Re: [autowrx-dev] [automotive-pmc] PMC Approval required for Committer E

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [autowrx-dev] [automotive-pmc] PMC Approval required for Committer Election for Tri Hua on Eclipse Autowrx.

From: Hua Minh Tri <tri2510@xxxxxxxxx>
Date: Thu, 2 Oct 2025 13:54:56 +0700
Delivered-to: autowrx-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/autowrx-dev/>
List-help: <mailto:autowrx-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/autowrx-dev>, <mailto:autowrx-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/autowrx-dev>, <mailto:autowrx-dev-request@eclipse.org?subject=unsubscribe>

Dear Automotive PMC members,

Thank you for keeping my nomination open and for the guidance so far. I know the PMC asked for additional artefacts to review, so I wanted to share where I am with the work for the “Committer Nomination – Tri Hua” (GitHub: tri2510) and refresh the consolidated PR list you requested.

Contribution summary: I’ve attached the PR summary that groups every AutoWRX pull request I have delivered by topic with the current GitHub status (51 merged PRs).
Security fix work: backend-core PR #110 documents the fix work I have been doing on the Dependabot ticket Andreas filed. I’m grateful for the PMC’s patience while I double-check the upgraded dependencies (Express 4.21.1, Passport 0.7.0, Mongoose 8.0.0, Swagger UI Express 5.0.1, Helmet 8.0.0, etc.); the PR is merged, and follow-up ticket #111 is tracking the remaining verification (Dependabot rerun, smoke tests, middleware adjustments).
Backend-core verification: some of the dependency upgrades include breaking changes (Passport 0.7, Mongoose 8, express-rate-limit 7) and tighter middleware options on Express 4.21. I’m carefully auditing each touch point, adjusting configuration where needed, and once the next scan finishes I will share a short smoke-test summary so everyone can see the service stays steady. The remaining follow-ups (Express router alignment, Passport session regeneration, Swagger UI asset refresh) are listed in the PR notes and I’m working through them as part of this pass.
Backend-core residual alerts: Dependabot still lists upstream-driven items (PM2 proxy stack, http-proxy-middleware SSRF advisory, Express 4 path-to-regexp, legacy Mongoose). I’m keeping the mitigation notes and alert tracker up to date while we wait for upstream patches or complete the Express/Mongoose migrations, and I’ve opened follow-up tickets so each item stays tracked.
sdv-runtime security hardening: earlier clean-up work (sdv-runtime#24 and sdv-runtime#18) removed bundled Python packages from the runtime deliverable and moved dependency installation into the Docker build. That work trimmed more than 500k lines of vendored code and keeps us shipping patched packages directly from PyPI; I continue to watch that flow.

I’m continuing to work through the remaining security alerts and will provide the remaining artefacts (code reviews, discussions) for the PMC to review as I complete each piece. Please let me know if there is anything else I can provide in the meantime.

Best regards,
Tri Hua Minh
GitHub: https://github.com/tri2510

# Eclipse AutoWRX PR Summary

## Runtime & Application Enhancements (9 PRs)
**sdv-runtime**
- [Merged] sdv-runtime#27 – [Feature/vss array support issue 26](https://github.com/eclipse-autowrx/sdv-runtime/pull/27)
- [Merged] sdv-runtime#28 – [Add C++ compilation support to production runtime](https://github.com/eclipse-autowrx/sdv-runtime/pull/28)
- [Merged] sdv-runtime#30 – [Implement tree structure format for C++ compilation](https://github.com/eclipse-autowrx/sdv-runtime/pull/30)
- [Merged] sdv-runtime#31 – [feat: Add CPU optimization for mock service idle periods (#29)](https://github.com/eclipse-autowrx/sdv-runtime/pull/31)
- [Merged] sdv-runtime#33 – [Fix #32: Make runtime prefix configurable via environment variable](https://github.com/eclipse-autowrx/sdv-runtime/pull/33)
- [Merged] sdv-runtime#36 – [Fix string array quote escaping issue in VSS serialization](https://github.com/eclipse-autowrx/sdv-runtime/pull/36)
- [Merged] sdv-runtime#38 – [Fix GDB set_vars_value WebSocket integration](https://github.com/eclipse-autowrx/sdv-runtime/pull/38)
**autowrx**
- [Merged] autowrx#201 – [Fix string signal value handling in DaApisWatch](https://github.com/eclipse-autowrx/autowrx/pull/201)
**dreamKIT**
- [Merged] dreamKIT#20 – [DreamOS Installation Suite Implementation](https://github.com/eclipse-autowrx/dreamKIT/pull/20)

## CI/CD & Release Automation (15 PRs)
**sdv-runtime**
- [Merged] sdv-runtime#1 – [Create release workflow for sdv-runtime](https://github.com/eclipse-autowrx/sdv-runtime/pull/1)
- [Merged] sdv-runtime#2 – [Feature/44 retag release as latest](https://github.com/eclipse-autowrx/sdv-runtime/pull/2)
- [Merged] sdv-runtime#4 – [Fix uploading package to github release](https://github.com/eclipse-autowrx/sdv-runtime/pull/4)
- [Merged] sdv-runtime#14 – [Feature/10 released unused workflow and improvement](https://github.com/eclipse-autowrx/sdv-runtime/pull/14)
- [Merged] sdv-runtime#44 – [Fix Docker build failures and deprecated GitHub Actions syntax](https://github.com/eclipse-autowrx/sdv-runtime/pull/44)
- [Merged] sdv-runtime#45 – [Fix artifact attestation error in build workflow](https://github.com/eclipse-autowrx/sdv-runtime/pull/45)
- [Merged] sdv-runtime#47 – [Add manual tag management workflow for GitHub web interface](https://github.com/eclipse-autowrx/sdv-runtime/pull/47)
- [Merged] sdv-runtime#49 – [Enhanced Tag Management Workflows](https://github.com/eclipse-autowrx/sdv-runtime/pull/49)
**autowrx**
- [Merged] autowrx#49 – [Add release workflow](https://github.com/eclipse-autowrx/autowrx/pull/49)
- [Merged] autowrx#62 – [#53 Add Docker Support and GitHub Actions Workflow for Release (frontend, autowrx repo)](https://github.com/eclipse-autowrx/autowrx/pull/62)
- [Merged] autowrx#95 – [Create latest release tag workflow autowrx app](https://github.com/eclipse-autowrx/autowrx/pull/95)
**backend-core**
- [Merged] backend-core#33 – [Add release workflow triggered by Git tags](https://github.com/eclipse-autowrx/backend-core/pull/33)
- [Merged] backend-core#61 – [Create latest release tag workflow backend-core](https://github.com/eclipse-autowrx/backend-core/pull/61)
**learning-journey**
- [Merged] learning-journey#10 – [Add Dockerfile and GitHub Actions Workflow for Release Management (tag)](https://github.com/eclipse-autowrx/learning-journey/pull/10)

## Security & Dependency Hygiene (4 PRs)
**sdv-runtime**
- [Merged] sdv-runtime#18 – [Remove bundled Python packages, install during Docker build](https://github.com/eclipse-autowrx/sdv-runtime/pull/18)
- [Merged] sdv-runtime#24 – [Remove bundled Python packages](https://github.com/eclipse-autowrx/sdv-runtime/pull/24)
**backend-core**
- [Merged] backend-core#37 – [Remove upload package](https://github.com/eclipse-autowrx/backend-core/pull/37)
- [Merged] backend-core#110 – [Fix security vulnerabilities reported in issue #68](https://github.com/eclipse-autowrx/backend-core/pull/110)

## License & IP Compliance (19 PRs)
**sdv-runtime**
- [Merged] sdv-runtime#20 – [Replace Apache license with MIT and add headers](https://github.com/eclipse-autowrx/sdv-runtime/pull/20)
- [Merged] sdv-runtime#25 – [Revert license headers from MIT to Apache 2.0](https://github.com/eclipse-autowrx/sdv-runtime/pull/25)
**autowrx**
- [Merged] autowrx#175 – [Replace Apache header with MIT and add LICENSE file](https://github.com/eclipse-autowrx/autowrx/pull/175)
**backend-core**
- [Merged] backend-core#97 – [Replace Creative Commons license with MIT and add headers](https://github.com/eclipse-autowrx/backend-core/pull/97)
**dreamKIT**
- [Merged] dreamKIT#27 – [Replace Apache headers with MIT and add LICENSE file](https://github.com/eclipse-autowrx/dreamKIT/pull/27)
**docs**
- [Merged] docs#17 – [Add MIT license headers and LICENSE file](https://github.com/eclipse-autowrx/docs/pull/17)
**learning-journey**
- [Merged] learning-journey#25 – [Add MIT license headers and LICENSE file](https://github.com/eclipse-autowrx/learning-journey/pull/25)
**instance-overlay**
- [Merged] instance-overlay#4 – [Add MIT license headers and LICENSE file](https://github.com/eclipse-autowrx/instance-overlay/pull/4)
**epam-service-connector**
- [Merged] epam-service-connector#11 – [Add MIT license headers and LICENSE file](https://github.com/eclipse-autowrx/epam-service-connector/pull/11)
**instance-setup**
- [Merged] instance-setup#10 – [Add .licenseignore file](https://github.com/eclipse-autowrx/instance-setup/pull/10)
**inventory**
- [Merged] inventory#112 – [Convert license to MIT and add headers](https://github.com/eclipse-autowrx/inventory/pull/112)

## Documentation & Developer Experience (5 PRs)
**dreamKIT**
- [Merged] dreamKIT#22 – [dk_run script enhancement](https://github.com/eclipse-autowrx/dreamKIT/pull/22)
- [Merged] dreamKIT#25 – [Add clear setup steps and connection references](https://github.com/eclipse-autowrx/dreamKIT/pull/25)
**docs**
- [Merged] docs#9 – [Update Runtime Environment and Instance Setup for docs](https://github.com/eclipse-autowrx/docs/pull/9)
- [Merged] docs#12 – [Fix doc link, improve instance document](https://github.com/eclipse-autowrx/docs/pull/12)

Prev by Date: Re: [autowrx-dev] [automotive-pmc] PMC Approval required for Committer Election for Tri Hua on Eclipse Autowrx
Previous by thread: [autowrx-dev] WG: SDV Hackathon Chapter Three - 2025 - Coaches nomination!!
Index(es):
- Date
- Thread

Breadcrumbs