You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@beam.apache.org by "bvolpato (via GitHub)" <gi...@apache.org> on 2023/08/03 04:58:56 UTC
[GitHub] [beam] bvolpato opened a new pull request, #27827: [Security] Upgrade snappy-java to 1.1.10.3
bvolpato opened a new pull request, #27827:
URL: https://github.com/apache/beam/pull/27827
`snappy-java` is currently 1.1.10.0, and is within the range for a couple of recent CVEs:
CVE-2023-34455 [High]
CVE-2023-34454 [Moderate]
CVE-2023-34453 [Moderate]
(See https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.10.3)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3
Posted by "damccorm (via GitHub)" <gi...@apache.org>.
damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664019383
Run Java PreCommit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] codecov[bot] commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3
Posted by "codecov[bot] (via GitHub)" <gi...@apache.org>.
codecov[bot] commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1663318122
## [Codecov](https://app.codecov.io/gh/apache/beam/pull/27827?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) Report
> Merging [#27827](https://app.codecov.io/gh/apache/beam/pull/27827?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) (ddf1e90) into [master](https://app.codecov.io/gh/apache/beam/commit/0c15645a561aebe0b860d7c1ea294de46e161e8d?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) (0c15645) will **increase** coverage by `0.02%`.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## master #27827 +/- ##
==========================================
+ Coverage 70.87% 70.89% +0.02%
==========================================
Files 861 861
Lines 105005 105005
==========================================
+ Hits 74418 74443 +25
+ Misses 29029 29004 -25
Partials 1558 1558
```
| Flag | Coverage Δ | |
|---|---|---|
| python | `79.87% <ø> (+0.03%)` | :arrow_up: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache#carryforward-flags-in-the-pull-request-comment) to find out more.
[see 5 files with indirect coverage changes](https://app.codecov.io/gh/apache/beam/pull/27827/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3
Posted by "damccorm (via GitHub)" <gi...@apache.org>.
damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664020682
Run Java_PVR_Flink_Batch PreCommit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3
Posted by "damccorm (via GitHub)" <gi...@apache.org>.
damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664020841
Run Java_Examples_Dataflow_Java17 PreCommit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3
Posted by "damccorm (via GitHub)" <gi...@apache.org>.
damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664020324
Run Java_Pulsar_IO_Direct PreCommit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] damccorm merged pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3
Posted by "damccorm (via GitHub)" <gi...@apache.org>.
damccorm merged PR #27827:
URL: https://github.com/apache/beam/pull/27827
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] github-actions[bot] commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1663318457
Assigning reviewers. If you would like to opt out of this review, comment `assign to next reviewer`:
R: @damccorm for label build.
Available commands:
- `stop reviewer notifications` - opt out of the automated review tooling
- `remind me after tests pass` - tag the comment author after tests pass
- `waiting on author` - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)
The PR bot will only process comments in the main thread (not review comments).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3
Posted by "damccorm (via GitHub)" <gi...@apache.org>.
damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664020179
Run Java_Spark3_Versions PreCommit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] damccorm commented on pull request #27827: [Security] Upgrade snappy-java to 1.1.10.3
Posted by "damccorm (via GitHub)" <gi...@apache.org>.
damccorm commented on PR #27827:
URL: https://github.com/apache/beam/pull/27827#issuecomment-1664104862
Run Java PreCommit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org