YARN-11092. Upgrade jquery ui to 1.13.1 by hotcodemacha · Pull Request #4260 · apache/hadoop

hotcodemacha · 2022-05-03T13:34:36Z

Description of PR

Upgrade jquery ui to 1.13.1 due to handle vulnerabilities CVE-2021-41182, CVE-2021-41183, CVE-2021-41184

JIRA: YARN-11092

Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?

hadoop-yetus · 2022-05-03T15:25:52Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 56s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	jshint	0m 1s		jshint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
+1 💚	mvninstall	41m 29s		trunk passed
+1 💚	compile	0m 59s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	compile	0m 53s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	checkstyle	0m 48s		trunk passed
+1 💚	mvnsite	0m 58s		trunk passed
+1 💚	javadoc	1m 5s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 54s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	2m 4s		trunk passed
+1 💚	shadedclient	24m 29s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 43s		the patch passed
+1 💚	compile	0m 47s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javac	0m 47s		the patch passed
+1 💚	compile	0m 41s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	0m 41s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	0m 30s		the patch passed
+1 💚	mvnsite	0m 44s		the patch passed
+1 💚	xml	0m 1s		The patch has no ill-formed XML file.
+1 💚	javadoc	0m 44s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 44s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	1m 51s		the patch passed
+1 💚	shadedclient	23m 44s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	4m 44s		hadoop-yarn-common in the patch passed.
+1 💚	asflicense	0m 44s		The patch does not generate ASF License warnings.
		109m 57s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4260/1/artifact/out/Dockerfile
GITHUB PR	#4260
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell xml spotbugs checkstyle jshint
uname	Linux 91306c902753 4.15.0-166-generic #174-Ubuntu SMP Wed Dec 8 19:07:44 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `ba4f39f`
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4260/1/testReport/
Max. process+thread count	594 (vs. ulimit of 5500)
modules	C: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common U: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4260/1/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org

This message was automatically generated.

tomicooler · 2022-05-04T06:06:34Z

Hi!

thanks for working on this @ashutoshcipher, LGTM +1.

jquery-ui is used in UI2 too:

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-ui/src/main/webapp/bower.json:    "jquery-ui": "1.12.1",

Unfortunately the shim repo is not maintained anymore, so the upgrade is probably a bit more complicated task (here is the official repo https://github.com/jquery/jquery-ui), if you don't want to do the UI2 upgrade in this PR then please open a separate Jira for that.

hotcodemacha · 2022-05-05T09:47:42Z

Thanks for review @tomicooler. I will create a separate JIRA for UI2 upgrade.

aajisaka · 2022-05-10T08:38:35Z

@ashutoshcipher The change looks good. Could you build with the patch and verify the YARN UI is working?

hotcodemacha · 2022-05-11T12:18:48Z

@aajisaka - I build the with the patch and the UI seems to working fine. Attaching screenshot for reference.

hotcodemacha · 2022-05-14T01:05:34Z

@aajisaka - I have addressed your comments. Can you please review it? Thanks.

aajisaka

+1

Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com> Signed-off-by: Akira Ajisaka <aajisaka@apache.org> (cherry picked from commit 931abbd) Conflicts: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/JQueryUI.java

Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com> Signed-off-by: Akira Ajisaka <aajisaka@apache.org> (cherry picked from commit 931abbd) Conflicts: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/pom.xml hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/JQueryUI.java

Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com> Signed-off-by: Akira Ajisaka <aajisaka@apache.org> (cherry picked from commit 931abbd) Conflicts: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/JQueryUI.java Change-Id: I5d5f729aa0c778298d753ff5400b33b5e95edd5d

Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com> Signed-off-by: Akira Ajisaka <aajisaka@apache.org>

Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com> Signed-off-by: Akira Ajisaka <aajisaka@apache.org> # Conflicts: # hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/JQueryUI.java Change-Id: I778b84abc7e1aa3470651592814c98977a8b8fcb

Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com> Signed-off-by: Akira Ajisaka <aajisaka@apache.org> (cherry picked from commit 931abbd) Conflicts: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/JQueryUI.java Change-Id: I5d5f729aa0c778298d753ff5400b33b5e95edd5d

… jquery (#19) * YARN-11092. Upgrade jquery ui to 1.13.1 (apache#4260) Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com> Signed-off-by: Akira Ajisaka <aajisaka@apache.org> (cherry picked from commit 931abbd) Conflicts: hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/JQueryUI.java Change-Id: I5d5f729aa0c778298d753ff5400b33b5e95edd5d * ODP-2215 - importing com.google.common.collect.Lists * YARN-11303. Upgrade jquery ui to 1.13.2 to mitigate CVE-2022-31160 (apache#4895) Contributed by Ashutosh Gupta * HADOOP-18044. Hadoop - Upgrade to jQuery 3.6.0 (apache#3791) Co-authored-by: luoyuan <luoyuan@shopee.com> (cherry picked from commit e2d6201) * ODP-2215 - Deleting jquery-3.3.1.min.js --------- Co-authored-by: Ashutosh Gupta <ashutosh.gupta@st.niituniversity.in> Co-authored-by: luoyuan3471 <46600375+luoyuan3471@users.noreply.github.com>

YARN-11092. Upgrade jquery ui to 1.13.1

ba4f39f

aajisaka approved these changes May 16, 2022

View reviewed changes

aajisaka merged commit 931abbd into apache:trunk May 16, 2022

HarshitGupta11 pushed a commit to HarshitGupta11/hadoop that referenced this pull request Nov 28, 2022

YARN-11092. Upgrade jquery ui to 1.13.1 (apache#4260)

b5dd4a3

Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com> Signed-off-by: Akira Ajisaka <aajisaka@apache.org>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

YARN-11092. Upgrade jquery ui to 1.13.1#4260

YARN-11092. Upgrade jquery ui to 1.13.1#4260
aajisaka merged 1 commit intoapache:trunkfrom
hotcodemacha:YARN-11092

hotcodemacha commented May 3, 2022

Uh oh!

hadoop-yetus commented May 3, 2022

Uh oh!

tomicooler commented May 4, 2022

Uh oh!

hotcodemacha commented May 5, 2022

Uh oh!

aajisaka commented May 10, 2022

Uh oh!

hotcodemacha commented May 11, 2022

Uh oh!

hotcodemacha commented May 14, 2022

Uh oh!

aajisaka left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

hotcodemacha commented May 3, 2022

Description of PR

Uh oh!

hadoop-yetus commented May 3, 2022

Uh oh!

tomicooler commented May 4, 2022

Uh oh!

hotcodemacha commented May 5, 2022

Uh oh!

aajisaka commented May 10, 2022

Uh oh!

hotcodemacha commented May 11, 2022

Uh oh!

hotcodemacha commented May 14, 2022

Uh oh!

aajisaka left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants