You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@beam.apache.org by "bvolpato (via GitHub)" <gi...@apache.org> on 2023/04/12 04:49:38 UTC

[GitHub] [beam] bvolpato opened a new pull request, #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE

bvolpato opened a new pull request, #26228:
URL: https://github.com/apache/beam/pull/26228

   Upgrading commons-dbcp2 to latest (2.9.0) due to Snyk Advisory:
   
   
   >  ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-559327] in org.apache.commons:commons-dbcp2@2.8.0
   >    introduced by {groupId}:{artifactId}@{version} > org.apache.commons:commons-dbcp2@2.8.0
   >
   >  This issue was fixed in versions: 2.9.0
   
   
   Also upgrading commons-pool2 to latest due to dependencies being at the [CVE-2020-15250](https://nvd.nist.gov/vuln/detail/cve-2020-15250) range.
   
   
   
   GitHub Actions Tests Status (on master branch)
   ------------------------------------------------------------------------------------------------
   [![Build python source distribution and wheels](https://github.com/apache/beam/workflows/Build%20python%20source%20distribution%20and%20wheels/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Build+python+source+distribution+and+wheels%22+branch%3Amaster+event%3Aschedule)
   [![Python tests](https://github.com/apache/beam/workflows/Python%20tests/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Python+Tests%22+branch%3Amaster+event%3Aschedule)
   [![Java tests](https://github.com/apache/beam/workflows/Java%20Tests/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Java+Tests%22+branch%3Amaster+event%3Aschedule)
   [![Go tests](https://github.com/apache/beam/workflows/Go%20tests/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Go+tests%22+branch%3Amaster+event%3Aschedule)
   
   See [CI.md](https://github.com/apache/beam/blob/master/CI.md) for more information about GitHub Actions CI.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] github-actions[bot] commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.

github-actions[bot] commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1504616983

   Stopping reviewer notifications for this pull request: review requested by someone other than the bot, ceding control


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] bvolpato commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE

Posted by "bvolpato (via GitHub)" <gi...@apache.org>.

bvolpato commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1504615885

   R: @lostluck 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] bvolpato commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE

Posted by "bvolpato (via GitHub)" <gi...@apache.org>.

bvolpato commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1513978645

   Good point @Abacn. Done, thanks!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] Abacn commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE

Posted by "Abacn (via GitHub)" <gi...@apache.org>.

Abacn commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1513694680

   We may want to update commons-dbcp2 here: https://github.com/apache/beam/blob/57d902987d0bdf9904f55483193176cdc2f65561/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy#L528
   and use this variable in jdbc/build.gradle
   
   for commons-pool2, lgtm
    


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] Abacn commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE

Posted by "Abacn (via GitHub)" <gi...@apache.org>.

Abacn commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1514081715

   Run Java_Amazon-Web-Services2_IO_Direct PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] Abacn merged pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE

Posted by "Abacn (via GitHub)" <gi...@apache.org>.

Abacn merged PR #26228:
URL: https://github.com/apache/beam/pull/26228


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] codecov[bot] commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE

Posted by "codecov[bot] (via GitHub)" <gi...@apache.org>.

codecov[bot] commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1514012978

   ## [Codecov](https://codecov.io/gh/apache/beam/pull/26228?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
   > Merging [#26228](https://codecov.io/gh/apache/beam/pull/26228?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (6e29131) into [master](https://codecov.io/gh/apache/beam/commit/40a0d58401f3cd5021a56a800491f6085e356b4c?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (40a0d58) will **increase** coverage by `0.00%`.
   > The diff coverage is `n/a`.
   
   ```diff
   @@           Coverage Diff           @@
   ##           master   #26228   +/-   ##
   =======================================
     Coverage   81.06%   81.06%           
   =======================================
     Files         469      469           
     Lines       67164    67164           
   =======================================
   + Hits        54446    54448    +2     
   + Misses      12718    12716    -2     
   ```
   
   | Flag | Coverage Δ | |
   |---|---|---|
   | python | `81.06% <ø> (+<0.01%)` | :arrow_up: |
   
   Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more.
   
   [see 9 files with indirect coverage changes](https://codecov.io/gh/apache/beam/pull/26228/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   
   :mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org