Skip to content

[dotnet][rb][java][js][py] Automated Browser Version Update #16538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 3, 2025
Merged

[dotnet][rb][java][js][py] Automated Browser Version Update #16538

merged 1 commit into from
Nov 3, 2025

Conversation

@selenium-ci
Copy link
Member

@selenium-ci selenium-ci commented Nov 1, 2025
edited
Loading

This is an automated pull request to update pinned browsers and drivers

Merge after verify the new browser versions properly passing the tests and no bugs need to be filed

@selenium-ci selenium-ci added the B-build Includes scripting, bazel and CI integrations label Nov 1, 2025
@qodo-merge-pro
Copy link
Contributor

qodo-merge-pro bot commented Nov 1, 2025
edited
Loading

PR Compliance Guide 🔍

(Compliance updated until commit 99327f7)

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
No auditing: The changes only update external archive URLs and checksums with no critical actions or
logging context added, so there is no evidence of audit trail impact in this diff.

Referred Code 
        url = "https://ftp.mozilla.org/pub/firefox/releases/145.0b9/linux-x86_64/en-US/firefox-145.0b9.tar.xz",
        sha256 = "9e171cbc98ccd3a995e6e4c9e543a1893df18225dd098a704d3c64d6924021dd",
        build_file_content = """
load("@aspect_rules_js//js:defs.bzl", "js_library")
package(default_visibility = ["//visibility:public"])

filegroup(
    name = "files",
    srcs = glob(["**/*"]),
)

exports_files(["firefox/firefox"])

js_library(
    name = "firefox-js",
    data = [":files"],
)
""",
    )

    dmg_archive(


 ... (clipped 113 lines)
Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
No error handling: The diff only changes URLs/sha256 values and does not introduce or modify any error
handling for failed downloads or checksum mismatches, which may be handled elsewhere.

Referred Code 
        url = "https://ftp.mozilla.org/pub/firefox/releases/145.0b9/linux-x86_64/en-US/firefox-145.0b9.tar.xz",
        sha256 = "9e171cbc98ccd3a995e6e4c9e543a1893df18225dd098a704d3c64d6924021dd",
        build_file_content = """
load("@aspect_rules_js//js:defs.bzl", "js_library")
package(default_visibility = ["//visibility:public"])

filegroup(
    name = "files",
    srcs = glob(["**/*"]),
)

exports_files(["firefox/firefox"])

js_library(
    name = "firefox-js",
    data = [":files"],
)
""",
    )

    dmg_archive(


 ... (clipped 113 lines)
Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status:
No user errors: This change does not add user-facing error messages; any secure error handling behavior
for archive fetch failures is not visible in this diff.

Referred Code 
        url = "https://ftp.mozilla.org/pub/firefox/releases/145.0b9/linux-x86_64/en-US/firefox-145.0b9.tar.xz",
        sha256 = "9e171cbc98ccd3a995e6e4c9e543a1893df18225dd098a704d3c64d6924021dd",
        build_file_content = """
load("@aspect_rules_js//js:defs.bzl", "js_library")
package(default_visibility = ["//visibility:public"])

filegroup(
    name = "files",
    srcs = glob(["**/*"]),
)

exports_files(["firefox/firefox"])

js_library(
    name = "firefox-js",
    data = [":files"],
)
""",
    )

    dmg_archive(


 ... (clipped 113 lines)
Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
External inputs: The PR updates external download sources and checksums without showing validation or trust
checks beyond sha256, but the broader input validation and security controls are not
visible in this diff.

Referred Code 
        url = "https://ftp.mozilla.org/pub/firefox/releases/145.0b9/linux-x86_64/en-US/firefox-145.0b9.tar.xz",
        sha256 = "9e171cbc98ccd3a995e6e4c9e543a1893df18225dd098a704d3c64d6924021dd",
        build_file_content = """
load("@aspect_rules_js//js:defs.bzl", "js_library")
package(default_visibility = ["//visibility:public"])

filegroup(
    name = "files",
    srcs = glob(["**/*"]),
)

exports_files(["firefox/firefox"])

js_library(
    name = "firefox-js",
    data = [":files"],
)
""",
    )

    dmg_archive(


 ... (clipped 113 lines)
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Previous compliance checks

Compliance check up to commit eef7bc2
Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status: Passed

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status: Passed

@qodo-merge-pro
Copy link
Contributor

qodo-merge-pro bot commented Nov 1, 2025
edited
Loading

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Possible issue
Align driver and browser versions

Align the linux_edgedriver version with the linux_edge browser version by
updating the URL to use version 142.0.3595.53 and providing the corresponding
SHA256 checksum to prevent incompatibility issues.

common/repositories.bzl [166-181]

 http_archive(
     name = "linux_edgedriver",
-    url = "https://msedgedriver.microsoft.com/142.0.3595.51/edgedriver_linux64.zip",
-    sha256 = "79220b4a6552afb7c2634dc3168547c143c9ce97eb33b08bcb9bd8c180eba922",
+    url = "https://msedgedriver.microsoft.com/142.0.3595.53/edgedriver_linux64.zip",
+    sha256 = "<NEW_SHA256_FOR_142.0.3595.53>",
     build_file_content = """
 ...
 )

[To ensure code accuracy, apply this suggestion manually]

Suggestion importance[1-10]: 9

__

Why: The suggestion correctly identifies a version mismatch between the linux_edge browser (142.0.3595.53) and its driver (142.0.3595.51), which is a likely bug that could cause test failures.

High
High-level
Use variables for browser versions

Define browser and driver versions as variables at the top of the file to avoid
hardcoding them in multiple places like URLs and paths. This change will reduce
redundancy and simplify future updates.

Examples:

common/repositories.bzl [125-130] 
        name = "mac_edge",
        url = "https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/f6ef0103-7312-4ec8-975b-c69a480b52c2/MicrosoftEdge-142.0.3595.53.pkg",
        sha256 = "d5fcfd67d1641608aa51edefab01b2d1e5c0ec0000021a3948127915105cb270",
        move = {
            "MicrosoftEdge-142.0.3595.53.pkg/Payload/Microsoft Edge.app": "Edge.app",
        },
common/repositories.bzl [51-54] 
    http_archive(
        name = "linux_beta_firefox",
        url = "https://ftp.mozilla.org/pub/firefox/releases/145.0b9/linux-x86_64/en-US/firefox-145.0b9.tar.xz",
        sha256 = "9e171cbc98ccd3a995e6e4c9e543a1893df18225dd098a704d3c64d6924021dd",

Solution Walkthrough:

Before:

...
pkg_archive(
    name = "mac_edge",
    url = "https://.../MicrosoftEdge-141.0.3537.99.pkg",
    sha256 = "d76f2ff...",
    move = {
        "MicrosoftEdge-141.0.3537.99.pkg/Payload/Microsoft Edge.app": "Edge.app",
    },
    ...
)
...

After:

EDGE_VERSION = "142.0.3595.53"
EDGE_MAC_SHA256 = "d5fcfd67d1641608aa51edefab01b2d1e5c0ec0000021a3948127915105cb270"
EDGE_MAC_URL = "https://.../MicrosoftEdge-%s.pkg" % EDGE_VERSION

...
pkg_archive(
    name = "mac_edge",
    url = EDGE_MAC_URL,
    sha256 = EDGE_MAC_SHA256,
    move = {
        "MicrosoftEdge-%s.pkg/Payload/Microsoft Edge.app" % EDGE_VERSION: "Edge.app",
    },
    ...
)
...
Suggestion importance[1-10]: 8

__

Why: The suggestion correctly identifies repeated version strings and proposes using variables, which would significantly improve the maintainability and readability of this configuration file.

Medium
  • Update

@selenium-ci selenium-ci force-pushed the pinned-browser-updates branch from eef7bc2 to 99327f7 Compare November 2, 2025 00:46
@navin772 navin772 merged commit d333146 into trunk Nov 3, 2025
47 checks passed
@navin772 navin772 deleted the pinned-browser-updates branch November 3, 2025 05:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

B-build Includes scripting, bazel and CI integrations Review effort 2/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@selenium-ci @navin772