You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by "bjornjorgensen (via GitHub)" <gi...@apache.org> on 2023/03/14 08:15:32 UTC

[GitHub] [spark] bjornjorgensen opened a new pull request, #40408: [SPARK-42780][BUILD] Upgrade `Tink` to 1.8.0

bjornjorgensen opened a new pull request, #40408:
URL: https://github.com/apache/spark/pull/40408

   ### What changes were proposed in this pull request?
   Upgrade google Tink from 1.7.0 to 1.8.0
   
   [Release note](https://github.com/tink-crypto/tink-java/releases/tag/v1.8.0)
   
   NOTE; Google Tink have moved from marven to there one repo. https://github.com/tink-crypto/tink-java/issues/3
   
   ### Why are the changes needed?
   
   [SNYK-JAVA-COMGOOGLEPROTOBUF-3040284](https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284)
   
   [SNYK-JAVA-COMGOOGLEPROTOBUF-3167772](https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772)
   
   
   ### Does this PR introduce _any_ user-facing change?
   No.
   
   
   ### How was this patch tested?
   Pass GA


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] bjornjorgensen commented on pull request #40408: [SPARK-42780][BUILD] Upgrade `Tink` to 1.8.0

Posted by "bjornjorgensen (via GitHub)" <gi...@apache.org>.

bjornjorgensen commented on PR #40408:
URL: https://github.com/apache/spark/pull/40408#issuecomment-1516268305

   1.9.0 is out now 
   I have made a new PR https://github.com/apache/spark/pull/40878
   I close this now. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] bjornjorgensen commented on a diff in pull request #40408: [SPARK-42780][BUILD] Upgrade `Tink` to 1.8.0

Posted by "bjornjorgensen (via GitHub)" <gi...@apache.org>.

bjornjorgensen commented on code in PR #40408:
URL: https://github.com/apache/spark/pull/40408#discussion_r1143050156


##########
pom.xml:
##########
@@ -214,7 +214,7 @@
     <commons-crypto.version>1.1.0</commons-crypto.version>
     <commons-cli.version>1.5.0</commons-cli.version>
     <bouncycastle.version>1.60</bouncycastle.version>
-    <tink.version>1.7.0</tink.version>
+    <tink.version>1.8.0</tink.version>

Review Comment:
   yes, there may be a way to do it. I see that maybe they have a fix for this https://github.com/tink-crypto/tink-java/commit/5733ab346c95eac6840bff23e050a1e16749e928 . Considering the KISS principle, I'm waiting for a new release. It can get a bit complicated if we need to troubleshoot.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on a diff in pull request #40408: [SPARK-42780][BUILD] Upgrade `Tink` to 1.8.0

Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.

dongjoon-hyun commented on code in PR #40408:
URL: https://github.com/apache/spark/pull/40408#discussion_r1135871814


##########
pom.xml:
##########
@@ -352,6 +352,11 @@
         <enabled>false</enabled>
       </snapshots>
     </repository>
+    <repository>
+      <id>google-maven-repository</id>

Review Comment:
   Yes, I agree with Hyukjin and YangJie. If this is not inevitable, we can pin `Tink` to 1.7.0, too.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on a diff in pull request #40408: [SPARK-42780][BUILD] Upgrade `Tink` to 1.8.0

Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.

LuciferYang commented on code in PR #40408:
URL: https://github.com/apache/spark/pull/40408#discussion_r1142839820


##########
pom.xml:
##########
@@ -214,7 +214,7 @@
     <commons-crypto.version>1.1.0</commons-crypto.version>
     <commons-cli.version>1.5.0</commons-cli.version>
     <bouncycastle.version>1.60</bouncycastle.version>
-    <tink.version>1.7.0</tink.version>
+    <tink.version>1.8.0</tink.version>

Review Comment:
   @bjornjorgensen We can exclude `androidx.annotation:annotation` from `tink`, and then we should be able to remove the newly added maven repository. I have tested it and it should be that only `androidx.annotation:annotation` cannot be downloaded from the central repository and exclude does not cause UT failures.
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] HyukjinKwon commented on a diff in pull request #40408: [SPARK-42780][BUILD] Upgrade `Tink` to 1.8.0

Posted by "HyukjinKwon (via GitHub)" <gi...@apache.org>.

HyukjinKwon commented on code in PR #40408:
URL: https://github.com/apache/spark/pull/40408#discussion_r1135173104


##########
pom.xml:
##########
@@ -352,6 +352,11 @@
         <enabled>false</enabled>
       </snapshots>
     </repository>
+    <repository>
+      <id>google-maven-repository</id>

Review Comment:
   I wouldn't add the new repo just to deal with one dependency issue. Let's probably wait it out and how the discussion is concluded.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on a diff in pull request #40408: [SPARK-42780][BUILD] Upgrade `Tink` to 1.8.0

Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.

LuciferYang commented on code in PR #40408:
URL: https://github.com/apache/spark/pull/40408#discussion_r1135434915


##########
pom.xml:
##########
@@ -352,6 +352,11 @@
         <enabled>false</enabled>
       </snapshots>
     </repository>
+    <repository>
+      <id>google-maven-repository</id>

Review Comment:
   +1



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on a diff in pull request #40408: [SPARK-42780][BUILD] Upgrade `Tink` to 1.8.0

Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.

LuciferYang commented on code in PR #40408:
URL: https://github.com/apache/spark/pull/40408#discussion_r1143096360


##########
pom.xml:
##########
@@ -214,7 +214,7 @@
     <commons-crypto.version>1.1.0</commons-crypto.version>
     <commons-cli.version>1.5.0</commons-cli.version>
     <bouncycastle.version>1.60</bouncycastle.version>
-    <tink.version>1.7.0</tink.version>
+    <tink.version>1.8.0</tink.version>

Review Comment:
   Got it, we can reuse this jira when upgrading the new release
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] bjornjorgensen closed pull request #40408: [SPARK-42780][BUILD] Upgrade `Tink` to 1.8.0

Posted by "bjornjorgensen (via GitHub)" <gi...@apache.org>.

bjornjorgensen closed pull request #40408: [SPARK-42780][BUILD] Upgrade `Tink` to 1.8.0
URL: https://github.com/apache/spark/pull/40408


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org