream series, only versions within the allowed series should be used automatically; cross-series updates require ABI/API compatibility review, reverse-dependency impact analysis and controlled rebuild planning. ## NiceSOFT AI preliminary stability analysis ### Analysis of Upstream Update for `abseil-cpp` in NAIOS.OS #### **Key Details** - **Version Update**: - **Current Version**: `20250512.1` - **Latest Version**: `20260526.0` - **Type**: Major release (major version increment) - **Policy**: `leaf` (not recommended for automatic updates) - **Risk Tags**: - `github-upstream` (indicating dependency risk) - **Security Keywords**: `False` (no known security vulnerabilities detected) --- ### **Risk Assessment** 1. **Potential Risks**: - **Dependency Risk**: The update is a library (abseil-cpp), which may introduce compatibility issues with existing codebases or dependencies. - **Feature Gaps**: While the release notes mention improvements (e.g., new features, performance optimizations), no specific security fixes or critical bug fixes are highlighted. - **Policy Constraint**: The `leaf` policy prevents automatic updates, requiring manual evaluation. 2. **Benefits**: - **New Features**: The release includes enhancements (e.g., improved performance, expanded functionality). - **Stability**: The update may address minor bugs or improve stability, though no explicit claims are made. --- ### **Recommendations** 1. **Evaluate Use Case**: - If the application relies on `abseil-cpp` for core functionality, assess whether the update's benefits (e.g., performance improvements) outweigh potential risks. - Consider testing the update in a staging environment before deploying to production. 2. **Dependency Management**: - Ensure compatibility with existing dependencies. - Monitor for any unintended side effects (e.g., API changes, breaking changes). 3. **Policy Compliance**: - Follow the `leaf` policy by applying the update only after thorough testing and validation. --- ### **Conclusion** The update to `abseil-cpp` is a major release with potential benefits but also risks due to its dependency nature. While no security vulnerabilities are reported, the decision to apply the update should balance the benefits against the risks. Manual evaluation and testing are recommended to ensure stability and compatibility. ### Источники, найденные web_search 1. <a href="https://github.com/abseil/abseil-cpp/releases/tag/20260526.0" target="_blank" rel="noopener noreferrer">GitHub release API: abseil/abseil-cpp 20260526.0</a> 2. <a href="https://github.com/abseil/abseil-cpp/tree/20260526.0" target="_blank" rel="noopener noreferrer">GitHub tag page: abseil/abseil-cpp 20260526.0</a> 3. <a href="https://github.com/abseil/abseil-cpp/releases" target="_blank" rel="noopener noreferrer">GitHub releases page: abseil/abseil-cpp</a> 4. <a href="https://github.com/abseil/abseil-cpp/compare/20250512.1...20260526.0" target="_blank" rel="noopener noreferrer">GitHub compare page: abseil/abseil-cpp 20250512.1...20260526.0</a> 5. <a href="https://www.tanio.cymru/" target="_blank" rel="noopener noreferrer">tanio.cymru</a> 6. <a href="https://github.com/abseil/abseil-cpp/releases?q=20260526.0" target="_blank" rel="noopener noreferrer">20260526.0 · Releases · abseil/abseil-cpp · GitHub</a> 7. <a href="https://chromium.googlesource.com/external/github.com/abseil/abseil-cpp/" target="_blank" rel="noopener noreferrer">external/github.com/abseil/abseil-cpp - Git at Google</a> 8. <a href="https://uk.youtube.com/results" target="_blank" rel="noopener noreferrer">YouTube</a> ## Upstream release notes / description # Abseil LTS 20260526.0 ## What's New * **<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/status/status_macros.h" target="_blank" rel="noopener noreferrer">`status_macros.h`</a>**: Helper macros and methods to return and propagate errors with `absl::Status`. * **<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/status/status_builder.h" target="_blank" rel="noopener noreferrer">`absl::StatusBuilder`</a>**: A builder type that implicitly converts to `absl::Status` and `absl::StatusOr<T>` that helps add additional information. * **<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/types/source_location.h" target="_blank" rel="noopener noreferrer">`absl::SourceLocation`</a>**: A type that provides source-code location info for C++17 and later. It differs from `std::source_location` in several ways. See <a href="https://github.com/abseil/abseil-cpp/blob/master/absl/types/source_location.h" target="_blank" rel="noopener noreferrer">`source_location.h`</a> for more information. * **<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/time/clock_interface.h" target="_blank" rel="noopener noreferrer">`absl::ClockInterface`</a>**: An abstract interface representing a clock, allowing decoupling code that uses time from the code that creates a point in time. Useful for injecting clocks into interfaces, especially for testing purposes. * **<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/time/simulated_clock.h" target="_blank" rel="noopener noreferrer">`absl::SimulatedClock`</a>**: A concrete clock implementation that does not "tick" on its own. Useful for manipulating time for testing purposes. * **<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/types/any_span.h" target="_blank" rel="noopener noreferrer">`absl::AnySpan`</a>**: A type that provides a view of any random access container. * **<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/types/optional_ref.h" target="_blank" rel="noopener noreferrer">`absl::optional_ref`</a>**: A type that provides a `std::optional`-like interface around `T*`. * **<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/functional/bind_back.h" target="_blank" rel="noopener noreferrer">`absl::bind_back`</a>**: A drop-in replacement for C++23's `std::bind_back()`. * **<a href="https://github.com/abseil/abseil-cpp/blob/9346a86073dc6c3620c8277fc7c89e70fd4e9054/absl/strings/cord.h#L439-L443" target="_blank" rel="noopener noreferrer">`absl::CopyCordToSpan`</a>**: A safer way to copy the contents of an `absl::Cord` to a buffer. * **<a href="https://github.com/abseil/abseil-cpp/blob/caf7059741e5f2d2b4807f7139c2e59dc8335142/absl/strings/str_cat.h#L314-L341" target="_blank" rel="noopener noreferrer">`absl::HighPrecision`</a>**: An `absl::StrCat` formatter that produces strings that would parse to the exact original floating point value (except in the case of NaNs). * **<a href="https://github.com/abseil/abseil-cpp/blob/master/absl/base/throw_delegate.h" target="_blank" rel="noopener noreferrer">`throw_delegate.h`</a>**: Helper functions that allow throwing exceptions consistently from anywhere without risking ODR violations. ## Breaking Changes * For GCC users, Abseil now requires at least GCC 10 following <a href="https://opensource.google/documentation/policies/cplusplus-support" target="_blank" rel="noopener noreferrer">Google's Foundational C++ Support Policy</a>. See <a href="https://github.com/google/oss-policies-info/blob/main/foundational-cxx-support-matrix.md" target="_blank" rel="noopener noreferrer">this table</a> for a list of currently supported versions compilers, platforms, and build tools. * Many pre-C++17 polyfill types are marked deprecated. Users should migrate to the `std::` equivalent. ## Known Issues * <a href="https://bazel.build/external/faq#compatibility-level" target="_blank" rel="noopener noreferrer">Bazel's `compatibility_level` was deprecated in 8.6.0 and 9.1.0</a> and thus removed from `MODULE.bazel`. However, this is causing builds with Bazel versions prior to 8.6.0 and 9.1.0 to fail. The recommended workaround is to update to a newer version of Bazel. Baseline: b29e7f9d7f4016e668647e5c2f27a1dc1e0b5243 Cherry-pick: 5650e9cf76d3be4318d5fa3af38ee483ddfd5e4a ## NiceOS maintainer checklist - [ ] Confirm that the detected version is a stable upstream release. - [ ] Check upstream changelog for security fixes, ABI/API changes and build-system changes. - [ ] Check ABI/API compatibility and reverse dependencies. - [ ] Download source into NiceOS lookaside storage. - [ ] Update `Version` and related fields in `SPECS/*.spec` only if policy allows it. - [ ] Regenerate `SOURCES/sources.lock.json`, manifests, metadata and SBOM. - [ ] Build SRPM/RPM in a clean NiceOS buildroot. - [ ] Run package smoke tests. - [ ] Link PR/build logs and close this issue after update or triage. ## Bot metadata - Tool: `niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages` - Generated at: `2026-06-11T23:03:52Z`
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
niceos-5.2
No results found.
Labels
Clear labels   
ai-summary
Issue contains local NiceSOFT AI generated preliminary analysis

  
bot
Created by automation

  
needs-build
Needs build verification

  
needs-policy-decision
Needs explicit maintainer or architecture policy decision

  
needs-triage
Needs maintainer triage

  
policy/blocked
Upstream update is blocked by NiceOS policy

  
policy/major-blocked
Major update is blocked by NiceOS policy

  
priority/high
High priority

  
update/major
Major update

  
upstream-update
New upstream version is available

  
upstream/github
GitHub upstream

No labels
ai-summary
bot
needs-build
needs-policy-decision
needs-triage
policy/blocked
policy/major-blocked
priority/high
update/major
upstream-update
upstream/github
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
rpms/abseil-cpp#2
No description provided.