Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/apache/beam/sdks/v2 from 2.54.0 to 2.55.0 #3411

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 25, 2024

Bumps github.com/apache/beam/sdks/v2 from 2.54.0 to 2.55.0.

Release notes

Sourced from github.com/apache/beam/sdks/v2's releases.

Beam 2.55.0 release

We are happy to present the new 2.55.0 release of Beam. This release includes both improvements and new functionality. See the download page for this release.

For more information on changes in 2.55.0, check out the detailed release notes.

Highlights

  • The Python SDK will now include automatically generated wrappers for external Java transforms! (#29834)

I/Os

  • Added support for handling bad records to BigQueryIO (#30081).
    • Full Support for Storage Read and Write APIs
    • Partial Support for File Loads (Failures writing to files supported, failures loading files to BQ unsupported)
    • No Support for Extract or Streaming Inserts
  • Added support for handling bad records to PubSubIO (#30372).
    • Support is not available for handling schema mismatches, and enabling error handling for writing to Pub/Sub topics with schemas is not recommended
  • --enableBundling pipeline option for BigQueryIO DIRECT_READ is replaced by --enableStorageReadApiV2. Both were considered experimental and subject to change (Java) (#26354).

New Features / Improvements

  • Allow writing clustered and not time-partitioned BigQuery tables (Java) (#30094).
  • Redis cache support added to RequestResponseIO and Enrichment transform (Python) (#30307)
  • Merged sdks/java/fn-execution and runners/core-construction-java into the main SDK. These artifacts were never meant for users, but noting that they no longer exist. These are steps to bring portability into the core SDK alongside all other core functionality.
  • Added Vertex AI Feature Store handler for Enrichment transform (Python) (#30388)

Breaking Changes

  • Arrow version was bumped to 15.0.0 from 5.0.0 (#30181).
  • Go SDK users who build custom worker containers may run into issues with the move to distroless containers as a base (see Security Fixes).
  • Python SDK has changed the default value for the --max_cache_memory_usage_mb pipeline option from 100 to 0. This option was first introduced in the 2.52.0 SDK version. This change restores the behavior of the 2.51.0 SDK, which does not use the state cache. If your pipeline uses iterable side inputs views, consider increasing the cache size by setting the option manually. (#30360).

Deprecations

  • N/A

Bug fixes

  • Fixed SpannerIO.readChangeStream to support propagating credentials from pipeline options to the getDialect calls for authenticating with Spanner (Java) (#30361).
  • Reduced the number of HTTP requests in GCSIO function calls (Python) (#30205)

Security Fixes

... (truncated)

Changelog

Sourced from github.com/apache/beam/sdks/v2's changelog.

[2.55.0] - 2024-03-25

Highlights

  • The Python SDK will now include automatically generated wrappers for external Java transforms! (#29834)

I/Os

  • Added support for handling bad records to BigQueryIO (#30081).
    • Full Support for Storage Read and Write APIs
    • Partial Support for File Loads (Failures writing to files supported, failures loading files to BQ unsupported)
    • No Support for Extract or Streaming Inserts
  • Added support for handling bad records to PubSubIO (#30372).
    • Support is not available for handling schema mismatches, and enabling error handling for writing to pubsub topics with schemas is not recommended
  • --enableBundling pipeline option for BigQueryIO DIRECT_READ is replaced by --enableStorageReadApiV2. Both were considered experimental and may subject to change (Java) (#26354).

New Features / Improvements

  • Allow writing clustered and not time partitioned BigQuery tables (Java) (#30094).
  • Redis cache support added to RequestResponseIO and Enrichment transform (Python) (#30307)
  • Merged sdks/java/fn-execution and runners/core-construction-java into the main SDK. These artifacts were never meant for users, but noting that they no longer exist. These are steps to bring portability into the core SDK alongside all other core functionality.
  • Added Vertex AI Feature Store handler for Enrichment transform (Python) (#30388)

Breaking Changes

  • Arrow version was bumped to 15.0.0 from 5.0.0 (#30181).
  • Go SDK users who build custom worker containers may run into issues with the move to distroless containers as a base (see Security Fixes).
  • Python SDK has changed the default value for the --max_cache_memory_usage_mb pipeline option from 100 to 0. This option was first introduced in 2.52.0 SDK. This change restores the behavior of 2.51.0 SDK, which does not use the state cache. If your pipeline uses iterable side inputs views, consider increasing the cache size by setting the option manually. (#30360).

Bugfixes

  • Fixed SpannerIO.readChangeStream to support propagating credentials from pipeline options to the getDialect calls for authenticating with Spanner (Java) (#30361).
  • Reduced the number of HTTP requests in GCSIO function calls (Python) (#30205)

Security Fixes

  • Go SDK base container image moved to distroless/base-nossl-debian12, reducing vulnerable container surface to kernel and glibc (#30011).

Known Issues

  • In Python pipelines, when shutting down inactive bundle processors, shutdown logic can overaggressively hold the lock, blocking acceptance of new work. Symptoms of this issue include slowness or stuckness in long-running jobs. Fixed in 2.56.0 (#30679).
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/apache/beam/sdks/v2](https://github.com/apache/beam) from 2.54.0 to 2.55.0.
- [Release notes](https://github.com/apache/beam/releases)
- [Changelog](https://github.com/apache/beam/blob/master/CHANGES.md)
- [Commits](apache/beam@v2.54.0...v2.55.0)

---
updated-dependencies:
- dependency-name: github.com/apache/beam/sdks/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner March 25, 2024 21:44
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 25, 2024
@dependabot dependabot bot requested a review from phbnf March 25, 2024 21:44
@phbnf
Copy link
Contributor

phbnf commented Mar 26, 2024

/gcbrun

@phbnf
Copy link
Contributor

phbnf commented Mar 26, 2024

Hmm, govulncheck failed:

Vulnerability #1: GO-2024-2659
    Data exfiltration from internal networks in github.com/docker/docker
  More info: https://pkg.go.dev/vuln/GO-2024-2659

@roger2hk
Copy link
Contributor

/gcbrun

@phbnf
Copy link
Contributor

phbnf commented Mar 27, 2024

Thanks @roger2hk !

@phbnf phbnf merged commit 880a795 into master Mar 27, 2024
12 checks passed
@phbnf phbnf deleted the dependabot/go_modules/github.com/apache/beam/sdks/v2-2.55.0 branch March 27, 2024 09:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants