You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@arrow.apache.org by "lidavidm (via GitHub)" <gi...@apache.org> on 2023/05/26 14:46:06 UTC
[GitHub] [arrow] lidavidm opened a new pull request, #35791: GH-35771: [Java] Bump Jackson to avoid CVE
lidavidm opened a new pull request, #35791:
URL: https://github.com/apache/arrow/pull/35791
<!--
Thanks for opening a pull request!
If this is your first pull request you can find detailed information on how
to contribute here:
* [New Contributor's Guide](https://arrow.apache.org/docs/dev/developers/guide/step_by_step/pr_lifecycle.html#reviews-and-merge-of-the-pull-request)
* [Contributing Overview](https://arrow.apache.org/docs/dev/developers/overview.html)
If this is not a [minor PR](https://github.com/apache/arrow/blob/main/CONTRIBUTING.md#Minor-Fixes). Could you open an issue for this pull request on GitHub? https://github.com/apache/arrow/issues/new/choose
Opening GitHub issues ahead of time contributes to the [Openness](http://theapacheway.com/open/#:~:text=Openness%20allows%20new%20users%20the,must%20happen%20in%20the%20open.) of the Apache Arrow project.
Then could you also rename the pull request title in the following format?
GH-${GITHUB_ISSUE_ID}: [${COMPONENT}] ${SUMMARY}
or
MINOR: [${COMPONENT}] ${SUMMARY}
In the case of PARQUET issues on JIRA the title also supports:
PARQUET-${JIRA_ISSUE_ID}: [${COMPONENT}] ${SUMMARY}
-->
### Rationale for this change
A dependency has a reported CVE.
### What changes are included in this PR?
Bump the dependency.
### Are these changes tested?
N/A
### Are there any user-facing changes?
No.
**This PR contains a "Critical Fix".**
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] lidavidm merged pull request #35791: GH-35771: [Java] Bump Jackson to avoid CVE
Posted by "lidavidm (via GitHub)" <gi...@apache.org>.
lidavidm merged PR #35791:
URL: https://github.com/apache/arrow/pull/35791
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] assignUser commented on pull request #35791: GH-35771: [Java] Bump Jackson to avoid CVE
Posted by "assignUser (via GitHub)" <gi...@apache.org>.
assignUser commented on PR #35791:
URL: https://github.com/apache/arrow/pull/35791#issuecomment-1564510161
Agreed, the issue is already part of the milestone :rocket:
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] ursabot commented on pull request #35791: GH-35771: [Java] Bump Jackson to avoid CVE
Posted by "ursabot (via GitHub)" <gi...@apache.org>.
ursabot commented on PR #35791:
URL: https://github.com/apache/arrow/pull/35791#issuecomment-1570017101
['Python', 'R'] benchmarks have high level of regressions.
[ursa-i9-9960x](https://conbench.ursa.dev/compare/runs/dbe7ec4758134b2a891b0a3e2c23c88b...1184cef5408d4d8eb18d139d3974cd5b/)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] lidavidm commented on pull request #35791: GH-35771: [Java] Bump Jackson to avoid CVE
Posted by "lidavidm (via GitHub)" <gi...@apache.org>.
lidavidm commented on PR #35791:
URL: https://github.com/apache/arrow/pull/35791#issuecomment-1564596880
It seems java-jars is not working due to sccache?
```
[34/436] Building CXX object CMakeFiles/substrait.dir/substrait_ep-generated/substrait/algebra.pb.cc.o
FAILED: CMakeFiles/substrait.dir/substrait_ep-generated/substrait/algebra.pb.cc.o
/opt/homebrew/bin/sccache /Library/Developer/CommandLineTools/usr/bin/c++ -DARROW_HAVE_NEON -DARROW_WITH_RE2 -DARROW_WITH_TIMING_TESTS -DARROW_WITH_UTF8PROC -I/Users/voltrondata/github-actions-runner/_work/crossbow/crossbow/arrow/cpp-build/cpp/substrait_ep-generated -I/opt/homebrew/include -I/Users/voltrondata/github-actions-runner/_work/crossbow/crossbow/arrow/cpp-build/cpp/src -I/Users/voltrondata/github-actions-runner/_work/crossbow/crossbow/arrow/cpp/src -I/Users/voltrondata/github-actions-runner/_work/crossbow/crossbow/arrow/cpp/src/generated -fno-aligned-new -Qunused-arguments -fcolor-diagnostics -Wall -Wno-unknown-warning-option -Wno-pass-failed -march=armv8-a -O3 -DNDEBUG -O2 -std=c++17 -arch arm64 -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX12.1.sdk -mmacosx-version-min=10.13 -fPIC -Wno-error=shorten-64-to-32 -MD -MT CMakeFiles/substrait.dir/substrait_ep-generated/substrait/algebra.pb.cc.o -MF CMakeFiles/substrait.dir/substrait_ep-generated/substrait/algeb
ra.pb.cc.o.d -o CMakeFiles/substrait.dir/substrait_ep-generated/substrait/algebra.pb.cc.o -c /Users/voltrondata/github-actions-runner/_work/crossbow/crossbow/arrow/cpp-build/cpp/substrait_ep-generated/substrait/algebra.pb.cc
sccache: error: Server startup failed: create s3 cache failed: ConfigInvalid (permanent) at Builder::build, context: { service: s3 } => region is missing
Run with SCCACHE_LOG=debug SCCACHE_NO_DAEMON=1 to get more information
[35/436] Building CXX object CMakeFiles/substrait.dir/substrait_ep-generated/substrait/extensions/extensions.pb.cc.o
FAILED: CMakeFiles/substrait.dir/substrait_ep-generated/substrait/extensions/extensions.pb.cc.o
/opt/homebrew/bin/sccache /Library/Developer/CommandLineTools/usr/bin/c++ -DARROW_HAVE_NEON -DARROW_WITH_RE2 -DARROW_WITH_TIMING_TESTS -DARROW_WITH_UTF8PROC -I/Users/voltrondata/github-actions-runner/_work/crossbow/crossbow/arrow/cpp-build/cpp/substrait_ep-generated -I/opt/homebrew/include -I/Users/voltrondata/github-actions-runner/_work/crossbow/crossbow/arrow/cpp-build/cpp/src -I/Users/voltrondata/github-actions-runner/_work/crossbow/crossbow/arrow/cpp/src -I/Users/voltrondata/github-actions-runner/_work/crossbow/crossbow/arrow/cpp/src/generated -fno-aligned-new -Qunused-arguments -fcolor-diagnostics -Wall -Wno-unknown-warning-option -Wno-pass-failed -march=armv8-a -O3 -DNDEBUG -O2 -std=c++17 -arch arm64 -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX12.1.sdk -mmacosx-version-min=10.13 -fPIC -Wno-error=shorten-64-to-32 -MD -MT CMakeFiles/substrait.dir/substrait_ep-generated/substrait/extensions/extensions.pb.cc.o -MF CMakeFiles/substrait.dir/substrait_ep-generated/s
ubstrait/extensions/extensions.pb.cc.o.d -o CMakeFiles/substrait.dir/substrait_ep-generated/substrait/extensions/extensions.pb.cc.o -c /Users/voltrondata/github-actions-runner/_work/crossbow/crossbow/arrow/cpp-build/cpp/substrait_ep-generated/substrait/extensions/extensions.pb.cc
sccache: error: Server startup failed: create s3 cache failed: ConfigInvalid (permanent) at Builder::build, context: { service: s3 } => region is missing
Run with SCCACHE_LOG=debug SCCACHE_NO_DAEMON=1 to get more information
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] raulcd commented on pull request #35791: GH-35771: [Java] Bump Jackson to avoid CVE
Posted by "raulcd (via GitHub)" <gi...@apache.org>.
raulcd commented on PR #35791:
URL: https://github.com/apache/arrow/pull/35791#issuecomment-1564698501
The same sccache issue seems to be failing also on the nightlies: [java-jars](https://github.com/ursacomputing/crossbow/actions/runs/5088872751/jobs/9146777939)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] lidavidm commented on pull request #35791: GH-35771: [Java] Bump Jackson to avoid CVE
Posted by "lidavidm (via GitHub)" <gi...@apache.org>.
lidavidm commented on PR #35791:
URL: https://github.com/apache/arrow/pull/35791#issuecomment-1564505323
@raulcd @assignUser It would be good to get this into 12.0.1 if possible, too.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] lidavidm commented on pull request #35791: GH-35771: [Java] Bump Jackson to avoid CVE
Posted by "lidavidm (via GitHub)" <gi...@apache.org>.
lidavidm commented on PR #35791:
URL: https://github.com/apache/arrow/pull/35791#issuecomment-1564506032
@github-actions crossbow submit java*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] github-actions[bot] commented on pull request #35791: GH-35771: [Java] Bump Jackson to avoid CVE
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #35791:
URL: https://github.com/apache/arrow/pull/35791#issuecomment-1564509054
Revision: 2342418082112cfd82a1dc88fc3710b061bafdf1
Submitted crossbow builds: [ursacomputing/crossbow @ actions-adcb73b1b4](https://github.com/ursacomputing/crossbow/branches/all?query=actions-adcb73b1b4)
|Task|Status|
|----|------|
|java-jars|[![Github Actions](https://github.com/ursacomputing/crossbow/workflows/Crossbow/badge.svg?branch=actions-adcb73b1b4-github-java-jars)](https://github.com/ursacomputing/crossbow/actions/runs/5092120279/jobs/9153050512)|
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] github-actions[bot] commented on pull request #35791: GH-35771: [Java] Bump Jackson to avoid CVE
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #35791:
URL: https://github.com/apache/arrow/pull/35791#issuecomment-1564504783
* Closes: #35771
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] ursabot commented on pull request #35791: GH-35771: [Java] Bump Jackson to avoid CVE
Posted by "ursabot (via GitHub)" <gi...@apache.org>.
ursabot commented on PR #35791:
URL: https://github.com/apache/arrow/pull/35791#issuecomment-1569317625
Benchmark runs are scheduled for baseline = 9eaee2a532ef3f13de7f0448d6c61a02b33730ea and contender = 0b56c67706aba22bf9a88bd3c223f34590bbc863. 0b56c67706aba22bf9a88bd3c223f34590bbc863 is a master commit associated with this PR. Results will be available as each benchmark for each run completes.
Conbench compare runs links:
[Finished :arrow_down:0.0% :arrow_up:0.0%] [ec2-t3-xlarge-us-east-2](https://conbench.ursa.dev/compare/runs/5d7248b5f5e443eab024fbd13c885dea...9366b7e532404986bafc7e18f749a00d/)
[Failed :arrow_down:0.12% :arrow_up:0.0%] [test-mac-arm](https://conbench.ursa.dev/compare/runs/71b449ce2f2042deae5b37fa587b3882...131bb901d0f74b86a4cff431890efc34/)
[Finished :arrow_down:7.41% :arrow_up:0.31%] [ursa-i9-9960x](https://conbench.ursa.dev/compare/runs/dbe7ec4758134b2a891b0a3e2c23c88b...1184cef5408d4d8eb18d139d3974cd5b/)
[Failed :arrow_down:0.12% :arrow_up:0.0%] [ursa-thinkcentre-m75q](https://conbench.ursa.dev/compare/runs/d328c22dee9e4a54b623903116a47796...391629d1d9c9411b9dd236a7224c9e3a/)
Buildkite builds:
[Finished] [`0b56c677` ec2-t3-xlarge-us-east-2](https://buildkite.com/apache-arrow/arrow-bci-benchmark-on-ec2-t3-xlarge-us-east-2/builds/2939)
[Failed] [`0b56c677` test-mac-arm](https://buildkite.com/apache-arrow/arrow-bci-benchmark-on-test-mac-arm/builds/2975)
[Finished] [`0b56c677` ursa-i9-9960x](https://buildkite.com/apache-arrow/arrow-bci-benchmark-on-ursa-i9-9960x/builds/2940)
[Failed] [`0b56c677` ursa-thinkcentre-m75q](https://buildkite.com/apache-arrow/arrow-bci-benchmark-on-ursa-thinkcentre-m75q/builds/2965)
[Finished] [`9eaee2a5` ec2-t3-xlarge-us-east-2](https://buildkite.com/apache-arrow/arrow-bci-benchmark-on-ec2-t3-xlarge-us-east-2/builds/2938)
[Finished] [`9eaee2a5` test-mac-arm](https://buildkite.com/apache-arrow/arrow-bci-benchmark-on-test-mac-arm/builds/2974)
[Finished] [`9eaee2a5` ursa-i9-9960x](https://buildkite.com/apache-arrow/arrow-bci-benchmark-on-ursa-i9-9960x/builds/2939)
[Finished] [`9eaee2a5` ursa-thinkcentre-m75q](https://buildkite.com/apache-arrow/arrow-bci-benchmark-on-ursa-thinkcentre-m75q/builds/2964)
Supported benchmarks:
ec2-t3-xlarge-us-east-2: Supported benchmark langs: Python, R. Runs only benchmarks with cloud = True
test-mac-arm: Supported benchmark langs: C++, Python, R
ursa-i9-9960x: Supported benchmark langs: Python, R, JavaScript
ursa-thinkcentre-m75q: Supported benchmark langs: C++, Java
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org