You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2022/08/14 11:04:07 UTC

[GitHub] [spark] panbingkun opened a new pull request, #37511: [MINOR][BUILD] Upgrade apache-rat to 0.14

panbingkun opened a new pull request, #37511:
URL: https://github.com/apache/spark/pull/37511

   ### What changes were proposed in this pull request?
   This PR upgrade `apache-rat` to 0.14.
   
   ### Why are the changes needed?
   #### 1.This brings security issues fix like the following:
   > 1.Update to doxia 1.11.1 in order to get CVE-2020-13956-httpclient problem fixes in doxia. Fixes [RAT-275](https://issues.apache.org/jira/browse/RAT-275)
   > 2.Update to latest Commons IO to fix CVE-2021-29425 (Moderate severity). Fixes [RAT-281](https://issues.apache.org/jira/browse/RAT-281).
   > 3.Update to junit 4.13.1 to fix CVE-2020-15250. Fixes [RAT-277](https://issues.apache.org/jira/browse/RAT-277)
   > 4.Update to latest Apache Ant 1.10.9 to fix CVE-2020-11979. Update to JDK8 as minimal version/compiler version. Fixes [RAT-274](https://issues.apache.org/jira/browse/RAT-274)
   > 5.Update to latest Apache Ant to fix CVE-2020-1945. Fixes [RAT-269](https://issues.apache.org/jira/browse/RAT-269)
   > 6.Update to latest commons-compress to fix CVE-2019-12402. Fixes [RAT-258](https://issues.apache.org/jira/browse/RAT-258)
   > 7.Update compiler level to 1.7 to allow building with more recent JDKs. Update plugins and dependencies to more modern versions to fix security issues (CVE-warnings). Fixes [RAT-244](https://issues.apache.org/jira/browse/RAT-244).
   
   #### 2.Release notes:
   > https://creadur.apache.org/rat/changes-report.html#a0.14
   
   ### Does this PR introduce _any_ user-facing change?
   No.
   
   ### How was this patch tested?
   Pass GA & manual tests: ./dev/check-license
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] srowen closed pull request #37511: [MINOR][BUILD] Upgrade apache-rat to 0.14

Posted by GitBox <gi...@apache.org>.

srowen closed pull request #37511: [MINOR][BUILD] Upgrade apache-rat to 0.14
URL: https://github.com/apache/spark/pull/37511


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] AmplabJenkins commented on pull request #37511: [MINOR][BUILD] Upgrade apache-rat to 0.14

Posted by GitBox <gi...@apache.org>.

AmplabJenkins commented on PR #37511:
URL: https://github.com/apache/spark/pull/37511#issuecomment-1214421130

   Can one of the admins verify this patch?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] srowen commented on pull request #37511: [MINOR][BUILD] Upgrade apache-rat to 0.14

Posted by GitBox <gi...@apache.org>.

srowen commented on PR #37511:
URL: https://github.com/apache/spark/pull/37511#issuecomment-1214471110

   Merged to master


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org