You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@parquet.apache.org by GitBox <gi...@apache.org> on 2020/08/13 11:28:08 UTC
[GitHub] [parquet-mr] gszadovszky opened a new pull request #811: PARQUET-1895: Update jackson-databind
gszadovszky opened a new pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811
Make sure you have checked _all_ steps below.
### Jira
- [ ] My PR addresses the following [Parquet Jira](https://issues.apache.org/jira/browse/PARQUET/) issues and references them in the PR title. For example, "PARQUET-1234: My Parquet PR"
- https://issues.apache.org/jira/browse/PARQUET-XXX
- In case you are adding a dependency, check if the license complies with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
### Tests
- [ ] My PR adds the following unit tests __OR__ does not need testing for this extremely good reason:
### Commits
- [ ] My commits all reference Jira issues in their subject lines. In addition, my commits follow the guidelines from "[How to write a good git commit message](http://chris.beams.io/posts/git-commit/)":
1. Subject is separated from body by a blank line
1. Subject is limited to 50 characters (not including Jira issue reference)
1. Subject does not end with a period
1. Subject uses the imperative mood ("add", not "adding")
1. Body wraps at 72 characters
1. Body explains "what" and "why", not "how"
### Documentation
- [ ] In case of new functionality, my PR adds documentation that describes how to use it.
- All the public functions and the classes in the PR contain Javadoc that explain what it does
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [parquet-mr] toomyem commented on pull request #811: PARQUET-1895: Update jackson-databind
Posted by GitBox <gi...@apache.org>.
toomyem commented on pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811#issuecomment-707567699
When can we expect to see new version available in Maven Repository?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [parquet-mr] gszadovszky commented on pull request #811: PARQUET-1895: Update jackson-databind
Posted by GitBox <gi...@apache.org>.
gszadovszky commented on pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811#issuecomment-707032336
Oh, I see. I am not a big fun of this template let me correct it.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [parquet-mr] gszadovszky commented on pull request #811: PARQUET-1895: Update jackson-databind
Posted by GitBox <gi...@apache.org>.
gszadovszky commented on pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811#issuecomment-707581800
This will be part of the new 1.12.0 release. I cannot say an exact ETA for it. I hope we can release it this year.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [parquet-mr] shangxinli commented on pull request #811: PARQUET-1895: Update jackson-databind
Posted by GitBox <gi...@apache.org>.
shangxinli commented on pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811#issuecomment-707197403
LGTM
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [parquet-mr] gszadovszky edited a comment on pull request #811: PARQUET-1895: Update jackson-databind
Posted by GitBox <gi...@apache.org>.
gszadovszky edited a comment on pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811#issuecomment-707032336
Oh, I see. I am not a big fun of this template but let me fill it.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [parquet-mr] grumpyjames commented on pull request #811: PARQUET-1895: Update jackson-databind
Posted by GitBox <gi...@apache.org>.
grumpyjames commented on pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811#issuecomment-707011991
I know this PR probably doesn't meet the standards of this project, but it would be _excellent_ if it were merged anyway. The version of jackson that ends up being shaded by the project has numerous serious security vulnerabilities as detected by the OWASP dependency check tool: https://owasp.org/www-project-dependency-check/
It may be that the usage of jackson by the parquet project is not vulnerable to the 23 (!) different vulnerabilities I've got listed locally, but that's potentially very hard for someone not familiar to the project to audit, and I would hope that the travis check is sufficient to show that the upgrade is at least compile safe.
Let me know if there's anything I can do to help this get merged!
--James.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [parquet-mr] gszadovszky commented on pull request #811: PARQUET-1895: Update jackson-databind
Posted by GitBox <gi...@apache.org>.
gszadovszky commented on pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811#issuecomment-707020958
@grumpyjames, I really hope it meets the standards :smiley:. I completely forgot about it. Thanks for the heads up.
Based on the apache policy we need an approval of a committer (even if the author is one of them).
@shangxinli, could you have a quick look on this one?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [parquet-mr] toomyem commented on pull request #811: PARQUET-1895: Update jackson-databind
Posted by GitBox <gi...@apache.org>.
toomyem commented on pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811#issuecomment-707621941
Maybe some small release 1.11.2 with this fix would be possible sooner?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [parquet-mr] gszadovszky commented on pull request #811: PARQUET-1895: Update jackson-databind
Posted by GitBox <gi...@apache.org>.
gszadovszky commented on pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811#issuecomment-707627412
I would suggest writing to the dev list of the parquet community about this topic.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [parquet-mr] grumpyjames commented on pull request #811: PARQUET-1895: Update jackson-databind
Posted by GitBox <gi...@apache.org>.
grumpyjames commented on pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811#issuecomment-707030686
> @grumpyjames, I really hope it meets the standards
I hope so too!
I should clarify here that I have no idea if it does or not - it looks like there's a template for PR's that's been left untouched - there are some checkboxes/questions that could be answered? But possibly this change is small enough for that to not matter! Or maybe that template is really old and no-one actually reads it! I don't know! Hopefully someone who does can have a look :-)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [parquet-mr] gszadovszky merged pull request #811: PARQUET-1895: Update jackson-databind
Posted by GitBox <gi...@apache.org>.
gszadovszky merged pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org