-
Notifications
You must be signed in to change notification settings - Fork 6.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix broken dependency: update zlib from 1.2.12 to 1.2.13 #10833
Conversation
LGTM :-) @jay-zhuang can you merge it please? |
@siying has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
@siying I believe this is also dependent on @jay-zhuang uploading the latest zlib binary to the rocksdb S3 bucket - hence the CI failures. |
d9e8ae8
to
14ef8b5
Compare
@xiaochenfan has updated the pull request. You must reimport the pull request before landing. |
@xiaochenfan has updated the pull request. You must reimport the pull request before landing. |
@xiaochenfan Can we get this merged ASAP to |
@xiaochenfan has updated the pull request. You must reimport the pull request before landing. |
@ajkr has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Uploaded. LGTM
Update dependency to fix CVE https://nvd.nist.gov/vuln/detail/CVE-2022-37434. RocksDB fix: facebook/rocksdb#10833.
Update dependency to fix CVE https://nvd.nist.gov/vuln/detail/CVE-2022-37434. RocksDB fix: facebook/rocksdb#10833.
zlib(https://zlib.net/) has released v1.2.13.
1.2.12 is no longer available for downloading and Makefile for rocksdb will be broken due to can't find the source .tar.gz.
https://nvd.nist.gov/vuln/detail/CVE-2022-37434
This pr update the version number and the shasum of new .tar.gz file. (1.2.13)
Fixes #10876