Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AUTO] Increment version to 1.3.11-SNAPSHOT #814

Merged
merged 1 commit into from
Jun 22, 2023
Merged

[AUTO] Increment version to 1.3.11-SNAPSHOT #814

merged 1 commit into from
Jun 22, 2023

Conversation

opensearch-trigger-bot[bot]
Copy link
Contributor

  • Incremented version to 1.3.11-SNAPSHOT.

@opensearch-ci-bot
Increment version to 1.3.11-SNAPSHOT
e8be64c 
Signed-off-by: opensearch-ci-bot <[email protected]>
@codecov
Copy link

codecov bot commented Jun 20, 2023

Codecov Report

Merging #814 (e8be64c) into 1.3 (f9e9c6b) will decrease coverage by 0.06%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##                1.3     #814      +/-   ##
============================================
- Coverage     77.00%   76.94%   -0.06%     
+ Complexity     2084     2078       -6     
============================================
  Files           254      254              
  Lines         11770    11770              
  Branches       1830     1830              
============================================
- Hits           9064     9057       -7     
- Misses         1691     1701      +10     
+ Partials       1015     1012       -3

see 11 files with indirect coverage changes

@rishabhmaurya
Copy link
Contributor

There is transitive dependency of snakeyml coming from opensearch build still causing Whitesource security check failure -

[CVE-2022-1471](https://www.mend.io/vulnerability-database/CVE-2022-1471)
Path to dependency file: /spi/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar

Dependency Hierarchy:

-> opensearch-2.6.1-SNAPSHOT.jar (Root Library)

   -> opensearch-x-content-2.6.1-SNAPSHOT.jar

     -> ❌ snakeyaml-1.33.jar (Vulnerable Library)

This needs to be fixed in opensearch build.

@opensearch-trigger-bot opensearch-trigger-bot bot added the v1.3.11 v1.3.11 label Jun 22, 2023
@rishabhmaurya
Copy link
Contributor

Snakeyml security check should pass with - #820

and the below CI failure is a flaky test, so its safe to proceed -

Suite: Test class org.opensearch.indexmanagement.transform.TransformRunnerIT
  2> REPRODUCE WITH: ./gradlew ':integTest' --tests "org.opensearch.indexmanagement.transform.TransformRunnerIT.test continuous transform with wildcard indices" -Dtests.seed=566DD28B92044ABE -Dtests.security.manager=false -Dtests.locale=de-CH -Dtests.timezone=Asia/Beirut -Druntime.java=8
  2> java.lang.AssertionError: Not the expected pages processed expected:<6> but was:<2>
        at __randomizedtesting.SeedInfo.seed([566DD28B92044ABE:BC0B1C1C27D4D359]:0)
        at org.junit.Assert.fail(Assert.java:89)
        at org.junit.Assert.failNotEquals(Assert.java:835)
        at org.junit.Assert.assertEquals(Assert.java:647)
        at org.opensearch.indexmanagement.transform.TransformRunnerIT.test continuous transform with wildcard indices(TransformRunnerIT.kt:743)

More details - #818 (comment)

@getsaurabh02 getsaurabh02 merged commit 6d73953 into 1.3 Jun 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AWSHurneyt AWSHurneyt AWSHurneyt approved these changes

@getsaurabh02 getsaurabh02 getsaurabh02 approved these changes

Assignees
No one assigned
Labels
v1.3.11 v1.3.11
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rishabhmaurya @getsaurabh02 @AWSHurneyt @opensearch-ci-bot