You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@beam.apache.org by "bvolpato (via GitHub)" <gi...@apache.org> on 2023/04/12 04:49:38 UTC
[GitHub] [beam] bvolpato opened a new pull request, #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE
bvolpato opened a new pull request, #26228:
URL: https://github.com/apache/beam/pull/26228
Upgrading commons-dbcp2 to latest (2.9.0) due to Snyk Advisory:
> ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-559327] in org.apache.commons:commons-dbcp2@2.8.0
> introduced by {groupId}:{artifactId}@{version} > org.apache.commons:commons-dbcp2@2.8.0
>
> This issue was fixed in versions: 2.9.0
Also upgrading commons-pool2 to latest due to dependencies being at the [CVE-2020-15250](https://nvd.nist.gov/vuln/detail/cve-2020-15250) range.
GitHub Actions Tests Status (on master branch)
------------------------------------------------------------------------------------------------
[![Build python source distribution and wheels](https://github.com/apache/beam/workflows/Build%20python%20source%20distribution%20and%20wheels/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Build+python+source+distribution+and+wheels%22+branch%3Amaster+event%3Aschedule)
[![Python tests](https://github.com/apache/beam/workflows/Python%20tests/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Python+Tests%22+branch%3Amaster+event%3Aschedule)
[![Java tests](https://github.com/apache/beam/workflows/Java%20Tests/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Java+Tests%22+branch%3Amaster+event%3Aschedule)
[![Go tests](https://github.com/apache/beam/workflows/Go%20tests/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Go+tests%22+branch%3Amaster+event%3Aschedule)
See [CI.md](https://github.com/apache/beam/blob/master/CI.md) for more information about GitHub Actions CI.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] github-actions[bot] commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1504616983
Stopping reviewer notifications for this pull request: review requested by someone other than the bot, ceding control
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] bvolpato commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE
Posted by "bvolpato (via GitHub)" <gi...@apache.org>.
bvolpato commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1504615885
R: @lostluck
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] bvolpato commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE
Posted by "bvolpato (via GitHub)" <gi...@apache.org>.
bvolpato commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1513978645
Good point @Abacn. Done, thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] Abacn commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE
Posted by "Abacn (via GitHub)" <gi...@apache.org>.
Abacn commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1513694680
We may want to update commons-dbcp2 here: https://github.com/apache/beam/blob/57d902987d0bdf9904f55483193176cdc2f65561/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy#L528
and use this variable in jdbc/build.gradle
for commons-pool2, lgtm
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] Abacn commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE
Posted by "Abacn (via GitHub)" <gi...@apache.org>.
Abacn commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1514081715
Run Java_Amazon-Web-Services2_IO_Direct PreCommit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] Abacn merged pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE
Posted by "Abacn (via GitHub)" <gi...@apache.org>.
Abacn merged PR #26228:
URL: https://github.com/apache/beam/pull/26228
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] codecov[bot] commented on pull request #26228: Upgrade version of Apache Commons (dbcp2, pool2) due to advisory/CVE
Posted by "codecov[bot] (via GitHub)" <gi...@apache.org>.
codecov[bot] commented on PR #26228:
URL: https://github.com/apache/beam/pull/26228#issuecomment-1514012978
## [Codecov](https://codecov.io/gh/apache/beam/pull/26228?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#26228](https://codecov.io/gh/apache/beam/pull/26228?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (6e29131) into [master](https://codecov.io/gh/apache/beam/commit/40a0d58401f3cd5021a56a800491f6085e356b4c?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (40a0d58) will **increase** coverage by `0.00%`.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## master #26228 +/- ##
=======================================
Coverage 81.06% 81.06%
=======================================
Files 469 469
Lines 67164 67164
=======================================
+ Hits 54446 54448 +2
+ Misses 12718 12716 -2
```
| Flag | Coverage Δ | |
|---|---|---|
| python | `81.06% <ø> (+<0.01%)` | :arrow_up: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more.
[see 9 files with indirect coverage changes](https://codecov.io/gh/apache/beam/pull/26228/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org