Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated guava dependency throughout azure-cosmos #31761

Merged
merged 23 commits into from
Nov 3, 2022
Merged

Updated guava dependency throughout azure-cosmos #31761

merged 23 commits into from
Nov 3, 2022

Conversation

kushagraThapar
Copy link
Member

@kushagraThapar kushagraThapar commented Oct 26, 2022
edited
Loading

Motivation
This PR removes the dependency on the guava library due to possibility of recurring vulnerabilities (see CVE-2020-8908) and upgrades the dependency on testng library. As a result of moving away from the guava library and vulnerabilities in the commons-codec library (see CVE-2020-15250) the murmur hash 3 implementation is shaded from the commons-codec library.

Furthermore, the apache commons-codec implementation of murmur hash 3 is only used in unit testing and not in any implementation of azure-cosmos SDK.

@ghost ghost added the Cosmos label Oct 26, 2022
xinlian12
xinlian12 approved these changes Oct 26, 2022
View reviewed changes
Copy link
Member

@xinlian12 xinlian12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks

@kushagraThapar
Copy link
Member Author

/azp run java - cosmos - ci

@azure-pipelines
Copy link

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

@azure-sdk
Copy link
Collaborator

API change check

API changes are not detected in this pull request.

@jeet1995 jeet1995 self-requested a review as a code owner November 1, 2022 10:21
FabianMeiswinkel
FabianMeiswinkel approved these changes Nov 1, 2022
View reviewed changes
Copy link
Member

@FabianMeiswinkel FabianMeiswinkel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jeet1995
Copy link
Member

jeet1995 commented Nov 1, 2022

/azp run java - cosmos - ci

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@kushagraThapar
Copy link
Member Author

/azp run java - cosmos - tests

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@jeet1995 jeet1995 merged commit f112495 into Azure:main Nov 3, 2022
jeet1995 added a commit that referenced this pull request Nov 3, 2022
@jeet1995
Revert "Updated guava dependency throughput azure-cosmos (#31761)"
636e204 
This reverts commit f112495.
@jeet1995 jeet1995 mentioned this pull request Nov 3, 2022
Closed
@jeet1995 jeet1995 mentioned this pull request Nov 16, 2022
Merged
@kushagraThapar kushagraThapar changed the title Updated guava dependency throughput azure-cosmos Updated guava dependency throughout azure-cosmos Nov 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xinlian12 xinlian12 xinlian12 approved these changes

@FabianMeiswinkel FabianMeiswinkel FabianMeiswinkel approved these changes

@anuchandy anuchandy anuchandy approved these changes

@alzimmermsft alzimmermsft Awaiting requested review from alzimmermsft alzimmermsft is a code owner

@samvaity samvaity Awaiting requested review from samvaity samvaity is a code owner

@g2vinay g2vinay Awaiting requested review from g2vinay g2vinay is a code owner

@JonathanGiles JonathanGiles Awaiting requested review from JonathanGiles JonathanGiles is a code owner

@backwind1233 backwind1233 Awaiting requested review from backwind1233

@chenrujun chenrujun Awaiting requested review from chenrujun

@hui1110 hui1110 Awaiting requested review from hui1110

@Netyyyy Netyyyy Awaiting requested review from Netyyyy Netyyyy is a code owner

@saragluna saragluna Awaiting requested review from saragluna saragluna is a code owner

@stliu stliu Awaiting requested review from stliu

@yiliuTo yiliuTo Awaiting requested review from yiliuTo

@moarychan moarychan Awaiting requested review from moarychan moarychan is a code owner

@fangjian0423 fangjian0423 Awaiting requested review from fangjian0423

@kirankumarkolli kirankumarkolli Awaiting requested review from kirankumarkolli kirankumarkolli is a code owner

@milismsft milismsft Awaiting requested review from milismsft

@aayush3011 aayush3011 Awaiting requested review from aayush3011

@simorenoh simorenoh Awaiting requested review from simorenoh

@jeet1995 jeet1995 Awaiting requested review from jeet1995

@mssfang mssfang Awaiting requested review from mssfang mssfang is a code owner

Assignees
No one assigned
Labels
Cosmos
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@kushagraThapar @azure-sdk @jeet1995 @anuchandy @FabianMeiswinkel @xinlian12