Skip to content

[BUG] upgrade dependency #1194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
CEHENKLE opened this issue Sep 1, 2021 · 2 comments
Closed

[BUG] upgrade dependency #1194

CEHENKLE opened this issue Sep 1, 2021 · 2 comments
Assignees
@abbashus
Labels
bug Something isn't working

Comments

@CEHENKLE
Copy link
Member

CEHENKLE commented Sep 1, 2021

Describe the bug
Update dependency commons-compress-jar to from 1.19 to 1.21 unless it is only used in testing.
@CEHENKLE CEHENKLE added bug Something isn't working untriaged labels Sep 1, 2021
@abbashus abbashus self-assigned this Sep 1, 2021
@abbashus
Copy link
Contributor

abbashus commented Sep 1, 2021

@CEHENKLE what exactly is the bug with version commons-compress-jar:1.19? Do we want to fix some CVE here ?

@CEHENKLE CEHENKLE removed the untriaged label Sep 1, 2021
@abbashus
Copy link
Contributor

abbashus commented Sep 1, 2021

org.apache.commons:commons-compress:1.19 is

  1. api dependency of build-tools and plugins/ingest-attachment.
  2. transitive dependency of org.apache.hadoop:hadoop-minicluster:2.10.1 in module test/fixtures/hdfs-fixture.

Will upgrade for case 1.

@abbashus abbashus mentioned this issue Sep 1, 2021
Merged
5 tasks
@abbashus abbashus closed this as completed Sep 2, 2021
@abbashus abbashus mentioned this issue Sep 2, 2021
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abbashus abbashus

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abbashus @CEHENKLE