You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by GitBox <gi...@apache.org> on 2022/10/19 06:50:21 UTC
[GitHub] [shardingsphere-elasticjob] Super-Sky opened a new pull request, #2136: fix(sec): upgrade io.netty:netty-codec to 4.1.68.Final
Super-Sky opened a new pull request, #2136:
URL: https://github.com/apache/shardingsphere-elasticjob/pull/2136
### What happened?
There are 1 security vulnerabilities found in io.netty:netty-codec 4.1.59.Final
- [CVE-2021-37136](https://www.oscs1024.com/hd/CVE-2021-37136)
### What did I do?
Upgrade io.netty:netty-codec from 4.1.59.Final to 4.1.68.Final for vulnerability fix
### What did you expect to happen?
Ideally, no insecure libs should be used.
### The specification of the pull request
[PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere-elasticjob] codecov-commenter commented on pull request #2136: fix(sec): upgrade io.netty:netty-codec to 4.1.68.Final
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on PR #2136:
URL: https://github.com/apache/shardingsphere-elasticjob/pull/2136#issuecomment-1283525923
# [Codecov](https://codecov.io/gh/apache/shardingsphere-elasticjob/pull/2136?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#2136](https://codecov.io/gh/apache/shardingsphere-elasticjob/pull/2136?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (9af1db6) into [master](https://codecov.io/gh/apache/shardingsphere-elasticjob/commit/59570e1e7fa7cbb407db7c61f536e08831127baa?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (59570e1) will **decrease** coverage by `0.17%`.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## master #2136 +/- ##
============================================
- Coverage 85.23% 85.05% -0.18%
+ Complexity 1903 145 -1758
============================================
Files 282 282
Lines 6216 6216
Branches 749 944 +195
============================================
- Hits 5298 5287 -11
- Misses 568 573 +5
- Partials 350 356 +6
```
| [Impacted Files](https://codecov.io/gh/apache/shardingsphere-elasticjob/pull/2136?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [.../datasource/DataSourceTracingStorageConverter.java](https://codecov.io/gh/apache/shardingsphere-elasticjob/pull/2136/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZWxhc3RpY2pvYi1lY29zeXN0ZW0vZWxhc3RpY2pvYi10cmFjaW5nL2VsYXN0aWNqb2ItdHJhY2luZy1yZGIvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3NoYXJkaW5nc3BoZXJlL2VsYXN0aWNqb2IvdHJhY2luZy9yZGIvZGF0YXNvdXJjZS9EYXRhU291cmNlVHJhY2luZ1N0b3JhZ2VDb252ZXJ0ZXIuamF2YQ==) | `91.66% <0.00%> (-8.34%)` | :arrow_down: |
| [...ticjob/lite/internal/snapshot/SnapshotService.java](https://codecov.io/gh/apache/shardingsphere-elasticjob/pull/2136/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZWxhc3RpY2pvYi1saXRlL2VsYXN0aWNqb2ItbGl0ZS1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGFyZGluZ3NwaGVyZS9lbGFzdGljam9iL2xpdGUvaW50ZXJuYWwvc25hcHNob3QvU25hcHNob3RTZXJ2aWNlLmphdmE=) | `76.56% <0.00%> (-6.25%)` | :arrow_down: |
| [...e/shardingsphere/elasticjob/infra/env/IpUtils.java](https://codecov.io/gh/apache/shardingsphere-elasticjob/pull/2136/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZWxhc3RpY2pvYi1pbmZyYS9lbGFzdGljam9iLWluZnJhLWNvbW1vbi9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvZWxhc3RpY2pvYi9pbmZyYS9lbnYvSXBVdGlscy5qYXZh) | `65.71% <0.00%> (-2.86%)` | :arrow_down: |
| [...ob/error/handler/wechat/WechatJobErrorHandler.java](https://codecov.io/gh/apache/shardingsphere-elasticjob/pull/2136/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZWxhc3RpY2pvYi1lY29zeXN0ZW0vZWxhc3RpY2pvYi1lcnJvci1oYW5kbGVyL2VsYXN0aWNqb2ItZXJyb3ItaGFuZGxlci10eXBlL2VsYXN0aWNqb2ItZXJyb3ItaGFuZGxlci13ZWNoYXQvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3NoYXJkaW5nc3BoZXJlL2VsYXN0aWNqb2IvZXJyb3IvaGFuZGxlci93ZWNoYXQvV2VjaGF0Sm9iRXJyb3JIYW5kbGVyLmphdmE=) | `89.47% <0.00%> (-2.64%)` | :arrow_down: |
| [...rror/handler/dingtalk/DingtalkJobErrorHandler.java](https://codecov.io/gh/apache/shardingsphere-elasticjob/pull/2136/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZWxhc3RpY2pvYi1lY29zeXN0ZW0vZWxhc3RpY2pvYi1lcnJvci1oYW5kbGVyL2VsYXN0aWNqb2ItZXJyb3ItaGFuZGxlci10eXBlL2VsYXN0aWNqb2ItZXJyb3ItaGFuZGxlci1kaW5ndGFsay9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvZWxhc3RpY2pvYi9lcnJvci9oYW5kbGVyL2Rpbmd0YWxrL0Rpbmd0YWxrSm9iRXJyb3JIYW5kbGVyLmphdmE=) | `88.46% <0.00%> (-1.93%)` | :arrow_down: |
| [...b/cloud/console/controller/CloudJobController.java](https://codecov.io/gh/apache/shardingsphere-elasticjob/pull/2136/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZWxhc3RpY2pvYi1jbG91ZC9lbGFzdGljam9iLWNsb3VkLXNjaGVkdWxlci9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvc2hhcmRpbmdzcGhlcmUvZWxhc3RpY2pvYi9jbG91ZC9jb25zb2xlL2NvbnRyb2xsZXIvQ2xvdWRKb2JDb250cm9sbGVyLmphdmE=) | `68.31% <0.00%> (-1.00%)` | :arrow_down: |
| [...ticjob/tracing/rdb/storage/RDBJobEventStorage.java](https://codecov.io/gh/apache/shardingsphere-elasticjob/pull/2136/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZWxhc3RpY2pvYi1lY29zeXN0ZW0vZWxhc3RpY2pvYi10cmFjaW5nL2VsYXN0aWNqb2ItdHJhY2luZy1yZGIvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3NoYXJkaW5nc3BoZXJlL2VsYXN0aWNqb2IvdHJhY2luZy9yZGIvc3RvcmFnZS9SREJKb2JFdmVudFN0b3JhZ2UuamF2YQ==) | `81.39% <0.00%> (-0.47%)` | :arrow_down: |
| [...here/elasticjob/http/executor/HttpJobExecutor.java](https://codecov.io/gh/apache/shardingsphere-elasticjob/pull/2136/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZWxhc3RpY2pvYi1lY29zeXN0ZW0vZWxhc3RpY2pvYi1leGVjdXRvci9lbGFzdGljam9iLWV4ZWN1dG9yLXR5cGUvZWxhc3RpY2pvYi1odHRwLWV4ZWN1dG9yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9zaGFyZGluZ3NwaGVyZS9lbGFzdGljam9iL2h0dHAvZXhlY3V0b3IvSHR0cEpvYkV4ZWN1dG9yLmphdmE=) | `92.30% <0.00%> (ø)` | |
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere-elasticjob] TeslaCN commented on pull request #2136: fix(sec): upgrade io.netty:netty-codec to 4.1.68.Final
Posted by GitBox <gi...@apache.org>.
TeslaCN commented on PR #2136:
URL: https://github.com/apache/shardingsphere-elasticjob/pull/2136#issuecomment-1286401674
Hi @Super-Sky
Could you just upgrade the Netty to latest release and update LICENSE files under `elasticjob-distribution`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere-elasticjob] TeslaCN closed pull request #2136: fix(sec): upgrade io.netty:netty-codec to 4.1.68.Final
Posted by GitBox <gi...@apache.org>.
TeslaCN closed pull request #2136: fix(sec): upgrade io.netty:netty-codec to 4.1.68.Final
URL: https://github.com/apache/shardingsphere-elasticjob/pull/2136
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere-elasticjob] TeslaCN commented on pull request #2136: fix(sec): upgrade io.netty:netty-codec to 4.1.68.Final
Posted by GitBox <gi...@apache.org>.
TeslaCN commented on PR #2136:
URL: https://github.com/apache/shardingsphere-elasticjob/pull/2136#issuecomment-1296504209
We didn't use Bzip2 at present. We could upgrade it later.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org