Upstream update available: cbindgen 0.29.2 → 0.29.3 #4

New issue

Open

opened 2026-05-29 02:09:57 +03:00 by sbelikov · 0 comments

sbelikov commented

2026-05-29 02:09:57 +03:00

Owner

Upstream update available: `cbindgen` `0.29.2` → `0.29.3`

Package

Package: cbindgen
RPM name: cbindgen
Branch: niceos-5.2
Current EVR: 0.29.2-1
Update class: patch
Compare method: python_rpm
Update policy: leaf
Risk tags: github-upstream

Upstream

Upstream type: github
Upstream project: mozilla/cbindgen
Upstream URL: github.com — cbindgen
Detected version: 0.29.3
Tag/release: v0.29.3
Source: github_tag
Published: -
Release URL: github.com — v0.29.3
Source URL: api.github.com — v0.29.3
Pre-release: False

Signals

Security-relevant keywords detected: False
Policy blocked: False
Policy reason: -
Labels: ai-summary, bot, needs-build, needs-triage, priority/medium, update/patch, upstream-update, upstream/github

NiceSOFT AI preliminary stability analysis

Analysis of the cbindgen Upstream Update

Key Details

Version: 0.29.2 → 0.29.3 (patch-level update)
Type: Minor changes (no major API or ABI breaks)
Risk Tags: github-upstream (upstream source)
Security Keywords: No detected security vulnerabilities or CVEs
External Evidence: GitHub release notes, changelog, and Arch Linux package info show minor bug fixes and feature additions.

Risk Assessment

Security Risk
- No security vulnerabilities, CVEs, or critical bugs are mentioned in the release notes or external sources.
- The patch includes minor improvements (e.g., config exposure, doc parsing fixes) but no security-related changes.
- Risk Level: Low (No known security issues).
ABI/Compatibility Risk
- The update is a patch, so it does not alter the public API or ABI.
- No major changes to function signatures, data structures, or internal implementation.
- Risk Level: Low (No ABI breaks).
Build/Dependency Risk
- The patch is minor and likely does not affect build processes or dependencies.
- Risk Level: Low (No known build issues).

Recommendation

Update: The patch is safe to apply.
Caution: Since it's a minor update, no urgent action is required.
Action: Proceed with the update, but monitor for future patches (e.g., if new features or fixes are released).

Conclusion

The cbindgen update (0.29.3) is safe to apply with no known security risks. It includes minor improvements but no major changes. The risk profile is low, and the recommendation is to update the package without hesitation.

Источники, найденные web_search

Upstream release notes / description

No release notes were available from the upstream API.

NiceOS maintainer checklist

Confirm that the detected version is a stable upstream release.
Check upstream changelog for security fixes, ABI/API changes and build-system changes.
Check ABI/API compatibility and reverse dependencies.
Download source into NiceOS lookaside storage.
Update Version and related fields in SPECS/*.spec only if policy allows it.
Regenerate SOURCES/sources.lock.json, manifests, metadata and SBOM.
Build SRPM/RPM in a clean NiceOS buildroot.
Run package smoke tests.
Link PR/build logs and close this issue after update or triage.

Bot metadata

Tool: niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages
Generated at: 2026-06-08T23:07:50Z

# Upstream update available: `cbindgen` `0.29.2` → `0.29.3` ## Package - Package: `cbindgen` - RPM name: `cbindgen` - Branch: `niceos-5.2` - Current EVR: `0.29.2-1` - Update class: `patch` - Compare method: `python_rpm` - Update policy: `leaf` - Risk tags: `github-upstream` ## Upstream - Upstream type: `github` - Upstream project: `mozilla/cbindgen` - Upstream URL: <a href="https://github.com/mozilla/cbindgen" target="_blank" rel="noopener noreferrer">github.com — cbindgen</a> - Detected version: `0.29.3` - Tag/release: `v0.29.3` - Source: `github_tag` - Published: `-` - Release URL: <a href="https://github.com/mozilla/cbindgen/releases/tag/v0.29.3" target="_blank" rel="noopener noreferrer">github.com — v0.29.3</a> - Source URL: <a href="https://api.github.com/repos/mozilla/cbindgen/tarball/refs/tags/v0.29.3" target="_blank" rel="noopener noreferrer">api.github.com — v0.29.3</a> - Pre-release: `False` ## Signals - Security-relevant keywords detected: `False` - Policy blocked: `False` - Policy reason: `-` - Labels: `ai-summary, bot, needs-build, needs-triage, priority/medium, update/patch, upstream-update, upstream/github` ## NiceSOFT AI preliminary stability analysis ### **Analysis of the cbindgen Upstream Update** #### **Key Details** - **Version**: `0.29.2` → `0.29.3` (patch-level update) - **Type**: Minor changes (no major API or ABI breaks) - **Risk Tags**: `github-upstream` (upstream source) - **Security Keywords**: No detected security vulnerabilities or CVEs - **External Evidence**: GitHub release notes, changelog, and Arch Linux package info show minor bug fixes and feature additions. --- ### **Risk Assessment** 1. **Security Risk** - No security vulnerabilities, CVEs, or critical bugs are mentioned in the release notes or external sources. - The patch includes minor improvements (e.g., config exposure, doc parsing fixes) but no security-related changes. - **Risk Level**: **Low** (No known security issues). 2. **ABI/Compatibility Risk** - The update is a **patch**, so it does not alter the public API or ABI. - No major changes to function signatures, data structures, or internal implementation. - **Risk Level**: **Low** (No ABI breaks). 3. **Build/Dependency Risk** - The patch is minor and likely does not affect build processes or dependencies. - **Risk Level**: **Low** (No known build issues). --- ### **Recommendation** - **Update**: The patch is safe to apply. - **Caution**: Since it's a minor update, no urgent action is required. - **Action**: Proceed with the update, but monitor for future patches (e.g., if new features or fixes are released). --- ### **Conclusion** The cbindgen update (`0.29.3`) is **safe to apply** with no known security risks. It includes minor improvements but no major changes. The risk profile is **low**, and the recommendation is to **update** the package without hesitation. ### Источники, найденные web_search 1. <a href="https://github.com/mozilla/cbindgen/releases/tag/0.29.2" target="_blank" rel="noopener noreferrer">GitHub release API: mozilla/cbindgen 0.29.2</a> 2. <a href="https://github.com/mozilla/cbindgen/releases/tag/v0.29.3" target="_blank" rel="noopener noreferrer">GitHub candidate release page: mozilla/cbindgen v0.29.3</a> 3. <a href="https://github.com/mozilla/cbindgen/tree/v0.29.3" target="_blank" rel="noopener noreferrer">GitHub tag page: mozilla/cbindgen v0.29.3</a> 4. <a href="https://github.com/mozilla/cbindgen/releases" target="_blank" rel="noopener noreferrer">GitHub releases page: mozilla/cbindgen</a> 5. <a href="https://github.com/mozilla/cbindgen/compare/0.29.2...v0.29.3" target="_blank" rel="noopener noreferrer">GitHub compare page: mozilla/cbindgen 0.29.2...v0.29.3</a> 6. <a href="https://github.com/mozilla/cbindgen/compare/v0.29.2...v0.29.3" target="_blank" rel="noopener noreferrer">GitHub compare page: mozilla/cbindgen v0.29.2...v0.29.3</a> 7. <a href="https://www.firefox.com/en-US/" target="_blank" rel="noopener noreferrer">Firefox: The fast, private browser that keeps you safe</a> 8. <a href="https://www.freshports.org/devel/rust-cbindgen/" target="_blank" rel="noopener noreferrer">devel/rust-cbindgen: Generate C bindings from Rust code - FreshPorts</a> 9. <a href="https://github.com/mozilla/cbindgen" target="_blank" rel="noopener noreferrer">GitHub - mozilla/cbindgen: A project for generating C bindings from ...</a> 10. <a href="https://archlinux.org/packages/extra/x86_64/cbindgen/" target="_blank" rel="noopener noreferrer">Arch Linux - cbindgen 0.29.3-1 (x86_64)</a> ## Upstream release notes / description _No release notes were available from the upstream API._ ## NiceOS maintainer checklist - [ ] Confirm that the detected version is a stable upstream release. - [ ] Check upstream changelog for security fixes, ABI/API changes and build-system changes. - [ ] Check ABI/API compatibility and reverse dependencies. - [ ] Download source into NiceOS lookaside storage. - [ ] Update `Version` and related fields in `SPECS/*.spec` only if policy allows it. - [ ] Regenerate `SOURCES/sources.lock.json`, manifests, metadata and SBOM. - [ ] Build SRPM/RPM in a clean NiceOS buildroot. - [ ] Run package smoke tests. - [ ] Link PR/build logs and close this issue after update or triage. ## Bot metadata - Tool: `niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages` - Generated at: `2026-06-08T23:07:50Z`

sbelikov added the

labels

2026-05-29 02:09:58 +03:00