chore(deps): update OpenShell to 0.0.72#2798
Conversation
Bump the pinned OpenShell version from 0.0.63 to 0.0.72 and update the docs to match. Pinning to 0.0.72 rather than 0.0.73 which introduces a breaking change. Assisted-by: Claude Opus 4.6 <noreply@anthropic.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Ralph Bean <rbean@redhat.com>
PR Summary by QodoBump pinned OpenShell to 0.0.72 (avoid 0.0.73 breaking change)
AI Description
Diagram
High-Level Assessment
Files changed (2)
|
|
I think 0.0.73 broke us (the supervisor image). Let's try 0.0.72 here. Make sure to confirm that e2e really really ran here (click to see the logs). We had issues before where it wasn't really triggering. I think those are fixed now. |
Site previewPreview: https://dea89aab-site.fullsend-ai.workers.dev Commit: |
|
🤖 Finished Review · ✅ Success · Started 7:39 PM UTC · Completed 7:46 PM UTC |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
ReviewFindingsHigh
Labels: PR bumps the OpenShell sandbox dependency version and updates related docs. |
waynesun09
left a comment
There was a problem hiding this comment.
Verified locally with A/B boundary testing:
- supervisor:0.0.72 → sandbox Ready ✅
- supervisor:0.0.73 → sandbox Error ❌ (
cap_drop_bound()crash in rootless Podman)
SHA 8cb16de9 confirmed against NVIDIA/OpenShell v0.0.72 tag. Version strings consistent across both changed files. PR #2795 (gateway.toml supervisor pin) already merged — this bump correctly propagates to the supervisor image.
The bump also picks up 3 security fixes over v0.0.63: h2c L7 tunnel escape (PR #1967), proxy accept race condition (PR #1968), and provider policy namespace reservation (PR #1991).
Follow-up recommendation: consider adding a Renovate allowedVersions constraint to prevent automated bump to v0.0.73 before the upstream regression is fixed.
|
🤖 Finished Retro · ✅ Success · Started 3:22 AM UTC · Completed 3:27 AM UTC |
Retro: PR #2798 — chore(deps): update OpenShell to 0.0.72Timeline
AssessmentThe review agent's CHANGES_REQUESTED verdict was governance noise on a straightforward human-authored dependency bump. The protected-path finding is technically correct ( Proposals: None (existing issues provide full coverage)Every improvement opportunity identified is already tracked by open issues:
This PR is a good motivating example for prioritizing #1551 and #1068 — together they would eliminate the false friction seen here. |
Summary
.github/scripts/openshell-version.shdocs/guides/user/running-agents-locally.mdTest plan
supervisor:0.0.72image🤖 Generated with Claude Code