You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@tez.apache.org by GitBox <gi...@apache.org> on 2022/06/30 05:01:12 UTC

[GitHub] [tez] amanraj2520 opened a new pull request, #229: [TEZ-4427][CVE-2019-10744] Upgrade lodash.merge version to 4.6.2

amanraj2520 opened a new pull request, #229:
URL: https://github.com/apache/tez/pull/229

   [TEZ-4427][CVE-2019-10744] Upgrade lodash.merge version to 4.6.2 to fix the vulnerability.
   
   Link to JIRA : https://issues.apache.org/jira/browse/TEZ-4427
   
   Link to parent JIRA : https://issues.apache.org/jira/browse/TEZ-4419
   
   RFC documentation : https://github.com/yarnpkg/rfcs/blob/master/implemented/0000-selective-versions-resolutions.md


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [tez] amanraj2520 commented on pull request #229: [TEZ-4427][CVE-2019-10744] Upgrade lodash.merge version to 4.6.2

Posted by GitBox <gi...@apache.org>.

amanraj2520 commented on PR #229:
URL: https://github.com/apache/tez/pull/229#issuecomment-1170780334

   @guptanikhil007 Can you please approve this PR. Tested locally by running the phantomJS tests, similar to what I did for the remaining vulnerabilities.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [tez] amanraj2520 commented on pull request #229: [TEZ-4427][CVE-2019-10744] Upgrade lodash.merge version to 4.6.2

Posted by GitBox <gi...@apache.org>.

amanraj2520 commented on PR #229:
URL: https://github.com/apache/tez/pull/229#issuecomment-1170791680

   @abstractdog Can you please check and approve this PR. This is the last vulnerability fix.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [tez] abstractdog merged pull request #229: [TEZ-4427][CVE-2019-10744] Upgrade lodash.merge version to 4.6.2

Posted by GitBox <gi...@apache.org>.

abstractdog merged PR #229:
URL: https://github.com/apache/tez/pull/229


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [tez] tez-yetus commented on pull request #229: [TEZ-4427][CVE-2019-10744] Upgrade lodash.merge version to 4.6.2

Posted by GitBox <gi...@apache.org>.

tez-yetus commented on PR #229:
URL: https://github.com/apache/tez/pull/229#issuecomment-1170779002

   :confetti_ball: **+1 overall**
   
   
   
   
   
   
   | Vote | Subsystem | Runtime | Comment |
   |:----:|----------:|--------:|:--------|
   | +0 :ok: |  reexec  |  22m 44s |  Docker mode activated.  |
   ||| _ Prechecks _ |
   | +1 :green_heart: |  dupname  |   0m  0s |  No case conflicting files found.  |
   | +1 :green_heart: |  @author  |   0m  0s |  The patch does not contain any @author tags.  |
   ||| _ master Compile Tests _ |
   ||| _ Patch Compile Tests _ |
   | +1 :green_heart: |  whitespace  |   0m  0s |  The patch has no whitespace issues.  |
   ||| _ Other Tests _ |
   | +1 :green_heart: |  asflicense  |   1m  7s |  The patch does not generate ASF License warnings.  |
   |  |   |  24m 32s |   |
   
   
   | Subsystem | Report/Notes |
   |----------:|:-------------|
   | Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-229/1/artifact/out/Dockerfile |
   | GITHUB PR | https://github.com/apache/tez/pull/229 |
   | Optional Tests | dupname asflicense |
   | uname | Linux 4ee12e7603d1 4.15.0-175-generic #184-Ubuntu SMP Thu Mar 24 17:48:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
   | Build tool | maven |
   | Personality | personality/tez.sh |
   | git revision | master / adcc3138d |
   | Max. process+thread count | 46 (vs. ulimit of 5500) |
   | modules | C: tez-ui U: tez-ui |
   | Console output | https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-229/1/console |
   | versions | git=2.25.1 maven=3.6.3 |
   | Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
   
   
   This message was automatically generated.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [tez] abstractdog commented on pull request #229: [TEZ-4427][CVE-2019-10744] Upgrade lodash.merge version to 4.6.2

Posted by GitBox <gi...@apache.org>.

abstractdog commented on PR #229:
URL: https://github.com/apache/tez/pull/229#issuecomment-1171034499

   merged to master


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org