[GitHub] [beam] perkss opened a new pull request, #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

perkss opened a new pull request, #22806:
URL: https://github.com/apache/beam/pull/22806

   Upgrade Jackson version from vulnerable 2.13.0 to 2.13.3. As per [snyk](https://security.snyk.io/package/maven/com.fasterxml.jackson.core:jackson-databind/2.13.0)
   
   
   ------------------------
   
   Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:
   
    - [ ] [**Choose reviewer(s)**](https://beam.apache.org/contribute/#make-your-change) and mention them in a comment (`R: @username`).
    - [ ] Mention the appropriate issue in your description (for example: `addresses #123`), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, comment `fixes #<ISSUE NUMBER>` instead.
    - [ ] Update `CHANGES.md` with noteworthy changes.
    - [ ] If this contribution is large, please file an Apache [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
   
   See the [Contributor Guide](https://beam.apache.org/contribute) for more tips on [how to make review process smoother](https://beam.apache.org/contribute/get-started-contributing/#make-the-reviewers-job-easier).
   
   To check the build health, please visit [https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md](https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md)
   
   GitHub Actions Tests Status (on master branch)
   ------------------------------------------------------------------------------------------------
   [![Build python source distribution and wheels](https://github.com/apache/beam/workflows/Build%20python%20source%20distribution%20and%20wheels/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Build+python+source+distribution+and+wheels%22+branch%3Amaster+event%3Aschedule)
   [![Python tests](https://github.com/apache/beam/workflows/Python%20tests/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Python+Tests%22+branch%3Amaster+event%3Aschedule)
   [![Java tests](https://github.com/apache/beam/workflows/Java%20Tests/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Java+Tests%22+branch%3Amaster+event%3Aschedule)
   [![Go tests](https://github.com/apache/beam/workflows/Go%20tests/badge.svg?branch=master&event=schedule)](https://github.com/apache/beam/actions?query=workflow%3A%22Go+tests%22+branch%3Amaster+event%3Aschedule)
   
   See [CI.md](https://github.com/apache/beam/blob/master/CI.md) for more information about GitHub Actions CI.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] perkss commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

perkss commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1230806489

   > @perkss looks like this is causing pulling licenses to fail with:
   > 
   > ```
   > 09:12:04 > Task :sdks:java:container:pullLicenses
   > 09:12:04 ERROR:root:['jackson-bom-2.13.3']
   > 09:12:04 ERROR:root:**************************************** Licenses were not able to be pulled automatically for some dependencies. Please search source code of the dependencies on the internet and add "license" and "notice" (if available) field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each missing license. Dependency List: [jackson-bom-2.13.3]
   > 09:12:04 INFO:root:pull_licenses_java.py failed. It took 7.957456 seconds with 16 threads.
   > 09:12:04 Traceback (most recent call last):
   > 09:12:04   File "/home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/pull_licenses_java.py", line 326, in <module>
   > 09:12:04     raise RuntimeError('{n} error(s) occurred.'.format(n=len(error_msg)),
   > 09:12:04 RuntimeError: ('2 error(s) occurred.', ['**************************************** Licenses were not able to be pulled automatically for some dependencies. Please search source code of the dependencies on the internet and add "license" and "notice" (if available) field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each missing license. Dependency List: [jackson-bom-2.13.3]', '**************************************** License type of some dependencies were not identified. The license type is used to decide whether the source code of the dependency should be pulled or not. Please add "type" field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each dependency. Dependency List: [jackson-bom-2.13.3]'])
   > ```
   > 
   > Could you take a look? Looks like we should just need to add a type field here -
   > 
   > https://github.com/apache/beam/blob/e9089dd99630d939f0c38fbacbe97a283e429fc2/sdks/java/container/license_scripts/dep_urls_java.yaml#L56
   
   Thanks yes should have spotted this updated now


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

damccorm commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1231467161

   Run SQL PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] github-actions[bot] commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

github-actions[bot] commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1221254819

   Assigning reviewers. If you would like to opt out of this review, comment `assign to next reviewer`:
   
   R: @damccorm for label build.
   
   Available commands:
   - `stop reviewer notifications` - opt out of the automated review tooling
   - `remind me after tests pass` - tag the comment author after tests pass
   - `waiting on author` - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)
   
   The PR bot will only process comments in the main thread (not review comments).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] github-actions[bot] commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

github-actions[bot] commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1229181357

   Reminder, please take a look at this pr: @damccorm 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] codecov[bot] commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

codecov[bot] commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1221251978

   # [Codecov](https://codecov.io/gh/apache/beam/pull/22806?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
   > Merging [#22806](https://codecov.io/gh/apache/beam/pull/22806?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (78273d0) into [master](https://codecov.io/gh/apache/beam/commit/f921a2f1996cf906d994a9d62aeb6978bab09dd5?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (f921a2f) will **increase** coverage by `0.01%`.
   > The diff coverage is `n/a`.
   
   ```diff
   @@            Coverage Diff             @@
   ##           master   #22806      +/-   ##
   ==========================================
   + Coverage   74.07%   74.09%   +0.01%     
   ==========================================
     Files         712      712              
     Lines       93832    93832              
   ==========================================
   + Hits        69510    69527      +17     
   + Misses      23042    23025      -17     
     Partials     1280     1280              
   ```
   
   | Flag | Coverage Δ | |
   |---|---|---|
   | python | `83.52% <ø> (+0.02%)` | :arrow_up: |
   
   Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more.
   
   | [Impacted Files](https://codecov.io/gh/apache/beam/pull/22806?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
   |---|---|---|
   | [sdks/python/apache\_beam/runners/direct/executor.py](https://codecov.io/gh/apache/beam/pull/22806/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vcnVubmVycy9kaXJlY3QvZXhlY3V0b3IucHk=) | `96.46% <0.00%> (-0.55%)` | :arrow_down: |
   | [...ks/python/apache\_beam/runners/worker/sdk\_worker.py](https://codecov.io/gh/apache/beam/pull/22806/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vcnVubmVycy93b3JrZXIvc2RrX3dvcmtlci5weQ==) | `89.09% <0.00%> (+0.47%)` | :arrow_up: |
   | [...eam/runners/portability/fn\_api\_runner/execution.py](https://codecov.io/gh/apache/beam/pull/22806/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vcnVubmVycy9wb3J0YWJpbGl0eS9mbl9hcGlfcnVubmVyL2V4ZWN1dGlvbi5weQ==) | `93.08% <0.00%> (+0.64%)` | :arrow_up: |
   | [...python/apache\_beam/runners/worker/worker\_status.py](https://codecov.io/gh/apache/beam/pull/22806/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vcnVubmVycy93b3JrZXIvd29ya2VyX3N0YXR1cy5weQ==) | `79.71% <0.00%> (+0.72%)` | :arrow_up: |
   | [sdks/python/apache\_beam/internal/metrics/metric.py](https://codecov.io/gh/apache/beam/pull/22806/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vaW50ZXJuYWwvbWV0cmljcy9tZXRyaWMucHk=) | `94.00% <0.00%> (+1.00%)` | :arrow_up: |
   | [...che\_beam/runners/interactive/interactive\_runner.py](https://codecov.io/gh/apache/beam/pull/22806/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vcnVubmVycy9pbnRlcmFjdGl2ZS9pbnRlcmFjdGl2ZV9ydW5uZXIucHk=) | `91.39% <0.00%> (+1.32%)` | :arrow_up: |
   | [...ks/python/apache\_beam/runners/worker/data\_plane.py](https://codecov.io/gh/apache/beam/pull/22806/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vcnVubmVycy93b3JrZXIvZGF0YV9wbGFuZS5weQ==) | `89.26% <0.00%> (+1.69%)` | :arrow_up: |
   | [.../python/apache\_beam/testing/test\_stream\_service.py](https://codecov.io/gh/apache/beam/pull/22806/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c2Rrcy9weXRob24vYXBhY2hlX2JlYW0vdGVzdGluZy90ZXN0X3N0cmVhbV9zZXJ2aWNlLnB5) | `92.85% <0.00%> (+4.76%)` | :arrow_up: |
   
   :mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

damccorm commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1231467052

   Run Typescript PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm merged pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

damccorm merged PR #22806:
URL: https://github.com/apache/beam/pull/22806


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

damccorm commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1230262024

   retest this please


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

damccorm commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1233204126

   Run Python PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

damccorm commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1230342760

   @perkss looks like this is causing pulling licenses to fail with:
   
   ```
   09:12:04 > Task :sdks:java:container:pullLicenses
   09:12:04 ERROR:root:['jackson-bom-2.13.3']
   09:12:04 ERROR:root:**************************************** Licenses were not able to be pulled automatically for some dependencies. Please search source code of the dependencies on the internet and add "license" and "notice" (if available) field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each missing license. Dependency List: [jackson-bom-2.13.3]
   09:12:04 INFO:root:pull_licenses_java.py failed. It took 7.957456 seconds with 16 threads.
   09:12:04 Traceback (most recent call last):
   09:12:04   File "/home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/pull_licenses_java.py", line 326, in <module>
   09:12:04     raise RuntimeError('{n} error(s) occurred.'.format(n=len(error_msg)),
   09:12:04 RuntimeError: ('2 error(s) occurred.', ['**************************************** Licenses were not able to be pulled automatically for some dependencies. Please search source code of the dependencies on the internet and add "license" and "notice" (if available) field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each missing license. Dependency List: [jackson-bom-2.13.3]', '**************************************** License type of some dependencies were not identified. The license type is used to decide whether the source code of the dependency should be pulled or not. Please add "type" field to /home/jenkins/jenkins-slave/workspace/beam_PreCommit_Java_PVR_Flink_Docker_Commit/src/sdks/java/container/license_scripts/dep_urls_java.yaml for each dependency. Dependency List: [jackson-bom-2.13.3]'])
   ```
   
   Could you take a look? Looks like we should just need to add a type field here - https://github.com/apache/beam/blob/e9089dd99630d939f0c38fbacbe97a283e429fc2/sdks/java/container/license_scripts/dep_urls_java.yaml#L56


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

damccorm commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1230262648

   (talking to the bot to get it to rerun checks since there was a license issue causing problems ^)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] perkss commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

perkss commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1221259136

   @pabloem can you please check on this review? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

damccorm commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1231467371

   Run Python PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #22806: 22805: Upgrade Jackson version from 2.13.0 to 2.13.3

[GitBox <gi...@apache.org>]

damccorm commented on PR #22806:
URL: https://github.com/apache/beam/pull/22806#issuecomment-1231923184

   Run Python PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org