Skip to content

fix(sec): upgrade com.beust:jcommander to 1.75 #6961

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lxxawfl wants to merge 1 commit into from
Closed

fix(sec): upgrade com.beust:jcommander to 1.75 #6961

lxxawfl wants to merge 1 commit into from

Conversation

@lxxawfl
Copy link
Contributor

@lxxawfl lxxawfl commented Oct 16, 2022

What happened?

There are 1 security vulnerabilities found in com.beust:jcommander 1.72

What did I do?

Upgrade com.beust:jcommander from 1.72 to 1.75 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

How was this patch tested?

Run mvn compile failed locally, couldn't complete the build process.
Run mvn clean test failed locally, unit-test couldn't pass.

The specification of the pull request

PR Specification from OSCS

@hudi-bot
Copy link
Collaborator

hudi-bot commented Oct 16, 2022

CI report:

Bot commands @hudi-bot supports the following commands:
  • @hudi-bot run azure re-run the last Azure build

@nsivabalan nsivabalan self-assigned this Oct 21, 2022
@nsivabalan nsivabalan added dependencies Dependency updates priority:critical Production degraded; pipelines stalled labels Oct 21, 2022
nsivabalan
nsivabalan approved these changes Oct 21, 2022
View reviewed changes
Copy link
Contributor

@nsivabalan nsivabalan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you inspect the CI failure.

nsivabalan
nsivabalan requested changes Oct 23, 2022
View reviewed changes
Copy link
Contributor

@nsivabalan nsivabalan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like there are some CI failures.

@xushiyan
Copy link
Member

xushiyan commented Oct 31, 2022

close in favor of #7068

@xushiyan xushiyan closed this Oct 31, 2022
@xushiyan xushiyan mentioned this pull request Oct 31, 2022
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nsivabalan nsivabalan nsivabalan requested changes

Assignees

@nsivabalan nsivabalan

Labels

dependencies Dependency updates priority:critical Production degraded; pipelines stalled

Projects

Hudi Issue Support
Status: 👤 User Action
Hudi PR Support
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lxxawfl @hudi-bot @xushiyan @nsivabalan