Skip to content

Sandbox/rebase/3.0.20250822 3.0 v3#479

Closed
cheeyanglee wants to merge 245 commits intoopen-edge-platform:3.0from
cheeyanglee:sandbox/rebase/3.0.20250822-3.0-v3
Closed

Sandbox/rebase/3.0.20250822 3.0 v3#479
cheeyanglee wants to merge 245 commits intoopen-edge-platform:3.0from
cheeyanglee:sandbox/rebase/3.0.20250822-3.0-v3

Conversation

@cheeyanglee
Copy link
Copy Markdown
Contributor

@cheeyanglee cheeyanglee commented Sep 22, 2025

Merge Checklist

All boxes should be checked before merging the PR

  • [] The changes in the PR have been built and tested
  • [] cgmanifest file has been updated if required
  • [] Ready to merge

Description

Any Newly Introduced Dependencies

How Has This Been Tested?

ddstreet and others added 30 commits May 20, 2025 16:58
@ddstreet
kernel-lpg-innovate: update to version 6.6.89.2 (#13831)
04b76ee
@Kanishk-Bansal
fix: ptest and installation issues for perl-CPAN-Changes (#13760)
1c3a77d 
Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Upgrade erlang to 26.2.5.12 for CVE-2025-46712 (#1…
b048ddf 
…3800)
@rikenm1
Fix 5 more ptests (perl-Net-SSLeay perl-Module-Implementation perl-UR…
309f7af 
…I rubygem-introspection rubygem-metaclass) (#13849)
@jykanase
cassandra: fix build (#13860)
929b710 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
@aninda-al
[MEDIUM] Patch containerd2 for CVE-2025-22872 (#13879)
e9d345c
@aninda-al
[MEDIUM] Patch net-tools for CVE-2025-46836 (#13830)
ed00b25
@archana25-ms
Upgrade: tang version to 15 (#13797)
2240600
@archana25-ms
Upgrade: jose version to 14 (#13791)
4ebc2ba
@archana25-ms
Upgrade: jimtcl version to 0.83 (#13771)
e309ba5
@CBL-Mariner-Bot @rlmenge
[AUTOPATCHER-kernel] Kernel upgrade to version 6.6.90.1 - branch 3.0-…
4ba81ae 
…dev (#13887)

Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
@PawelWMS
Fixed reporting of build errors (#13889)
1b305fa
@dallasd1
Add tardev-snapshotter package to specs-extended (#13127)
bb7bdf8
@KavyaSree2610
rust: Upgrade rust to 1.86.0 (#13785)
ec5a444 
Co-authored-by: kavyasree <kkaitepalli@microsoft.com>
@rikenm1
Fix Python-click ptest (#13912)
085c675
@aninda-al
[MEDIUM] Patch libvirt for CVE-2024-1441 CVE-2024-2494 (#13886)
17452c2
@nicogbg @CBL-Mariner-Bot @PawelWMS
OOT Modules -> Add kernel version and release nb into release nb (#13…
5459e6c 
…645)

Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
@nicogbg @CBL-Mariner-Bot
address bug in OOT spec that depend on mlnx - bump to right mlnx rele…
b5fd7cd 
…ase nb (#13921)

Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
@CBL-Mariner-Bot @PawelWMS
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade rubygem-rexml to 3.3.9 fix
fb89ca4 
CVE-2024-49761 - branch 3.0-dev (#13908)

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
@CBL-Mariner-Bot @mayankfz @PawelWMS
[AUTO-CHERRYPICK] Patch python-setuptools for CVE-2025-47273 [High]. …
06a004e 
…- branch 3.0-dev (#13909)

Signed-off-by: Mayank Singh <mayansingh@microsoft.com>
Co-authored-by: mayankfz <mayankfz@gmail.com>
Co-authored-by: Mayank Singh <mayansingh@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
@akhila-guruju
[Low] Patch moby-engine for CVE-2024-51744 (#13885)
e59443f
@aninda-al
[LOW] Patch nodejs for CVE-2025-47279 (#13843)
88f328f
@PawelWMS
Fixed CG manifest check when parsing specs with %include. (#13930)
fda1de8
@nicogbg @CBL-Mariner-Bot
Remove psw protected zip file from upstream src (if psw cannot be fou…
8c19f30 
…nd) (#13898)

Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
@CBL-Mariner-Bot @rlmenge
[AUTOPATCHER-kernel] Kernel upgrade to version 6.6.92.2 - branch 3.0-…
c7bd66e 
…dev (#13929)

Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
@aadhar-agarwal
Remove containerd spec folder from the 3.0-dev github tree (#13547)
0c8fb13
@CBL-Mariner-Bot
Prepare June 2025 Update (#13928)
a940e0d
@jslobodzian @anphel31
Remove unsupported packages and those available in the cncf repositor…
10cbe3a 
…y (#13466)

Co-authored-by: Andrew Phelps <anphel@microsoft.com>
Co-authored-by: Andrew Phelps <anphel31@users.noreply.github.com>
@jslobodzian
Merge branch '3.0-dev' into joslobo/merge-for-monthly-update
19a140b
@jslobodzian
Merge for June 2025 Update (#13935)
64ef81a
CBL-Mariner-Bot and others added 24 commits August 13, 2025 12:16
@CBL-Mariner-Bot @azurelinux-security @kevin-b-lockwood
[AUTO-CHERRYPICK] [AutoPR- Security] Patch python3 for CVE-2025-8194
7d4aa69 
…[HIGH] - branch 3.0-dev (#14495)

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: Kevin Lockwood <57274670+kevin-b-lockwood@users.noreply.github.com>
Co-authored-by: Kevin Lockwood <v-klockwood@microsoft.com>
@christopherco
refactor: create OS Guard yaml generators (#14504)
e0c0728 
We will have multiple flavors of OS Guard, each with minor tweaks. To
easily support this, define a common base OS Guard yaml template and
a delta yaml template that does minor adjustments to the base template.

Additionally introduce a python script to merge arbitrary image
customizer yamls together. This python script also adds a header to the
final output yaml to indicate the file was autogenerated and provides
the input source files.

Finally, introduce a bash script to specifically generate the OS Guard
final yaml configs.

Signed-off-by: Chris Co <chrco@microsoft.com>
@sameluch
Fix post and postun sections in sdbus-cpp.spec (#13588)
66abf2e 
Fix warning from %post and %postun in sdbus-cpp.spec

install:
Installing/Updating: sdbus-cpp-1.3.0-1.azl3.x86_64
/var/tmp/rpm-tmp.XgB0E8: line 1: -p: command not found
warning: %post(sdbus-cpp-1.3.0-1.azl3.x86_64) scriptlet failed, exit status 127
package sdbus-cpp-1.3.0-1.azl3.x86_64: script warning in %postin

uninstall:
Removing: sdbus-cpp-1.3.0-1.azl3.x86_64
/var/tmp/rpm-tmp.nFgDZW: line 1: -p: command not found
warning: %postun(sdbus-cpp-1.3.0-1.azl3.x86_64) scriptlet failed, exit status 127
package sdbus-cpp-1.3.0-1.azl3.x86_64: script warning in %postun

remove newlines to allow -p /sbin/ldconfig to work as intended for %post and %postun
@PawelWMS
[3.0] Change default AZ creds to AZ CLI creds. (#14477)
ea9026a 
Internal Microsoft policy requires us to not use NewDefaultAzureCredential when logging into Azure. In all cases where we used the default method in our builds we relied on Azure CLI credentials, thus the switch to NewAzureCLICredential.

For more information see the AzureCLICredential docs.

The change also has minor Go linting clean-up.
@SeanDougherty @christopherco
Enable building systemd-ukify and systemd-boot on ARM64 (#14449)
1906e17 
This PR updates systemd to build systemd-ukify and systemd-boot for both ARM64 architecture as well as the original x86_64 architecture

It also includes pyflakes to resolve ukify test error during package testing.

Signed-off-by: Sean Dougherty <sdougherty@microsoft.com>
Co-authored-by: Chris Co <chrco@microsoft.com>
@christopherco
ci: introduce osguard imageconfig verifier (#14515)
4615c77 
Since we are now generating osguard configurations from templates, there is a possibility the template changes get out-of-sync with what is committed. Add github action check to verify osguard config generation from templates always match the config present in the default location, otherwise fail to block PR.

Signed-off-by: Chris Co <chrco@microsoft.com>
@christopherco
refactor: clean up osguard base definition (#14514)
79a861b 
Remove duplicate veritysetup entry.
Remove commented-out packages.
Create an selinux-ci-uki.semanage in osguard files and reference file from new location.

Signed-off-by: Chris Co <chrco@microsoft.com>
@CBL-Mariner-Bot @azurelinux-security
@kgodara912 @akhila-guruju
[AUTO-CHERRYPICK] [AutoPR- Security] Patch icu for CVE-2025-5222 [HIG…
9233bd0 
…H] - branch 3.0-dev (#14523)

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: kgodara912 <kshigodara@outlook.com>
Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
@CBL-Mariner-Bot
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade postgresql to 16.10 for C…
00befca 
…VE-2025-8714, CVE-2025-8715, CVE-2025-8713 - branch 3.0-dev (#14538)
@christopherco
OS Guard: Remove unnecessary SELinux context mapping and enable SELin…
fe7570c 
…ux and IPE lockout module (#14546)

tardev-snapshotter is not present or used in our linuxguard / osguard
images. So remove SELinux label for it.

Also enable azureci_prod SELinux module to prevent tampering with
SELinux and IPE settings at runtime.

Signed-off-by: Chris Co <chrco@microsoft.com>
@durgajagadeesh
Bug 58271905: Enable pdf support in graphviz (#14544)
9467e11
@rikenm1
Fix "Conda init bash" issue. (#14458)
b9f003c
@christopherco
osguard-ci: Add Code Integrity variant of OS Guard (#14505)
51d068a 
Add new image configuration definition for OS Guard that enables code
integrity enhancements.

To enable code integrity checking for containers, this image activates
the containerd erofs-snapshotter with an updated
/etc/containerd/config.toml configuration, and also configures cni
appropriately for pod networking.

Additionally this image enables SELinux in enforcing mode for another
important security layer.

Finally, update the OS Guard generation script to handle generating
OS Guard image configurations using different delta files, and simplify
the process of adding new delta configurations by creating the GEN_JOBS
array, where each entry follows the schema:

   <base-template>|<delta-template>|<output>

Also update the test function to check all entries of GEN_JOBS for diffs.

Signed-off-by: Chris Co <chrco@microsoft.com>
@aninda-al @kgodara912
Upgrade mysql to 8.0.43 to fix 24 CVEs listed in the summary (#14373)
8c3f159 
Co-authored-by: kgodara912 <kshigodara@outlook.com>
@liulanze
Initial azure-linux-image-tools as a new rpm from SPEC. (#14360)
bb7f723
@CBL-Mariner-Bot
[AUTOPATCHER-kernel] Kernel upgrade to version 6.6.96.2 - branch 3.0-…
3d376b9 
…dev (#14525)
@aninda-al
[MEDIUM] Patch glib for CVE-2025-4373 and CVE-2025-6052 (#13974)
d0c6cd7
@anphel31
merge 3.0-dev changes for mid august release
25ef93e
@azurelinux-security @kgodara912
[AutoPR- Security] Patch edk2 for CVE-2025-3770 [MEDIUM] (#14472)
02a373d 
Co-authored-by: kgodara912 <kshigodara@outlook.com>
@azurelinux-security @kgodara912
[AutoPR- Security] Patch libsoup for CVE-2025-4969 [MEDIUM] (#14490)
6ebcfff 
Co-authored-by: kgodara912 <kshigodara@outlook.com>
@CBL-Mariner-Bot
Prepare Aug 2025 Update 2 (#14563)
577658d
@anphel31
Merge branch '3.0-dev' into anphel/3-mid-aug-release-snap
d220b7f
@anphel31
[3.0] Merge changes for Mid-August release (#14562)
57f868f
@cheeyanglee
Merge tag '3.0.20250822-3.0' into 3.0-dev
c22e28b 
build tag "3.0.20250822-3.0"

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
@cheeyanglee cheeyanglee requested review from a team as code owners September 22, 2025 09:16
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 22, 2025
View reviewed changes
.github/workflows/check-files.yml
Comment on lines +15 to +140
name: Check Disallowed Files
runs-on: ubuntu-latest
steps:

- name: Check out code
uses: actions/checkout@v4

- name: Get base commit for PRs
if: ${{ github.event_name == 'pull_request' }}
run: |
git fetch origin ${{ github.base_ref }}
echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV
echo "Merging ${{ github.sha }} into ${{ github.base_ref }}"

- name: Get base commit for Pushes
if: ${{ github.event_name == 'push' }}
run: |
git fetch origin ${{ github.event.before }}
echo "base_sha=${{ github.event.before }}" >> $GITHUB_ENV
echo "Merging ${{ github.sha }} into ${{ github.event.before }}"

- name: Get the changed files
run: |
echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'"
changed_files=$(git diff-tree --diff-filter=AM --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})
echo "Files to validate: '${changed_files}'"
echo "changed-files<<EOF" >> $GITHUB_ENV
echo "${changed_files}" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV

- name: Check for disallowed file types
run: |
if [[ -z "${{ env.changed-files }}" ]]; then
echo "No files to validate. Exiting."
exit 0
fi

echo "Checking files..."
error_found=0

# Read disallowed extensions from the configuration file
if [[ ! -f ".github/workflows/disallowed-extensions.txt" ]]; then
echo "Configuration file '.github/workflows/disallowed-extensions.txt' not found. Skipping check."
exit 0
fi

# Create array of disallowed extensions
mapfile -t disallowed_extensions < .github/workflows/disallowed-extensions.txt
if [[ $? -ne 0 ]]; then
echo "Error occurred while reading disallowed extensions. Exiting."
exit 1
fi

# Check each changed file
while IFS= read -r file; do
if [[ -z "$file" ]]; then
continue
fi

echo "Checking file: $file"

# Get file extension (convert to lowercase for comparison)
extension=$(echo "${file##*.}" | tr '[:upper:]' '[:lower:]')
filename=$(basename "$file")

# Check if file should be in blob store
should_be_in_blob_store=false

# Check against disallowed extensions
for disallowed_ext in "${disallowed_extensions[@]}"; do
# Remove any whitespace and comments
clean_ext=$(echo "$disallowed_ext" | sed 's/#.*//' | xargs)
if [[ -z "$clean_ext" ]]; then
continue
fi

if [[ "$extension" == "$clean_ext" ]]; then
should_be_in_blob_store=true
break
fi
done

# Additional checks for binary files and large files
if [[ -f "$file" ]]; then
# Check if file is binary (but allow .sh files even if executable)
if file "$file" | grep -q "binary\|archive\|compressed"; then
should_be_in_blob_store=true
fi

# Check file size (files > 1MB should be in blob store)
file_size=$(stat -f%z "$file" 2>/dev/null || stat -c%s "$file" 2>/dev/null || echo 0)
if [[ $file_size -gt 1048576 ]]; then # 1MB
should_be_in_blob_store=true
fi
fi

if [[ "$should_be_in_blob_store" == "true" ]]; then
1>&2 echo "**** ERROR ****"
1>&2 echo "File '$file' should be stored in blob store, not in git repository."
1>&2 echo "Reason: Images, Large files, binaries, tarballs, and non-text files slow down git operations"
1>&2 echo "and cannot be efficiently diffed. Please upload to blob store instead."
1>&2 echo "**** ERROR ****"
error_found=1
fi
done <<< "${{ env.changed-files }}"

if [[ $error_found -eq 1 ]]; then
echo ""
echo "=========================================="
echo "FILES THAT SHOULD BE IN BLOB STORE DETECTED"
echo "=========================================="
echo "The following file types should be stored in blob store:"
echo "- Source tarballs (.tar.gz, .tar.xz, .zip, etc.)"
echo "- Binary files (.bin, .exe, .so, .dll, etc.)"
echo "- Images (.gif, .bmp, etc.)"
echo "- Archives (.rar, .7z, .tar, etc.)"
echo "- Large files (> 1MB)"
echo "- Any non-text files that cannot be efficiently diffed"
echo ""
echo "Please upload these files to the blob store and reference them"
echo "in your spec files or configuration instead of checking them into git."
echo "=========================================="
exit 1
fi

echo "All files are appropriate for git storage." No newline at end of file

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
.github/workflows/check-package-builds.yml
Comment on lines +33 to +165
name: ${{ matrix.check-name }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- check-name: "Simple package build succeeds"
package-type: "REGULAR_PKG"
extra-args: ""

- check-name: "Simple package build fails"
package-type: "REGULAR_PKG"
error-pattern: "Number of failed SRPMs:\\s+1\\s*$"
extra-args: ""
build-prep: |
# Adding an invalid command to the '%prep' section will cause the build to fail.
sed -i '/%prep/a this-command-should-fail-because-its-not-a-command-at-all' "$REGULAR_PKG_SPEC_PATH"

- check-name: "Toolchain package rebuild succeeds"
package-type: "TOOLCHAIN_PKG"
extra-args: "ALLOW_TOOLCHAIN_REBUILDS=y"

- check-name: "Toolchain package rebuild fails"
package-type: "TOOLCHAIN_PKG"
error-pattern: "Number of toolchain SRPM conflicts:\\s+1\\s*$"
extra-args: "ALLOW_TOOLCHAIN_REBUILDS=n"
build-prep: ""

- check-name: "None license check does not break the build"
package-type: "REGULAR_PKG"
extra-args: "LICENSE_CHECK_MODE=none"
build-prep: |
license_file_name=$(grep -oP '^%license\s+\K\S+' "$REGULAR_PKG_SPEC_PATH")
if [[ -z "$license_file_name" ]]; then
echo "ERROR: no license file found in the spec $REGULAR_PKG_SPEC_PATH"
exit 1
fi
# Tagging a license file as a documentation file will not fail the license check on the 'none' level.
sed -i "/^%license/a %doc $license_file_name" "$REGULAR_PKG_SPEC_PATH"

- check-name: "Warning-only license check does not break the build"
package-type: "REGULAR_PKG"
extra-args: "LICENSE_CHECK_MODE=warn"
build-prep: |
license_file_name=$(grep -oP '^%license\s+\K\S+' "$REGULAR_PKG_SPEC_PATH")
if [[ -z "$license_file_name" ]]; then
echo "ERROR: no license file found in the spec $REGULAR_PKG_SPEC_PATH"
exit 1
fi
# Tagging a license file as a documentation file will not fail the license check on the 'warn' level.
sed -i "/^%license/a %doc $license_file_name" "$REGULAR_PKG_SPEC_PATH"

- check-name: "Fatal license check succeeds on duplicated license as documentation"
package-type: "REGULAR_PKG"
extra-args: "LICENSE_CHECK_MODE=fatal"
build-prep: |
license_file_name=$(grep -oP '^%license\s+\K\S+' "$REGULAR_PKG_SPEC_PATH")
if [[ -z "$license_file_name" ]]; then
echo "ERROR: no license file found in the spec $REGULAR_PKG_SPEC_PATH"
exit 1
fi
# Tagging a license file as a documentation file will not fail the license check on the 'fatal' level.
sed -i "/^%license/a %doc $license_file_name" "$REGULAR_PKG_SPEC_PATH"

- check-name: "Fatal license check fails"
package-type: "REGULAR_PKG"
error-pattern: "Number of SRPMs with license errors:\\s+1\\s*$"
extra-args: "LICENSE_CHECK_MODE=fatal"
build-prep: |
if ! grep -q '^%license' "$REGULAR_PKG_SPEC_PATH"; then
echo "ERROR: no '%license' macro found in the spec $REGULAR_PKG_SPEC_PATH"
exit 1
fi
# Tagging a license file as a documentation file will cause the license check to fail.
sed -i "s/^%license/%doc/" "$REGULAR_PKG_SPEC_PATH"

- check-name: "Pedantic license check fails"
package-type: "REGULAR_PKG"
error-pattern: "Number of SRPMs with license errors:\\s+1\\s*$"
extra-args: "LICENSE_CHECK_MODE=pedantic"
build-prep: |
license_file_name=$(grep -oP '^%license\s+\K\S+' "$REGULAR_PKG_SPEC_PATH")
if [[ -z "$license_file_name" ]]; then
echo "ERROR: no license file found in the spec $REGULAR_PKG_SPEC_PATH"
exit 1
fi
sed -i "/^%license/a %doc $license_file_name" "$REGULAR_PKG_SPEC_PATH"

steps:
- uses: actions/checkout@v4

- name: Checkout a stable version of the specs
uses: ./.github/actions/checkout-with-stable-pkgs

- name: Prepare the build environment
if: ${{ matrix.build-prep != '' }}
run: |
set -euo pipefail

${{ matrix.build-prep }}

- name: Run the build
run: |
set -euo pipefail

if sudo make -C toolkit -j$(nproc) build-packages \
PACKAGE_REBUILD_LIST="${{ env[matrix.package-type] }}" \
REBUILD_TOOLS=y \
SRPM_PACK_LIST="${{ env[matrix.package-type] }}" \
${{ matrix.extra-args }} 2>&1 | tee build.log; then
touch build.succeeded
fi

- name: Check the results
run: |
set -euo pipefail

if [[ -z "${{ matrix.error-pattern }}" ]]; then
if [[ ! -f build.succeeded ]]; then
echo "Build failed, but it was expected to succeed."
exit 1
fi
else
if [[ -f build.succeeded ]]; then
echo "Build succeeded, but it was expected to fail."
exit 1
fi

if ! grep -qP '${{ matrix.error-pattern }}' build.log; then
echo "Build failed, but not with the expected error message."
exit 1
fi
fi

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
.github/workflows/verify-osguard-imageconfigs.yml
Comment on lines +9 to +29
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'

- name: Install Python dependencies for merge_yaml
run: |
python -m pip install --upgrade pip
pip install pyyaml
- name: Run osguard imageconfigs test
working-directory: toolkit/scripts
shell: bash
run: |
set -euo pipefail
./generate-osguard-imageconfigs.sh test

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
@cheeyanglee
Copy link
Copy Markdown
Contributor Author

cheeyanglee commented Oct 13, 2025

bump to newer tag

@cheeyanglee cheeyanglee deleted the sandbox/rebase/3.0.20250822-3.0-v3 branch January 9, 2026 07:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.