You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hudi.apache.org by GitBox <gi...@apache.org> on 2022/06/13 23:03:58 UTC

[GitHub] [hudi] nsivabalan opened a new pull request, #5852: [HUDI-4247] Upgrading protocol buffers version for presto bundle

nsivabalan opened a new pull request, #5852:
URL: https://github.com/apache/hudi/pull/5852

   ## What is the purpose of the pull request
   
   - Upgrading protocol buffers version in presto bundle due to security vulnerability. 
   - [CVE-2015-5237](https://github.com/advisories/GHSA-jwvw-v7c5-m82h) [CVE-2021-22570](https://github.com/advisories/GHSA-77rm-9x9h-xj3g) [CVE-2021-22569](https://github.com/advisories/GHSA-wrvw-hg22-4m67)
   
   ## Brief change log
   
   *(for example:)*
     - *Modify AnnotationLocation checkstyle rule in checkstyle.xml*
   
   ## Verify this pull request
   
   *(Please pick either of the following options)*
   
   This pull request is a trivial rework / code cleanup without any test coverage.
   
   *(or)*
   
   This pull request is already covered by existing tests, such as *(please describe tests)*.
   
   (or)
   
   This change added tests and can be verified as follows:
   
   *(example:)*
   
     - *Added integration tests for end-to-end.*
     - *Added HoodieClientWriteTest to verify the change.*
     - *Manually verified the change by running a job locally.*
   
   ## Committer checklist
   
    - [ ] Has a corresponding JIRA in PR title & commit
    
    - [ ] Commit message is descriptive of the change
    
    - [ ] CI is green
   
    - [ ] Necessary doc changes done or have another open PR
          
    - [ ] For large changes, please consider breaking it into sub-tasks under an umbrella JIRA.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hudi] hudi-bot commented on pull request #5852: [HUDI-4247] Upgrading protocol buffers version for presto bundle

Posted by GitBox <gi...@apache.org>.

hudi-bot commented on PR #5852:
URL: https://github.com/apache/hudi/pull/5852#issuecomment-1154559823

   <!--
   Meta data
   {
     "version" : 1,
     "metaDataEntries" : [ {
       "hash" : "347320e3ba6f1fe6435e80ea23f277e6b9dd4978",
       "status" : "PENDING",
       "url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=9271",
       "triggerID" : "347320e3ba6f1fe6435e80ea23f277e6b9dd4978",
       "triggerType" : "PUSH"
     } ]
   }-->
   ## CI report:
   
   * 347320e3ba6f1fe6435e80ea23f277e6b9dd4978 Azure: [PENDING](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=9271) 
   
   <details>
   <summary>Bot commands</summary>
     @hudi-bot supports the following commands:
   
    - `@hudi-bot run azure` re-run the last Azure build
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hudi] codope commented on pull request #5852: [HUDI-4247] Upgrading protocol buffers version for presto bundle

Posted by GitBox <gi...@apache.org>.

codope commented on PR #5852:
URL: https://github.com/apache/hudi/pull/5852#issuecomment-1182859135

   This one should be good to go. We just need to test the bundle once with latest presto. It addresses come critical CVEs. `protobuf-java` is excluded from hudi-presto-bundle in [presto](https://github.com/prestodb/presto/blob/d83b10737eab1b448c09f11061ce195947ad3666/pom.xml#L1228-L1231)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hudi] xushiyan commented on pull request #5852: [HUDI-4247] Upgrading protocol buffers version for presto bundle

Posted by GitBox <gi...@apache.org>.

xushiyan commented on PR #5852:
URL: https://github.com/apache/hudi/pull/5852#issuecomment-1169328694

   @nsivabalan what is the impact of this upgrade? is this gonna affect presto connector users?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hudi] hudi-bot commented on pull request #5852: [HUDI-4247] Upgrading protocol buffers version for presto bundle

Posted by GitBox <gi...@apache.org>.

hudi-bot commented on PR #5852:
URL: https://github.com/apache/hudi/pull/5852#issuecomment-1154536738

   <!--
   Meta data
   {
     "version" : 1,
     "metaDataEntries" : [ {
       "hash" : "347320e3ba6f1fe6435e80ea23f277e6b9dd4978",
       "status" : "UNKNOWN",
       "url" : "TBD",
       "triggerID" : "347320e3ba6f1fe6435e80ea23f277e6b9dd4978",
       "triggerType" : "PUSH"
     } ]
   }-->
   ## CI report:
   
   * 347320e3ba6f1fe6435e80ea23f277e6b9dd4978 UNKNOWN
   
   <details>
   <summary>Bot commands</summary>
     @hudi-bot supports the following commands:
   
    - `@hudi-bot run azure` re-run the last Azure build
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hudi] hudi-bot commented on pull request #5852: [HUDI-4247] Upgrading protocol buffers version for presto bundle

Posted by GitBox <gi...@apache.org>.

hudi-bot commented on PR #5852:
URL: https://github.com/apache/hudi/pull/5852#issuecomment-1154599459

   <!--
   Meta data
   {
     "version" : 1,
     "metaDataEntries" : [ {
       "hash" : "347320e3ba6f1fe6435e80ea23f277e6b9dd4978",
       "status" : "SUCCESS",
       "url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=9271",
       "triggerID" : "347320e3ba6f1fe6435e80ea23f277e6b9dd4978",
       "triggerType" : "PUSH"
     } ]
   }-->
   ## CI report:
   
   * 347320e3ba6f1fe6435e80ea23f277e6b9dd4978 Azure: [SUCCESS](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=9271) 
   
   <details>
   <summary>Bot commands</summary>
     @hudi-bot supports the following commands:
   
    - `@hudi-bot run azure` re-run the last Azure build
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hudi] xushiyan merged pull request #5852: [HUDI-4247] Upgrading protocol buffers version for presto bundle

Posted by GitBox <gi...@apache.org>.

xushiyan merged PR #5852:
URL: https://github.com/apache/hudi/pull/5852


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org