You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by GitBox <gi...@apache.org> on 2022/02/08 11:21:06 UTC
[GitHub] [shardingsphere] pjfanning opened a new pull request #15296: [issue-15295] upgrade dependencies due to cves
pjfanning opened a new pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296
Fixes #15295
Changes proposed in this pull request:
- pom changes
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] linghengqian commented on pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
linghengqian commented on pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#issuecomment-1035817277
Notice that the LICENSE has been replaced with a new version, but the PR hasn't been merged yet?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] linghengqian commented on pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
linghengqian commented on pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#issuecomment-1038722114
The logback and postgresql versions have been bumped up, no more changes needed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] pjfanning commented on pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
pjfanning commented on pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#issuecomment-1039537532
@linghengqian I removed the mysql jar change because that seems to cause issues with tests - CI build passes now
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] pjfanning commented on pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
pjfanning commented on pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#issuecomment-1039537532
@linghengqian I removed the mysql jar change because that seems to cause issues with tests - CI build passes now
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] terrymanu merged pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
terrymanu merged pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] linghengqian commented on a change in pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
linghengqian commented on a change in pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#discussion_r802244975
##########
File path: examples/pom.xml
##########
@@ -63,7 +63,7 @@
<seata.version>1.4.2</seata.version>
- <junit.version>4.12</junit.version>
+ <junit.version>4.13.2</junit.version>
Review comment:
Maybe https://shardingsphere.apache.org/community/en/contribute/code-conduct/ should be updated?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] codecov-commenter commented on pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#issuecomment-1033423596
# [Codecov](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#15296](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (20a5641) into [master](https://codecov.io/gh/apache/shardingsphere/commit/c4aa9d9b472c04836c43403fedfba0d8fe19f43f?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (c4aa9d9) will **increase** coverage by `0.05%`.
> The diff coverage is `n/a`.
[](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
```diff
@@ Coverage Diff @@
## master #15296 +/- ##
============================================
+ Coverage 60.28% 60.33% +0.05%
- Complexity 1938 1939 +1
============================================
Files 3194 3194
Lines 47810 47816 +6
Branches 8122 8124 +2
============================================
+ Hits 28820 28849 +29
+ Misses 16666 16641 -25
- Partials 2324 2326 +2
```
| [Impacted Files](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...g/algorithm/sharding/mod/ModShardingAlgorithm.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtZmVhdHVyZXMvc2hhcmRpbmdzcGhlcmUtc2hhcmRpbmcvc2hhcmRpbmdzcGhlcmUtc2hhcmRpbmctY29yZS9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvc2hhcmRpbmcvYWxnb3JpdGhtL3NoYXJkaW5nL21vZC9Nb2RTaGFyZGluZ0FsZ29yaXRobS5qYXZh) | `80.76% <0.00%> (-3.24%)` | :arrow_down: |
| [...eadwritesplitting/rule/ReadwriteSplittingRule.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtZmVhdHVyZXMvc2hhcmRpbmdzcGhlcmUtcmVhZHdyaXRlLXNwbGl0dGluZy9zaGFyZGluZ3NwaGVyZS1yZWFkd3JpdGUtc3BsaXR0aW5nLWNvcmUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3NoYXJkaW5nc3BoZXJlL3JlYWR3cml0ZXNwbGl0dGluZy9ydWxlL1JlYWR3cml0ZVNwbGl0dGluZ1J1bGUuamF2YQ==) | `60.71% <0.00%> (-1.11%)` | :arrow_down: |
| [...r/ShowReadwriteSplittingReadResourcesExecutor.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtcHJveHkvc2hhcmRpbmdzcGhlcmUtcHJveHktYmFja2VuZC9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvcHJveHkvYmFja2VuZC90ZXh0L2Rpc3RzcWwvcmFsL2NvbW1vbi9zaG93L2V4ZWN1dG9yL1Nob3dSZWFkd3JpdGVTcGxpdHRpbmdSZWFkUmVzb3VyY2VzRXhlY3V0b3IuamF2YQ==) | `0.00% <0.00%> (ø)` | |
| [...xt/distsql/rql/rule/SchemaRulesQueryResultSet.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtcHJveHkvc2hhcmRpbmdzcGhlcmUtcHJveHktYmFja2VuZC9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvcHJveHkvYmFja2VuZC90ZXh0L2Rpc3RzcWwvcnFsL3J1bGUvU2NoZW1hUnVsZXNRdWVyeVJlc3VsdFNldC5qYXZh) | | |
| [...xt/distsql/rql/rule/SchemaRulesCountResultSet.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtcHJveHkvc2hhcmRpbmdzcGhlcmUtcHJveHktYmFja2VuZC9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvcHJveHkvYmFja2VuZC90ZXh0L2Rpc3RzcWwvcnFsL3J1bGUvU2NoZW1hUnVsZXNDb3VudFJlc3VsdFNldC5qYXZh) | `96.87% <0.00%> (ø)` | |
| [...gorithm/sharding/mod/HashModShardingAlgorithm.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtZmVhdHVyZXMvc2hhcmRpbmdzcGhlcmUtc2hhcmRpbmcvc2hhcmRpbmdzcGhlcmUtc2hhcmRpbmctY29yZS9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvc2hhcmRpbmcvYWxnb3JpdGhtL3NoYXJkaW5nL21vZC9IYXNoTW9kU2hhcmRpbmdBbGdvcml0aG0uamF2YQ==) | `82.35% <0.00%> (+1.10%)` | :arrow_up: |
| [.../coordinator/ClusterContextManagerCoordinator.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtbW9kZS9zaGFyZGluZ3NwaGVyZS1tb2RlLXR5cGUvc2hhcmRpbmdzcGhlcmUtY2x1c3Rlci1tb2RlL3NoYXJkaW5nc3BoZXJlLWNsdXN0ZXItbW9kZS1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGFyZGluZ3NwaGVyZS9tb2RlL21hbmFnZXIvY2x1c3Rlci9jb29yZGluYXRvci9DbHVzdGVyQ29udGV4dE1hbmFnZXJDb29yZGluYXRvci5qYXZh) | `79.10% <0.00%> (+2.98%)` | :arrow_up: |
| [...istry/metadata/watcher/MetaDataChangedWatcher.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtbW9kZS9zaGFyZGluZ3NwaGVyZS1tb2RlLXR5cGUvc2hhcmRpbmdzcGhlcmUtY2x1c3Rlci1tb2RlL3NoYXJkaW5nc3BoZXJlLWNsdXN0ZXItbW9kZS1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGFyZGluZ3NwaGVyZS9tb2RlL21hbmFnZXIvY2x1c3Rlci9jb29yZGluYXRvci9yZWdpc3RyeS9tZXRhZGF0YS93YXRjaGVyL01ldGFEYXRhQ2hhbmdlZFdhdGNoZXIuamF2YQ==) | `81.81% <0.00%> (+9.09%)` | :arrow_up: |
| [...shardingsphere/infra/instance/InstanceContext.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtaW5mcmEvc2hhcmRpbmdzcGhlcmUtaW5mcmEtY29tbW9uL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGFyZGluZ3NwaGVyZS9pbmZyYS9pbnN0YW5jZS9JbnN0YW5jZUNvbnRleHQuamF2YQ==) | `95.00% <0.00%> (+95.00%)` | :arrow_up: |
| [...dingsphere/infra/instance/ComputeNodeInstance.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtaW5mcmEvc2hhcmRpbmdzcGhlcmUtaW5mcmEtY29tbW9uL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGFyZGluZ3NwaGVyZS9pbmZyYS9pbnN0YW5jZS9Db21wdXRlTm9kZUluc3RhbmNlLmphdmE=) | `100.00% <0.00%> (+100.00%)` | :arrow_up: |
| ... and [1 more](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [c4aa9d9...20a5641](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] pjfanning commented on a change in pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
pjfanning commented on a change in pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#discussion_r802248211
##########
File path: examples/pom.xml
##########
@@ -63,7 +63,7 @@
<seata.version>1.4.2</seata.version>
- <junit.version>4.12</junit.version>
+ <junit.version>4.13.2</junit.version>
Review comment:
I reverted the junit piece - there is a CVE but it could dealt with in a separate issue
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] pjfanning commented on a change in pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
pjfanning commented on a change in pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#discussion_r801536828
##########
File path: examples/pom.xml
##########
@@ -45,14 +45,14 @@
<spring-framework.version>5.2.19.RELEASE</spring-framework.version>
<spring-boot.version>2.0.9.RELEASE</spring-boot.version>
<hikari-cp.version>3.4.2</hikari-cp.version>
- <mysql-connector-java.version>5.1.47</mysql-connector-java.version>
- <postgresql.version>42.2.5</postgresql.version>
+ <mysql-connector-java.version>8.0.28</mysql-connector-java.version>
Review comment:
my experience is that all of these updates are low impact - that in most scenarios, they can be upgraded without breaking compatibility
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] TeslaCN commented on a change in pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
TeslaCN commented on a change in pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#discussion_r801527989
##########
File path: examples/pom.xml
##########
@@ -63,7 +63,7 @@
<seata.version>1.4.2</seata.version>
- <junit.version>4.12</junit.version>
+ <junit.version>4.13.2</junit.version>
Review comment:
`assertThat` is marked as deprecated in junit 4.13. This require further consideration.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] linghengqian commented on pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
linghengqian commented on pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#issuecomment-1039223840
It looks like the `example` folder has changed quite a bit in the last few days, causing CI to go from an initial success to a failure.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] linghengqian edited a comment on pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
linghengqian edited a comment on pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#issuecomment-1038722114
The logback and postgresql versions have been bumped up, no more changes needed. PR needs to merge the master branch, because the version of multiple components has changed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] linghengqian commented on a change in pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
linghengqian commented on a change in pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#discussion_r802274437
##########
File path: examples/pom.xml
##########
@@ -63,7 +63,7 @@
<seata.version>1.4.2</seata.version>
- <junit.version>4.12</junit.version>
+ <junit.version>4.13.2</junit.version>
Review comment:
Refer to https://github.com/junit-team/junit4/pull/1150 , if the version is raised, it means a PR with keyword changes. (Similar to `org.junit.Assert.assertThat` is replaced by `org.hamcrest.MatcherAssert.assertThat` )
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] taojintianxia commented on a change in pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
taojintianxia commented on a change in pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#discussion_r801526795
##########
File path: examples/pom.xml
##########
@@ -45,14 +45,14 @@
<spring-framework.version>5.2.19.RELEASE</spring-framework.version>
<spring-boot.version>2.0.9.RELEASE</spring-boot.version>
<hikari-cp.version>3.4.2</hikari-cp.version>
- <mysql-connector-java.version>5.1.47</mysql-connector-java.version>
- <postgresql.version>42.2.5</postgresql.version>
+ <mysql-connector-java.version>8.0.28</mysql-connector-java.version>
Review comment:
did you test the compatibility for these dependencies ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] pjfanning commented on a change in pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
pjfanning commented on a change in pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#discussion_r801535598
##########
File path: examples/pom.xml
##########
@@ -45,14 +45,14 @@
<spring-framework.version>5.2.19.RELEASE</spring-framework.version>
<spring-boot.version>2.0.9.RELEASE</spring-boot.version>
<hikari-cp.version>3.4.2</hikari-cp.version>
- <mysql-connector-java.version>5.1.47</mysql-connector-java.version>
- <postgresql.version>42.2.5</postgresql.version>
+ <mysql-connector-java.version>8.0.28</mysql-connector-java.version>
Review comment:
@taojintianxia to be honest, I don't use shardingsphere - I am just an Apache member concerned about ASF projects relying on old dependencies with publicly disclosed attack vectors
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] linghengqian edited a comment on pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
linghengqian edited a comment on pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#issuecomment-1038722114
The logback and postgresql versions have been bumped up, no more changes needed. PR needs to merge the master branch, and the version of multiple changes has changed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] linghengqian commented on pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
linghengqian commented on pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#issuecomment-1039223840
It looks like the `example` folder has changed quite a bit in the last few days, causing CI to go from an initial success to a failure.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] linghengqian edited a comment on pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
linghengqian edited a comment on pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#issuecomment-1038722114
The logback and postgresql versions have been bumped up, no more changes needed. PR needs to merge the master branch, because the version of multiple changes has changed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] taojintianxia commented on a change in pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
taojintianxia commented on a change in pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#discussion_r802269558
##########
File path: examples/pom.xml
##########
@@ -45,14 +45,14 @@
<spring-framework.version>5.2.19.RELEASE</spring-framework.version>
<spring-boot.version>2.0.9.RELEASE</spring-boot.version>
<hikari-cp.version>3.4.2</hikari-cp.version>
- <mysql-connector-java.version>5.1.47</mysql-connector-java.version>
- <postgresql.version>42.2.5</postgresql.version>
+ <mysql-connector-java.version>8.0.28</mysql-connector-java.version>
Review comment:
I see, anyway thanks for your contribution
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] codecov-commenter edited a comment on pull request #15296: [issue-15295] upgrade dependencies due to cves
Posted by GitBox <gi...@apache.org>.
codecov-commenter edited a comment on pull request #15296:
URL: https://github.com/apache/shardingsphere/pull/15296#issuecomment-1033423596
# [Codecov](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#15296](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (660c0b7) into [master](https://codecov.io/gh/apache/shardingsphere/commit/4f16161a2913e3d4d2ac1636b80f0fa355831192?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (4f16161) will **increase** coverage by `0.13%`.
> The diff coverage is `n/a`.
[](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
```diff
@@ Coverage Diff @@
## master #15296 +/- ##
============================================
+ Coverage 60.25% 60.38% +0.13%
- Complexity 1945 1949 +4
============================================
Files 3208 3215 +7
Lines 48073 48084 +11
Branches 8165 8162 -3
============================================
+ Hits 28964 29035 +71
+ Misses 16778 16712 -66
- Partials 2331 2337 +6
```
| [Impacted Files](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...e/data/pipeline/mysql/MySQLEnvironmentChecker.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUta2VybmVsL3NoYXJkaW5nc3BoZXJlLWRhdGEtcGlwZWxpbmUvc2hhcmRpbmdzcGhlcmUtZGF0YS1waXBlbGluZS1kaWFsZWN0L3NoYXJkaW5nc3BoZXJlLWRhdGEtcGlwZWxpbmUtbXlzcWwvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3NoYXJkaW5nc3BoZXJlL2RhdGEvcGlwZWxpbmUvbXlzcWwvTXlTUUxFbnZpcm9ubWVudENoZWNrZXIuamF2YQ==) | `0.00% <0.00%> (-66.67%)` | :arrow_down: |
| [...ipeline/opengauss/OpenGaussEnvironmentChecker.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUta2VybmVsL3NoYXJkaW5nc3BoZXJlLWRhdGEtcGlwZWxpbmUvc2hhcmRpbmdzcGhlcmUtZGF0YS1waXBlbGluZS1kaWFsZWN0L3NoYXJkaW5nc3BoZXJlLWRhdGEtcGlwZWxpbmUtb3BlbmdhdXNzL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGFyZGluZ3NwaGVyZS9kYXRhL3BpcGVsaW5lL29wZW5nYXVzcy9PcGVuR2F1c3NFbnZpcm9ubWVudENoZWNrZXIuamF2YQ==) | `0.00% <0.00%> (-66.67%)` | :arrow_down: |
| [...eline/postgresql/PostgreSQLEnvironmentChecker.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUta2VybmVsL3NoYXJkaW5nc3BoZXJlLWRhdGEtcGlwZWxpbmUvc2hhcmRpbmdzcGhlcmUtZGF0YS1waXBlbGluZS1kaWFsZWN0L3NoYXJkaW5nc3BoZXJlLWRhdGEtcGlwZWxpbmUtcG9zdGdyZXNxbC9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvZGF0YS9waXBlbGluZS9wb3N0Z3Jlc3FsL1Bvc3RncmVTUUxFbnZpcm9ubWVudENoZWNrZXIuamF2YQ==) | `0.00% <0.00%> (-66.67%)` | :arrow_down: |
| [...d/text/distsql/ral/common/hint/HintSourceType.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtcHJveHkvc2hhcmRpbmdzcGhlcmUtcHJveHktYmFja2VuZC9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvcHJveHkvYmFja2VuZC90ZXh0L2Rpc3RzcWwvcmFsL2NvbW1vbi9oaW50L0hpbnRTb3VyY2VUeXBlLmphdmE=) | `0.00% <0.00%> (-42.86%)` | :arrow_down: |
| [...common/show/executor/ShowInstanceModeExecutor.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtcHJveHkvc2hhcmRpbmdzcGhlcmUtcHJveHktYmFja2VuZC9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvcHJveHkvYmFja2VuZC90ZXh0L2Rpc3RzcWwvcmFsL2NvbW1vbi9zaG93L2V4ZWN1dG9yL1Nob3dJbnN0YW5jZU1vZGVFeGVjdXRvci5qYXZh) | `75.00% <0.00%> (ø)` | |
| [...ling/core/job/check/EnvironmentCheckerFactory.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUta2VybmVsL3NoYXJkaW5nc3BoZXJlLWRhdGEtcGlwZWxpbmUvc2hhcmRpbmdzcGhlcmUtZGF0YS1waXBlbGluZS1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGFyZGluZ3NwaGVyZS9zY2FsaW5nL2NvcmUvam9iL2NoZWNrL0Vudmlyb25tZW50Q2hlY2tlckZhY3RvcnkuamF2YQ==) | `0.00% <0.00%> (ø)` | |
| [...distsql/ral/impl/CommonDistSQLStatementAssert.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUtdGVzdC9zaGFyZGluZ3NwaGVyZS1wYXJzZXItdGVzdC9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvdGVzdC9zcWwvcGFyc2VyL3BhcmFtZXRlcml6ZWQvYXNzZXJ0cy9zdGF0ZW1lbnQvZGlzdHNxbC9yYWwvaW1wbC9Db21tb25EaXN0U1FMU3RhdGVtZW50QXNzZXJ0LmphdmE=) | `100.00% <0.00%> (ø)` | |
| [...e/scenario/rulealtered/RuleAlteredJobPreparer.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUta2VybmVsL3NoYXJkaW5nc3BoZXJlLWRhdGEtcGlwZWxpbmUvc2hhcmRpbmdzcGhlcmUtZGF0YS1waXBlbGluZS1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGFyZGluZ3NwaGVyZS9kYXRhL3BpcGVsaW5lL3NjZW5hcmlvL3J1bGVhbHRlcmVkL1J1bGVBbHRlcmVkSm9iUHJlcGFyZXIuamF2YQ==) | `0.00% <0.00%> (ø)` | |
| [...re/check/datasource/AbstractDataSourceChecker.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUta2VybmVsL3NoYXJkaW5nc3BoZXJlLWRhdGEtcGlwZWxpbmUvc2hhcmRpbmdzcGhlcmUtZGF0YS1waXBlbGluZS1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGFyZGluZ3NwaGVyZS9kYXRhL3BpcGVsaW5lL2NvcmUvY2hlY2svZGF0YXNvdXJjZS9BYnN0cmFjdERhdGFTb3VyY2VDaGVja2VyLmphdmE=) | `0.00% <0.00%> (ø)` | |
| [...mysql/check/datasource/MySQLDataSourceChecker.java](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2hhcmRpbmdzcGhlcmUta2VybmVsL3NoYXJkaW5nc3BoZXJlLWRhdGEtcGlwZWxpbmUvc2hhcmRpbmdzcGhlcmUtZGF0YS1waXBlbGluZS1kaWFsZWN0L3NoYXJkaW5nc3BoZXJlLWRhdGEtcGlwZWxpbmUtbXlzcWwvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3NoYXJkaW5nc3BoZXJlL2RhdGEvcGlwZWxpbmUvbXlzcWwvY2hlY2svZGF0YXNvdXJjZS9NeVNRTERhdGFTb3VyY2VDaGVja2VyLmphdmE=) | `81.25% <0.00%> (ø)` | |
| ... and [10 more](https://codecov.io/gh/apache/shardingsphere/pull/15296/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [4f16161...660c0b7](https://codecov.io/gh/apache/shardingsphere/pull/15296?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org