Skip to content

TEZ-4456: Upgraded is-my-json-valid version to 2.20.3 to fix the vulnerability #250

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
abstractdog merged 1 commit into from
Nov 28, 2022
Merged

TEZ-4456: Upgraded is-my-json-valid version to 2.20.3 to fix the vulnerability #250

abstractdog merged 1 commit into from
Nov 28, 2022

Conversation

@amanraj2520
Copy link
Contributor

@amanraj2520 amanraj2520 commented Nov 25, 2022
edited
Loading

TEZ-4456: Upgraded is-my-json-valid version to 2.20.3 to fix the vulnerability. This is a critical vulnerability to fix. The parent JIRA can be tracked under : https://issues.apache.org/jira/browse/TEZ-4419

@tez-yetus
Copy link

tez-yetus commented Nov 25, 2022

🎊 +1 overall

Vote Subsystem Runtime Comment
+0 🆗 reexec 1m 7s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
_ master Compile Tests _
_ Patch Compile Tests _
+1 💚 whitespace 0m 0s The patch has no whitespace issues.
_ Other Tests _
+1 💚 asflicense 0m 55s The patch does not generate ASF License warnings.
2m 43s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-250/1/artifact/out/Dockerfile
GITHUB PR #250
JIRA Issue TEZ-4456
Optional Tests dupname asflicense
uname Linux 82d43bb24976 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality personality/tez.sh
git revision master / 65f9ee3
Max. process+thread count 46 (vs. ulimit of 5500)
modules C: tez-ui U: tez-ui
Console output https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-250/1/console
versions git=2.25.1 maven=3.6.3
Powered by Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

@amanraj2520
Copy link
Contributor Author

amanraj2520 commented Nov 25, 2022

@abstractdog Can you please check and approve this PR

abstractdog
abstractdog reviewed Nov 26, 2022
View reviewed changes
tez-ui/src/main/webapp/yarn.lock
is-my-json-valid@^2.12.4:
version "2.16.0"
resolved "https://registry.yarnpkg.com/is-my-json-valid/-/is-my-json-valid-2.16.0.tgz#f079dd9bfdae65ee2038aae8acbc86ab109e3693"
is-my-ip-valid@^1.0.0:
Copy link
Contributor

@abstractdog abstractdog Nov 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how are the is-my-ip-valid changes related to is-my-json-valid upgrade?

@amanraj2520
Copy link
Contributor Author

amanraj2520 commented Nov 26, 2022

Hi @abstractdog these dependencies come up as you build the 2.20.3 version. They are required to build the is-valid-json 2.20.3. I have not made manual changes to this file. They are autogenerated from the package.json

@abstractdog abstractdog self-requested a review November 28, 2022 11:15
@abstractdog
Copy link
Contributor

abstractdog commented Nov 28, 2022

thanks for clarifying @amanraj2520 , +1

@abstractdog abstractdog merged commit 25fc8c4 into apache:master Nov 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abstractdog abstractdog abstractdog approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@amanraj2520 @tez-yetus @abstractdog