TEZ-4463: Upgrade jquery-ui to 1.13.2 due to CVE issues #259

maheshrajus · 2022-12-13T12:24:55Z

Upgrade jquery-ui to 1.13.2 due to CVE issues
Bower not supporting jquery 1.13.2 version so moving required files into tez-ui.

abstractdog · 2023-02-14T12:41:38Z

@maheshrajus: can you please check why the tez-ui module fails?

maheshrajus · 2023-02-14T13:44:55Z

@abstractdog tez-ui module latest version 1.13.0 dependency failed to download with bower. Some how we need to pull this dependency with npm or other. I need to check this. any pointers/suggestions can help.

[INFO] bower jquery-ui#1.13.0 ENORESTARGET No version found that was able to satisfy 1.13.0

@abstractdog tez-ui module latest version 1.13.0 dependency failed to download with bower. Some how we need to pull this dependency with npm or other. I need to check this. any pointers/suggestions can help.

[INFO] bower jquery-ui#1.13.0 ENORESTARGET No version found that was able to satisfy 1.13.0

tez-yetus · 2023-03-14T09:53:59Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	24m 49s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ master Compile Tests _
+1 💚	mvninstall	15m 35s	master passed
+1 💚	javadoc	0m 38s	master passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu122.04
+1 💚	javadoc	0m 17s	master passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~22.04-b09
		_ Patch Compile Tests _
-1 ❌	mvninstall	0m 32s	tez-ui in the patch failed.
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	javadoc	0m 15s	the patch passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu122.04
+1 💚	javadoc	0m 15s	the patch passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~22.04-b09
		_ Other Tests _
-1 ❌	unit	0m 18s	tez-ui in the patch failed.
+1 💚	asflicense	0m 22s	The patch does not generate ASF License warnings.
		43m 46s

Subsystem	Report/Notes
Docker	ClientAPI=1.42 ServerAPI=1.42 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-259/4/artifact/out/Dockerfile
GITHUB PR	#259
JIRA Issue	TEZ-4463
Optional Tests	dupname asflicense javac javadoc unit
uname	Linux 3508c09ba8db 4.15.0-206-generic #217-Ubuntu SMP Fri Feb 3 19:10:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/tez.sh
git revision	master / `25a9536`
Default Java	Private Build-1.8.0_362-8u362-ga-0ubuntu1~22.04-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu122.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_362-8u362-ga-0ubuntu1~22.04-b09
mvninstall	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-259/4/artifact/out/patch-mvninstall-tez-ui.txt
unit	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-259/4/artifact/out/patch-unit-tez-ui.txt
Test Results	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-259/4/testReport/
Max. process+thread count	72 (vs. ulimit of 5500)
modules	C: tez-ui U: tez-ui
Console output	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-259/4/console
versions	git=2.34.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

abstractdog · 2023-03-28T15:41:01Z

regarding bower failure: jquery/jquery-ui#2068

maheshrajus · 2023-03-29T07:26:44Z

@abstractdog yeah laszlo, i am checking about same dependency how we can achieve with npm. Let me check and confirm.

tez-yetus · 2023-03-31T08:03:25Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 33s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ master Compile Tests _
+1 💚	mvninstall	15m 25s	master passed
+1 💚	javadoc	0m 37s	master passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu122.04
+1 💚	javadoc	0m 16s	master passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~22.04-b09
		_ Patch Compile Tests _
+1 💚	mvninstall	1m 11s	the patch passed
+1 💚	jshint	57m 55s	There were no new jshint issues.
-1 ❌	whitespace	0m 0s	The patch has 1 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
-1 ❌	whitespace	0m 0s	The patch 15448 line(s) with tabs.
+1 💚	javadoc	0m 16s	the patch passed with JDK Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu122.04
+1 💚	javadoc	0m 16s	the patch passed with JDK Private Build-1.8.0_362-8u362-ga-0ubuntu1~22.04-b09
		_ Other Tests _
+1 💚	unit	1m 39s	tez-ui in the patch passed.
-1 ❌	asflicense	0m 24s	The patch generated 2 ASF License warnings.
		79m 23s

Subsystem	Report/Notes
Docker	ClientAPI=1.42 ServerAPI=1.42 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-259/6/artifact/out/Dockerfile
GITHUB PR	#259
JIRA Issue	TEZ-4463
Optional Tests	dupname asflicense javac javadoc unit jshint
uname	Linux 150459927f38 4.15.0-206-generic #217-Ubuntu SMP Fri Feb 3 19:10:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/tez.sh
git revision	master / `c9ccf1c`
Default Java	Private Build-1.8.0_362-8u362-ga-0ubuntu1~22.04-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.18+10-post-Ubuntu-0ubuntu122.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_362-8u362-ga-0ubuntu1~22.04-b09
whitespace	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-259/6/artifact/out/whitespace-eol.txt
whitespace	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-259/6/artifact/out/whitespace-tabs.txt
Test Results	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-259/6/testReport/
asflicense	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-259/6/artifact/out/patch-asflicense-problems.txt
Max. process+thread count	91 (vs. ulimit of 5500)
modules	C: tez-ui U: tez-ui
Console output	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-259/6/console
versions	git=2.34.1 maven=3.6.3 jshint=2.12.0
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

maheshrajus · 2023-04-12T08:01:35Z

for 1.13.0+jquery-ui version bower not supporting dependency. So changing bower to npm dependency way is complex and changes will be more.

abstractdog · 2023-04-13T08:48:06Z

why is this PR closed? I believe we still need to address CVE-s, even if collecting dependencies from different sources might be challenging
I can see the latest patchset tries to address this question, didn't it work? can you take a look at that @sreenaths ?

maheshrajus changed the title ~~[TEZ-4463] Upgrade jquery-ui to 1.13.0 due to CVEs~~ TEZ-4463: Upgrade jquery-ui to 1.13.0 due to CVEs Dec 13, 2022

This comment was marked as outdated.

Sign in to view

maheshrajus force-pushed the TEZ-4463 branch from 0ad4f17 to 5188cb7 Compare January 10, 2023 13:33

This comment was marked as outdated.

Sign in to view

maheshrajus changed the title ~~TEZ-4463: Upgrade jquery-ui to 1.13.0 due to CVEs~~ TEZ-4463: Upgrade jquery-ui to 1.13.0 due to CVE issues Feb 7, 2023

maheshrajus closed this Feb 7, 2023

maheshrajus reopened this Feb 7, 2023

This comment was marked as outdated.

Sign in to view

abstractdog self-requested a review February 14, 2023 12:41

maheshrajus force-pushed the TEZ-4463 branch from 5188cb7 to 0f187cf Compare March 14, 2023 09:09

maheshrajus changed the title ~~TEZ-4463: Upgrade jquery-ui to 1.13.0 due to CVE issues~~ TEZ-4463: Upgrade jquery-ui to 1.13.2 due to CVE issues Mar 14, 2023

maheshrajus force-pushed the TEZ-4463 branch from 0f187cf to 367b111 Compare March 29, 2023 14:27

This comment was marked as outdated.

Sign in to view

[TEZ-4463] Upgrade jquery-ui to 1.13.2 due to CVEs

91d5ada

maheshrajus force-pushed the TEZ-4463 branch from 367b111 to 91d5ada Compare March 31, 2023 06:43

maheshrajus closed this Apr 12, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

TEZ-4463: Upgrade jquery-ui to 1.13.2 due to CVE issues #259

TEZ-4463: Upgrade jquery-ui to 1.13.2 due to CVE issues #259

Uh oh!

maheshrajus commented Dec 13, 2022 •

edited

Loading

Uh oh!

This comment was marked as outdated.

This comment was marked as outdated.

This comment was marked as outdated.

abstractdog commented Feb 14, 2023

Uh oh!

maheshrajus commented Feb 14, 2023

Uh oh!

tez-yetus commented Mar 14, 2023

Uh oh!

abstractdog commented Mar 28, 2023

Uh oh!

maheshrajus commented Mar 29, 2023

Uh oh!

This comment was marked as outdated.

tez-yetus commented Mar 31, 2023

Uh oh!

maheshrajus commented Apr 12, 2023

Uh oh!

abstractdog commented Apr 13, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

TEZ-4463: Upgrade jquery-ui to 1.13.2 due to CVE issues #259

TEZ-4463: Upgrade jquery-ui to 1.13.2 due to CVE issues #259

Uh oh!

Conversation

maheshrajus commented Dec 13, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

This comment was marked as outdated.

This comment was marked as outdated.

This comment was marked as outdated.

abstractdog commented Feb 14, 2023

Uh oh!

maheshrajus commented Feb 14, 2023

Uh oh!

tez-yetus commented Mar 14, 2023

Uh oh!

abstractdog commented Mar 28, 2023

Uh oh!

maheshrajus commented Mar 29, 2023

Uh oh!

This comment was marked as outdated.

tez-yetus commented Mar 31, 2023

Uh oh!

maheshrajus commented Apr 12, 2023

Uh oh!

abstractdog commented Apr 13, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

maheshrajus commented Dec 13, 2022 •

edited

Loading