Skip to content

chore(deps): bump linuxfabrik-lib from 5.1.0 to 6.0.0 in /lockfiles/py313#1342

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/lockfiles/py313/linuxfabrik-lib-6.0.0
Closed

chore(deps): bump linuxfabrik-lib from 5.1.0 to 6.0.0 in /lockfiles/py313#1342
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/lockfiles/py313/linuxfabrik-lib-6.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps linuxfabrik-lib from 5.1.0 to 6.0.0.

Release notes

Sourced from linuxfabrik-lib's releases.

v6.0.0

Release Notes/CHANGELOG at https://github.com/Linuxfabrik/lib/blob/main/CHANGELOG.md

Changelog

Sourced from linuxfabrik-lib's changelog.

[v6.0.0] - 2026-07-07

Added

  • args.py: added a central help text for the --no-match-severity parameter, used by filter-based plugins to make the state configurable when no item matches the filters.
  • args.py: added a central help text for the --unreachable-severity parameter, used by end-of-life checks to make the state configurable when the online source is unreachable.
  • bexio.py: new library
  • huawei_pacific.py: new library for Huawei OceanStor Pacific storage systems, which use the /api/v2/ REST API with X-Auth-Token authentication (a different protocol from the Dorado line).
  • redfish.py: build_url() builds a follow-up Redfish URL from a base URL and an @odata.id link, rejecting non-relative links so a response cannot redirect the request to another host (GHSA-96fx-pqc3-28xv).
  • shell.py: shell_exec() gained a run_as parameter to run a command as another local user with that user's session runtime directory (XDG_RUNTIME_DIR), as rootless Podman and other per-user session services require.
  • url.py: added new optional flag response_on_error for fetch()/fetch_json() to return the response body instead of an error message on failure. Primarily for use with APIs that provide machine-readable error responses such as the Bexio API.
  • version.py: check_eol() gained an unreachable_severity parameter to report a configurable state (default OK) when the online end-of-life source is unreachable and the bundled offline data is used. The offline fallback is no longer cached, so the next call retries the online source instead of masking a persistent outage.

Changed

  • args.py: the developer-only --test parameter is now hidden from plugin --help output. It is still accepted on the command line, so the unit-test suite keeps working.
  • huawei.py: renamed to huawei_dorado.py, freeing the generic name now that a second Huawei storage line is supported. Breaking: consumers must change their import from lib.huawei to lib.huawei_dorado.
  • redfish.py: a cached Redfish session token is now kept only as long as the controller itself keeps the session alive, read from the controller's own session timeout. This avoids sporadic "401 Unauthorized" errors on controllers with short session timeouts (such as Supermicro's 300 seconds) without having to tune the cache expiration by hand (#246).
  • time.py: clarified the timestr2epoch(..., pattern='iso8601') docstring - the mode is backed by datetime.fromisoformat(), not a full ISO 8601 parser, and which layouts it accepts beyond RFC 3339 depends on the Python version.

Fixed

  • huawei_dorado.py: Huawei OceanStor Dorado checks no longer raise a false warning for a backup battery unit that is charging, and more component states are now shown with a readable label instead of Unknown (for example spun-down disks, link up/down, and replication states). The running-status translation was completed against the full documented status list.
  • huawei_dorado.py: Huawei OceanStor Dorado checks now recover on their own when the cached API session is no longer accepted by the appliance (after a controller reboot, a manual session reset, or the server-side session timeout). The check logs in again and retries instead of failing, and it no longer keeps retrying a doomed request long enough to risk hitting the monitoring server's check timeout.
  • powershell.py, shell.py, winrm.py: command output that contains non-UTF-8 bytes (such as a Windows username with an umlaut, or a locale-dependent tool message) no longer crashes the plugin later when it prints its result. Such output is now read as Latin-1 instead of producing text that fails to print (#256).
  • url.py: fetching a page or JSON no longer fails with a decode error when the remote host sends non-UTF-8 content without declaring a charset (such as sensor firmware that serves the degree sign as a raw Latin-1 byte). The response is read as Latin-1 in that case instead of aborting the check.

Security

  • url.py: fetch() no longer forwards credential headers to another host when a server redirects there (SSRF / token leak) (GHSA-4jc5-g844-4x33).
Commits
  • 07ba0bd chore: bump version number [skip ci]
  • eeabdce chore(endoflifedate.py): bump version numbers
  • 6573ff9 fix(url): drop credential headers on cross-origin redirect
  • dda087b feat(redfish): add build_url() to validate @​odata.id links before following
  • c8f4fb6 chore(endoflifedate.py): bump version numbers
  • 565e439 Merge remote-tracking branch 'origin/main'
  • 674afea feat(huawei_pacific): add status helpers and node management-IP enumeration
  • 1dfab7a fix(txt.py): decode command output with a Latin-1 fallback instead of surroga...
  • 1839bfb fix(txt.py): decode command output with a Latin-1 fallback instead of surroga...
  • 26ce7dd refactor(huawei)!: rename huawei.py to huawei_dorado.py, add huawei_pacific.py
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 10, 2026
Bumps [linuxfabrik-lib](https://github.com/Linuxfabrik/lib) from 5.1.0 to 6.0.0.
- [Release notes](https://github.com/Linuxfabrik/lib/releases)
- [Changelog](https://github.com/Linuxfabrik/lib/blob/main/CHANGELOG.md)
- [Commits](Linuxfabrik/lib@v5.1.0...v6.0.0)

---
updated-dependencies:
- dependency-name: linuxfabrik-lib
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@markuslf

Copy link
Copy Markdown
Member

Superseded by #1360, which pins linuxfabrik-lib 6.0.0 in all seven lockfiles at once. Bumping only three of them would have left huawei-dorado-* broken on the remaining target distros, since the plugins already import lib.huawei_dorado.

@markuslf markuslf closed this Jul 10, 2026
@markuslf markuslf deleted the dependabot/pip/lockfiles/py313/linuxfabrik-lib-6.0.0 branch July 10, 2026 14:09
@dependabot @github

dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant