Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade guava from 31.0.1-jre to latest 32.0.1-jre. #411

Merged
merged 4 commits into from
Jul 6, 2023
Merged

Upgrade guava from 31.0.1-jre to latest 32.0.1-jre. #411

merged 4 commits into from
Jul 6, 2023

Conversation

Rishikesh1159
Copy link
Member

@Rishikesh1159 Rishikesh1159 commented Jul 5, 2023
edited
Loading

Description

This PR Upgrades guava from 31.0.1-jre to latest 32.0.1-jre to fix the CVE-2023-2976

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

dbwiddis
dbwiddis previously approved these changes Jul 5, 2023
View reviewed changes
@joshpalis
Copy link
Member

Failing checks due to :

FAILURE: Build failed with an exception.

* Where:
Build file '/home/runner/work/job-scheduler/job-scheduler/sample-extension-plugin/build.gradle' line: 155

* What went wrong:
Could not determine the dependencies of task ':opensearch-job-scheduler-sample-extension:jobSchedulerBwcCluster#fullRestartClusterTask'.
> Server returned HTTP response code: 403 for URL: https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.9.0/8039/linux/x64/tar/builds/opensearch/plugins/opensearch-job-scheduler-2.9.0.0.zip

@dbwiddis
Copy link
Member

dbwiddis commented Jul 5, 2023

That check was failing on the previous PR before the version update in this PR. See https://github.com/opensearch-project/job-scheduler/actions/runs/5443846790/jobs/9909241372

I suspect we need to wrap a constraints { ... } around that failing line 155.

@Rishikesh1159
remove extra references.
1d15799 
Signed-off-by: Rishikesh1159 <[email protected]>
@Rishikesh1159
use fore resolution strategy.
635892e 
Signed-off-by: Rishikesh1159 <[email protected]>
@codecov
Copy link

codecov bot commented Jul 6, 2023

Codecov Report

Merging #411 (635892e) into main (0132436) will decrease coverage by 0.09%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main     #411      +/-   ##
============================================
- Coverage     28.77%   28.69%   -0.09%     
+ Complexity       97       96       -1     
============================================
  Files            22       22              
  Lines          1178     1178              
  Branches        109      109              
============================================
- Hits            339      338       -1     
  Misses          818      818              
- Partials         21       22       +1

see 1 file with indirect coverage changes

@joshpalis
Copy link
Member

@Rishikesh1159 do you want to backport to 2.x?

@dbwiddis dbwiddis merged commit a297c25 into opensearch-project:main Jul 6, 2023
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jul 6, 2023
@Rishikesh1159 @github-actions
Upgrade guava from 31.0.1-jre to latest 32.1.1-jre. (#411)
113a6a8 
* Upgrade guava from 31.0.1-jre to latest 32.1.1-jre.

Signed-off-by: Rishikesh1159 <[email protected]>

* Add constraint to specific version of guava.

Signed-off-by: Rishikesh1159 <[email protected]>

* remove extra references.

Signed-off-by: Rishikesh1159 <[email protected]>

* use fore resolution strategy.

Signed-off-by: Rishikesh1159 <[email protected]>

---------

Signed-off-by: Rishikesh1159 <[email protected]>
(cherry picked from commit a297c25)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jul 6, 2023
Merged
@Rishikesh1159 Rishikesh1159 changed the title Upgrade guava from 31.0.1-jre to latest 32.1.1-jre. Upgrade guava from 31.0.1-jre to latest 32.0.1-jre. Jul 6, 2023
vibrantvarun pushed a commit that referenced this pull request Jul 6, 2023
@opensearch-trigger-bot @Rishikesh1159
Upgrade guava from 31.0.1-jre to latest 32.1.1-jre. (#411) (#413)
dcc77d5 
* Upgrade guava from 31.0.1-jre to latest 32.1.1-jre.

Signed-off-by: Rishikesh1159 <[email protected]>

* Add constraint to specific version of guava.

Signed-off-by: Rishikesh1159 <[email protected]>

* remove extra references.

Signed-off-by: Rishikesh1159 <[email protected]>

* use fore resolution strategy.

Signed-off-by: Rishikesh1159 <[email protected]>

---------

Signed-off-by: Rishikesh1159 <[email protected]>
(cherry picked from commit a297c25)

Co-authored-by: Rishikesh Pasham <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshpalis joshpalis joshpalis approved these changes

@dbwiddis dbwiddis dbwiddis approved these changes

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@kaituo kaituo Awaiting requested review from kaituo kaituo is a code owner

@vibrantvarun vibrantvarun Awaiting requested review from vibrantvarun vibrantvarun is a code owner

Assignees
No one assigned
Labels
backport 2.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Rishikesh1159 @joshpalis @dbwiddis