You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hudi.apache.org by GitBox <gi...@apache.org> on 2022/10/16 08:31:58 UTC
[GitHub] [hudi] lxxawfl opened a new pull request, #6959: fix(sec): upgrade commons-codec:commons-codec to 1.13
lxxawfl opened a new pull request, #6959:
URL: https://github.com/apache/hudi/pull/6959
### What happened?
There are 1 security vulnerabilities found in commons-codec:commons-codec 1.4
- [MPS-2022-11853](https://www.oscs1024.com/hd/MPS-2022-11853)
### What did I do?
Upgrade commons-codec:commons-codec from 1.4 to 1.13 for vulnerability fix
### What did you expect to happen?
Ideally, no insecure libs should be used.
### How was this patch tested?
Run `mvn compile` failed locally, couldn't complete the build process.
Run `mvn clean test` failed locally, unit-test couldn't pass.
### The specification of the pull request
[PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] hudi-bot commented on pull request #6959: fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
hudi-bot commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1290060388
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"status" : "DELETED",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12234",
"triggerID" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"triggerType" : "PUSH"
}, {
"hash" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"status" : "CANCELED",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12484",
"triggerID" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"triggerType" : "PUSH"
}, {
"hash" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"status" : "SUCCESS",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12543",
"triggerID" : "1289769806",
"triggerType" : "MANUAL"
} ]
}-->
## CI report:
* 19e6dbc991e2adf9d4f4a9b75dd950b849e62edd Azure: [CANCELED](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12484) Azure: [SUCCESS](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12543)
<details>
<summary>Bot commands</summary>
@hudi-bot supports the following commands:
- `@hudi-bot run azure` re-run the last Azure build
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] hudi-bot commented on pull request #6959: fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
hudi-bot commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1279924530
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"status" : "PENDING",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12234",
"triggerID" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* ec075baca8c2211325d85442ddb42d6f0851691c Azure: [PENDING](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12234)
<details>
<summary>Bot commands</summary>
@hudi-bot supports the following commands:
- `@hudi-bot run azure` re-run the last Azure build
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] hudi-bot commented on pull request #6959: fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
hudi-bot commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1288008367
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"status" : "SUCCESS",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12234",
"triggerID" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"triggerType" : "PUSH"
}, {
"hash" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* ec075baca8c2211325d85442ddb42d6f0851691c Azure: [SUCCESS](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12234)
* 19e6dbc991e2adf9d4f4a9b75dd950b849e62edd UNKNOWN
<details>
<summary>Bot commands</summary>
@hudi-bot supports the following commands:
- `@hudi-bot run azure` re-run the last Azure build
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] nsivabalan commented on pull request #6959: [MINOR] fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
nsivabalan commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1299671236
@codope : I have merged this in. will there be any conflicts w/ presto bundle? I saw your comment on the other patch. so was just wondering.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] nsivabalan commented on pull request #6959: fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
nsivabalan commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1288004378
rebased w/ latest master.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] hudi-bot commented on pull request #6959: fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
hudi-bot commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1289798128
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"status" : "DELETED",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12234",
"triggerID" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"triggerType" : "PUSH"
}, {
"hash" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"status" : "CANCELED",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12484",
"triggerID" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"triggerType" : "PUSH"
}, {
"hash" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"status" : "PENDING",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12543",
"triggerID" : "1289769806",
"triggerType" : "MANUAL"
} ]
}-->
## CI report:
* 19e6dbc991e2adf9d4f4a9b75dd950b849e62edd Azure: [CANCELED](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12484) Azure: [PENDING](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12543)
<details>
<summary>Bot commands</summary>
@hudi-bot supports the following commands:
- `@hudi-bot run azure` re-run the last Azure build
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] codope commented on pull request #6959: [MINOR] fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
codope commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1300022289
> will there be any conflicts w/ presto bundle? I saw your comment on the other patch. so was just wondering.
No, this change looks good. It is only isolated to integ test bundle.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] hudi-bot commented on pull request #6959: fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
hudi-bot commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1288043143
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"status" : "DELETED",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12234",
"triggerID" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"triggerType" : "PUSH"
}, {
"hash" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"status" : "CANCELED",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12484",
"triggerID" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 19e6dbc991e2adf9d4f4a9b75dd950b849e62edd Azure: [CANCELED](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12484)
<details>
<summary>Bot commands</summary>
@hudi-bot supports the following commands:
- `@hudi-bot run azure` re-run the last Azure build
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] nsivabalan merged pull request #6959: [MINOR] fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
nsivabalan merged PR #6959:
URL: https://github.com/apache/hudi/pull/6959
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] hudi-bot commented on pull request #6959: fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
hudi-bot commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1279947999
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"status" : "SUCCESS",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12234",
"triggerID" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* ec075baca8c2211325d85442ddb42d6f0851691c Azure: [SUCCESS](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12234)
<details>
<summary>Bot commands</summary>
@hudi-bot supports the following commands:
- `@hudi-bot run azure` re-run the last Azure build
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] nsivabalan commented on pull request #6959: fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
nsivabalan commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1289769806
@hudi-bot run azure
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] hudi-bot commented on pull request #6959: fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
hudi-bot commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1279923660
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* ec075baca8c2211325d85442ddb42d6f0851691c UNKNOWN
<details>
<summary>Bot commands</summary>
@hudi-bot supports the following commands:
- `@hudi-bot run azure` re-run the last Azure build
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hudi] hudi-bot commented on pull request #6959: fix(sec): upgrade commons-codec:commons-codec to 1.13
Posted by GitBox <gi...@apache.org>.
hudi-bot commented on PR #6959:
URL: https://github.com/apache/hudi/pull/6959#issuecomment-1288009292
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"status" : "SUCCESS",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12234",
"triggerID" : "ec075baca8c2211325d85442ddb42d6f0851691c",
"triggerType" : "PUSH"
}, {
"hash" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"status" : "PENDING",
"url" : "https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12484",
"triggerID" : "19e6dbc991e2adf9d4f4a9b75dd950b849e62edd",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* ec075baca8c2211325d85442ddb42d6f0851691c Azure: [SUCCESS](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12234)
* 19e6dbc991e2adf9d4f4a9b75dd950b849e62edd Azure: [PENDING](https://dev.azure.com/apache-hudi-ci-org/785b6ef4-2f42-4a89-8f0e-5f0d7039a0cc/_build/results?buildId=12484)
<details>
<summary>Bot commands</summary>
@hudi-bot supports the following commands:
- `@hudi-bot run azure` re-run the last Azure build
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org