You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "kingsathurthi (via GitHub)" <gi...@apache.org> on 2023/03/23 18:23:25 UTC
[GitHub] [flink-kubernetes-operator] kingsathurthi opened a new pull request, #552: Fixing the container vulnerability by updating maven dependency
kingsathurthi opened a new pull request, #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552
<!--
*Thank you very much for contributing to the Apache Flink Kubernetes Operator - we are happy that you want to help us improve the project. To help the community review your contribution in the best possible way, please go through the checklist below, which will get the contribution into a shape in which it can be best reviewed.*
## Contribution Checklist
- Make sure that the pull request corresponds to a [JIRA issue](https://issues.apache.org/jira/projects/FLINK/issues). Exceptions are made for typos in JavaDoc or documentation files, which need no JIRA issue.
- Name the pull request in the form "[FLINK-XXXX] [component] Title of the pull request", where *FLINK-XXXX* should be replaced by the actual issue number. Skip *component* if you are unsure about which is the best component.
Typo fixes that have no associated JIRA issue should be named following this pattern: `[hotfix][docs] Fix typo in event time introduction` or `[hotfix][javadocs] Expand JavaDoc for PuncuatedWatermarkGenerator`.
- Fill out the template below to describe the changes contributed by the pull request. That will give reviewers the context they need to do the review.
- Make sure that the change passes the automated tests, i.e., `mvn clean verify` passes. You can read more on how we use GitHub Actions for CI [here](https://nightlies.apache.org/flink/flink-kubernetes-operator-docs-main/docs/development/guide/#cicd).
- Each pull request should address only one issue, not mix up code from multiple issues.
- Each commit in the pull request has a meaningful commit message (including the JIRA id)
- Once all items of the checklist are addressed, remove the above text and this checklist, leaving only the filled out template below.
**(The sections below can be removed for hotfixes of typos)**
-->
## What is the purpose of the change
*This Pull request updates the SnakeYaml Maven dependency from 1.33 to 2.0 to fix the container vulnerability [CVE-2022-1471](https://github.com/advisories/GHSA-mjmj-j48q-9wg2)*
## Brief change log
- *Updating the SnakeYaml Maven dependency in the pom.xml*
- *The current version of the SnakeYaml: 1.33 and the Updated version: 2.0*
## Verifying this change
This change is a just maven dependency update doesn't make impact
## Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): (yes)
- The public API, i.e., is any changes to the `CustomResourceDescriptors`: (no)
- Core observer or reconciler logic that is regularly executed: (no)
## Documentation
- Does this pull request introduce a new feature? (no)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] gyfora commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "gyfora (via GitHub)" <gi...@apache.org>.
gyfora commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1483923191
There seem to be some failing tests, also https://github.com/apache/flink-kubernetes-operator/blob/main/flink-kubernetes-operator/src/main/resources/META-INF/NOTICE should be updated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] kingsathurthi commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "kingsathurthi (via GitHub)" <gi...@apache.org>.
kingsathurthi commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1508585990
can you take over if itis compatability issue?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] yangjf2019 commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "yangjf2019 (via GitHub)" <gi...@apache.org>.
yangjf2019 commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1501485976
> @yangjf2019 shall we connect and discuss, Please share your slack id or find mine @satz
Or we can discuss it by email.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] yangjf2019 commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "yangjf2019 (via GitHub)" <gi...@apache.org>.
yangjf2019 commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1501469247
There are still more compatibility-related issues:
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] gyfora commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "gyfora (via GitHub)" <gi...@apache.org>.
gyfora commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1484812581
please build the project locally and run all the tests befure pushing changes, there are some test failures
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] kingsathurthi commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "kingsathurthi (via GitHub)" <gi...@apache.org>.
kingsathurthi commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1485047586
Sure, will do it in local
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] yangjf2019 commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "yangjf2019 (via GitHub)" <gi...@apache.org>.
yangjf2019 commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1509676428
Yes, I'll take it over. If you can, please close this issue.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] yangjf2019 commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "yangjf2019 (via GitHub)" <gi...@apache.org>.
yangjf2019 commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1501357652
Hi @kingsathurthi , sorry to bother you! If you are no longer following up, please close this issue and I will take over the management of it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] kingsathurthi commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "kingsathurthi (via GitHub)" <gi...@apache.org>.
kingsathurthi commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1501508714
Sure will follow the contribution specifications. Where do I find your mail id
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] yangjf2019 commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "yangjf2019 (via GitHub)" <gi...@apache.org>.
yangjf2019 commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1501482806
And, please refer to the [contribution specification ](https://flink.apache.org/how-to-contribute/overview/), please open a work order on jira and associate the work order to this issue.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] kingsathurthi commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "kingsathurthi (via GitHub)" <gi...@apache.org>.
kingsathurthi commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1501478206
@yangjf2019 shall we connect and discuss, Please share your slack id or find mine @satz
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] kingsathurthi closed pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "kingsathurthi (via GitHub)" <gi...@apache.org>.
kingsathurthi closed pull request #552: Fixing the container vulnerability by updating maven dependency
URL: https://github.com/apache/flink-kubernetes-operator/pull/552
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] kingsathurthi commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "kingsathurthi (via GitHub)" <gi...@apache.org>.
kingsathurthi commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1501393713
Hi Yang, I'm still active on this is issue, please allow me some time to close this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] yangjf2019 commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "yangjf2019 (via GitHub)" <gi...@apache.org>.
yangjf2019 commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1508210933
Hey, is it handled? This is a compatibility issue, consider dealing with version information!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink-kubernetes-operator] kingsathurthi commented on pull request #552: Fixing the container vulnerability by updating maven dependency
Posted by "kingsathurthi (via GitHub)" <gi...@apache.org>.
kingsathurthi commented on PR #552:
URL: https://github.com/apache/flink-kubernetes-operator/pull/552#issuecomment-1484128543
Updated the NOTICE file as well to make test pass
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org