Bump org.bouncycastle:bcprov-jdk18on from 1.77 to 1.78 in /hadoop-project #6811

dependabot · 2024-05-10T18:29:43Z

Bumps org.bouncycastle:bcprov-jdk18on from 1.77 to 1.78.

Changelog

Sourced from org.bouncycastle:bcprov-jdk18on's changelog.

2.1.1 Version Date:      2024, TBD.

2.2.1 Version Date:      2024, 18th April.

2.3.1 Version Release: 1.78 Date:      2024, 7th April.

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java) from 1.77 to 1.78. - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) --- updated-dependencies: - dependency-name: org.bouncycastle:bcprov-jdk18on dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

hadoop-yetus · 2024-05-10T19:50:28Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 21s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
+1 💚	mvninstall	32m 42s		trunk passed
+1 💚	compile	0m 16s		trunk passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	compile	0m 16s		trunk passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	mvnsite	0m 19s		trunk passed
+1 💚	javadoc	0m 21s		trunk passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	javadoc	0m 17s		trunk passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	shadedclient	53m 53s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 11s		the patch passed
+1 💚	compile	0m 10s		the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	javac	0m 10s		the patch passed
+1 💚	compile	0m 9s		the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	javac	0m 9s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	0m 11s		the patch passed
+1 💚	javadoc	0m 10s		the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	javadoc	0m 10s		the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	shadedclient	20m 45s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	0m 12s		hadoop-project in the patch passed.
+1 💚	asflicense	0m 26s		The patch does not generate ASF License warnings.
		79m 43s

Subsystem	Report/Notes
Docker	ClientAPI=1.45 ServerAPI=1.45 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6811/1/artifact/out/Dockerfile
GITHUB PR	#6811
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname	Linux 2645a0f3a74a 5.15.0-94-generic #104-Ubuntu SMP Tue Jan 9 15:25:40 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `7508edd`
Default Java	Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6811/1/testReport/
Max. process+thread count	554 (vs. ulimit of 5500)
modules	C: hadoop-project U: hadoop-project
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6811/1/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

hadoop-yetus · 2024-05-11T06:36:31Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
			_ Prechecks _
+1 💚	dupname	0m 00s		No case conflicting files found.
+0 🆗	codespell	0m 01s		codespell was not available.
+0 🆗	detsecrets	0m 01s		detect-secrets was not available.
+0 🆗	xmllint	0m 01s		xmllint was not available.
+1 💚	@author	0m 00s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 00s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
+1 💚	mvninstall	108m 05s		trunk passed
+1 💚	compile	5m 35s		trunk passed
+1 💚	mvnsite	5m 18s		trunk passed
+1 💚	javadoc	5m 16s		trunk passed
+1 💚	shadedclient	283m 33s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	2m 20s		the patch passed
+1 💚	compile	2m 16s		the patch passed
+1 💚	javac	2m 16s		the patch passed
+1 💚	blanks	0m 01s		The patch has no blanks issues.
+1 💚	mvnsite	2m 27s		the patch passed
+1 💚	javadoc	2m 16s		the patch passed
+1 💚	shadedclient	181m 17s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	asflicense	7m 17s		The patch does not generate ASF License warnings.
		489m 42s

Subsystem	Report/Notes
GITHUB PR	#6811
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname	MINGW64_NT-10.0-17763 49952abbd61a 3.4.10-87d57229.x86_64 2024-02-14 20:17 UTC x86_64 Msys
Build tool	maven
Personality	/c/hadoop/dev-support/bin/hadoop.sh
git revision	trunk / `7508edd`
Default Java	Azul Systems, Inc.-1.8.0_332-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6811/1/testReport/
modules	C: hadoop-project U: hadoop-project
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6811/1/console
versions	git=2.44.0.windows.1
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

pjfanning · 2024-05-12T19:47:44Z

@vinayakumarb The LICENSE-binary has to be kept up to date.

I have https://issues.apache.org/jira/browse/HADOOP-19154 open to track this upgrade.

Bumps [org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java) from 1.77 to 1.78. - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) --- updated-dependencies: - dependency-name: org.bouncycastle:bcprov-jdk18on dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 10, 2024

github-actions bot added build trunk labels May 10, 2024

slfan1989 approved these changes May 10, 2024

View reviewed changes

vinayakumarb approved these changes May 11, 2024

View reviewed changes

vinayakumarb merged commit 1d09a64 into trunk May 12, 2024
1 of 4 checks passed

dependabot bot deleted the dependabot/maven/hadoop-project/org.bouncycastle-bcprov-jdk18on-1.78 branch May 12, 2024 13:08

steveloughran mentioned this pull request May 13, 2024

HADOOP-19154. Upgrade bouncycastle to 1.78.1 due to CVEs #6755

Merged

4 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump org.bouncycastle:bcprov-jdk18on from 1.77 to 1.78 in /hadoop-project #6811

Bump org.bouncycastle:bcprov-jdk18on from 1.77 to 1.78 in /hadoop-project #6811

dependabot bot commented on behalf of github May 10, 2024

hadoop-yetus commented May 10, 2024

hadoop-yetus commented May 11, 2024

pjfanning commented May 12, 2024

Bump org.bouncycastle:bcprov-jdk18on from 1.77 to 1.78 in /hadoop-project #6811

Bump org.bouncycastle:bcprov-jdk18on from 1.77 to 1.78 in /hadoop-project #6811

Conversation

dependabot bot commented on behalf of github May 10, 2024

hadoop-yetus commented May 10, 2024

hadoop-yetus commented May 11, 2024

pjfanning commented May 12, 2024