You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Steve Loughran (Jira)" <ji...@apache.org> on 2022/06/22 14:52:00 UTC

[jira] [Commented] (YARN-11092) Upgrade jquery ui to 1.13.1

    [ https://issues.apache.org/jira/browse/YARN-11092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17557496#comment-17557496 ] 

Steve Loughran commented on YARN-11092:
---------------------------------------

breaks the release in mvn apache-rat:check


{code}
> dev-support/bin/create-release --docker --dockercache

...
****************************************************************************
                             Apache RAT Check
****************************************************************************


$ /usr/bin/mvn -Dmaven.repo.local=/maven apache-rat:check > /build/source/patchprocess/mvn_apache_rat.log 2>&1

Failed!


> cd patchprocess/
> find . -name rat.txt -print | xargs grep "unapproved"
./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/target/rat.txt:Files with unapproved licenses:

> cat ./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/target/rat.txt
...

 Printing headers for text files without a valid license header...

=====================================================
== File: /build/source/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/webapps/static/jquery/jquery-3.5.1.min.js

{code}


> Upgrade jquery ui to 1.13.1
> ---------------------------
>
>                 Key: YARN-11092
>                 URL: https://issues.apache.org/jira/browse/YARN-11092
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: D M Murali Krishna Reddy
>            Assignee: Ashutosh Gupta
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.4.0, 3.2.4, 3.3.9
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> The current jquery-ui version used(1.12.1) in the trunk has the following vulnerabilities CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, so we need to upgrade to at least 1.13.0.
>  
> Also currently for the UI2 we are using the shims repo which is not being maintained as per the discussion [https://github.com/components/jqueryui/issues/70] , so if possible we should move to the main jquery repo [https://github.com/jquery/jquery-ui] 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org