You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@linkis.apache.org by GitBox <gi...@apache.org> on 2022/07/28 02:26:04 UTC
[GitHub] [incubator-linkis] casionone opened a new pull request, #2538: [WIP]upgrade jackson-bom.version 2.13.2.1 to 2.13.2.2
casionone opened a new pull request, #2538:
URL: https://github.com/apache/incubator-linkis/pull/2538
### What is the purpose of the change
upgrade jackson-bom.version 2.13.2.1 to 2.13.2.2
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org
[GitHub] [incubator-linkis] jackxu2011 commented on pull request #2538: Upgrade jackson-databind 2.13.2.1 to 2.13.2.2
Posted by GitBox <gi...@apache.org>.
jackxu2011 commented on PR #2538:
URL: https://github.com/apache/incubator-linkis/pull/2538#issuecomment-1198889455
> > > > the hadoop has downgrade jackson to 2.12.7 to compatible with jsr311
> > >
> > >
> > > jackson-databind 2.13.2.1 has high security vulnerability Does you mean that there will be incompatibility with jsr311 after the upgrade? Is there a related issue or an announcement
> >
> >
> > 2.12.7 has no security vulnerability
>
> Is it recommended to use jackson bom version of 2.12.7?
yes see https://issues.apache.org/jira/browse/HADOOP-18332
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org
[GitHub] [incubator-linkis] jackxu2011 commented on pull request #2538: [WIP]upgrade jackson-databind 2.13.2.1 to 2.13.2.2
Posted by GitBox <gi...@apache.org>.
jackxu2011 commented on PR #2538:
URL: https://github.com/apache/incubator-linkis/pull/2538#issuecomment-1198801945
> > the hadoop has downgrade jackson to 2.12.7 to compatible with jsr311
>
> jackson-databind 2.13.2.1 has high security vulnerability Does you mean that there will be incompatibility with jsr311 after the upgrade? Is there a related issue or an announcement
2.12.7 has no security vulnerability
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org
[GitHub] [incubator-linkis] jackxu2011 commented on pull request #2538: [WIP]upgrade jackson-databind 2.13.2.1 to 2.13.2.2
Posted by GitBox <gi...@apache.org>.
jackxu2011 commented on PR #2538:
URL: https://github.com/apache/incubator-linkis/pull/2538#issuecomment-1197688498
the hadoop has downgrade jackson to 2.12.7 to fit jsr311
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org
[GitHub] [incubator-linkis] codecov[bot] commented on pull request #2538: [WIP]upgrade jackson-databind 2.13.2.1 to 2.13.2.2
Posted by GitBox <gi...@apache.org>.
codecov[bot] commented on PR #2538:
URL: https://github.com/apache/incubator-linkis/pull/2538#issuecomment-1197597211
# [Codecov](https://codecov.io/gh/apache/incubator-linkis/pull/2538?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#2538](https://codecov.io/gh/apache/incubator-linkis/pull/2538?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (d6c5c31) into [dev-1.2.1](https://codecov.io/gh/apache/incubator-linkis/commit/70fc6ccffe425de02b2b41a143acbc8d39ddbe17?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (70fc6cc) will **increase** coverage by `0.00%`.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## dev-1.2.1 #2538 +/- ##
============================================
Coverage 15.78% 15.79%
- Complexity 1105 1106 +1
============================================
Files 668 668
Lines 20632 20632
Branches 2941 2941
============================================
+ Hits 3257 3259 +2
+ Misses 16938 16937 -1
+ Partials 437 436 -1
```
| [Impacted Files](https://codecov.io/gh/apache/incubator-linkis/pull/2538?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...s/scheduler/queue/fifoqueue/FIFOUserConsumer.scala](https://codecov.io/gh/apache/incubator-linkis/pull/2538/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-bGlua2lzLWNvbW1vbnMvbGlua2lzLXNjaGVkdWxlci9zcmMvbWFpbi9zY2FsYS9vcmcvYXBhY2hlL2xpbmtpcy9zY2hlZHVsZXIvcXVldWUvZmlmb3F1ZXVlL0ZJRk9Vc2VyQ29uc3VtZXIuc2NhbGE=) | `37.77% <0.00%> (+2.22%)` | :arrow_up: |
Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org
[GitHub] [incubator-linkis] casionone commented on pull request #2538: [WIP]upgrade jackson-databind 2.13.2.1 to 2.13.2.2
Posted by GitBox <gi...@apache.org>.
casionone commented on PR #2538:
URL: https://github.com/apache/incubator-linkis/pull/2538#issuecomment-1198120710
> the hadoop has downgrade jackson to 2.12.7 to compatible with jsr311
jackson-databind 2.13.2.1 has high security vulnerability
Does you mean that there will be incompatibility with jsr311 after the upgrade?
Is there a related issue or an announcement
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org
[GitHub] [incubator-linkis] peacewong merged pull request #2538: Downgrading jackson to 2.12.7
Posted by GitBox <gi...@apache.org>.
peacewong merged PR #2538:
URL: https://github.com/apache/incubator-linkis/pull/2538
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org
[GitHub] [incubator-linkis] casionone commented on pull request #2538: Upgrade jackson-databind 2.13.2.1 to 2.13.2.2
Posted by GitBox <gi...@apache.org>.
casionone commented on PR #2538:
URL: https://github.com/apache/incubator-linkis/pull/2538#issuecomment-1198824663
> > > the hadoop has downgrade jackson to 2.12.7 to compatible with jsr311
> >
> >
> > jackson-databind 2.13.2.1 has high security vulnerability Does you mean that there will be incompatibility with jsr311 after the upgrade? Is there a related issue or an announcement
>
> 2.12.7 has no security vulnerability
Is it recommended to use jackson bom version of 2.12.7?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org