Tags: jetify-com/devbox
Tags
Bump lastTag version to 0.17.2 (#2821) ## Summary - Bump `lastTag` in `flake.nix` from 0.17.1 to 0.17.2 - Update `flake.lock` (nixpkgs 2026-04-14 → 2026-04-18) ## Test plan - [x] `nix build .` succeeds - [x] `./result/bin/devbox version` reports `0.17.2` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Bump lastTag version to 0.17.1 (#2807) ## Summary Bump Flake Version ## How was it tested? `nix build` ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license). Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Fixes #2793 - replace use of [[ conditionals (#2794) ## Summary Fixes #2793 - use of zsh/bash conditionals in a file with a pure sh shebang. ## How was it tested? ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license). --------- Signed-off-by: Tim Gates <tim.gates@iress.com>
Fix remaining Dependabot security alerts (#2803) ## Summary - **Rails example**: Upgrade Rails 7.1.5 → 7.2.3, bringing rack 2.2.14 → 3.2.5 and nokogiri 1.18.9 → 1.19.2. Fixes Active Storage path traversal, Rack directory traversal/XSS, Active Support ReDoS/DoS/XSS, Action View XSS, and Active Storage glob injection/DoS/content type bypass. - **Django example**: Update sqlparse 0.5.0 → 0.5.3 (DoS fix for formatting list of tuples) - **VS Code extension**: Add flatted yarn resolution → 3.4.2 (prototype pollution via parse() fix) ## Test plan - [x] Verify `go build ./...` still passes (no Go changes, but confirmed) 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: John Lago <750845+Lagoja@users.noreply.github.com>
Add pid, namespace, age, health, restarts to services ls (#2782) ## Summary This PR adds additional output to the `devbox services ls` command to see specifically to see the status of the readiness checks. Without the HEALTH information in the output it's impossible to tell if a service is still booting up or if it is fully up and running based on the readiness check. Before: ``` NAME STATUS EXIT CODE failed-server Completed -1 good-server Launching 0 starting-server Launching 0 ``` After: ``` Services running in process-compose: PID NAME NAMESPACE STATUS AGE HEALTH RESTARTS EXIT CODE 19996 good-server default Launching 5s Ready 0 0 19995 starting-server default Launching 5s Not Ready 0 0 19997 failed-server default Completed 2s - 0 -1 ``` ## Additional consideration This PR brings the output of `devbox services ls` closer to that of `process-compose list -o wide`. The output of `process-compose list -o wide` for comparison: ``` PID NAME NAMESPACE STATUS AGE HEALTH RESTARTS EXITCODE 11518 failed-server default Completed 2s - 0 -1 11520 good-server default Launching 3s Ready 0 0 11519 starting-server default Launching 3s Not Ready 0 0 ``` (The only differences I see is the spacing between columns and no space in the title EXITCODE) ## How was it tested? With a sample process-compose.yaml file and running: ``` devbox run build dist/devbox shell devbox services start devbox services ls ``` The sample process-compose.yaml file used for testing. ``` processes: good-server: command: python -m http.server 8081 is_daemon: true readiness_probe: exec: command: curl -f http://localhost:8081 initial_delay_seconds: 1 period_seconds: 1 starting-server: command: python -m http.server 8082 is_daemon: true readiness_probe: exec: command: curl -f http://localhost:8082/wait initial_delay_seconds: 1 period_seconds: 100 failed-server: command: python -m http.server 8083 is_daemon: true readiness_probe: exec: command: curl -f http://localhost:8083/not_there initial_delay_seconds: 1 period_seconds: 1 ``` ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license).
de-duplicate `-f <pc.yaml>` flags to avoid the issue in #2700 (#2701) ## Summary Using the `--process-compose-file` flag to merge configurations fails with `FTL error="project /Users/jack/code/my-porject/process-compose.yaml is already specified in files to load"` See #2700 for details ## How was it tested? Using the method described here #2699 to build and "install" a local devbox then: 1. Create a process-compose.yaml file 2. Create a second process-compose.extras.yaml file that overrides some of the config defined in the main one (i.e set `is_disabled: "false"`) 3. run `devbox services up --process-compose-file process-compose.extras.yaml` and see error message above instead of running services The above fails with devbox 0.16.0 but works fine with this PR. ## Notes I'm happy with this fix but not certain this is the best place to implement this fix, it feels like a bit of a bandaid rather than fixing it at the source. But reading the code I couldn't find the root cause. ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license). Closes #2700
Update dependencies in pytorch example (#2771) ## Summary Update dependencies in pytorch example for compliance. ## How was it tested? Ran poetry and created new lock file ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license).
[compliance] Update devbox examples with vulnerabilities (#2753) ## Summary .Update devbox examples with vulnerabilities. Bump Django from 4.2.22 to 4.2.27 in the Django stack requirements. Update filelock from 3.18.0 to 3.20.1 in the PyTorch basic example poetry.lock file. ## How was it tested? devbox shell ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license).
PreviousNext