You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by GitBox <gi...@apache.org> on 2022/06/06 11:58:34 UTC
[GitHub] [tez] amanraj2520 opened a new pull request, #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
amanraj2520 opened a new pull request, #215:
URL: https://github.com/apache/tez/pull/215
Upgrade node and yarn version and fix npm security issues in Tez UI module
Track this issue:
https://issues.apache.org/jira/browse/TEZ-4419
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] tez-yetus commented on pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
tez-yetus commented on PR #215:
URL: https://github.com/apache/tez/pull/215#issuecomment-1147496847
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 17m 36s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 6m 40s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 10m 38s | master passed |
| +1 :green_heart: | compile | 3m 39s | master passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | compile | 3m 30s | master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javadoc | 2m 55s | master passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 2m 21s | master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 16s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 5m 42s | the patch passed |
| +1 :green_heart: | compile | 3m 31s | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javac | 3m 31s | the patch passed |
| +1 :green_heart: | compile | 3m 13s | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javac | 3m 13s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 3s | The patch has no ill-formed XML file. |
| +1 :green_heart: | javadoc | 2m 46s | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 2m 24s | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 1m 57s | tez-ui in the patch passed. |
| +1 :green_heart: | unit | 66m 51s | root in the patch passed. |
| +1 :green_heart: | asflicense | 1m 25s | The patch does not generate ASF License warnings. |
| | | 136m 40s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-215/1/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/tez/pull/215 |
| JIRA Issue | TEZ-4419 |
| Optional Tests | dupname asflicense javac javadoc unit xml compile |
| uname | Linux 5aeefad56750 4.15.0-175-generic #184-Ubuntu SMP Thu Mar 24 17:48:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/tez.sh |
| git revision | master / cf9e3ff30 |
| Default Java | Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Test Results | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-215/1/testReport/ |
| Max. process+thread count | 2089 (vs. ulimit of 5500) |
| modules | C: tez-ui . U: . |
| Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-215/1/console |
| versions | git=2.25.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] slachiewicz commented on a diff in pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
slachiewicz commented on code in PR #215:
URL: https://github.com/apache/tez/pull/215#discussion_r890805267
##########
tez-ui/pom.xml:
##########
@@ -29,7 +29,7 @@
<properties>
<webappDir>src/main/webapp</webappDir>
- <nodeVersion>v5.12.0</nodeVersion>
+ <nodeVersion>v8.9.0</nodeVersion>
Review Comment:
Probably stack should be upgraded. I commented on Node's version because currently 16 is LTS version. I don't have experience with frontend tools.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] abstractdog closed pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
abstractdog closed pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
URL: https://github.com/apache/tez/pull/215
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] abstractdog commented on pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
abstractdog commented on PR #215:
URL: https://github.com/apache/tez/pull/215#issuecomment-1147869898
thanks guys for taking care of security issues in Tez!
I can see that TEZ-4419 is an umbrella with lots of subtasks
if we're tracking fixes on separate jiras, we might want to fix them in separate PRs/commits too, if possible, can you please do this accordingly?
I'm adding contributor rights to all of you in jira to tez project, feel free to assign tickets to yourselves
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] guptanikhil007 commented on pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
guptanikhil007 commented on PR #215:
URL: https://github.com/apache/tez/pull/215#issuecomment-1147520310
@abstractdog @rbalamohan
Can you please help with the review?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] amanraj2520 commented on a diff in pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
amanraj2520 commented on code in PR #215:
URL: https://github.com/apache/tez/pull/215#discussion_r890769471
##########
tez-ui/pom.xml:
##########
@@ -29,7 +29,7 @@
<properties>
<webappDir>src/main/webapp</webappDir>
- <nodeVersion>v5.12.0</nodeVersion>
+ <nodeVersion>v8.9.0</nodeVersion>
Review Comment:
What I think this error means is that we need to replace all the places of occurrence of new Buffer() to either Buffer.alloc() or Buffer.from(). Let me know you thoughts
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] abstractdog commented on pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
abstractdog commented on PR #215:
URL: https://github.com/apache/tez/pull/215#issuecomment-1318369170
TEZ-4419 is resolved, I think we can close this PR
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] amanraj2520 commented on a diff in pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
amanraj2520 commented on code in PR #215:
URL: https://github.com/apache/tez/pull/215#discussion_r890766479
##########
tez-ui/pom.xml:
##########
@@ -29,7 +29,7 @@
<properties>
<webappDir>src/main/webapp</webappDir>
- <nodeVersion>v5.12.0</nodeVersion>
+ <nodeVersion>v8.9.0</nodeVersion>
Review Comment:
@slachiewicz When I update the node version to 16.15.1, this is the error that I get :
yarn run v1.6.0
(node:2298) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
$ TMPDIR=tmp node/node ./node_modules/ember-cli/bin/ember build -prod
exports.dir = path.resolve(os.tmpDir());
^
TypeError: os.tmpDir is not a function
at Object.<anonymous> (/home/tez-ui/src/main/webapp/node_modules/temp/lib/temp.js:273:45)
at Module._compile (node:internal/modules/cjs/loader:1105:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1159:10)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Module.require (node:internal/modules/cjs/loader:1005:19)
at require (node:internal/modules/cjs/helpers:102:18)
at Object.<anonymous> (/home/amanraj2520/Repositories/wildfire-tez/tez-ui/src/main/webapp/node_modules/ember-cli/lib/tasks/install-blueprint.js:7:21)
at Module._compile (node:internal/modules/cjs/loader:1105:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1159:10)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] amanraj2520 commented on a diff in pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
amanraj2520 commented on code in PR #215:
URL: https://github.com/apache/tez/pull/215#discussion_r890807085
##########
tez-ui/pom.xml:
##########
@@ -29,7 +29,7 @@
<properties>
<webappDir>src/main/webapp</webappDir>
- <nodeVersion>v5.12.0</nodeVersion>
+ <nodeVersion>v8.9.0</nodeVersion>
Review Comment:
Yes thats true, but I think it will be another big change. I think we should make this change first and then work on upgrading the stack. Any thoughts ? @abstractdog @slachiewicz
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] slachiewicz commented on a diff in pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
slachiewicz commented on code in PR #215:
URL: https://github.com/apache/tez/pull/215#discussion_r890495076
##########
tez-ui/pom.xml:
##########
@@ -29,7 +29,7 @@
<properties>
<webappDir>src/main/webapp</webappDir>
- <nodeVersion>v5.12.0</nodeVersion>
+ <nodeVersion>v8.9.0</nodeVersion>
Review Comment:
maybe we can try with v16 ?
https://nodejs.org/en/about/releases/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] guptanikhil007 commented on a diff in pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
guptanikhil007 commented on code in PR #215:
URL: https://github.com/apache/tez/pull/215#discussion_r890218743
##########
pom.xml:
##########
@@ -67,7 +67,7 @@
<roaringbitmap.version>0.7.45</roaringbitmap.version>
<protoc.path>${env.PROTOC_PATH}</protoc.path>
<scm.url>scm:git:https://gitbox.apache.org/repos/asf/tez.git</scm.url>
- <frontend-maven-plugin.version>1.4</frontend-maven-plugin.version>
+ <frontend-maven-plugin.version>1.8.0</frontend-maven-plugin.version>
Review Comment:
Please change this to 1.12.1
##########
tez-ui/pom.xml:
##########
@@ -374,7 +374,7 @@
</goals>
<configuration>
<nodeVersion>${nodeVersion}</nodeVersion>
- <yarnVersion>v0.21.3</yarnVersion>
+ <yarnVersion>v1.6.0</yarnVersion>
Review Comment:
Please mention the RFC which adds selective dependency resolution in the description.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] amanraj2520 commented on a diff in pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
amanraj2520 commented on code in PR #215:
URL: https://github.com/apache/tez/pull/215#discussion_r890340952
##########
pom.xml:
##########
@@ -67,7 +67,7 @@
<roaringbitmap.version>0.7.45</roaringbitmap.version>
<protoc.path>${env.PROTOC_PATH}</protoc.path>
<scm.url>scm:git:https://gitbox.apache.org/repos/asf/tez.git</scm.url>
- <frontend-maven-plugin.version>1.4</frontend-maven-plugin.version>
+ <frontend-maven-plugin.version>1.8.0</frontend-maven-plugin.version>
Review Comment:
When we change the version to anything more than 1.8.0, this is the error in the build pipeline. The plugin com.github.eirslett:frontend-maven-plugin:1.12.1 requires Maven version 3.6.0 @guptanikhil007
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] tez-yetus commented on pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
tez-yetus commented on PR #215:
URL: https://github.com/apache/tez/pull/215#issuecomment-1147784702
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 31s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 6m 29s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 10m 36s | master passed |
| +1 :green_heart: | compile | 3m 38s | master passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | compile | 3m 26s | master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javadoc | 2m 56s | master passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 2m 19s | master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 17s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 5m 41s | the patch passed |
| +1 :green_heart: | compile | 3m 26s | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javac | 3m 26s | the patch passed |
| +1 :green_heart: | compile | 3m 13s | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javac | 3m 13s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 2s | The patch has no ill-formed XML file. |
| +1 :green_heart: | javadoc | 2m 45s | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 2m 22s | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 1m 57s | tez-ui in the patch passed. |
| +1 :green_heart: | unit | 66m 0s | root in the patch passed. |
| +1 :green_heart: | asflicense | 1m 26s | The patch does not generate ASF License warnings. |
| | | 119m 16s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-215/2/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/tez/pull/215 |
| JIRA Issue | TEZ-4419 |
| Optional Tests | dupname asflicense javac javadoc unit xml compile |
| uname | Linux 87e1cf18bf86 4.15.0-175-generic #184-Ubuntu SMP Thu Mar 24 17:48:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/tez.sh |
| git revision | master / cf9e3ff30 |
| Default Java | Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Test Results | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-215/2/testReport/ |
| Max. process+thread count | 1383 (vs. ulimit of 5500) |
| modules | C: tez-ui . U: . |
| Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-215/2/console |
| versions | git=2.25.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [tez] guptanikhil007 commented on a diff in pull request #215: TEZ-4419: Upgrade node and yarn version and fix npm security issues in Tez UI module
Posted by GitBox <gi...@apache.org>.
guptanikhil007 commented on code in PR #215:
URL: https://github.com/apache/tez/pull/215#discussion_r890819198
##########
pom.xml:
##########
@@ -67,7 +67,7 @@
<roaringbitmap.version>0.7.45</roaringbitmap.version>
<protoc.path>${env.PROTOC_PATH}</protoc.path>
<scm.url>scm:git:https://gitbox.apache.org/repos/asf/tez.git</scm.url>
- <frontend-maven-plugin.version>1.4</frontend-maven-plugin.version>
+ <frontend-maven-plugin.version>1.8.0</frontend-maven-plugin.version>
Review Comment:
Cool, then let's go with 1.8.0 only
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org