You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2022/08/10 21:59:12 UTC

[GitHub] [spark] bjornjorgensen opened a new pull request, #37473: [SPARK-40037][BUILD] Upgrade `tink` to 1.7.0

bjornjorgensen opened a new pull request, #37473:
URL: https://github.com/apache/spark/pull/37473

   ### What changes were proposed in this pull request?
   Upgrade com.google.crypto.tink:tink from 1.6.1 to 1.7.0
   
   ### Why are the changes needed?
   [CVE-2022-25647](https://www.cve.org/CVERecord?id=CVE-2022-25647)
   
   [Info at SNYK](https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327)
   
   [CVE-2021-22569](https://www.cve.org/CVERecord?id=CVE-2021-22569)
   
   [Info at SNYK](https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703)
   
   [releases log](https://github.com/google/tink/releases/tag/v1.7.0)
   
   ### Does this PR introduce _any_ user-facing change?
   No.
   
   
   ### How was this patch tested?
   Pass GA


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] srowen commented on pull request #37473: [SPARK-40037][BUILD] Upgrade `Tink` to 1.7.0

Posted by GitBox <gi...@apache.org>.

srowen commented on PR #37473:
URL: https://github.com/apache/spark/pull/37473#issuecomment-1213605519

   Merged to master


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] srowen commented on pull request #37473: [SPARK-40037][BUILD] Upgrade `Tink` to 1.7.0

Posted by "srowen (via GitHub)" <gi...@apache.org>.

srowen commented on PR #37473:
URL: https://github.com/apache/spark/pull/37473#issuecomment-1576768620

   Are the CVEs relevant to Spark at all?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] srowen closed pull request #37473: [SPARK-40037][BUILD] Upgrade `Tink` to 1.7.0

Posted by GitBox <gi...@apache.org>.

srowen closed pull request #37473: [SPARK-40037][BUILD] Upgrade `Tink` to 1.7.0
URL: https://github.com/apache/spark/pull/37473


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] AmplabJenkins commented on pull request #37473: [SPARK-40037][BUILD] Upgrade `tink` to 1.7.0

Posted by GitBox <gi...@apache.org>.

AmplabJenkins commented on PR #37473:
URL: https://github.com/apache/spark/pull/37473#issuecomment-1212654798

   Can one of the admins verify this patch?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] degant commented on pull request #37473: [SPARK-40037][BUILD] Upgrade `Tink` to 1.7.0

Posted by "degant (via GitHub)" <gi...@apache.org>.

degant commented on PR #37473:
URL: https://github.com/apache/spark/pull/37473#issuecomment-1576215330

   @bjornjorgensen Can this be backported to 3.3 as well so that the CVEs can be addressed?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org