Skip to content

fix: Upgrade parquet-avro version to 1.15.1 in trino bundle and plugin#14140

Merged
nsivabalan merged 4 commits intoapache:masterfrom
vamsikarnika:issue-14129
Oct 24, 2025
Merged

fix: Upgrade parquet-avro version to 1.15.1 in trino bundle and plugin#14140
nsivabalan merged 4 commits intoapache:masterfrom
vamsikarnika:issue-14129

Conversation

@vamsikarnika
Copy link
Copy Markdown
Collaborator

@vamsikarnika vamsikarnika commented Oct 23, 2025
edited
Loading

Describe the issue this Pull Request addresses

#14129

Summary and Changelog

GHSA-2c59-37c4-qrx5 is fixed by parquet-avro version 1.15.1. Upgrading parquet-avro version to 1.15.1 in trino bundle and plugin to handle the CVE.

Impact

Handles CVE GHSA-2c59-37c4-qrx5 in trino plugin

Risk Level

medium

Documentation Update

NA

Contributor's checklist

  • Read through contributor's guide
  • Enough context is provided in the sections above
  • Adequate tests were added if applicable

@vamsikarnika vamsikarnika marked this pull request as draft October 23, 2025 05:00
@github-actions github-actions bot added the size:XS PR with lines of changes in <= 10 label Oct 23, 2025
@hudi-bot
Copy link
Copy Markdown
Collaborator

hudi-bot commented Oct 23, 2025

CI report:

Bot commands @hudi-bot supports the following commands:
  • @hudi-bot run azure re-run the last Azure build

@vamsikarnika vamsikarnika changed the title Issue 14129 fix: Upgrade parquet-avro version to 1.15.1 in trino bundle and plugin Oct 23, 2025
@vamsikarnika vamsikarnika marked this pull request as ready for review October 23, 2025 16:38
@nsivabalan nsivabalan merged commit b1710b7 into apache:master Oct 24, 2025
71 of 74 checks passed
@yihua yihua mentioned this pull request Oct 27, 2025
Closed
3 tasks
yihua pushed a commit that referenced this pull request Oct 28, 2025
@vamsikarnika @yihua
fix: Upgrade parquet-avro version to 1.15.1 in trino bundle and plugin (
0568b0a 
#14140)

---------

Co-authored-by: Lokesh Jain <ljain@192.168.0.234>
Co-authored-by: Vamsi <vamsi@onehouse.ai>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nsivabalan nsivabalan nsivabalan approved these changes

Assignees

No one assigned

Labels

size:XS PR with lines of changes in <= 10

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vamsikarnika @hudi-bot @nsivabalan