Skip to content

[code sync] Merge code from sonic-net/sonic-buildimage:202511 to 202511_azd#2625

Merged
mssonicbld merged 6 commits into
Azure:202511_azdfrom
mssonicbld:sonicbld/202511_azd-merge
Jul 9, 2026
Merged

[code sync] Merge code from sonic-net/sonic-buildimage:202511 to 202511_azd#2625
mssonicbld merged 6 commits into
Azure:202511_azdfrom
mssonicbld:sonicbld/202511_azd-merge

Conversation

@mssonicbld

Copy link
Copy Markdown
Collaborator
* 69f9589e6 - (head/202511) [202511] fix(docker-sonic-mgmt): migrate to uv and fix USN-8221-1 wheel vulnerability (#28181) (2026-07-07) [xwjiang-ms]
* c3769e95e - bump arista drivers submodule hash (#28224) (2026-07-07) [Justin Wong]
* 50dac3abd - [202511] Upgrade Broadcom xgs SAI version to 14.3.0.0.0.0.27.0 (#28253) (2026-07-07) [aaronber0614]<br>```

aaronber0614 and others added 3 commits July 7, 2026 14:16
Signed-off-by: Aaron Bernardino <aaronber@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Justin Wong <jvwong@arista.com>
…el vulnerability (#28181)

Manual cherry-pick of #27299 to 202511. The automatic cherry-pick hit a
conflict in dockers/docker-sonic-mgmt/Dockerfile.j2: on 202511 the package
install is a single-line `RUN pip install --no-cache-dir` whereas master
had the two-line `pip install --upgrade pip && pip install` form, so the
combined uv-migration hunk did not apply. Resolved by applying the uv
migration on top of the 202511 single-line form.

Original change: remove python3-pip and python3-venv (which pull the
vulnerable python3-wheel, USN-8221-1) and replace venv/pip with
`uv venv` / `uv pip install` (uv provided via COPY --from
ghcr.io/astral-sh/uv).

(cherry picked from commit 88d44d3)

Signed-off-by: Xiawei Jiang <xiaweijiang@microsoft.com>
@mssonicbld

Copy link
Copy Markdown
Collaborator Author

/azp run

@azure-pipelines

Copy link
Copy Markdown
Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld and others added 3 commits July 8, 2026 19:12
…tically (#28290)

#### Why I did it
src/sonic-sairedis
```
* 20432f22 - (HEAD -> 202511, origin/202511) [ci]sonic-ubuntu-2ca agent pool: migrate from python3-pip to uv to address S360 vulnerability (Azure#1976) (7 hours ago) [mssonicbld]
```
#### How I did it
#### How to verify it
#### Description for the changelog
202511 already enables PTF_MODIFIED dynamically (True only when the PR
modifies docker-ptf). Pass the branch-aligned PTF_IMAGE_TAG (202511) to
the sonic-mgmt PR test template so PR tests use the 202511 docker-ptf
image instead of master's latest. PR builds only.

Signed-off-by: Austin (Ngoc Thang) Pham <austinpham@microsoft.com>
@mssonicbld mssonicbld force-pushed the sonicbld/202511_azd-merge branch from 3d1de6f to 183fe99 Compare July 9, 2026 03:03
@mssonicbld

Copy link
Copy Markdown
Collaborator Author

/azp run

@azure-pipelines

Copy link
Copy Markdown
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command.

@mssonicbld mssonicbld merged commit 3d893b7 into Azure:202511_azd Jul 9, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants