nuttxpr commented on PR #15465: URL: https://github.com/apache/nuttx/pull/15465#issuecomment-2576910283
[**\[Experimental Bot, please feedback here\]**](https://github.com/search?q=repo%3Aapache%2Fnuttx+13552&type=issues) This PR mostly meets the NuttX requirements, but is missing some important information. **Summary:** Adequate. Clearly states the change (Jinja2 bump for security fixes) and links to upstream release notes and changelog. However, it lacks context within NuttX. *Which part of NuttX uses Jinja2?* This should be clarified. **Impact:** Largely incomplete. While it's *likely* many of the impacts are NO, the maintainers need explicit confirmation. Specifically: * **Impact on user:** Likely NO, but state it explicitly. * **Impact on build:** Potentially YES if there are build system dependencies on this version. Needs investigation and explicit statement. * **Impact on hardware:** Almost certainly NO, but state it explicitly. * **Impact on documentation:** Likely NO, but state it. If documentation uses examples relying on Jinja2, it *might* need updating. * **Impact on security:** YES! This is the *primary reason* for the update. Describe the security implications addressed by the Jinja2 update (briefly summarizing the relevant CVEs). * **Impact on compatibility:** Needs investigation. Are there any potential compatibility issues within NuttX or its apps due to this upgrade? State NO/YES and explain if YES. * **Anything else to consider:** None mentioned. **Testing:** Completely missing. This is the biggest problem. The PR author *must* provide evidence that the change works as intended. This requires specifying the build host and target(s) used for testing, as well as providing logs (or other evidence) demonstrating functionality both *before* and *after* the change. Simply saying "verified on local setup" is insufficient. **Concise answer:** No, this PR does *not* fully meet the requirements, specifically in the Impact and Testing sections. It needs additional information and testing results to be considered complete. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
