Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(sec): upgrade com.google.protobuf:protobuf-java to 3.16.1 #6960

Merged
merged 2 commits into from
Dec 8, 2022
Merged

fix(sec): upgrade com.google.protobuf:protobuf-java to 3.16.1 #6960

merged 2 commits into from
Dec 8, 2022

Conversation

lxxawfl
Copy link
Contributor

@lxxawfl lxxawfl commented Oct 16, 2022

What happened?

There are 1 security vulnerabilities found in com.google.protobuf:protobuf-java 2.5.0

What did I do?

Upgrade com.google.protobuf:protobuf-java from 2.5.0 to 3.16.1 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

How was this patch tested?

Run mvn compile failed locally, couldn't complete the build process.
Run mvn clean test failed locally, unit-test couldn't pass.

The specification of the pull request

PR Specification from OSCS

@xushiyan xushiyan added priority:minor everything else; usability gaps; questions; feature reqs dependencies Pull requests that update a dependency file labels Oct 31, 2022
@nsivabalan nsivabalan added the release-0.12.2 Patches targetted for 0.12.2 label Dec 6, 2022
@codope codope self-assigned this Dec 7, 2022
@codope codope force-pushed the oscs_fix_cd5s340au51t5k2gfie0 branch from 09dc9ed to 9d08a28 Compare December 7, 2022 12:50
codope
codope approved these changes Dec 7, 2022
View reviewed changes
Copy link
Member

@codope codope left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can land once CI is green.

@hudi-bot
Copy link

hudi-bot commented Dec 7, 2022

CI report:

Bot commands @hudi-bot supports the following commands:
  • @hudi-bot run azure re-run the last Azure build

@codope codope merged commit 92490a8 into apache:master Dec 8, 2022
codope added a commit that referenced this pull request Dec 13, 2022
@lxxawfl @codope
[HUDI-5344] Fix CVE - upgrade protobuf-java (#6960)
77df347 
* Fixes https://www.oscs1024.com/hd/CVE-2015-5237

Co-authored-by: Sagar Sumit <sagarsumit09@gmail.com>
nsivabalan pushed a commit that referenced this pull request Dec 13, 2022
@lxxawfl @codope @nsivabalan
[HUDI-5344] Fix CVE - upgrade protobuf-java (#6960)
f7efb58 
* Fixes https://www.oscs1024.com/hd/CVE-2015-5237

Co-authored-by: Sagar Sumit <sagarsumit09@gmail.com>
alexeykudinkin pushed a commit to onehouseinc/hudi that referenced this pull request Dec 14, 2022
@lxxawfl @codope
[HUDI-5344] Fix CVE - upgrade protobuf-java (apache#6960)
7f0bab9 
* Fixes https://www.oscs1024.com/hd/CVE-2015-5237

Co-authored-by: Sagar Sumit <sagarsumit09@gmail.com>
alexeykudinkin pushed a commit to onehouseinc/hudi that referenced this pull request Dec 14, 2022
@lxxawfl @codope
[HUDI-5344] Fix CVE - upgrade protobuf-java (apache#6960)
20d3f79 
* Fixes https://www.oscs1024.com/hd/CVE-2015-5237

Co-authored-by: Sagar Sumit <sagarsumit09@gmail.com>
alexeykudinkin pushed a commit to onehouseinc/hudi that referenced this pull request Dec 14, 2022
@lxxawfl @codope
[HUDI-5344] Fix CVE - upgrade protobuf-java (apache#6960)
6896877 
* Fixes https://www.oscs1024.com/hd/CVE-2015-5237

Co-authored-by: Sagar Sumit <sagarsumit09@gmail.com>
alexeykudinkin pushed a commit to onehouseinc/hudi that referenced this pull request Dec 14, 2022
@lxxawfl @codope
[HUDI-5344] Fix CVE - upgrade protobuf-java (apache#6960)
d0af965 
* Fixes https://www.oscs1024.com/hd/CVE-2015-5237

Co-authored-by: Sagar Sumit <sagarsumit09@gmail.com>
alexeykudinkin pushed a commit to onehouseinc/hudi that referenced this pull request Dec 14, 2022
@lxxawfl @codope
[HUDI-5344] Fix CVE - upgrade protobuf-java (apache#6960)
025a8db 
* Fixes https://www.oscs1024.com/hd/CVE-2015-5237

Co-authored-by: Sagar Sumit <sagarsumit09@gmail.com>
alexeykudinkin pushed a commit to onehouseinc/hudi that referenced this pull request Dec 14, 2022
@lxxawfl @codope
[HUDI-5344] Fix CVE - upgrade protobuf-java (apache#6960)
8b294b0 
* Fixes https://www.oscs1024.com/hd/CVE-2015-5237

Co-authored-by: Sagar Sumit <sagarsumit09@gmail.com>
fengjian428 pushed a commit to fengjian428/hudi that referenced this pull request Apr 5, 2023
@lxxawfl @codope
[HUDI-5344] Fix CVE - upgrade protobuf-java (apache#6960)
0fe2900 
* Fixes https://www.oscs1024.com/hd/CVE-2015-5237

Co-authored-by: Sagar Sumit <sagarsumit09@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codope codope codope approved these changes

Assignees

@codope codope

Labels
dependencies Pull requests that update a dependency file priority:minor everything else; usability gaps; questions; feature reqs release-0.12.2 Patches targetted for 0.12.2
Projects
Hudi Issue Support
Status: No status
Hudi PR Support
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@lxxawfl @hudi-bot @codope @nsivabalan @xushiyan