Skip to content

[3.13] gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146) #142210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gpshead merged 2 commits into from
Dec 5, 2025
Merged

[3.13] gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146) #142210

gpshead merged 2 commits into from
Dec 5, 2025

Conversation

@miss-islington
Copy link
Contributor

@miss-islington miss-islington commented Dec 3, 2025
edited by bedevere-app bot
Loading

  • Remove quadratic behavior in node ID cache clearing

Co-authored-by: Jacob Walls [email protected]

  • Add news fragment

(cherry picked from commit 08d8e18)

Co-authored-by: Seth Michael Larson [email protected]
Co-authored-by: Jacob Walls [email protected]

@sethmlarson @jacobtylerwalls @miss-islington
pythongh-142145: Remove quadratic behavior in node ID cache clearing (p…
16104af 
…ythonGH-142146)

* Remove quadratic behavior in node ID cache clearing

Co-authored-by: Jacob Walls <[email protected]>

* Add news fragment

---------
(cherry picked from commit 08d8e18)

Co-authored-by: Seth Michael Larson <[email protected]>
Co-authored-by: Jacob Walls <[email protected]>
This was referenced Dec 3, 2025
Open
Merged
@gpshead gpshead enabled auto-merge (squash) December 3, 2025 07:17
@hugovk
Copy link
Member

hugovk commented Dec 5, 2025
edited
Loading

The Android failure is unrelated (some GitHub disk space issue).

But the WASI failure is in this PR's new test:

======================================================================
FAIL: testAppendChildNoQuadraticComplexity (test.test_minidom.MinidomTest.testAppendChildNoQuadraticComplexity)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Lib/test/test_minidom.py", line 192, in testAppendChildNoQuadraticComplexity
    self.assertLess(end - start, 1)
    ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
AssertionError: 2.0126874446868896 not less than 1
----------------------------------------------------------------------
Ran 130 tests in 3.768s
FAILED (failures=1)
test test_minidom failed

@sethmlarson @gpshead

hugovk
hugovk reviewed Dec 5, 2025
View reviewed changes
@gpshead gpshead merged commit ddcd2ac into python:3.13 Dec 5, 2025
73 of 75 checks passed
vivian-rook added a commit to vivian-rook/os that referenced this pull request Dec 9, 2025
@vivian-rook
fix(python-3.13): CVE-2025-12084 cherrypick fix
a4b714b 
Patch for python 3.13 has been merged in
python/cpython#142210 though thus far a new point
release has not been added. Cherrypicking in the commit until a new point
release including the commit is added.

chainguard-dev/CVE-Dashboard#51032

Signed-off-by: Vivian Rook <[email protected]>
@vivian-rook vivian-rook mentioned this pull request Dec 9, 2025
Merged
vivian-rook added a commit to wolfi-dev/advisories that referenced this pull request Dec 9, 2025
@vivian-rook
doc(python-3.1[0123]): Add pending-upstream-fix CVE-2025-12084
6e376b9 
python-3.10 Upstream Fix PR: python/cpython#142213
python-3.11 Upstream Fix PR: python/cpython#142212
python-3.12 Upstream Fix PR: python/cpython#142211
python-3.13 Upstream Fix PR: python/cpython#142210
python-3.13 Local Fix PR: wolfi-dev/os#75288
python-3.14 Upstream Fix PR: python/cpython#142209
python-3.14 Local Fix PR: wolfi-dev/os#75289

Related issues:
chainguard-dev/CVE-Dashboard#50689
chainguard-dev/CVE-Dashboard#51027
chainguard-dev/CVE-Dashboard#50150
chainguard-dev/CVE-Dashboard#51032
chainguard-dev/CVE-Dashboard#50978

Signed-off-by: Vivian Rook <[email protected]>
@vivian-rook vivian-rook mentioned this pull request Dec 9, 2025
Merged
github-merge-queue bot pushed a commit to wolfi-dev/advisories that referenced this pull request Dec 10, 2025
@vivian-rook
doc(python-3.1[0123]): Add pending-upstream-fix CVE-2025-12084 (#27792)
547952d 
python-3.10 Upstream Fix PR: python/cpython#142213
python-3.11 Upstream Fix PR: python/cpython#142212
python-3.12 Upstream Fix PR: python/cpython#142211
python-3.13 Upstream Fix PR: python/cpython#142210
python-3.13 Local Fix PR: wolfi-dev/os#75288
python-3.14 Upstream Fix PR: python/cpython#142209
python-3.14 Local Fix PR: wolfi-dev/os#75289

Related issues:
chainguard-dev/CVE-Dashboard#50689
chainguard-dev/CVE-Dashboard#51027
chainguard-dev/CVE-Dashboard#50150
chainguard-dev/CVE-Dashboard#51032
chainguard-dev/CVE-Dashboard#50978

Signed-off-by: Vivian Rook <[email protected]>
Signed-off-by: Vivian Rook <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gpshead gpshead gpshead left review comments

@hugovk hugovk hugovk left review comments

@Yhg1s Yhg1s Yhg1s left review comments

Assignees

No one assigned

Labels

topic-XML type-security A security issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@miss-islington @hugovk @gpshead @Yhg1s @sethmlarson