You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@spark.apache.org by "ronandoolan2 (via GitHub)" <gi...@apache.org> on 2023/05/23 14:18:36 UTC
[GitHub] [spark] ronandoolan2 opened a new pull request, #41281: [WIP] update to secure version of fasterxml
ronandoolan2 opened a new pull request, #41281:
URL: https://github.com/apache/spark/pull/41281
<!--
Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, please read our contributor guidelines: https://spark.apache.org/contributing.html
2. Ensure you have added or run the appropriate tests for your PR: https://spark.apache.org/developer-tools.html
3. If the PR is unfinished, add '[WIP]' in your PR title, e.g., '[WIP][SPARK-XXXX] Your PR title ...'.
4. Be sure to keep the PR description updated to reflect all changes.
5. Please write your PR title to summarize what this PR proposes.
6. If possible, provide a concise example to reproduce the issue for a faster review.
7. If you want to add a new configuration, please read the guideline first for naming configurations in
'core/src/main/scala/org/apache/spark/internal/config/ConfigEntry.scala'.
8. If you want to add or modify an error type or message, please read the guideline first in
'core/src/main/resources/error/README.md'.
-->
### What changes were proposed in this pull request?
updating fasterxml
### Why are the changes needed?
this is to fix the vulnerability sonatype-2022-6438
### Does this PR introduce _any_ user-facing change?
<!--
Note that it means *any* user-facing change including all aspects such as the documentation fix.
If yes, please clarify the previous behavior and the change this PR proposes - provide the console output, description and/or an example to show the behavior difference if possible.
If possible, please also clarify if this is a user-facing change compared to the released Spark versions or within the unreleased branches such as master.
If no, write 'No'.
-->
### How was this patch tested?
<!--
If tests were added, say they were added here. Please make sure to add some test cases that check the changes thoroughly including negative and positive cases if possible.
If it was tested in a way different from regular unit tests, please clarify how you tested step by step, ideally copy and paste-able, so that other reviewers can test and check, and descendants can verify in the future.
If tests were not added, please describe why they were not added and/or why it was difficult to add.
If benchmark tests were added, please run the benchmarks in GitHub Actions for the consistent environment, and the instructions could accord to: https://spark.apache.org/developer-tools.html#github-workflow-benchmarks.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] LuciferYang closed pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang closed pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
URL: https://github.com/apache/spark/pull/41281
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] ronandoolan2 closed pull request #41281: [WIP] update to secure version of fasterxml
Posted by "ronandoolan2 (via GitHub)" <gi...@apache.org>.
ronandoolan2 closed pull request #41281: [WIP] update to secure version of fasterxml
URL: https://github.com/apache/spark/pull/41281
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] bjornjorgensen commented on pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
Posted by "bjornjorgensen (via GitHub)" <gi...@apache.org>.
bjornjorgensen commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1562500359
| July 16th 2023 | Code freeze. Release branch cut.|
| Late July 2023 | QA period. Focus on bug fixes, tests, stability and docs. Generally, no new features merged.|
| August 2023 | Release candidates (RC), voting, etc. until final release passes
https://github.com/apache/spark-website/commit/18ca078b23f826c24bed32df1dc89854a91cb580
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] ronandoolan2 commented on pull request #41281: [WIP] update to secure version of fasterxml
Posted by "ronandoolan2 (via GitHub)" <gi...@apache.org>.
ronandoolan2 commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1560902138
Ok my scans were giving a spurious result sorry
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] LuciferYang commented on pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1562822384
Merged to master. Thanks @ronandoolan2 @srowen @bjornjorgensen ~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] bjornjorgensen commented on pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
Posted by "bjornjorgensen (via GitHub)" <gi...@apache.org>.
bjornjorgensen commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1562842044
Welcome, @ronandoolan2
We are thrilled to have you join the Apache Spark community as a new contributor. It's always exciting to see fresh minds and ideas. We're confident that your skills and expertise will be an asset to our project, enhancing our collaborative efforts to improve Apache Spark.
Just as a reminder, the Apache Spark community values open communication, respect, and inclusiveness. Don't hesitate to ask questions, share your thoughts, or request help when needed. Whether it's through bug fixes, adding new features, or improving documentation, every contribution is highly appreciated.
We hope that you'll find this experience rewarding. Together, we can make Apache Spark even better. Again, welcome aboard, @ronandoolan2
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] bjornjorgensen commented on pull request #41281: [WIP] update to secure version of fasterxml
Posted by "bjornjorgensen (via GitHub)" <gi...@apache.org>.
bjornjorgensen commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1560905608
@ronandoolan2 you can update it to 2.15.1 if you will?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] ronandoolan2 commented on a diff in pull request #41281: [WIP] update to secure version of fasterxml
Posted by "ronandoolan2 (via GitHub)" <gi...@apache.org>.
ronandoolan2 commented on code in PR #41281:
URL: https://github.com/apache/spark/pull/41281#discussion_r1202880604
##########
README.md:
##########
@@ -123,3 +123,4 @@ in the online documentation for an overview on how to configure Spark.
Please review the [Contribution to Spark guide](https://spark.apache.org/contributing.html)
for information on how to get started contributing to the project.
+##
Review Comment:
I had trouble retriggering the job after enabling github actions on my fork, I'll remove this line again
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] bjornjorgensen commented on pull request #41281: [WIP] update to secure version of fasterxml
Posted by "bjornjorgensen (via GitHub)" <gi...@apache.org>.
bjornjorgensen commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1560843908
How is this "update to secure version of fasterxml" ?
"this is to fix the vulnerability sonatype-2022-6438"
that was fixed in 2.15.0 witch we updated in https://github.com/apache/spark/commit/a4a274c4e4f709765e7a8c687347816d8951a681
This is the change log for 2.15.1 https://github.com/FasterXML/jackson-databind/blob/77789abaecd2e42a3765af5231e252ee62578b18/release-notes/VERSION-2.x#LL17C21-L17C21
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] bjornjorgensen commented on pull request #41281: [WIP] update to secure version of fasterxml
Posted by "bjornjorgensen (via GitHub)" <gi...@apache.org>.
bjornjorgensen commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1560953148
we need a JiRA for this
and you must run `./dev/test-dependencies.sh --replace-manifest` to update the rest of pom.xml file.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] LuciferYang commented on pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1561304752
Let update the release notes to https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15.1
And if upgrading to this version has benefits for Spark, it can also be listed in the PR description. @ronandoolan2
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] ronandoolan2 commented on pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
Posted by "ronandoolan2 (via GitHub)" <gi...@apache.org>.
ronandoolan2 commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1562332786
> Let's update the release notes to https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15.1
>
> And if upgrading to this version has benefits for Spark, it can also be listed in the PR description. @ronandoolan2
Where are the release notes that I need to update, I couldn't find them in the repo
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] ronandoolan2 commented on pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
Posted by "ronandoolan2 (via GitHub)" <gi...@apache.org>.
ronandoolan2 commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1562498723
> @ronandoolan2 It looks like @LuciferYang have changed it.
>
> "New version that fix some bugs, the full release-notes as follows:
>
> https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15.1"
Ok great thanks, do you know when the next version of pyspark will be released to pypi?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] ronandoolan2 commented on pull request #41281: [WIP] update to secure version of fasterxml
Posted by "ronandoolan2 (via GitHub)" <gi...@apache.org>.
ronandoolan2 commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1560942273
ok sure
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] bjornjorgensen commented on pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
Posted by "bjornjorgensen (via GitHub)" <gi...@apache.org>.
bjornjorgensen commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1561353843
@ronandoolan2 you need to have a JIRA account https://selfserve.apache.org/jira-account.html
for this one you can use https://issues.apache.org/jira/browse/SPARK-43774 witch is what you are using.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] LuciferYang commented on pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1562506696
also cc @srowen FYI
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] LuciferYang commented on a diff in pull request #41281: [WIP] update to secure version of fasterxml
Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang commented on code in PR #41281:
URL: https://github.com/apache/spark/pull/41281#discussion_r1202756978
##########
README.md:
##########
@@ -123,3 +123,4 @@ in the online documentation for an overview on how to configure Spark.
Please review the [Contribution to Spark guide](https://spark.apache.org/contributing.html)
for information on how to get started contributing to the project.
+##
Review Comment:
hmm... why we need this change?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] bjornjorgensen commented on pull request #41281: [WIP] update to secure version of fasterxml
Posted by "bjornjorgensen (via GitHub)" <gi...@apache.org>.
bjornjorgensen commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1561145840
This is how I wood have done it..
Feel free to change what you will change :)
Change tittle to something like [SPARK-XXXX][BUILD] Upgrade FasterXML jackson to 2.15.1
What changes were proposed in this pull request?
Upgrade FasterXML jackson from 2.15.0 to 2.15.1
Why are the changes needed?
New version that fix some bugs see release-notes https://github.com/FasterXML/jackson-databind/blob/77789abaecd2e42a3765af5231e252ee62578b18/release-notes/VERSION-2.x#LL17C21-L17C21 for more info.
Does this PR introduce any user-facing change?
No.
How was this patch tested?
Pass GA
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] ronandoolan2 commented on pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
Posted by "ronandoolan2 (via GitHub)" <gi...@apache.org>.
ronandoolan2 commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1561237520
@bjornjorgensen do you have the link to Jira? I assume I need to create a ticket with the number SPARK-43774
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org
[GitHub] [spark] bjornjorgensen commented on pull request #41281: [SPARK-43774][BUILD] Upgrade FasterXML jackson to 2.15.1
Posted by "bjornjorgensen (via GitHub)" <gi...@apache.org>.
bjornjorgensen commented on PR #41281:
URL: https://github.com/apache/spark/pull/41281#issuecomment-1562491042
@ronandoolan2 It looks like @LuciferYang have changed it.
"New version that fix some bugs, the full release-notes as follows:
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.15.1"
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org