-
Notifications
You must be signed in to change notification settings - Fork 8.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HADOOP-18496: upgrade kotlin and okhttp3 due to kotlin CVEs #5035
Conversation
💔 -1 overall
This message was automatically generated. |
💔 -1 overall
This message was automatically generated. |
💔 -1 overall
This message was automatically generated. |
02a1f29
to
1695948
Compare
0d81454
to
1fa6f53
Compare
💔 -1 overall
This message was automatically generated. |
TestRuntimeEstimators runs ok on my laptop |
dependency conflict kotlin dep convergence issue Update pom.xml
1fa6f53
to
601f174
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 pending a happy yetus
💔 -1 overall
This message was automatically generated. |
@steveloughran the Yetus results look ok. I can't find anything significant in the logs. The TestHttpFSFWithWebhdfsFileSystem test failure looks like an intermittent issue (a port already in use issue). |
yeah, looks like some jvm state thing; they happen. shouldn't, but they do and are hard to track down/eliminate +1, merging |
in trunk...lets push through the backport chain as far as we can |
…ache#5035) Updates okhttp3 and okio so their transitive dependency on Kotlin stdlib is free from recent CVEs. okhttp3:okhttp => 4.10.0 okio:okio => 3.2.0 kotlin stdlib => 1.6.20 kotlin CVEs fixed: CVE-2022-24329 CVE-2020-29582 Contributed by PJ Fanning.
…ache#5035) Updates okhttp3 and okio so their transitive dependency on Kotlin stdlib is free from recent CVEs. okhttp3:okhttp => 4.10.0 okio:okio => 3.2.0 kotlin stdlib => 1.6.20 kotlin CVEs fixed: CVE-2022-24329 CVE-2020-29582 Contributed by PJ Fanning.
…ache#5035) Updates okhttp3 and okio so their transitive dependency on Kotlin stdlib is free from recent CVEs. okhttp3:okhttp => 4.10.0 okio:okio => 3.2.0 kotlin stdlib => 1.6.20 kotlin CVEs fixed: CVE-2022-24329 CVE-2020-29582 Contributed by PJ Fanning.
…ache#5035) Updates okhttp3 and okio so their transitive dependency on Kotlin stdlib is free from recent CVEs. okhttp3:okhttp => 4.10.0 okio:okio => 3.2.0 kotlin stdlib => 1.6.20 kotlin CVEs fixed: CVE-2022-24329 CVE-2020-29582 Contributed by PJ Fanning.
…ache#5035) Updates okhttp3 and okio so their transitive dependency on Kotlin stdlib is free from recent CVEs. okhttp3:okhttp => 4.10.0 okio:okio => 3.2.0 kotlin stdlib => 1.6.20 kotlin CVEs fixed: CVE-2022-24329 CVE-2020-29582 Contributed by PJ Fanning.
…ache#5035) Updates okhttp3 and okio so their transitive dependency on Kotlin stdlib is free from recent CVEs. okhttp3:okhttp => 4.10.0 okio:okio => 3.2.0 kotlin stdlib => 1.6.20 kotlin CVEs fixed: CVE-2022-24329 CVE-2020-29582 Contributed by PJ Fanning.
) Updates okhttp3 and okio so their transitive dependency on Kotlin stdlib is free from recent CVEs. okhttp3:okhttp => 4.10.0 okio:okio => 3.2.0 kotlin stdlib => 1.6.20 kotlin CVEs fixed: CVE-2022-24329 CVE-2020-29582 Contributed by PJ Fanning.
Description of PR
HADOOP-18496 - the version of kotlin-stdlib currently is in use has CVEs. kotlin-stdlib is only needed because of okhttp - but it needs to be upgraded due to kotlin-stdlib upgrade
How was this patch tested?
For code changes:
LICENSE
,LICENSE-binary
,NOTICE-binary
files?