You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@kyuubi.apache.org by GitBox <gi...@apache.org> on 2023/01/06 08:10:44 UTC

[GitHub] [kyuubi] bowenliang123 opened a new pull request, #4110: Update mysql connector dependency name with bump to 8.0.31

bowenliang123 opened a new pull request, #4110:
URL: https://github.com/apache/kyuubi/pull/4110

   <!--
   Thanks for sending a pull request!
   
   Here are some tips for you:
     1. If this is your first time, please read our contributor guidelines: https://kyuubi.readthedocs.io/en/latest/community/CONTRIBUTING.html
     2. If the PR is related to an issue in https://github.com/apache/kyuubi/issues, add '[KYUUBI #XXXX]' in your PR title, e.g., '[KYUUBI #XXXX] Your PR title ...'.
     3. If the PR is unfinished, add '[WIP]' in your PR title, e.g., '[WIP][KYUUBI #XXXX] Your PR title ...'.
   -->
   
   ### _Why are the changes needed?_
   <!--
   Please clarify why the changes are needed. For instance,
     1. If you add a feature, you can talk about the use case of it.
     2. If you fix a bug, you can clarify why it is a bug.
   -->
   
   - From `8.0.31`, MySQL Java connector changed the dependency name from `mysql:mysql-connector-java` to `com.mysql:mysql-connector-j`, refer to docs: https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-installing-maven.html, and maven repo https://mvnrepository.com/artifact/com.mysql/mysql-connector-j/8.0.31
   - connector changes release note: https://github.com/mysql/mysql-connector-j/blob/release/8.0/CHANGES
   
   ### _How was this patch tested?_
   - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible
   
   - [ ] Add screenshots for manual tests if appropriate
   
   - [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org

[GitHub] [kyuubi] bowenliang123 commented on pull request #4110: Update MySQL connector dependency name with 8.0.31

Posted by GitBox <gi...@apache.org>.
bowenliang123 commented on PR #4110:
URL: https://github.com/apache/kyuubi/pull/4110#issuecomment-1373336438

   > > Also, help to reduce direct vulnerability [CVE-2022-21363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21363) which has been fixed since 8.0.28.
   > 
   > Thanks for pointing that, as Kyuubi binary distribution does not ship the mysql driver, it does not affect Kyuubi actually.
   
   Agree, as no changes in `dependencyList`. 
   Just mention this as this is found by using `banVulnerable` rule from `sonartype` ( https://sonatype.github.io/ossindex-maven/enforcer-rules/) with `maven-enforcer-plugin`.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org

[GitHub] [kyuubi] pan3793 commented on pull request #4110: Update MySQL connector dependency name with bump to 8.0.31

Posted by GitBox <gi...@apache.org>.
pan3793 commented on PR #4110:
URL: https://github.com/apache/kyuubi/pull/4110#issuecomment-1373333760

   > Also, help to reduce direct vulnerability [CVE-2022-21363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21363) which has been fixed since 8.0.28.
   
   Thanks for pointing that, as Kyuubi binary distribution does not ship the mysql driver, it does not affect Kyuubi actually.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org

[GitHub] [kyuubi] pan3793 commented on pull request #4110: Update MySQL connector dependency name to `mysql-connector-j` in 8.0.31

Posted by GitBox <gi...@apache.org>.
pan3793 commented on PR #4110:
URL: https://github.com/apache/kyuubi/pull/4110#issuecomment-1373435914

   Thanks, merged to master


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org

[GitHub] [kyuubi] pan3793 closed pull request #4110: Update MySQL connector dependency name to `mysql-connector-j` in 8.0.31

Posted by GitBox <gi...@apache.org>.
pan3793 closed pull request #4110: Update MySQL connector dependency name to `mysql-connector-j` in 8.0.31
URL: https://github.com/apache/kyuubi/pull/4110


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org

[GitHub] [kyuubi] bowenliang123 commented on pull request #4110: Update MySQL connector dependency name with bump to 8.0.31

Posted by GitBox <gi...@apache.org>.
bowenliang123 commented on PR #4110:
URL: https://github.com/apache/kyuubi/pull/4110#issuecomment-1373332003

   Also, help to reduce direct vulnerability [CVE-2022-21363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21363) which has been fixed since 8.0.28.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org