You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2020/10/25 10:13:26 UTC
[GitHub] [flink] rmetzger opened a new pull request #13780: [FLINK-19782][python] Remove antlr traces in flink-python
rmetzger opened a new pull request #13780:
URL: https://github.com/apache/flink/pull/13780
## What is the purpose of the change
A user found that we are using antlr in flink-python (with a vulnerability). We are not using antlr in flink-python, there are just some metadata files which were not properly removed from the shading.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot commented on pull request #13780: [FLINK-19782][python] Remove antlr traces in flink-python
Posted by GitBox <gi...@apache.org>.
flinkbot commented on pull request #13780:
URL: https://github.com/apache/flink/pull/13780#issuecomment-716123230
Thanks a lot for your contribution to the Apache Flink project. I'm the @flinkbot. I help the community
to review your pull request. We will use this comment to track the progress of the review.
## Automated Checks
Last check on commit a122d4149f65bdb997b8b27a7c980923f681e545 (Sun Oct 25 10:16:15 UTC 2020)
**Warnings:**
* **1 pom.xml files were touched**: Check for build and licensing issues.
* No documentation files were touched! Remember to keep the Flink docs up to date!
<sub>Mention the bot in a comment to re-run the automated checks.</sub>
## Review Progress
* ❓ 1. The [description] looks good.
* ❓ 2. There is [consensus] that the contribution should go into to Flink.
* ❓ 3. Needs [attention] from.
* ❓ 4. The change fits into the overall [architecture].
* ❓ 5. Overall code [quality] is good.
Please see the [Pull Request Review Guide](https://flink.apache.org/contributing/reviewing-prs.html) for a full explanation of the review process.<details>
The Bot is tracking the review progress through labels. Labels are applied according to the order of the review items. For consensus, approval by a Flink committer of PMC member is required <summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot approve description` to approve one or more aspects (aspects: `description`, `consensus`, `architecture` and `quality`)
- `@flinkbot approve all` to approve all aspects
- `@flinkbot approve-until architecture` to approve everything until `architecture`
- `@flinkbot attention @username1 [@username2 ..]` to require somebody's attention
- `@flinkbot disapprove architecture` to remove an approval you gave earlier
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot edited a comment on pull request #13780: [FLINK-19782][python] Remove antlr traces in flink-python
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on pull request #13780:
URL: https://github.com/apache/flink/pull/13780#issuecomment-716125377
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "a122d4149f65bdb997b8b27a7c980923f681e545",
"status" : "PENDING",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=8239",
"triggerID" : "a122d4149f65bdb997b8b27a7c980923f681e545",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* a122d4149f65bdb997b8b27a7c980923f681e545 Azure: [PENDING](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=8239)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] rmetzger commented on a change in pull request #13780: [FLINK-19782][python] Remove antlr traces in flink-python
Posted by GitBox <gi...@apache.org>.
rmetzger commented on a change in pull request #13780:
URL: https://github.com/apache/flink/pull/13780#discussion_r512176744
##########
File path: flink-python/pom.xml
##########
@@ -334,6 +334,7 @@ under the License.
<excludes>
<exclude>org/apache/beam/vendor/bytebuddy/**</exclude>
<exclude>org/apache/beam/repackaged/core/org/antlr/**</exclude>
+ <exclude>META-INF/maven/org.antlr/antlr4-runtime/**</exclude>
Review comment:
Yes, I'll do that.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot edited a comment on pull request #13780: [FLINK-19782][python] Remove antlr traces in flink-python
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on pull request #13780:
URL: https://github.com/apache/flink/pull/13780#issuecomment-716125377
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "a122d4149f65bdb997b8b27a7c980923f681e545",
"status" : "SUCCESS",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=8239",
"triggerID" : "a122d4149f65bdb997b8b27a7c980923f681e545",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* a122d4149f65bdb997b8b27a7c980923f681e545 Azure: [SUCCESS](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=8239)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] rmetzger closed pull request #13780: [FLINK-19782][python] Remove antlr traces in flink-python
Posted by GitBox <gi...@apache.org>.
rmetzger closed pull request #13780:
URL: https://github.com/apache/flink/pull/13780
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] tillrohrmann commented on a change in pull request #13780: [FLINK-19782][python] Remove antlr traces in flink-python
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #13780:
URL: https://github.com/apache/flink/pull/13780#discussion_r511894266
##########
File path: flink-python/pom.xml
##########
@@ -334,6 +334,7 @@ under the License.
<excludes>
<exclude>org/apache/beam/vendor/bytebuddy/**</exclude>
<exclude>org/apache/beam/repackaged/core/org/antlr/**</exclude>
+ <exclude>META-INF/maven/org.antlr/antlr4-runtime/**</exclude>
Review comment:
Should we simply exclude `META-INF/maven/org.antlr`?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot commented on pull request #13780: [FLINK-19782][python] Remove antlr traces in flink-python
Posted by GitBox <gi...@apache.org>.
flinkbot commented on pull request #13780:
URL: https://github.com/apache/flink/pull/13780#issuecomment-716125377
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "a122d4149f65bdb997b8b27a7c980923f681e545",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "a122d4149f65bdb997b8b27a7c980923f681e545",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* a122d4149f65bdb997b8b27a7c980923f681e545 UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] rmetzger commented on pull request #13780: [FLINK-19782][python] Remove antlr traces in flink-python
Posted by GitBox <gi...@apache.org>.
rmetzger commented on pull request #13780:
URL: https://github.com/apache/flink/pull/13780#issuecomment-716739109
Thanks for your review. I'll address the comment and merge the change.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org