rpms/fmt
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Policy review: blocked upstream update: fmt 11.1.4 → 12.1.0 #2

New issue
Open
opened 2026-04-28 01:09:30 +03:00 by sbelikov · 0 comments
sbelikov commented 2026-04-28 01:09:30 +03:00
Owner
Copy link

Policy review: blocked upstream update: fmt 11.1.412.1.0

Package

  • Package: fmt
  • RPM name: fmt
  • Branch: niceos-5.2
  • Current EVR: 11.1.4-1
  • Update class: major
  • Compare method: python_rpm
  • Update policy: leaf
  • Risk tags: github-upstream

Upstream

Signals

  • Security-relevant keywords detected: False
  • Policy blocked: True
  • Policy reason: package appears to be a library/API dependency
  • Labels: ai-summary, bot, needs-policy-decision, policy/blocked, policy/major-blocked, priority/high, update/major, upstream-update, upstream/github

NiceOS policy decision

This upstream update is blocked by NiceOS policy. Do not update automatically.

Blocked upstream updates require explicit maintainer review. For pinned upstream series, only versions within the allowed series should be used automatically; cross-series updates require ABI/API compatibility review, reverse-dependency impact analysis and controlled rebuild planning.

NiceSOFT AI preliminary stability analysis

Analysis of Upstream Update for fmt Package (12.1.0 → 11.1.4)

Key Details

  • Version Change: Major update from 11.1.4 to 12.1.0 (major version increment).
  • Risk Tags: github-upstream (indicates potential compatibility issues or ABI changes).
  • Policy Status:
    • policy_blocked: True (policy prohibits major updates).
    • Reason: Library dependency (library dependencies are generally excluded from major update blocks, but this is a critical library with significant ABI changes).

Risks and Considerations

  1. Major Version Update (Major Risk)

    • Impact: Breaking changes in API, ABI, or internal logic may occur.
    • Evidence: Release notes mention features like C++ module support, allocator customization, and global malloc/free switching. These could introduce compatibility issues with older systems or libraries.

  2. ABI Changes (High Risk)

    • Evidence: The release notes highlight ABI fixes (e.g., allocator customization, malloc/free switching).
    • Risk: Breaking changes in function signatures, return types, or internal data structures may occur, leading to runtime errors or undefined behavior in legacy code.

  3. Positive Features

    • C++ Module Support: Improves performance and modularity.
    • Allocator Customization: Enhances flexibility for applications requiring custom memory management.
    • Performance Improvements: The library is noted as "fast and safe" compared to C stdio and C++ iostreams.

  4. Policy Constraints

    • Policy Block: Major updates are explicitly blocked (policy_blocked = True).
    • Reason: Library dependencies are generally excluded from major update blocks, but this is a critical library with significant ABI changes.

Recommendation

  • Action: Block manual review (policy_blocked = True).
  • Reason:
    • The update is a major version increment with significant ABI changes.
    • While some features (e.g., C++ module support) are beneficial, the risk of compatibility issues outweighs the benefits.
    • The policy explicitly prohibits major updates, and the library’s critical nature demands caution.

Conclusion

The fmt package’s major version update introduces high risk due to ABI changes and potential compatibility issues with legacy systems. While some features (e.g., performance improvements) are positive, the policy constraints and risk profile necessitate a block manual review to avoid unintended consequences.

Источники, найденные web_search

  1. GitHub release API: fmtlib/fmt 12.1.0
  2. GitHub tag page: fmtlib/fmt 12.1.0
  3. GitHub releases page: fmtlib/fmt
  4. GitHub compare page: fmtlib/fmt 11.1.4...12.1.0
  5. fmtlib/fmt: A modern formatting library - GitHub
  6. fmt - Browse /12.1.0 at SourceForge.net
  7. fmt-12.1.0-11-1-x86_64.eopkg Solus Download - Solus Repositories
  8. {fmt}

Upstream release notes / description

NiceOS maintainer checklist

  • Confirm that the detected version is a stable upstream release.
  • Check upstream changelog for security fixes, ABI/API changes and build-system changes.
  • Check ABI/API compatibility and reverse dependencies.
  • Download source into NiceOS lookaside storage.
  • Update Version and related fields in SPECS/*.spec only if policy allows it.
  • Regenerate SOURCES/sources.lock.json, manifests, metadata and SBOM.
  • Build SRPM/RPM in a clean NiceOS buildroot.
  • Run package smoke tests.
  • Link PR/build logs and close this issue after update or triage.

Bot metadata

  • Tool: niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages
  • Generated at: 2026-06-12T23:26:31Z
<!-- niceos-upstream-monitor:fingerprint=upstream-update:fmt:12.1.0 --> <!-- niceos-upstream-monitor:package=fmt --> <!-- niceos-upstream-monitor:current=11.1.4 --> <!-- niceos-upstream-monitor:latest=12.1.0 --> # Policy review: blocked upstream update: `fmt` `11.1.4` → `12.1.0` ## Package - Package: `fmt` - RPM name: `fmt` - Branch: `niceos-5.2` - Current EVR: `11.1.4-1` - Update class: `major` - Compare method: `python_rpm` - Update policy: `leaf` - Risk tags: `github-upstream` ## Upstream - Upstream type: `github` - Upstream project: `fmtlib/fmt` - Upstream URL: <a href="https://github.com/fmtlib/fmt" target="_blank" rel="noopener noreferrer">github.com — fmt</a> - Detected version: `12.1.0` - Tag/release: `12.1.0` - Source: `github_release_latest` - Published: `2025-10-29T14:58:05Z` - Release URL: <a href="https://github.com/fmtlib/fmt/releases/tag/12.1.0" target="_blank" rel="noopener noreferrer">github.com — 12.1.0</a> - Source URL: <a href="https://api.github.com/repos/fmtlib/fmt/tarball/12.1.0" target="_blank" rel="noopener noreferrer">api.github.com — 12.1.0</a> - Pre-release: `False` ## Signals - Security-relevant keywords detected: `False` - Policy blocked: `True` - Policy reason: `package appears to be a library/API dependency` - Labels: `ai-summary, bot, needs-policy-decision, policy/blocked, policy/major-blocked, priority/high, update/major, upstream-update, upstream/github` ## NiceOS policy decision **This upstream update is blocked by NiceOS policy. Do not update automatically.** Blocked upstream updates require explicit maintainer review. For pinned upstream series, only versions within the allowed series should be used automatically; cross-series updates require ABI/API compatibility review, reverse-dependency impact analysis and controlled rebuild planning. ## NiceSOFT AI preliminary stability analysis ### **Analysis of Upstream Update for `fmt` Package (12.1.0 → 11.1.4)** #### **Key Details** - **Version Change**: Major update from `11.1.4` to `12.1.0` (major version increment). - **Risk Tags**: `github-upstream` (indicates potential compatibility issues or ABI changes). - **Policy Status**: - **`policy_blocked`**: True (policy prohibits major updates). - **Reason**: Library dependency (library dependencies are generally excluded from major update blocks, but this is a critical library with significant ABI changes). --- ### **Risks and Considerations** 1. **Major Version Update (Major Risk)** - **Impact**: Breaking changes in API, ABI, or internal logic may occur. - **Evidence**: Release notes mention features like C++ module support, allocator customization, and global `malloc`/`free` switching. These could introduce compatibility issues with older systems or libraries. 2. **ABI Changes (High Risk)** - **Evidence**: The release notes highlight ABI fixes (e.g., allocator customization, `malloc`/`free` switching). - **Risk**: Breaking changes in function signatures, return types, or internal data structures may occur, leading to runtime errors or undefined behavior in legacy code. 3. **Positive Features** - **C++ Module Support**: Improves performance and modularity. - **Allocator Customization**: Enhances flexibility for applications requiring custom memory management. - **Performance Improvements**: The library is noted as "fast and safe" compared to C stdio and C++ iostreams. 4. **Policy Constraints** - **Policy Block**: Major updates are explicitly blocked (policy_blocked = True). - **Reason**: Library dependencies are generally excluded from major update blocks, but this is a critical library with significant ABI changes. --- ### **Recommendation** - **Action**: **Block manual review** (policy_blocked = True). - **Reason**: - The update is a **major version increment** with **significant ABI changes**. - While some features (e.g., C++ module support) are beneficial, the **risk of compatibility issues** outweighs the benefits. - The **policy explicitly prohibits major updates**, and the library’s critical nature demands caution. --- ### **Conclusion** The `fmt` package’s major version update introduces **high risk due to ABI changes** and **potential compatibility issues** with legacy systems. While some features (e.g., performance improvements) are positive, the **policy constraints** and **risk profile** necessitate a **block manual review** to avoid unintended consequences. ### Источники, найденные web_search 1. <a href="https://github.com/fmtlib/fmt/releases/tag/12.1.0" target="_blank" rel="noopener noreferrer">GitHub release API: fmtlib/fmt 12.1.0</a> 2. <a href="https://github.com/fmtlib/fmt/tree/12.1.0" target="_blank" rel="noopener noreferrer">GitHub tag page: fmtlib/fmt 12.1.0</a> 3. <a href="https://github.com/fmtlib/fmt/releases" target="_blank" rel="noopener noreferrer">GitHub releases page: fmtlib/fmt</a> 4. <a href="https://github.com/fmtlib/fmt/compare/11.1.4...12.1.0" target="_blank" rel="noopener noreferrer">GitHub compare page: fmtlib/fmt 11.1.4...12.1.0</a> 5. <a href="https://github.com/fmtlib/fmt" target="_blank" rel="noopener noreferrer">fmtlib/fmt: A modern formatting library - GitHub</a> 6. <a href="https://sourceforge.net/projects/fmt.mirror/files/12.1.0/" target="_blank" rel="noopener noreferrer">fmt - Browse /12.1.0 at SourceForge.net</a> 7. <a href="https://solus.pkgs.org/rolling/solus-polaris-x86_64/fmt-12.1.0-11-1-x86_64.eopkg.html" target="_blank" rel="noopener noreferrer">fmt-12.1.0-11-1-x86_64.eopkg Solus Download - Solus Repositories</a> 8. <a href="https://fmt.dev/latest/index.html" target="_blank" rel="noopener noreferrer">{fmt}</a> ## Upstream release notes / description - Optimized `buffer::append`, resulting in up to ~16% improvement on spdlog benchmarks (<a href="https://github.com/fmtlib/fmt/pull/4541" target="_blank" rel="noopener noreferrer">github.com — 4541</a>). Thanks @fyrsta7. - Worked around an ABI incompatibility in `std::locale_ref` between clang and gcc (<a href="https://github.com/fmtlib/fmt/issues/4573" target="_blank" rel="noopener noreferrer">github.com — 4573</a>). - Made `std::variant` and `std::expected` formatters work with `format_as` (<a href="https://github.com/fmtlib/fmt/issues/4574" target="_blank" rel="noopener noreferrer">github.com — 4574</a>, <a href="https://github.com/fmtlib/fmt/pull/4575" target="_blank" rel="noopener noreferrer">github.com — 4575</a>). Thanks @phprus. - Made `fmt::join<string_view>` work with C++ modules (<a href="https://github.com/fmtlib/fmt/issues/4379" target="_blank" rel="noopener noreferrer">github.com — 4379</a>, <a href="https://github.com/fmtlib/fmt/pull/4577" target="_blank" rel="noopener noreferrer">github.com — 4577</a>). Thanks @Arghnews. - Exported `fmt::is_compiled_string` and `operator""_cf` from the module (<a href="https://github.com/fmtlib/fmt/pull/4544" target="_blank" rel="noopener noreferrer">github.com — 4544</a>). Thanks @CrackedMatter. - Fixed a compatibility issue with C++ modules in clang (<a href="https://github.com/fmtlib/fmt/pull/4548" target="_blank" rel="noopener noreferrer">github.com — 4548</a>). Thanks @tsarn. - Added support for cv-qualified types to the `std::optional` formatter (<a href="https://github.com/fmtlib/fmt/issues/4561" target="_blank" rel="noopener noreferrer">github.com — 4561</a>, <a href="https://github.com/fmtlib/fmt/pull/4562" target="_blank" rel="noopener noreferrer">github.com — 4562</a>). Thanks @OleksandrKvl. - Added demangling support (used in exception and `std::type_info` formatters) for libc++ and clang-cl (<a href="https://github.com/fmtlib/fmt/issues/4542" target="_blank" rel="noopener noreferrer">github.com — 4542</a>, <a href="https://github.com/fmtlib/fmt/pull/4560" target="_blank" rel="noopener noreferrer">github.com — 4560</a>, <a href="https://github.com/fmtlib/fmt/issues/4568" target="_blank" rel="noopener noreferrer">github.com — 4568</a>, <a href="https://github.com/fmtlib/fmt/pull/4571" target="_blank" rel="noopener noreferrer">github.com — 4571</a>). Thanks @FatihBAKIR and @rohitsutreja. - Switched to global `malloc`/`free` to enable allocator customization (<a href="https://github.com/fmtlib/fmt/issues/4569" target="_blank" rel="noopener noreferrer">github.com — 4569</a>, <a href="https://github.com/fmtlib/fmt/pull/4570" target="_blank" rel="noopener noreferrer">github.com — 4570</a>). Thanks @rohitsutreja. - Made the `FMT_USE_CONSTEVAL` macro configurable by users (<a href="https://github.com/fmtlib/fmt/pull/4546" target="_blank" rel="noopener noreferrer">github.com — 4546</a>). Thanks @SnapperTT. - Fixed compilation with locales disabled in the header-only mode (<a href="https://github.com/fmtlib/fmt/issues/4550" target="_blank" rel="noopener noreferrer">github.com — 4550</a>). - Fixed compilation with clang 21 and `-std=c++20` (<a href="https://github.com/fmtlib/fmt/issues/4552" target="_blank" rel="noopener noreferrer">github.com — 4552</a>). - Fixed a dynamic linking issue with clang-cl (<a href="https://github.com/fmtlib/fmt/issues/4576" target="_blank" rel="noopener noreferrer">github.com — 4576</a>, <a href="https://github.com/fmtlib/fmt/pull/4584" target="_blank" rel="noopener noreferrer">github.com — 4584</a>). Thanks @FatihBAKIR. - Fixed a warning suppression leakage on gcc (<a href="https://github.com/fmtlib/fmt/pull/4588" target="_blank" rel="noopener noreferrer">github.com — 4588</a>). Thanks @ZedThree. - Made more internal color APIs `constexpr` (<a href="https://github.com/fmtlib/fmt/pull/4581" target="_blank" rel="noopener noreferrer">github.com — 4581</a>). Thanks @ishani. - Fixed compatibility with clang as a host compiler for NVCC (<a href="https://github.com/fmtlib/fmt/pull/4564" target="_blank" rel="noopener noreferrer">github.com — 4564</a>). Thanks @valgur. - Fixed various warnings and lint issues (<a href="https://github.com/fmtlib/fmt/issues/4565" target="_blank" rel="noopener noreferrer">github.com — 4565</a>, <a href="https://github.com/fmtlib/fmt/pull/4572" target="_blank" rel="noopener noreferrer">github.com — 4572</a>, <a href="https://github.com/fmtlib/fmt/pull/4557" target="_blank" rel="noopener noreferrer">github.com — 4557</a>). Thanks @LiangHuDream and @teruyamato0731. - Improved documentation (<a href="https://github.com/fmtlib/fmt/issues/4549" target="_blank" rel="noopener noreferrer">github.com — 4549</a>, <a href="https://github.com/fmtlib/fmt/pull/4551" target="_blank" rel="noopener noreferrer">github.com — 4551</a>, <a href="https://github.com/fmtlib/fmt/issues/4566" target="_blank" rel="noopener noreferrer">github.com — 4566</a>, <a href="https://github.com/fmtlib/fmt/pull/4567" target="_blank" rel="noopener noreferrer">github.com — 4567</a>, <a href="https://github.com/fmtlib/fmt/pull/4578" target="_blank" rel="noopener noreferrer">github.com — 4578</a>,). Thanks @teruyamato0731, @petersteneteg and @zimmerman-dev. ## NiceOS maintainer checklist - [ ] Confirm that the detected version is a stable upstream release. - [ ] Check upstream changelog for security fixes, ABI/API changes and build-system changes. - [ ] Check ABI/API compatibility and reverse dependencies. - [ ] Download source into NiceOS lookaside storage. - [ ] Update `Version` and related fields in `SPECS/*.spec` only if policy allows it. - [ ] Regenerate `SOURCES/sources.lock.json`, manifests, metadata and SBOM. - [ ] Build SRPM/RPM in a clean NiceOS buildroot. - [ ] Run package smoke tests. - [ ] Link PR/build logs and close this issue after update or triage. ## Bot metadata - Tool: `niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages` - Generated at: `2026-06-12T23:26:31Z`
sbelikov changed title from Policy review: major upstream version available: fmt 11.1.4 → 12.1.0 to Policy review: blocked upstream update: fmt 11.1.4 → 12.1.0 2026-04-30 02:14:18 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
niceos-5.2
No results found.
Labels
Clear labels   
ai-summary
Issue contains local NiceSOFT AI generated preliminary analysis

  
bot
Created by automation

  
needs-build
Needs build verification

  
needs-policy-decision
Needs explicit maintainer or architecture policy decision

  
needs-triage
Needs maintainer triage

  
policy/blocked
Upstream update is blocked by NiceOS policy

  
policy/major-blocked
Major update is blocked by NiceOS policy

  
priority/high
High priority

  
update/major
Major update

  
upstream-update
New upstream version is available

  
upstream/github
GitHub upstream

No labels
ai-summary
bot
needs-build
needs-policy-decision
needs-triage
policy/blocked
policy/major-blocked
priority/high
update/major
upstream-update
upstream/github
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
rpms/fmt#2
No description provided.