Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update outdated dependencies: jetty, jersey and others #9942

Merged
merged 3 commits into from
Feb 26, 2020

Conversation

witgo
Copy link
Contributor

@witgo witgo commented Sep 23, 2019

No description provided.

@alluxio-bot
Copy link
Contributor

Automated checks report:

  • AmplabJenkins build check: PENDING
    • We were not able to detect AmplabJenkins test results on this PR. Status will update when testing completes.
  • Commits associated with Github account: PASS
  • PR title follows the conventions: FAIL
    • The title of the PR does not pass all the checks. Please fix the following issues:
      • Title must not end with punctuation

Some checks failed. Please fix the reported issues and reply 'alluxio-bot, check this please' to re-run checks.

@AmplabJenkins
Copy link

Merged build finished. Test FAILed.

@AmplabJenkins
Copy link

Test FAILed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/5684/
Test FAILed.

@AmplabJenkins
Copy link

Merged build finished. Test FAILed.

@AmplabJenkins
Copy link

Test FAILed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/5685/
Test FAILed.

@AmplabJenkins
Copy link

Merged build finished. Test PASSed.

@AmplabJenkins
Copy link

Test PASSed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/5686/
Test PASSed.

@apc999
Copy link
Contributor

apc999 commented Sep 24, 2019

@witgo thanks for updating the dependency. In general in this project, we update the version of an external dependency if we hit bugs, security or performance issues on the existing ones. Otherwise, updating the versions of other client-side dependencies (e.g., alluxio-client may depend on) is not typically encouraged because they may cause dependency conflicts on application side. On server-side, the requirement is less strict.

Among the dependencies updated in this PR, do you have them in one of the above buckets?

@witgo
Copy link
Contributor Author

witgo commented Sep 27, 2019

@apc999

grpc => DoS vulnerability CVE-2019-9515 (SETTINGS flood)

rocksdb => ARM

jersey => jdk 11

@witgo witgo force-pushed the update_outdated_dep branch from 22c61dc to 6a61c15 Compare October 17, 2019 14:41
@witgo witgo changed the title Update outdated dependencies: grpc, rocksdb, jersey, metrics and others. Update outdated dependencies: grpc, rocksdb, jersey and others. Oct 17, 2019
@AmplabJenkins
Copy link

Merged build finished. Test FAILed.

@AmplabJenkins
Copy link

Test FAILed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/6122/
Test FAILed.

@AmplabJenkins
Copy link

Merged build finished. Test FAILed.

@AmplabJenkins
Copy link

Test FAILed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/6124/
Test FAILed.

@AmplabJenkins
Copy link

Merged build finished. Test PASSed.

@AmplabJenkins
Copy link

Test PASSed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/6125/
Test PASSed.

@witgo witgo force-pushed the update_outdated_dep branch from 2d20f32 to d9a7b97 Compare October 19, 2019 02:01
@AmplabJenkins
Copy link

Merged build finished. Test PASSed.

@AmplabJenkins
Copy link

Test PASSed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/6193/
Test PASSed.

@witgo witgo force-pushed the update_outdated_dep branch 2 times, most recently from 663e753 to 8bdac5e Compare November 3, 2019 03:38
@AmplabJenkins
Copy link

Merged build finished. Test PASSed.

@AmplabJenkins
Copy link

Test PASSed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/6697/
Test PASSed.

@AmplabJenkins
Copy link

Merged build finished. Test PASSed.

@AmplabJenkins
Copy link

Test PASSed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/6698/
Test PASSed.

@@ -70,6 +70,10 @@
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-server</artifactId>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.inject</groupId>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this package used anywhere?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this link provides a better explanation: https://eclipse-ee4j.github.io/jersey.github.io/release-notes/2.26.html

pom.xml Show resolved Hide resolved
@AmplabJenkins
Copy link

Merged build finished. Test PASSed.

@AmplabJenkins
Copy link

Test PASSed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/6699/
Test PASSed.

@witgo witgo changed the title Update outdated dependencies: grpc, rocksdb, jersey and others. Update outdated dependencies: rocksdb, jersey and others. Feb 16, 2020
@witgo witgo force-pushed the update_outdated_dep branch from b96aa53 to 4cac1d4 Compare February 16, 2020 02:34
@AmplabJenkins
Copy link

Merged build finished. Test PASSed.

@AmplabJenkins
Copy link

Test PASSed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/8258/
Test PASSed.

@witgo
Copy link
Contributor Author

witgo commented Feb 21, 2020

@ZacBlanco Can you take a look?

Copy link
Contributor

@ZacBlanco ZacBlanco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making these updates. I think it looks ok for the most part. Just had a few comments

job/server/pom.xml Show resolved Hide resolved
pom.xml Outdated Show resolved Hide resolved
pom.xml Show resolved Hide resolved
@witgo witgo force-pushed the update_outdated_dep branch from 4cac1d4 to 268a644 Compare February 21, 2020 03:35
@witgo witgo changed the title Update outdated dependencies: rocksdb, jersey and others. Update outdated dependencies: jetty, jersey and others. Feb 21, 2020
@AmplabJenkins
Copy link

Merged build finished. Test PASSed.

@AmplabJenkins
Copy link

Test PASSed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/8346/
Test PASSed.

Copy link
Contributor

@ZacBlanco ZacBlanco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @witgo for the quick turnaround. I had one more round of comments.

pom.xml Show resolved Hide resolved
pom.xml Outdated Show resolved Hide resolved
pom.xml Outdated Show resolved Hide resolved
pom.xml Show resolved Hide resolved
pom.xml Show resolved Hide resolved
@@ -70,6 +70,10 @@
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-server</artifactId>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.inject</groupId>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this link provides a better explanation: https://eclipse-ee4j.github.io/jersey.github.io/release-notes/2.26.html

@AmplabJenkins
Copy link

Merged build finished. Test FAILed.

@AmplabJenkins
Copy link

Test FAILed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/8349/
Test FAILed.

@witgo
Copy link
Contributor Author

witgo commented Feb 21, 2020

The failed UT looks irrelevant

@ZacBlanco
Copy link
Contributor

jenkins, test this please

@AmplabJenkins
Copy link

Merged build finished. Test PASSed.

@AmplabJenkins
Copy link

Test PASSed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/Alluxio-Pull-Request-Builder/8354/
Test PASSed.

@ZacBlanco ZacBlanco changed the title Update outdated dependencies: jetty, jersey and others. Update outdated dependencies: jetty, jersey and others Feb 25, 2020
@alluxio-bot
Copy link
Contributor

Automated checks report:

  • AmplabJenkins build check: PASS
  • Commits associated with Github account: PASS
  • PR title follows the conventions: PASS

All checks passed!

Copy link
Contributor

@gpang gpang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@witgo Thanks for the updates!

LGTM

@ZacBlanco
Copy link
Contributor

alluxio-bot, merge this please

@alluxio-bot alluxio-bot merged commit 2093388 into Alluxio:master Feb 26, 2020
alluxio-bot pushed a commit that referenced this pull request Jul 1, 2024
### What changes are proposed in this pull request?
add back netty dependency within grpc


### Why are the changes needed?
previously we exclude netty dependency since we already have netty-all outside #9942

But due to grpc/grpc-java#11284, we sometimes have incompatibility between grpc and netty, and it's better to use shaded netty within grpc so we can be sure that they are compatible.

### Does this PR introduce any user facing changes?

na

			pr-link: #18642
			change-id: cid-65d86f315e023592060b6a9f864bfe2a972dfe68
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants