You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2022/11/07 19:29:20 UTC

[GitHub] [spark] bjornjorgensen opened a new pull request, #38539: [SPARK-41030][BUILD] Upgrade `Apache ivy` to 2.5.1

bjornjorgensen opened a new pull request, #38539:
URL: https://github.com/apache/spark/pull/38539

   ### What changes were proposed in this pull request?
   Upgrade `Apache ivy` from 2.5.0 to 2.5.1
   
   ### Why are the changes needed?
   [CVE-2022-37865](https://www.cve.org/CVERecord?id=CVE-2022-37865)
   
   ### Does this PR introduce _any_ user-facing change?
   No.
   
   ### How was this patch tested?
   Pass GA


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun closed pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun closed pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1
URL: https://github.com/apache/spark/pull/38539


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] bjornjorgensen commented on pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1

Posted by GitBox <gi...@apache.org>.

bjornjorgensen commented on PR #38539:
URL: https://github.com/apache/spark/pull/38539#issuecomment-1370174896

   oh.. well 
   @dongjoon-hyun will you have this in 3.2? If yes, then I can make a PR for it. 
   I don't know when a new 3.2 will be released.  But 3.2 was released October 13, 2021 and we will keep it "alive" for 18 month, so its soon EOL. Any reasons why you can't upgrade?  


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun commented on PR #38539:
URL: https://github.com/apache/spark/pull/38539#issuecomment-1370182153

   Thank you for asking.
   - In short, Yes, please make a PR for that. According to the status as-of-today, it looks safe to me too.
   - For new 3.2, I'm thinking of volunteering for Apache Spark 3.2.4 after Apache Spark 3.4 Feature Freeze. (late January or early February)
   
   BTW, the default opinion of any dependency change on the release branches is in general negative because we want to avoid the unknown risks. There is no bug-free software (including Apache Spark and Ivy).
   > Any reasons why you can't upgrade?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] kyle-ai2 commented on pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1

Posted by GitBox <gi...@apache.org>.

kyle-ai2 commented on PR #38539:
URL: https://github.com/apache/spark/pull/38539#issuecomment-1370168026

   hey @bjornjorgensen ,
   
   Just following up from my question a couple weeks ago. Hoping to see the changes in 3.2 and wondering if/when to expect a timeline of release.
   
   Thanks,
   Kyle


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] kyle-ai2 commented on pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1

Posted by GitBox <gi...@apache.org>.

kyle-ai2 commented on PR #38539:
URL: https://github.com/apache/spark/pull/38539#issuecomment-1315814385

   Hello @dongjoon-hyun,
   
   Will this fix be backported for Spark 3.2 as well?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun commented on PR #38539:
URL: https://github.com/apache/spark/pull/38539#issuecomment-1370182635

   Please cc Sean, Hyukjin and me on the back-porting PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun commented on PR #38539:
URL: https://github.com/apache/spark/pull/38539#issuecomment-1306405422

   Merged to master for Apache Spark 3.4.0.
   Thank you, @bjornjorgensen .


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] bjornjorgensen commented on pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1

Posted by GitBox <gi...@apache.org>.

bjornjorgensen commented on PR #38539:
URL: https://github.com/apache/spark/pull/38539#issuecomment-1362846615

   This have been merged to branch 3.3 https://github.com/apache/spark/pull/39176 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] kyle-ai2 commented on pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1

Posted by GitBox <gi...@apache.org>.

kyle-ai2 commented on PR #38539:
URL: https://github.com/apache/spark/pull/38539#issuecomment-1362922221

   Thank you for the update @bjornjorgensen .
   
   I would like to confirm whether the changes will be merged into 3.2 as well?
   
   Thanks again,
   Kyle


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] kyle-ai2 commented on pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1

Posted by GitBox <gi...@apache.org>.

kyle-ai2 commented on PR #38539:
URL: https://github.com/apache/spark/pull/38539#issuecomment-1317265934

   Yes we use Spark 3.2 in our production environment


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #38539: [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1

Posted by GitBox <gi...@apache.org>.

dongjoon-hyun commented on PR #38539:
URL: https://github.com/apache/spark/pull/38539#issuecomment-1315901316

   We need to validate this dependency change in `master` (for Apache Spark 3.4.0) first. Did you use this in your production environment?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org