Skip to content

dependency updates for cve patches (part 3) #5383

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Feb 23, 2023
Merged

dependency updates for cve patches (part 3) #5383

merged 10 commits into from
Feb 23, 2023

Conversation

bdoyle0182
Copy link
Contributor

Description

For what's left, I'm overriding transitive dependencies where possible and give a description on the reason for the constraint

Related issue and scope

  • I opened an issue to propose and discuss this change (#????)

My changes affect the following components

  • API
  • Controller
  • Message Bus (e.g., Kafka)
  • Loadbalancer
  • Scheduler
  • Invoker
  • Intrinsic actions (e.g., sequences, conductors)
  • Data stores (e.g., CouchDB)
  • Tests
  • Deployment
  • CLI
  • General tooling
  • Documentation

Types of changes

  • Bug fix (generally a non-breaking change which closes an issue).
  • Enhancement or new feature (adds new functionality).
  • Breaking change (a bug fix or enhancement which changes existing behavior).

Checklist:

  • I signed an Apache CLA.
  • I reviewed the style guides and followed the recommendations (Travis CI will check :).
  • I added tests to cover my changes.
  • My changes require further changes to the documentation.
  • I updated the documentation where necessary.

@codecov-commenter
Copy link

codecov-commenter commented Feb 22, 2023
edited
Loading

Codecov Report

Merging #5383 (95e6e5b) into master (f0e281e) will decrease coverage by 0.05%.
The diff coverage is n/a.

❗ Current head 95e6e5b differs from pull request most recent head 2bad0e7. Consider uploading reports for the commit 2bad0e7 to get more accurate results

@@            Coverage Diff             @@
##           master    #5383      +/-   ##
==========================================
- Coverage   76.50%   76.45%   -0.05%     
==========================================
  Files         240      240              
  Lines       14569    14569              
  Branches      647      647              
==========================================
- Hits        11146    11139       -7     
- Misses       3423     3430       +7
Impacted Files Coverage Δ
...rg/apache/openwhisk/common/ForcibleSemaphore.scala 88.46% <0.00%> (-3.85%) ⬇️
.../openwhisk/core/loadBalancer/FPCPoolBalancer.scala 33.08% <0.00%> (-1.13%) ⬇️
...e/openwhisk/core/scheduler/queue/MemoryQueue.scala 81.35% <0.00%> (-0.76%) ⬇️
.../org/apache/openwhisk/common/NestedSemaphore.scala 87.87% <0.00%> (+3.03%) ⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

dgrove-oss
dgrove-oss approved these changes Feb 23, 2023
View reviewed changes
Copy link
Member

@dgrove-oss dgrove-oss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@bdoyle0182 bdoyle0182 merged commit 65a0132 into apache:master Feb 23, 2023
@dgrove-oss
Copy link
Member

No good deed goes unpunished...

The downstream runtime builds are now all failing with:

Execution failed for task ':tests:compileTestScala'.
[36](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:37)
> Could not resolve all files for configuration ':tests:testCompileClasspath'.
[37](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:38)
   > Could not find com.microsoft.azure:azure-cosmosdb:.
[38](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:39)
     Required by:
[39](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:40)
         project :tests > org.apache.openwhisk:openwhisk-common:1.0.1-SNAPSHOT
[40](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:41)
   > Could not find com.sksamuel.elastic4s:elastic4s-http_2.12:.
[41](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:42)
     Required by:
[42](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:43)
         project :tests > org.apache.openwhisk:openwhisk-common:1.0.1-SNAPSHOT
[43](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:44)
   > Could not find org.mongodb.scala:mongo-scala-driver_2.12:.
[44](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:45)
     Required by:
[45](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:46)
         project :tests > org.apache.openwhisk:openwhisk-common:1.0.1-SNAPSHOT
[46](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:47)

@bdoyle0182
Copy link
Contributor Author

bdoyle0182 commented Feb 24, 2023
edited
Loading

No good deed goes unpunished...

The downstream runtime builds are now all failing with:

Execution failed for task ':tests:compileTestScala'.
[36](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:37)
> Could not resolve all files for configuration ':tests:testCompileClasspath'.
[37](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:38)
   > Could not find com.microsoft.azure:azure-cosmosdb:.
[38](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:39)
     Required by:
[39](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:40)
         project :tests > org.apache.openwhisk:openwhisk-common:1.0.1-SNAPSHOT
[40](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:41)
   > Could not find com.sksamuel.elastic4s:elastic4s-http_2.12:.
[41](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:42)
     Required by:
[42](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:43)
         project :tests > org.apache.openwhisk:openwhisk-common:1.0.1-SNAPSHOT
[43](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:44)
   > Could not find org.mongodb.scala:mongo-scala-driver_2.12:.
[44](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:45)
     Required by:
[45](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:46)
         project :tests > org.apache.openwhisk:openwhisk-common:1.0.1-SNAPSHOT
[46](https://github.com/apache/openwhisk-runtime-rust/actions/runs/4258622845/jobs/7410050426#step:9:47)

not sure what's going on there since it seems like it's able to compile the core project in the previous task before this step. It seems like it's looking to load the dependency without any version? maybe a discrepancy in gradle version it doesn't know how to handle the constraints type properly for that compile classpath task? we can try this and if it doesn't work then we can just revert for now.
#5384

mtt-merz pushed a commit to mtt-merz/openwhisk that referenced this pull request Oct 22, 2023
@bdoyle0182 @mtt-merz
dependency updates for cve patches (part 3) (apache#5383)
fc51306 
* more dependency vulns

* remove zinc upgrade for now

* fix build attempt

* apply avro pin everywhere

* another build fix

* changes

* revert

* override scoverage versions

* revert swagger bump

* cleanup

---------

Co-authored-by: Brendan Doyle <[email protected]>
(cherry picked from commit 65a0132)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgrove-oss dgrove-oss dgrove-oss approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bdoyle0182 @codecov-commenter @dgrove-oss