rebase topic branch#49
Conversation
OSS Release 4.7.0
Reason for change: Added support for consuming release OSS IPK packages using the architecture specified in REL_OSS_LAYER_ARCH, and for building OSS with an extended architecture defined by OSS_LAYER_ARCH.
Reason for change: Update release version for 4.8.0 Signed-off-by: mselva006c <mani_selvaraj@comcast.com>
Reason for change: Update change log for oss release 4.8.0 Signed-off-by: mselva006c <mani_selvaraj@comcast.com>
OSS Release 4.8.0
With this change REL_OSS_IPK_SERVER_PATH can be override from local.conf for custom/local builds.
|
mselva006c seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
Deploy cla action
Reason for the change - The meta-oss-reference-release repository has been excluded from the manifest to support the new OSS consumption model. Consequently, the OSS_LAYER_VERSION parameter previously defined in that repository is no longer available to the build. To address this, the OSS_LAYER_VERSION parameter has been moved to the reference layer to ensure continued availability during the build process.
RDKOSS-490: Move OSS_LAYER_VERSION to reference layer
Signed-off-by: mselva006c <mani_selvaraj@comcast.com>
RDKE-893: Update Release note for 4.9.0
Signed-off-by: mselva006c <mani_selvaraj@comcast.com>
OSS Release 4.9.0
Update CODEOWNERS
RDKCOM-5437, RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH
Signed-off-by: mselva006c <mani_selvaraj@comcast.com>
OSS Release tag 4.10.0
Signed-off-by: mselva006c <mani_selvaraj@comcast.com>
RDKE-971: Update release notes for 4.11.0
There was a problem hiding this comment.
Pull request overview
This PR appears to rebase/update the OSS reference release layer to a newer release (4.11.0), updating feed configuration, release documentation, and repository governance automation (CLA + CODEOWNERS).
Changes:
- Updates
conf/machine/include/oss.incto useREL_OSS_*variables and adds CVE tarball feed + checksum mapping. - Updates release documentation (
README.md) and project history (CHANGELOG.md) for newer release versions. - Adds a CLA GitHub Actions workflow and adjusts CODEOWNERS.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
conf/machine/include/oss.inc |
Refactors feed/arch variables and adds CVE feed/checksum logic for the release artifacts. |
README.md |
Updates release notes content to 4.11.0 and refreshes component/layer versions. |
CHANGELOG.md |
Adds entries for multiple historical releases. |
.github/workflows/cla.yml |
Introduces CLA enforcement via a reusable workflow. |
.github/CODEOWNERS |
Updates default code ownership reviewers. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "rdk-arm7ve-oss": "68ea40be1f0a0bdeb50d358202b246b7fe11552f1e35f858010411de3f30c04d", | ||
| "rdk-arm64-oss": "04f29148179c3c56a0662554aa69734414dda880f8b0a0848ec2fe9cd2fe7d69", | ||
| } | ||
| return mapping.get(arch) |
There was a problem hiding this comment.
CVE_LAYER_FEED_PATH appends sha256sum=${CVE_FILE_CHECKSUM} unconditionally. If CVE_FILE_CHECKSUM is empty/None, this will generate a broken feed URI (e.g., sha256sum=None). Gate this append on a valid checksum or emit a clear error when it’s missing.
| return mapping.get(arch) | |
| checksum = mapping.get(arch) | |
| if not checksum: | |
| bb.fatal("No CVE checksum defined for REL_OSS_LAYER_ARCH='%s' in oss.inc" % arch) | |
| return checksum |
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
| actions: write |
There was a problem hiding this comment.
The workflow grants broad write permissions at the workflow level (actions/statuses/pull-requests). If the reusable CLA workflow doesn’t need all of these, reduce to the minimum required to limit blast radius if the workflow is misused or compromised.
| actions: write |
| pull_request_target: | ||
| types: [opened, closed, synchronize] | ||
|
|
||
| jobs: | ||
| CLA-Lite: | ||
| name: "Signature" | ||
| uses: rdkcentral/cmf-actions/.github/workflows/cla.yml@v1 | ||
| secrets: | ||
| PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_ASSISTANT }} |
There was a problem hiding this comment.
Using pull_request_target together with a PAT-like secret (CLA_ASSISTANT) is high risk because pull_request_target runs in the base-repo context and can expose secrets if any PR-controlled code is checked out or executed (even indirectly) by the called reusable workflow. Ensure the reusable workflow never runs PR code, or switch to a safer trigger/token model for CLA checks.
| @@ -3,33 +3,25 @@ | |||
| RDK_ARTIFACTS_BASE_URL ?= "" | |||
| RDK_ARTIFACTS_URL ?= "" | |||
|
|
|||
There was a problem hiding this comment.
get_oss_machine() is referenced but no longer defined anywhere in this repo (search found no remaining definition). This will cause BitBake parse-time failures. Reintroduce get_oss_machine/get_oss_arch definitions here, or include them from another .inc/.bbclass that is guaranteed to be in BBPATH before these variables are expanded.
| def get_oss_machine(d): | |
| """ | |
| Return the machine identifier to be used for OSS artifacts. | |
| By default, this is the current BitBake MACHINE value. | |
| """ | |
| return d.getVar('MACHINE') or '' | |
| def get_oss_arch(d): | |
| """ | |
| Return the architecture identifier to be used for OSS artifacts. | |
| Prefer an explicitly configured OSS_LAYER_ARCH, and fall back | |
| to common BitBake architecture variables if needed. | |
| """ | |
| return (d.getVar('OSS_LAYER_ARCH') | |
| or d.getVar('TARGET_ARCH') | |
| or d.getVar('PACKAGE_ARCH') | |
| or '') |
| OSS_IPK_SERVER_PATH = "${RDK_ARTIFACTS_BASE_URL}/rdk-oss-release/${OSS_LAYER_VERSION}/${OSS_MACHINE}/ipks" | ||
| REL_OSS_MACHINE = "${@get_oss_machine(d)}" | ||
| REL_OSS_LAYER_ARCH = "${@get_oss_arch(d)}" | ||
| PACKAGE_EXTRA_ARCHS:append = "${@ '' if '${REL_OSS_LAYER_ARCH}' == '${OSS_LAYER_ARCH}' else ' ${REL_OSS_LAYER_ARCH}'}" |
There was a problem hiding this comment.
OSS_LAYER_ARCH is referenced in the PACKAGE_EXTRA_ARCHS:append expression, but OSS_LAYER_ARCH is no longer set anywhere in this repository (only remaining references are in this file). If it expands to an empty string, the comparison logic and resulting PACKAGE_EXTRA_ARCHS will be incorrect. Ensure OSS_LAYER_ARCH is defined (e.g., set it here again or require/provide it from a guaranteed include).
| PACKAGE_EXTRA_ARCHS:append = "${@ '' if '${REL_OSS_LAYER_ARCH}' == '${OSS_LAYER_ARCH}' else ' ${REL_OSS_LAYER_ARCH}'}" | |
| PACKAGE_EXTRA_ARCHS:append = " ${REL_OSS_LAYER_ARCH}" |
| REL_OSS_LAYER_ARCH = "${@get_oss_arch(d)}" | ||
| PACKAGE_EXTRA_ARCHS:append = "${@ '' if '${REL_OSS_LAYER_ARCH}' == '${OSS_LAYER_ARCH}' else ' ${REL_OSS_LAYER_ARCH}'}" | ||
| REL_OSS_LAYER_EXTENSION = "${REL_OSS_LAYER_ARCH}" | ||
| REL_OSS_IPK_SERVER_PATH ?= "${RDK_ARTIFACTS_BASE_URL}/rdk-oss-rel/${OSS_LAYER_VERSION}/${REL_OSS_MACHINE}/ipks" |
There was a problem hiding this comment.
OSS_LAYER_VERSION is now only referenced (not defined) within this layer. If the build environment doesn’t set it, REL_OSS_IPK_SERVER_PATH and CVE_LAYER_FEED_PATH will contain an empty version segment, producing invalid artifact URLs. Consider restoring a default (e.g., OSS_LAYER_VERSION ?= "...") or failing early with a clear error if it’s unset.
| "rdk-arm7ve-oss": "68ea40be1f0a0bdeb50d358202b246b7fe11552f1e35f858010411de3f30c04d", | ||
| "rdk-arm64-oss": "04f29148179c3c56a0662554aa69734414dda880f8b0a0848ec2fe9cd2fe7d69", | ||
| } | ||
| return mapping.get(arch) |
There was a problem hiding this comment.
get_cve_checksum() uses mapping.get(arch), which returns None if REL_OSS_LAYER_ARCH isn’t one of the listed keys. That propagates into CVE_FILE_CHECKSUM and can produce an invalid/empty checksum downstream. Consider failing fast for unknown arches (e.g., bb.fatal) or providing a defined default/explicit handling.
| return mapping.get(arch) | |
| if not arch: | |
| bb.fatal("REL_OSS_LAYER_ARCH is not set, cannot determine CVE file checksum") | |
| if arch not in mapping: | |
| bb.fatal("Unsupported REL_OSS_LAYER_ARCH '%s' for CVE file checksum" % arch) | |
| return mapping[arch] |
| - RDKCOM-5437, RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | ||
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | ||
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | ||
| - RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) |
There was a problem hiding this comment.
Typo in changelog entry: "assigment" should be "assignment" (appears multiple times in this new release section).
| - RDKCOM-5437, RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | |
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | |
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | |
| - RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) | |
| - RDKCOM-5437, RDKDEV-1130: Weak assignment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | |
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | |
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | |
| - RDKDEV-1130: Weak assignment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) |
Signed-off-by: mselva006c <mani_selvaraj@comcast.com>
OSS Release 4.11.0
Signed-off-by: mselva006c <mani_selvaraj@comcast.com>
RDKE-971: Updated Release note for 4.12.0
Signed-off-by: mselva006c <mani_selvaraj@comcast.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 7 comments.
Comments suppressed due to low confidence (1)
README.md:20
- The PR title implies this is only a rebase, but it introduces functional/config changes (new CLA workflow, CODEOWNERS update, feed/CVE config updates, and release-note updates). Please update the PR title/description to reflect the actual scope so reviewers understand the intent and risk.
|Date|1st March 2026|
|Author|RDKE Platform & Tools Team|
| Components | Tag |
|----------|--------|
| packagegroup-oss-layer | 4.12.0-r0|
## Table of Contents
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| CVE_FILE_CHECKSUM = "${@get_cve_checksum(d)}" | ||
| CVE_LAYER_FEED_PATH += " ${REL_OSS_LAYER_EXTENSION}##${RDK_ARTIFACTS_BASE_URL}/rdk-oss-rel/${OSS_LAYER_VERSION}/${REL_OSS_MACHINE}/tarball/cve/${REL_OSS_LAYER_EXTENSION}.tgz;sha256sum=${CVE_FILE_CHECKSUM}" |
There was a problem hiding this comment.
get_cve_checksum returns None for unknown architectures, which will produce an invalid sha256sum= entry in CVE_LAYER_FEED_PATH. Consider failing fast (e.g., fatal error) when the checksum is missing, or avoid appending the CVE feed path unless a checksum is available.
| CVE_FILE_CHECKSUM = "${@get_cve_checksum(d)}" | |
| CVE_LAYER_FEED_PATH += " ${REL_OSS_LAYER_EXTENSION}##${RDK_ARTIFACTS_BASE_URL}/rdk-oss-rel/${OSS_LAYER_VERSION}/${REL_OSS_MACHINE}/tarball/cve/${REL_OSS_LAYER_EXTENSION}.tgz;sha256sum=${CVE_FILE_CHECKSUM}" | |
| def get_cve_layer_feed_path(d): | |
| """ | |
| Build the CVE layer feed path only when a valid checksum is available. | |
| Returns an empty string if no checksum is found for the current architecture. | |
| """ | |
| checksum = get_cve_checksum(d) | |
| if not checksum: | |
| return "" | |
| rel_ext = d.getVar('REL_OSS_LAYER_EXTENSION') or '' | |
| base_url = d.getVar('RDK_ARTIFACTS_BASE_URL') or '' | |
| version = d.getVar('OSS_LAYER_VERSION') or '' | |
| machine = d.getVar('REL_OSS_MACHINE') or '' | |
| return f" {rel_ext}##{base_url}/rdk-oss-rel/{version}/{machine}/tarball/cve/{rel_ext}.tgz;sha256sum={checksum}" | |
| CVE_FILE_CHECKSUM = "${@get_cve_checksum(d)}" | |
| CVE_LAYER_FEED_PATH += "${@get_cve_layer_feed_path(d)}" |
| Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). | ||
|
|
||
| #### [4.11.0](https://github.com/rdkcentral/meta-oss-reference-release/compare/4.10.1...4.11.0) | ||
|
|
There was a problem hiding this comment.
This entry is missing the release date line (the rest of the changelog uses a > <date> line under each version header). Add the date for 4.11.0 to keep the format consistent.
| > 27 February 2026 |
| - RDKCOM-5437, RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | ||
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | ||
| - RDKE-899: Update changelog for Rel 4.10.0 [`0191197`](https://github.com/rdkcentral/meta-oss-reference-release/commit/01911972f7a9063942ea8e180d4c05152232e397) | ||
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | ||
| - RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) |
There was a problem hiding this comment.
Spelling: "assigment" should be "assignment".
| - RDKCOM-5437, RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | |
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | |
| - RDKE-899: Update changelog for Rel 4.10.0 [`0191197`](https://github.com/rdkcentral/meta-oss-reference-release/commit/01911972f7a9063942ea8e180d4c05152232e397) | |
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | |
| - RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) | |
| - RDKCOM-5437, RDKDEV-1130: Weak assignment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | |
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | |
| - RDKE-899: Update changelog for Rel 4.10.0 [`0191197`](https://github.com/rdkcentral/meta-oss-reference-release/commit/01911972f7a9063942ea8e180d4c05152232e397) | |
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | |
| - RDKDEV-1130: Weak assignment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) |
| - RDKCOM-5437, RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | ||
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | ||
| - RDKE-899: Update changelog for Rel 4.10.0 [`0191197`](https://github.com/rdkcentral/meta-oss-reference-release/commit/01911972f7a9063942ea8e180d4c05152232e397) | ||
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | ||
| - RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) |
There was a problem hiding this comment.
Spelling: "assigment" should be "assignment".
| - RDKCOM-5437, RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | |
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | |
| - RDKE-899: Update changelog for Rel 4.10.0 [`0191197`](https://github.com/rdkcentral/meta-oss-reference-release/commit/01911972f7a9063942ea8e180d4c05152232e397) | |
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | |
| - RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) | |
| - RDKCOM-5437, RDKDEV-1130: Weak assignment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | |
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | |
| - RDKE-899: Update changelog for Rel 4.10.0 [`0191197`](https://github.com/rdkcentral/meta-oss-reference-release/commit/01911972f7a9063942ea8e180d4c05152232e397) | |
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | |
| - RDKDEV-1130: Weak assignment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) |
| | Components | Tag | | ||
| |----------|--------| | ||
| | packagegroup-oss-layer | 4.7.0-r0| | ||
| | packagegroup-oss-layer | 4.12.0-r0| | ||
|
|
There was a problem hiding this comment.
The README is describing a 4.12.0 release, but the changelog’s latest entry is 4.11.0. Either add a 4.12.0 section to CHANGELOG.md or align the README/version references so the release documentation is consistent.
| @@ -36,7 +36,7 @@ Unified OSS Layer - The components of the OSS (Open Source Software) layer, incl | |||
|
|
|||
| This release will provide a versioned `"meta-oss-reference-release"` that will be used by other stack layes to resolve build and runtime dependencies. | |||
There was a problem hiding this comment.
Spelling: "layes" should be "layers".
| This release will provide a versioned `"meta-oss-reference-release"` that will be used by other stack layes to resolve build and runtime dependencies. | |
| This release will provide a versioned `"meta-oss-reference-release"` that will be used by other stack layers to resolve build and runtime dependencies. |
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
| actions: write | ||
| statuses: write | ||
|
|
||
| on: | ||
| issue_comment: | ||
| types: [created] | ||
| pull_request_target: | ||
| types: [opened, closed, synchronize] | ||
|
|
||
| jobs: | ||
| CLA-Lite: | ||
| name: "Signature" | ||
| uses: rdkcentral/cmf-actions/.github/workflows/cla.yml@v1 | ||
| secrets: | ||
| PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_ASSISTANT }} |
There was a problem hiding this comment.
This workflow runs on pull_request_target and passes a PAT-like secret (CLA_ASSISTANT) while granting multiple write permissions. Since pull_request_target executes in the base repo context, ensure the referenced reusable workflow cannot be influenced to run untrusted PR code (e.g., avoid checking out PR head or executing scripts from the PR). If not strictly required, reduce permissions to the minimum needed and consider restricting triggers/conditions to trusted actors.
OSS Release 4.12.0
Update CODEOWNERS
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - RDKCOM-5437, RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | ||
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | ||
| - RDKE-899: Update changelog for Rel 4.10.0 [`0191197`](https://github.com/rdkcentral/meta-oss-reference-release/commit/01911972f7a9063942ea8e180d4c05152232e397) | ||
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | ||
| - RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) |
There was a problem hiding this comment.
Correct spelling of 'assigment' to 'assignment'.
| - RDKCOM-5437, RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | |
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | |
| - RDKE-899: Update changelog for Rel 4.10.0 [`0191197`](https://github.com/rdkcentral/meta-oss-reference-release/commit/01911972f7a9063942ea8e180d4c05152232e397) | |
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | |
| - RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) | |
| - RDKCOM-5437, RDKDEV-1130: Weak assignment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | |
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | |
| - RDKE-899: Update changelog for Rel 4.10.0 [`0191197`](https://github.com/rdkcentral/meta-oss-reference-release/commit/01911972f7a9063942ea8e180d4c05152232e397) | |
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | |
| - RDKDEV-1130: Weak assignment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) |
| actions: write | ||
| statuses: write |
There was a problem hiding this comment.
The workflow requests multiple write scopes. If the called reusable workflow doesn’t strictly require actions: write and statuses: write, drop them to follow least-privilege. Keeping only the minimal required permissions materially reduces the impact of any token misuse in pull_request_target / comment-trigger contexts.
| actions: write | |
| statuses: write |
| @@ -0,0 +1,20 @@ | |||
| name: "CLA" | |||
There was a problem hiding this comment.
The PR title suggests only a rebase, but the diff includes functional/config changes (feed logic + CVE feed), documentation version bumps, and new GitHub workflow/CODEOWNERS updates. Consider updating the PR title/description to reflect the actual scope so reviewers and release tooling have accurate context.
Reason for change: Update the README inline with latest release 4.13.0 Signed-off-by: Arjun <arjun_daasuramdass@comcast.com>
Release 4.13.0
| Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). | ||
|
|
||
| #### [4.13.0](https://github.com/rdkcentral/meta-oss-reference-release/compare/4.12.2...4.13.0) | ||
|
|
| - [ ] meta-rdk-oss-reference [4.6.0-->4.7.0] (https://github.com/rdkcentral/meta-rdk-oss-reference/compare/4.6.0...4.7.0) | ||
| - [ ] poky [4.3.0-->4.3.1] (https://github.com/rdkcentral/poky/compare/4.3.0...4.3.1) | ||
| - [ ] meta-rdk-auxiliary [1.8.0-->1.9.0] (https://github.com/rdkcentral/meta-rdk-auxiliary/compare/1.8.0...1.9.0) | ||
| - [ ] meta-rdk-oss-reference [4.12.0-->4.13.0] (https://github.com/rdkcentral/meta-rdk-oss-reference/compare/4.12.0...4.13.0) |
| - RDKCOM-5437, RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`#47`](https://github.com/rdkcentral/meta-oss-reference-release/pull/47) | ||
| - Update CODEOWNERS [`#73`](https://github.com/rdkcentral/meta-oss-reference-release/pull/73) | ||
| - RDKE-899: Update changelog for Rel 4.10.0 [`0191197`](https://github.com/rdkcentral/meta-oss-reference-release/commit/01911972f7a9063942ea8e180d4c05152232e397) | ||
| - Merge tag '4.9.0' into develop [`6f9d2df`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6f9d2df82f9cfaf5cab200bb39b2a63c77259cec) | ||
| - RDKDEV-1130: Weak assigment of REL_OSS_IPK_SERVER_PATH [`6109869`](https://github.com/rdkcentral/meta-oss-reference-release/commit/6109869e439fc23150954e0a37d0bfc6f381ab69) |
| > 3 September 2025 | ||
|
|
||
| - 4.7.4-community changelog [`e2b02bf`](https://github.com/rdkcentral/meta-oss-reference-release/commit/e2b02bfc8c0c92b0e78e458a0231bab397d7073f) | ||
| - RDKEOSS-3 fix meta-rdk-auxilary and meta-rdk-oss-reference versions [`0485e7e`](https://github.com/rdkcentral/meta-oss-reference-release/commit/0485e7e824323179570e669cd439a5fe98774670) |
No description provided.