You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@beam.apache.org by "bvolpato (via GitHub)" <gi...@apache.org> on 2023/08/03 04:58:56 UTC

[GitHub] [beam] bvolpato opened a new pull request, #27827: [Security] Upgrade snappy-java to 1.1.10.3

bvolpato opened a new pull request, #27827:
URL: https://github.com/apache/beam/pull/27827

   `snappy-java` is currently 1.1.10.0, and is within the range for a couple of recent CVEs:
   
   CVE-2023-34455 [High]
   CVE-2023-34454 [Moderate]
   CVE-2023-34453 [Moderate]
   
   (See https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.10.3)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3

Posted by "damccorm (via GitHub)" <gi...@apache.org>.

damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664019383

   Run Java PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] codecov[bot] commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3

Posted by "codecov[bot] (via GitHub)" <gi...@apache.org>.

codecov[bot] commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1663318122

   ## [Codecov](https://app.codecov.io/gh/apache/beam/pull/27827?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) Report
   > Merging [#27827](https://app.codecov.io/gh/apache/beam/pull/27827?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) (ddf1e90) into [master](https://app.codecov.io/gh/apache/beam/commit/0c15645a561aebe0b860d7c1ea294de46e161e8d?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) (0c15645) will **increase** coverage by `0.02%`.
   > The diff coverage is `n/a`.
   
   ```diff
   @@            Coverage Diff             @@
   ##           master   #27827      +/-   ##
   ==========================================
   + Coverage   70.87%   70.89%   +0.02%     
   ==========================================
     Files         861      861              
     Lines      105005   105005              
   ==========================================
   + Hits        74418    74443      +25     
   + Misses      29029    29004      -25     
     Partials     1558     1558              
   ```
   
   | Flag | Coverage Δ | |
   |---|---|---|
   | python | `79.87% <ø> (+0.03%)` | :arrow_up: |
   
   Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache#carryforward-flags-in-the-pull-request-comment) to find out more.
   
   [see 5 files with indirect coverage changes](https://app.codecov.io/gh/apache/beam/pull/27827/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
   
   :mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3

Posted by "damccorm (via GitHub)" <gi...@apache.org>.

damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664020682

   Run Java_PVR_Flink_Batch PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3

Posted by "damccorm (via GitHub)" <gi...@apache.org>.

damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664020841

   Run Java_Examples_Dataflow_Java17 PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3

Posted by "damccorm (via GitHub)" <gi...@apache.org>.

damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664020324

   Run Java_Pulsar_IO_Direct PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm merged pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3

Posted by "damccorm (via GitHub)" <gi...@apache.org>.

damccorm merged PR #27827:
URL: https://github.com/apache/beam/pull/27827


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] github-actions[bot] commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.

github-actions[bot] commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1663318457

   Assigning reviewers. If you would like to opt out of this review, comment `assign to next reviewer`:
   
   R: @damccorm for label build.
   
   Available commands:
   - `stop reviewer notifications` - opt out of the automated review tooling
   - `remind me after tests pass` - tag the comment author after tests pass
   - `waiting on author` - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)
   
   The PR bot will only process comments in the main thread (not review comments).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3

Posted by "damccorm (via GitHub)" <gi...@apache.org>.

damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664020179

   Run Java_Spark3_Versions PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3

Posted by "damccorm (via GitHub)" <gi...@apache.org>.

damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664104862

   Run Java PreCommit


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org