You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Steve Loughran (Jira)" <ji...@apache.org> on 2022/06/22 14:52:00 UTC
[jira] [Commented] (YARN-11092) Upgrade jquery ui to 1.13.1
[ https://issues.apache.org/jira/browse/YARN-11092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17557496#comment-17557496 ]
Steve Loughran commented on YARN-11092:
---------------------------------------
breaks the release in mvn apache-rat:check
{code}
> dev-support/bin/create-release --docker --dockercache
...
****************************************************************************
Apache RAT Check
****************************************************************************
$ /usr/bin/mvn -Dmaven.repo.local=/maven apache-rat:check > /build/source/patchprocess/mvn_apache_rat.log 2>&1
Failed!
> cd patchprocess/
> find . -name rat.txt -print | xargs grep "unapproved"
./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/target/rat.txt:Files with unapproved licenses:
> cat ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/target/rat.txt
...
Printing headers for text files without a valid license header...
=====================================================
== File: /build/source/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/webapps/static/jquery/jquery-3.5.1.min.js
{code}
> Upgrade jquery ui to 1.13.1
> ---------------------------
>
> Key: YARN-11092
> URL: https://issues.apache.org/jira/browse/YARN-11092
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: D M Murali Krishna Reddy
> Assignee: Ashutosh Gupta
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0, 3.2.4, 3.3.9
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> The current jquery-ui version used(1.12.1) in the trunk has the following vulnerabilities CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, so we need to upgrade to at least 1.13.0.
>
> Also currently for the UI2 we are using the shims repo which is not being maintained as per the discussion [https://github.com/components/jqueryui/issues/70] , so if possible we should move to the main jquery repo [https://github.com/jquery/jquery-ui]
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org