Skip to content

Comments

Upgraded protobuf-java dependencies to 3.25.5#23797

Merged
tdcmeehan merged 2 commits intoprestodb:masterfrom
infvg:upgrade-protobuf-java
Oct 23, 2024
Merged

Upgraded protobuf-java dependencies to 3.25.5#23797
tdcmeehan merged 2 commits intoprestodb:masterfrom
infvg:upgrade-protobuf-java

Conversation

@infvg
Copy link
Contributor

@infvg infvg commented Oct 9, 2024
edited
Loading

Description

Upgraded protobuf-java dependencies to version 3.25.5

Motivation and Context

This upgrade was created to deal with CVEs found in lower versions

Impact

None

Release Notes

== RELEASE NOTES ==

General Changes
* Upgraded protobuf-java to version 3.25.5 :pr:`23797`
* Upgraded protobuf-java-util to version 3.25.5 :pr:`23797`

@infvg infvg marked this pull request as ready for review October 9, 2024 19:49
@infvg infvg requested a review from a team as a code owner October 9, 2024 19:49
@infvg infvg requested a review from presto-oss October 9, 2024 19:49
@agrawalreetika
Copy link
Member

agrawalreetika commented Oct 9, 2024

Should we upgrade it to some close to latest version may be 4.28.2 ?

agrawalreetika
agrawalreetika reviewed Oct 9, 2024
View reviewed changes
pom.xml
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java-util</artifactId>
<version>${dep.protobuf-java.version}</version>
Copy link
Member

@agrawalreetika agrawalreetika Oct 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to add this explicitly?

Copy link
Contributor Author

@infvg infvg Oct 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we don't, 2.24.0 will be brought in by another dependency.

@infvg
Copy link
Contributor Author

infvg commented Oct 9, 2024

@agrawalreetika protobuf versions 3.x and 4.x have different APIs and upgrading the major version might result in issues.

https://protobuf.dev/support/version-support/
The 3.25.x version will continue to receive support until 31 March 2026.

agrawalreetika
agrawalreetika previously approved these changes Oct 10, 2024
View reviewed changes
@agrawalreetika
Copy link
Member

agrawalreetika commented Oct 15, 2024

Looks like there are some dependency issues in presto-bigquery connector, please check and fix those

@tdcmeehan tdcmeehan self-assigned this Oct 16, 2024
@tdcmeehan tdcmeehan merged commit 855ac73 into prestodb:master Oct 23, 2024
@infvg infvg deleted the upgrade-protobuf-java branch October 28, 2024 20:02
@jaystarshot jaystarshot mentioned this pull request Nov 1, 2024
Merged
25 tasks
@infvg infvg added the from:IBM PR from IBM label May 15, 2025
@prestodb-ci prestodb-ci requested review from a team, pdabre12 and wanglinsong and removed request for a team May 15, 2025 08:42
@infvg infvg added the Security label May 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@agrawalreetika agrawalreetika agrawalreetika approved these changes

@tdcmeehan tdcmeehan tdcmeehan approved these changes

@presto-oss presto-oss Awaiting requested review from presto-oss presto-oss is a code owner automatically assigned from prestodb/committers

@wanglinsong wanglinsong Awaiting requested review from wanglinsong wanglinsong was automatically assigned from prestodb/ibm-reviewers

@pdabre12 pdabre12 Awaiting requested review from pdabre12 pdabre12 was automatically assigned from prestodb/ibm-reviewers

Assignees

@tdcmeehan tdcmeehan

Labels

from:IBM PR from IBM Security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@infvg @agrawalreetika @tdcmeehan