Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 2.x] Manual backport of google.jimfs #9080

Merged
merged 4 commits into from
Aug 2, 2023
Merged

[Backport 2.x] Manual backport of google.jimfs #9080

merged 4 commits into from
Aug 2, 2023

Conversation

saratvemulapalli
Copy link
Member

@saratvemulapalli saratvemulapalli commented Aug 2, 2023
edited
Loading

Description

Manual backport of #8585

Came across this while digging into CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-2976
google.jimfs has a transitive dependency on com.google.guava:guava:30.1-android which is part of the CVE.

This PR #8585 was not backported to 2.x.

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@stephen-crawford @saratvemulapalli
Manually update com.google.jimfs:jimfs from 1.2 to 1.3.0 (opensearch-…
023d079 
…project#8585)

* trivial change to trigger retry

Signed-off-by: Stephen Crawford <[email protected]>

---------

Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
(cherry picked from commit 89533c8)
Signed-off-by: Sarat Vemulapalli <[email protected]>
@saratvemulapalli
Fixing changelog
d97b736 
Signed-off-by: Sarat Vemulapalli <[email protected]>
@saratvemulapalli
Fixing Changelog again
877201b 
Signed-off-by: Sarat Vemulapalli <[email protected]>
@saratvemulapalli
Merge branch '2.x' into backport/backport-8585-to-2.x
0e260ec 
Signed-off-by: Sarat Vemulapalli <[email protected]>
@opensearch-trigger-bot
Copy link
Contributor

Compatibility status:

> Task :checkCompatibility
Checking compatibility for: https://github.com/opensearch-project/opensearch-oci-object-storage.git with ref: 2.x
Skipping compatibility check for https://github.com/opensearch-project/opensearch-oci-object-storage.git
Incompatible components: [https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/ml-commons.git]
Components skipped due to git failures: [https://github.com/opensearch-project/opensearch-oci-object-storage.git]
Compatible components: [https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/security-analytics.git]

BUILD SUCCESSFUL in 22m 24s

@opensearch-trigger-bot
Copy link
Contributor

Compatibility status:



> Task :checkCompatibility
Incompatible components: [https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/ml-commons.git]
Components skipped due to git failures: [https://github.com/opensearch-project/opensearch-oci-object-storage.git]
Compatible components: [https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/performance-analyzer-rca.git]

BUILD SUCCESSFUL in 26m 3s

@opensearch-trigger-bot
Copy link
Contributor

Compatibility status:

> Task :checkCompatibility
Checking compatibility for: https://github.com/opensearch-project/opensearch-oci-object-storage.git with ref: 2.x
Skipping compatibility check for https://github.com/opensearch-project/opensearch-oci-object-storage.git
Incompatible components: [https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/ml-commons.git]
Components skipped due to git failures: [https://github.com/opensearch-project/opensearch-oci-object-storage.git]
Compatible components: [https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/performance-analyzer-rca.git]

BUILD SUCCESSFUL in 33m 8s

@opensearch-trigger-bot
Copy link
Contributor

Compatibility status:



> Task :checkCompatibility
Incompatible components: [https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/ml-commons.git]
Components skipped due to git failures: [https://github.com/opensearch-project/opensearch-oci-object-storage.git]
Compatible components: [https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/performance-analyzer-rca.git]

BUILD SUCCESSFUL in 34m 17s

@github-actions
Copy link
Contributor

github-actions bot commented Aug 2, 2023

Gradle Check (Jenkins) Run Completed with:

@codecov
Copy link

codecov bot commented Aug 2, 2023
edited
Loading

Codecov Report

Merging #9080 (0e260ec) into 2.x (21723f0) will increase coverage by 0.07%.
Report is 1 commits behind head on 2.x.
The diff coverage is n/a.

@@             Coverage Diff              @@
##                2.x    #9080      +/-   ##
============================================
+ Coverage     70.68%   70.76%   +0.07%     
- Complexity    57345    57417      +72     
============================================
  Files          4749     4749              
  Lines        271399   271399              
  Branches      40055    40055              
============================================
+ Hits         191851   192052     +201     
+ Misses        63090    62912     -178     
+ Partials      16458    16435      -23
Files Changed Coverage Δ
.../java/org/opensearch/identity/IdentityService.java 100.00% <ø> (ø)

... and 442 files with indirect coverage changes

@github-actions
Copy link
Contributor

github-actions bot commented Aug 2, 2023

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

github-actions bot commented Aug 2, 2023

Gradle Check (Jenkins) Run Completed with:

  • RESULT: UNSTABLE ❕
  • TEST FAILURES:
      3 org.opensearch.search.SearchWeightedRoutingIT.testStrictWeightedRoutingWithCustomString

@kotwanikunal kotwanikunal merged commit 7b66f33 into opensearch-project:2.x Aug 2, 2023
@saratvemulapalli saratvemulapalli deleted the backport/backport-8585-to-2.x branch August 2, 2023 22:42
@saratvemulapalli saratvemulapalli added dependencies Pull requests that update a dependency file v2.10.0 >upgrade Label used when upgrading library dependencies (e.g., Lucene) labels Aug 2, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Aug 2, 2023

Gradle Check (Jenkins) Run Completed with:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Poojita-Raj Poojita-Raj Poojita-Raj approved these changes

@kotwanikunal kotwanikunal kotwanikunal approved these changes

@VachaShah VachaShah VachaShah approved these changes

@reta reta Awaiting requested review from reta reta is a code owner

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@setiah setiah Awaiting requested review from setiah

@kartg kartg Awaiting requested review from kartg

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89

@tlfeng tlfeng Awaiting requested review from tlfeng

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file >upgrade Label used when upgrading library dependencies (e.g., Lucene) v2.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@saratvemulapalli @VachaShah @kotwanikunal @Poojita-Raj @stephen-crawford