You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by GitBox <gi...@apache.org> on 2020/07/08 09:44:14 UTC

[GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1

Crim opened a new pull request #3305:
URL: https://github.com/apache/storm/pull/3305


   ## What is the purpose of the change
   
   Upgrades jQuery from 1.11.1 to 3.5.1 for several security fixes:
   - https://www.tenable.com/plugins/nessus/124719
   - https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
   - https://snyk.io/vuln/npm:jquery
   - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
   
   
   ## How was the change tested
   
   There does not appear to be automated UI tests, so I manually validated the changes by building a distribution .tar.gz file, deploying the nimbus, supervisor, UI, and logviewer daemons locally.  I then verified each page in the UI.  See attached screen shots below.
   
   Each page was verified by checking each function, verifying it behaved as expected, and no Javascript errors occurred.  One such error was identified and resolved in this PR.
   
   The only page I was unable to verify was the Storm Flux Yaml Viewer as I have no topology using it to verify against.  Perhaps there is one in the example directory someone can point me at and I can verify using it?
   
   ## Other Notes
   
   - This PR should be perfectly OK to target the 2.2.x and/or earlier branches if we want.
   - I updated the LICENSE files manually, I was unsure if these are manually curated, or generated as part of some automated process.
   
   ## Testing Screenshots
   
   ![image](https://user-images.githubusercontent.com/571653/86903735-bb292d00-c14a-11ea-8705-97864393e0b4.png)
   
   ![image](https://user-images.githubusercontent.com/571653/86903762-c0867780-c14a-11ea-9a65-d6f33729a74d.png)
   
   ![image](https://user-images.githubusercontent.com/571653/86903777-c4b29500-c14a-11ea-9a9a-e3c1dda3c776.png)
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] srdo commented on pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1

Posted by GitBox <gi...@apache.org>.

srdo commented on pull request #3305:
URL: https://github.com/apache/storm/pull/3305#issuecomment-656330732


   For fixing the RAT plugin, I'd guess you should update the exclusion list in https://github.com/apache/storm/blob/master/pom.xml#L463 to include the new webapp jquery file.
   
   The license update stuff described at https://github.com/apache/storm/blob/master/DEVELOPER.md#auditing-licenses-for-licensenotice only works for dependencies tracked by Maven.
   
   As this dependency is not being pulled in via Maven, I think there is very little to do. The LICENSE and LICENSE-binary files should be updated (this is already done). JQuery doesn't have a NOTICE file so that's not a concern. I think the current changes are good.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] Ethanlm merged pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1

Posted by GitBox <gi...@apache.org>.

Ethanlm merged pull request #3305:
URL: https://github.com/apache/storm/pull/3305


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] Ethanlm commented on pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1

Posted by GitBox <gi...@apache.org>.

Ethanlm commented on pull request #3305:
URL: https://github.com/apache/storm/pull/3305#issuecomment-656325539


   @Crim  This looks good. Thanks for contribution!
   
   Travis is failing due to 
   ```
   [ERROR] Failed to execute goal org.apache.rat:apache-rat-plugin:0.12:check (default) on project storm-webapp: Too many files with unapproved license: 1 See RAT report in: /home/travis/build/apache/storm/storm-webapp/target/rat.txt -> [Help 1]
   ```
   Can you please fix it?
   
   About LICENSE, here is some doc about it https://github.com/apache/storm/blob/master/DEVELOPER.md#listing-dependency-licenses. @srdo Can you speak to what needs to be updated regarding this change? Thanks!
   
   
   I will find some time to test flux. I myself is not familiar with that part either.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] Crim commented on pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1

Posted by GitBox <gi...@apache.org>.

Crim commented on pull request #3305:
URL: https://github.com/apache/storm/pull/3305#issuecomment-656380158


   I played around with the Flux UI and verified it works as expected.  Updated with a screenshot in the description.  I also updated the exclusion list in the POM, waiting for TravisCI to re-build now to verify.
   
   Thanks for the help!


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [storm] Crim commented on a change in pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1

Posted by GitBox <gi...@apache.org>.

Crim commented on a change in pull request #3305:
URL: https://github.com/apache/storm/pull/3305#discussion_r451421843



##########
File path: LICENSE
##########
@@ -203,26 +203,23 @@
 
 -----------------------------------------------------------------------
 
-For jQuery 1.11.1 (storm-webapp/src/main/java/org/apache/storm/daemon/ui/WEB-INF/js/jquery-1.11.1.min.js)
-
-Includes Sizzle.js
-http://sizzlejs.com/
-Copyright 2011, The Dojo Foundation
-Released under the MIT, BSD, and GPL Licenses.
+For jQuery 3.5.1 (storm-webapp/src/main/java/org/apache/storm/daemon/ui/WEB-INF/js/jquery-3.5.1.min.js)

Review comment:
       Pulled from https://github.com/jquery/jquery/blob/master/LICENSE.txt




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org