[WIP] Require URI ~>1.0.4 #23630

jrafanie · 2025-10-16T17:35:37Z

Replaces #23261

Merge AFTER 0.13.x / 1.x compatible change:

Use less specific error syntax to support uri 0.13.x and 1.x manageiq-automation_engine#580
qpid_proton release with uri fix and related issue
- qpid_proton 0.40.0 was released 🎉
Need libqpid-proton11-dev at 0.40.0 in system packages, el10 seems to have 0.40.0. el9 still has 0.37.0.
Cross repo test

jrafanie · 2025-10-16T17:37:35Z

@miq-bot cross-repo-tests /all, ManageIQ/manageiq-automation_engine#580

From Pull Request: ManageIQ/manageiq#23630

Replaces ManageIQ#23261

jrafanie · 2025-10-16T17:41:09Z

Gemfile

-gem "uri",  "~> 0.13.3" # CVE-2025-61594: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/
-                        # Avoid URI 1.0.0 for now due to: https://github.com/ruby/uri/issues/125
-gem "thor", ">= 1.4.0"   # CVE-2025-54314: https://github.com/advisories/GHSA-mqcp-p2hv-vw6x
+gem "uri",  "~> 1.0.4"  # CVE-2025-61594: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/


URI is the only change here... sorted this group of gems and fixed the vertical alignment of the # comment

Fryguy · 2025-10-16T18:04:25Z

Openstack failures look like they might be related.

Fryguy · 2025-10-16T18:13:27Z

Actually maybe not? I can't require "qpid_proton" locally even before this change (but maybe I don't have the right libs installed)

jrafanie · 2025-10-16T18:23:10Z

Actually maybe not? I can't require "qpid_proton" locally even before this change (but maybe I don't have the right libs installed)

yeah, I'm stumped...

       Failure/Error: require 'qpid_proton'
  
       ArgumentError:
         wrong number of arguments (given 1, expected 0)

Can any of our 🐧 friends require qpid_proton?

It was using 0.37.0:

Installing qpid_proton 0.37.0 with native extensions

I'm seeing some warnings but am not sure if it's related to the failure:

  /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq-providers-nuage@af5731bef30ded3b16d715ff815c51d3eb8acc58/vendor/bundle/ruby/3.3.0/gems/qpid_proton-0.37.0/lib/cproton.so: warning: undefining the allocator of T_DATA class swig_runtime_data

  /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq-providers-nuage@af5731bef30ded3b16d715ff815c51d3eb8acc58/vendor/bundle/ruby/3.3.0/gems/qpid_proton-0.37.0/lib/core/uri.rb:32: warning: already initialized constant URI::AMQP::DEFAULT_PORT
  /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq-providers-nuage@af5731bef30ded3b16d715ff815c51d3eb8acc58/vendor/bundle/ruby/3.3.0/gems/qpid_proton-0.37.0/lib/core/uri.rb:32: warning: previous definition of DEFAULT_PORT was here
  /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq-providers-nuage@af5731bef30ded3b16d715ff815c51d3eb8acc58/vendor/bundle/ruby/3.3.0/gems/uri-1.0.4/lib/uri/common.rb:107: warning: already initialized constant URI::Schemes::AMQP
  /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq-providers-nuage@af5731bef30ded3b16d715ff815c51d3eb8acc58/vendor/bundle/ruby/3.3.0/gems/uri-1.0.4/lib/uri/common.rb:107: warning: previous definition of AMQP was here

It's happening for both nuage and openstack on qpid_proton:
https://github.com/ManageIQ/manageiq-cross_repo-tests/actions/runs/18569820215/job/52940503426?pr=996

https://github.com/ManageIQ/manageiq-cross_repo-tests/actions/runs/18569820215/job/52940503446?pr=996

jrafanie · 2025-10-16T18:23:42Z

cc @bdunne @agrare (sorry forgot the linux friend ping)

agrare · 2025-10-16T18:25:34Z

Can any of our 🐧 friends require qpid_proton?

vmdb(dev)>  require 'qpid_proton'
/home/grare/adam/.gem/ruby/3.3.0/gems/qpid_proton-0.37.0/lib/cproton.so: warning: undefining the allocator of T_DATA class swig_runtime_data
=> true

This was on master, let me pull your PR down and test again

agrare · 2025-10-16T18:27:45Z

qpid_proton libraries and the gem should be installed by bin/before_install in both openstack and nuage, https://github.com/ManageIQ/manageiq-providers-openstack/blob/master/bin/before_install#L6-L10

This bin/before_install script should be run by cross-repo tests

agrare · 2025-10-16T18:31:16Z

@jrafanie yeah the test failures are definitely introduced by this gem bump, I pulled your branch down, bundle update, and when I try to require it I get the same error as cross-repo (:tada:)

$ bundle update
Fetching gem metadata from https://rubygems.org/.
Resolving dependencies...
Installing bundler-inject 2.1.0
Fetching https://github.com/ManageIQ/manageiq-decorators
Fetching https://github.com/ManageIQ/manageiq-consumption
Fetching https://github.com/ManageIQ/amazon_ssa_support.git
Fetching source index from https://rubygems.manageiq.org/
Fetching gem metadata from https://rubygems.org/......
Fetching source index from https://rubygems.org/
Resolving dependencies...
Using aws-partitions 1.1173.0 (was 1.1172.0)
Using prism 1.6.0 (was 1.5.2)
Using uri 1.0.4 (was 0.13.3)
Using aws-sdk-ec2 1.563.0 (was 1.562.0)
Using aws-sdk-s3 1.200.0 (was 1.199.1)
Bundle updated!
1 installed gem you directly depend on is looking for funding.
  Run `bundle fund` for details
adam@workstation:~/src/manageiq/manageiq$ rails c
** Enabling rack session debug logger
** ManageIQ master, codename: Tal
Loading development environment (Rails 7.2.2.2)
vmdb(dev)> require 'qpid_proton'
/home/grare/adam/.gem/ruby/3.3.0/gems/qpid_proton-0.37.0/lib/cproton.so: warning: undefining the allocator of T_DATA class swig_runtime_data
uri (1.0.4) lib/uri/rfc3986_parser.rb:73:in `initialize': wrong number of arguments (given 1, expected 0) (ArgumentError)
	from qpid_proton (0.37.0) lib/core/uri.rb:49:in `new'
	from qpid_proton (0.37.0) lib/core/uri.rb:49:in `<module:Proton>'
	from qpid_proton (0.37.0) lib/core/uri.rb:46:in `<main>'
	from /usr/lib/ruby/3.3.0/bundled_gems.rb:69:in `require'
	from /usr/lib/ruby/3.3.0/bundled_gems.rb:69:in `block (2 levels) in replace_require'
	from bootsnap (1.18.6) lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
	from zeitwerk (2.7.3) lib/zeitwerk/core_ext/kernel.rb:34:in `require'
	from qpid_proton (0.37.0) lib/qpid_proton.rb:64:in `<main>'
	from /usr/lib/ruby/3.3.0/bundled_gems.rb:69:in `require'
	from /usr/lib/ruby/3.3.0/bundled_gems.rb:69:in `block (2 levels) in replace_require'
	from bootsnap (1.18.6) lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
	from zeitwerk (2.7.3) lib/zeitwerk/core_ext/kernel.rb:34:in `require'
	from (vmdb):1:in `<main>'
	from <internal:kernel>:187:in `loop'
	from railties (7.2.2.2) lib/rails/commands/console/irb_console.rb:129:in `start'
	from railties (7.2.2.2) lib/rails/commands/console/console_command.rb:59:in `start'
	... 15 levels...

agrare · 2025-10-16T18:35:39Z

NOTE the most recent version of qpid_proton on rubygems is 0.37.0, but apache has released 0.40.0.

It looks like the line that fails is the same on 0.37 and 0.40 though, DEFAULT_URI_PARSER = URI::Parser.new(:HOSTNAME => /(?:#{URI::PATTERN::HOSTNAME})|/)

agrare · 2025-10-16T18:39:12Z

apache/qpid-proton@346c779 appears to have fixed this but it hasn't been released yet.

I opened https://issues.apache.org/jira/browse/PROTON-2777 a while ago but so far haven't had any input from the apache team.

jrafanie · 2025-10-16T19:57:09Z

Ah @agrare, thanks! I vaguely remember this now. You're right. It worked with 0.13.3 but fails with 1.0.0+

vmdb(dev)> require 'uri'
=> false
vmdb(dev)> URI::VERSION
=> "0.13.3"
vmdb(dev)> URI::Parser.new(:HOSTNAME => /(?:#{URI::PATTERN::HOSTNAME})|/)
=> #<URI::RFC2396_Parser:0x0000000127b32068>

vmdb(dev)> require 'uri'
=> false
vmdb(dev)> URI::VERSION
=> "1.0.4"
vmdb(dev)> URI::Parser.new(:HOSTNAME => /(?:#{URI::PATTERN::HOSTNAME})|/)
uri (1.0.4) lib/uri/rfc3986_parser.rb:73:in `initialize': wrong number of arguments (given 1, expected 0) (ArgumentError)
	from (vmdb):8:in `new'
	from (vmdb):8:in `<main>'
	from <internal:kernel>:187:in `loop'
	from railties (7.2.2.2) lib/rails/commands/console/irb_console.rb:129:in `start'
	from railties (7.2.2.2) lib/rails/commands/console/console_command.rb:59:in `start'
	from railties (7.2.2.2) lib/rails/commands/console/console_command.rb:8:in `start'
	from railties (7.2.2.2) lib/rails/commands/console/console_command.rb:87:in `perform'
	from thor (1.4.0) lib/thor/command.rb:28:in `run'
	from thor (1.4.0) lib/thor/invocation.rb:127:in `invoke_command'
	from railties (7.2.2.2) lib/rails/command/base.rb:178:in `invoke_command'
	from thor (1.4.0) lib/thor.rb:538:in `dispatch'
	from railties (7.2.2.2) lib/rails/command/base.rb:73:in `perform'
	from railties (7.2.2.2) lib/rails/command.rb:71:in `block in invoke'
	from railties (7.2.2.2) lib/rails/command.rb:149:in `with_argv'
	from railties (7.2.2.2) lib/rails/command.rb:69:in `invoke'
	from railties (7.2.2.2) lib/rails/commands.rb:18:in `<main>'
	... 4 levels...

agrare · 2025-10-16T20:00:36Z

If a new version is released but not pushed to rubygems we could build our own and host it on rubygems.manageiq.org
We're not the only ones wondering where the newer releases are (at least one other person commented on the issue) so it could be helpful to the broader community.

jrafanie · 2025-10-16T20:00:45Z

I updated the description based on @agrare's findings and marked it as WIP until a qpid_proton gem release.

jrafanie assigned Fryguy Oct 16, 2025

jrafanie requested a review from Fryguy as a code owner October 16, 2025 17:35

jrafanie added the dependencies label Oct 16, 2025

jrafanie force-pushed the uri-1-0-4 branch from 3f9ecb1 to 23fe956 Compare October 16, 2025 17:36

miq-bot pushed a commit to ManageIQ/manageiq-cross_repo-tests that referenced this pull request Oct 16, 2025

Running tests for jrafanie

a279e78

From Pull Request: ManageIQ/manageiq#23630

miq-bot mentioned this pull request Oct 16, 2025

[BOT] Cross repo test for ManageIQ/manageiq#23630 ManageIQ/manageiq-cross_repo-tests#996

Open

jrafanie mentioned this pull request Oct 16, 2025

[WIP] Fix warnings raised by URI 1.0.1 #23261

Closed

9 tasks

Require URI ~>1.0.4

be8d176

Replaces ManageIQ#23261

jrafanie force-pushed the uri-1-0-4 branch from 23fe956 to be8d176 Compare October 16, 2025 17:39

Sort all the things

43327ab

jrafanie commented Oct 16, 2025

View reviewed changes

jrafanie changed the title ~~Require URI ~>1.0.4~~ [WIP] Require URI ~>1.0.4 Oct 16, 2025

jrafanie added the wip label Oct 16, 2025

[WIP] Require URI ~>1.0.4 #23630

Are you sure you want to change the base?

[WIP] Require URI ~>1.0.4 #23630

Conversation

jrafanie commented Oct 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

jrafanie commented Oct 16, 2025

Uh oh!

jrafanie Oct 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Fryguy commented Oct 16, 2025

Uh oh!

Fryguy commented Oct 16, 2025

Uh oh!

jrafanie commented Oct 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

jrafanie commented Oct 16, 2025

Uh oh!

agrare commented Oct 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

agrare commented Oct 16, 2025

Uh oh!

agrare commented Oct 16, 2025

Uh oh!

agrare commented Oct 16, 2025

Uh oh!

agrare commented Oct 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

jrafanie commented Oct 16, 2025

Uh oh!

agrare commented Oct 16, 2025

Uh oh!

jrafanie commented Oct 16, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

jrafanie commented Oct 16, 2025 •

edited

Loading

jrafanie Oct 16, 2025 •

edited

Loading

jrafanie commented Oct 16, 2025 •

edited

Loading

agrare commented Oct 16, 2025 •

edited

Loading

agrare commented Oct 16, 2025 •

edited

Loading