Skip to content

[SPARK-41686][SPARK-41030][BUILD][3.3] Upgrade Apache Ivy to 2.5.1 #39176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tobiasstadler wants to merge 1 commit into from
Closed

[SPARK-41686][SPARK-41030][BUILD][3.3] Upgrade Apache Ivy to 2.5.1 #39176

tobiasstadler wants to merge 1 commit into from

Conversation

@tobiasstadler
Copy link
Contributor

@tobiasstadler tobiasstadler commented Dec 22, 2022
edited
Loading

What changes were proposed in this pull request?

Upgrade Apache Ivy from 2.5.0 to 2.5.1

Why are the changes needed?

CVE-2022-37865
and
CVE-2022-37866

Does this PR introduce any user-facing change?

No.

How was this patch tested?

Pass GA

@github-actions github-actions bot added the BUILD label Dec 22, 2022
@tobiasstadler tobiasstadler changed the title [SPARK-41686][BUILD] Updated ivy to 2.5.1 [SPARK-41686][BUILD] Upgrade Apache Ivy to 2.5.1 Dec 22, 2022
@HyukjinKwon
Copy link
Member

HyukjinKwon commented Dec 22, 2022

@tobiasstadler mind creating a PR against master branch? We can backport the change to other branches.

@tobiasstadler
Copy link
Contributor Author

tobiasstadler commented Dec 22, 2022

@HyukjinKwon This is actually a backport of SPARK-41030.

@HyukjinKwon HyukjinKwon changed the title [SPARK-41686][BUILD] Upgrade Apache Ivy to 2.5.1 [SPARK-41686][SPARK-41030][BUILD][3.3] Upgrade Apache Ivy to 2.5.1 Dec 22, 2022
@HyukjinKwon
Copy link
Member

HyukjinKwon commented Dec 22, 2022

Merged to branch-3.3.

HyukjinKwon pushed a commit that referenced this pull request Dec 22, 2022
@tobiasstadler @HyukjinKwon
[SPARK-41686][SPARK-41030][BUILD][3.3] Upgrade Apache Ivy to 2.5.1
19824cf 
### What changes were proposed in this pull request?
Upgrade Apache Ivy from 2.5.0 to 2.5.1

### Why are the changes needed?
[CVE-2022-37865](https://www.cve.org/CVERecord?id=CVE-2022-37865)
and
[CVE-2022-37866](https://nvd.nist.gov/vuln/detail/CVE-2022-37866)

### Does this PR introduce _any_ user-facing change?
No.

### How was this patch tested?
Pass GA

Closes #39176 from tobiasstadler/SPARK-41686.

Authored-by: Tobias Stadler <ts.stadler@gmx.de>
Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
@tobiasstadler
Copy link
Contributor Author

tobiasstadler commented Dec 22, 2022

Thank you!

@tobiasstadler tobiasstadler deleted the SPARK-41686 branch December 22, 2022 13:20
@bjornjorgensen bjornjorgensen mentioned this pull request Dec 22, 2022
Closed
dongjoon-hyun
dongjoon-hyun reviewed Dec 27, 2022
View reviewed changes
Copy link
Member

@dongjoon-hyun dongjoon-hyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, late LGTM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dongjoon-hyun dongjoon-hyun dongjoon-hyun left review comments

@HyukjinKwon HyukjinKwon HyukjinKwon approved these changes

Assignees

No one assigned

Labels

BUILD

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tobiasstadler @HyukjinKwon @dongjoon-hyun