You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2020/03/14 00:58:54 UTC
[GitHub] [druid] ccaominh opened a new pull request #9517: Suppress CWE-400
for node-sass:4.13.1
ccaominh opened a new pull request #9517: Suppress CWE-400 for node-sass:4.13.1
URL: https://github.com/apache/druid/pull/9517
### Description
The vulnerability is fixed in 4.13.1: https://github.com/sass/node-sass/issues/2816#issuecomment-575136455
But the dependency check plugin thinks its still broken as the affected/fixed versions has not been updated yet on Sonatype OSS Index: https://ossindex.sonatype.org/vuln/c97f4ae7-be1f-4f71-b238-7c095b126e74
<hr>
This PR has:
- [x] been self-reviewed.
- [x] added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] codecov-io commented on issue #9517: Suppress CWE-400 for
node-sass:4.13.1
Posted by GitBox <gi...@apache.org>.
codecov-io commented on issue #9517: Suppress CWE-400 for node-sass:4.13.1
URL: https://github.com/apache/druid/pull/9517#issuecomment-598993480
# [Codecov](https://codecov.io/gh/apache/druid/pull/9517?src=pr&el=h1) Report
> Merging [#9517](https://codecov.io/gh/apache/druid/pull/9517?src=pr&el=desc) into [master](https://codecov.io/gh/apache/druid/commit/6afd55c8f4b49802d873ca181727231670abd566?src=pr&el=desc) will **increase** coverage by `0.92%`.
> The diff coverage is `n/a`.
[![Impacted file tree graph](https://codecov.io/gh/apache/druid/pull/9517/graphs/tree.svg?width=650&token=hn9gC9NXg0&height=150&src=pr)](https://codecov.io/gh/apache/druid/pull/9517?src=pr&el=tree)
```diff
@@ Coverage Diff @@
## master #9517 +/- ##
============================================
+ Coverage 63.58% 64.51% +0.92%
Complexity 23569 23569
============================================
Files 3054 2936 -118
Lines 126200 119976 -6224
Branches 17453 16070 -1383
============================================
- Hits 80249 77404 -2845
+ Misses 38754 35592 -3162
+ Partials 7197 6980 -217
```
| [Impacted Files](https://codecov.io/gh/apache/druid/pull/9517?src=pr&el=tree) | Coverage Δ | Complexity Δ | |
|---|---|---|---|
| [...tions/spatial/split/LinearGutmanSplitStrategy.java](https://codecov.io/gh/apache/druid/pull/9517/diff?src=pr&el=tree#diff-cHJvY2Vzc2luZy9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvZHJ1aWQvY29sbGVjdGlvbnMvc3BhdGlhbC9zcGxpdC9MaW5lYXJHdXRtYW5TcGxpdFN0cmF0ZWd5LmphdmE=) | `91.89% <0%> (-8.11%)` | `9% <0%> (-1%)` | |
| [.../apache/druid/client/BatchServerInventoryView.java](https://codecov.io/gh/apache/druid/pull/9517/diff?src=pr&el=tree#diff-c2VydmVyL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kcnVpZC9jbGllbnQvQmF0Y2hTZXJ2ZXJJbnZlbnRvcnlWaWV3LmphdmE=) | `80.76% <0%> (-5.77%)` | `10% <0%> (-1%)` | |
| [...main/java/org/apache/druid/client/DruidServer.java](https://codecov.io/gh/apache/druid/pull/9517/diff?src=pr&el=tree#diff-c2VydmVyL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kcnVpZC9jbGllbnQvRHJ1aWRTZXJ2ZXIuamF2YQ==) | `74.68% <0%> (-2.54%)` | `33% <0%> (-1%)` | |
| [...e/druid/concurrent/ConcurrentAwaitableCounter.java](https://codecov.io/gh/apache/druid/pull/9517/diff?src=pr&el=tree#diff-Y29yZS9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvZHJ1aWQvY29uY3VycmVudC9Db25jdXJyZW50QXdhaXRhYmxlQ291bnRlci5qYXZh) | `67.5% <0%> (-2.5%)` | `11% <0%> (-1%)` | |
| [...druid/server/coordinator/CuratorLoadQueuePeon.java](https://codecov.io/gh/apache/druid/pull/9517/diff?src=pr&el=tree#diff-c2VydmVyL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kcnVpZC9zZXJ2ZXIvY29vcmRpbmF0b3IvQ3VyYXRvckxvYWRRdWV1ZVBlb24uamF2YQ==) | `76.71% <0%> (-2.06%)` | `21% <0%> (-1%)` | |
| [...uid/curator/inventory/CuratorInventoryManager.java](https://codecov.io/gh/apache/druid/pull/9517/diff?src=pr&el=tree#diff-c2VydmVyL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kcnVpZC9jdXJhdG9yL2ludmVudG9yeS9DdXJhdG9ySW52ZW50b3J5TWFuYWdlci5qYXZh) | `65.68% <0%> (-1.97%)` | `9% <0%> (ø)` | |
| [.../druid/indexing/kinesis/KinesisRecordSupplier.java](https://codecov.io/gh/apache/druid/pull/9517/diff?src=pr&el=tree#diff-ZXh0ZW5zaW9ucy1jb3JlL2tpbmVzaXMtaW5kZXhpbmctc2VydmljZS9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvZHJ1aWQvaW5kZXhpbmcva2luZXNpcy9LaW5lc2lzUmVjb3JkU3VwcGxpZXIuamF2YQ==) | `54.43% <0%> (-1.59%)` | `33% <0%> (ø)` | |
| [...egment/loading/SegmentLoaderLocalCacheManager.java](https://codecov.io/gh/apache/druid/pull/9517/diff?src=pr&el=tree#diff-c2VydmVyL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kcnVpZC9zZWdtZW50L2xvYWRpbmcvU2VnbWVudExvYWRlckxvY2FsQ2FjaGVNYW5hZ2VyLmphdmE=) | `85.92% <0%> (-1.49%)` | `32% <0%> (-1%)` | |
| [...uid/client/AbstractCuratorServerInventoryView.java](https://codecov.io/gh/apache/druid/pull/9517/diff?src=pr&el=tree#diff-c2VydmVyL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kcnVpZC9jbGllbnQvQWJzdHJhY3RDdXJhdG9yU2VydmVySW52ZW50b3J5Vmlldy5qYXZh) | `55.55% <0%> (-1.02%)` | `16% <0%> (ø)` | |
| [.../druid/java/util/emitter/core/HttpPostEmitter.java](https://codecov.io/gh/apache/druid/pull/9517/diff?src=pr&el=tree#diff-Y29yZS9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvZHJ1aWQvamF2YS91dGlsL2VtaXR0ZXIvY29yZS9IdHRwUG9zdEVtaXR0ZXIuamF2YQ==) | `76.76% <0%> (-0.76%)` | `45% <0%> (ø)` | |
| ... and [124 more](https://codecov.io/gh/apache/druid/pull/9517/diff?src=pr&el=tree-more) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/druid/pull/9517?src=pr&el=continue).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/druid/pull/9517?src=pr&el=footer). Last update [6afd55c...c1abaa3](https://codecov.io/gh/apache/druid/pull/9517?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] ccaominh merged pull request #9517: Suppress CWE-400 for
node-sass:4.13.1
Posted by GitBox <gi...@apache.org>.
ccaominh merged pull request #9517: Suppress CWE-400 for node-sass:4.13.1
URL: https://github.com/apache/druid/pull/9517
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] ccaominh commented on issue #9517: Suppress CWE-400 for
node-sass:4.13.1
Posted by GitBox <gi...@apache.org>.
ccaominh commented on issue #9517: Suppress CWE-400 for node-sass:4.13.1
URL: https://github.com/apache/druid/pull/9517#issuecomment-598994216
I'm not sure why codecov is commenting on PRs since that should be disabled: https://github.com/apache/druid/blob/master/.codecov.yml#L24
Clearly the coverage report is inaccurate since this PR did not change any source code.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org