Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump protobuf-java to 3.21.7 in repository-gcs and repository-hdfs. #4790

Merged
merged 1 commit into from
Oct 18, 2022

Conversation

mch2
Copy link
Member

@mch2 mch2 commented Oct 14, 2022

Signed-off-by: Marc Handalian handalm@amazon.com

Description

Dependabot bumped this dependency in #4727 but missed a few projects that also use protobuf.

Issues Resolved

Resolves CVE-2022-3171.

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@mch2 mch2 requested review from a team and reta as code owners October 14, 2022 00:04
@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@codecov-commenter
Copy link

Codecov Report

Merging #4790 (48f6af1) into main (d15795a) will increase coverage by 7.14%.
The diff coverage is 64.28%.

❗ Current head 48f6af1 differs from pull request most recent head cae8952. Consider uploading reports for the commit cae8952 to get more accurate results

@@             Coverage Diff              @@
##               main    #4790      +/-   ##
============================================
+ Coverage     70.66%   77.80%   +7.14%     
- Complexity    57578    62499    +4921     
============================================
  Files          4661     4364     -297     
  Lines        276662   270114    -6548     
  Branches      40325    40598     +273     
============================================
+ Hits         195501   210168   +14667     
+ Misses        64926    43264   -21662     
- Partials      16235    16682     +447     
Impacted Files Coverage Δ
...apshots/restore/RestoreSnapshotRequestBuilder.java 66.66% <ø> (+50.00%) ⬆️
.../src/main/java/org/opensearch/client/Requests.java 44.00% <ø> (-1.29%) ⬇️
...ateway/TransportNodesListGatewayStartedShards.java 58.08% <ø> (+6.41%) ⬆️
.../main/java/org/opensearch/index/IndexSettings.java 89.02% <ø> (+3.38%) ⬆️
...java/org/opensearch/index/shard/StoreRecovery.java 79.03% <ø> (+11.15%) ⬆️
...org/opensearch/index/shard/ShardStateMetadata.java 63.79% <47.05%> (+0.63%) ⬆️
...ster/snapshots/restore/RestoreSnapshotRequest.java 75.98% <52.63%> (+6.37%) ⬆️
.../org/opensearch/client/support/AbstractClient.java 64.67% <55.55%> (+31.74%) ⬆️
...in/java/org/opensearch/index/shard/IndexShard.java 76.17% <60.00%> (+6.72%) ⬆️
...org/opensearch/cluster/routing/RecoverySource.java 74.50% <70.00%> (+5.33%) ⬆️
... and 3811 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@dreamer-89
Copy link
Member

Connect exception to maven repo in precommit workflow failure. Refiring!

> Could not resolve all task dependencies for configuration ':plugins:repository-gcs:runtimeClasspath'.
   > Could not resolve com.google.guava:guava:30.1.1-jre.
     Required by:
         project :plugins:repository-gcs
      > Could not resolve com.google.guava:guava:30.1.1-jre.
         > Could not get resource 'https://repo.maven.apache.org/maven2/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.pom'.
            > Could not GET 'https://repo.maven.apache.org/maven2/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.pom'.
               > Connect to repo.maven.apache.org:443 [repo.maven.apache.org/146.75.28.215] failed: Connection timed out: connect

@mch2
Copy link
Member Author

mch2 commented Oct 17, 2022

Windows precommit check failing with connection timeouts to maven.

   > Could not resolve com.github.spullara.mustache.java:compiler:0.9.10.
     Required by:
         project :client:rest-high-level > project :modules:lang-mustache
      > Could not resolve com.github.spullara.mustache.java:compiler:0.9.10.
         > Could not get resource 'https://repo.maven.apache.org/maven2/com/github/spullara/mustache/java/compiler/0.9.10/compiler-0.9.10.pom'.
            > Could not GET 'https://repo.maven.apache.org/maven2/com/github/spullara/mustache/java/compiler/0.9.10/compiler-0.9.10.pom'.
               > Connect to repo.maven.apache.org:443 [repo.maven.apache.org/146.75.28.215] failed: Connection timed out: connect

@mch2
Copy link
Member Author

mch2 commented Oct 17, 2022

Windows precommit failure again.

FAILURE: Build failed with an exception.

* What went wrong:
Gradle build daemon disappeared unexpectedly (it may have been killed or may have crashed)

Signed-off-by: Marc Handalian <handalm@amazon.com>

Add missing SHAs.

Signed-off-by: Marc Handalian <handalm@amazon.com>
@github-actions
Copy link
Contributor

Gradle Check (Jenkins) Run Completed with:

@mch2 mch2 merged commit fce34ce into opensearch-project:main Oct 18, 2022
@mch2 mch2 deleted the CVE-2022-3171 branch October 18, 2022 23:01
@ryanbogan ryanbogan added backport 1.x backport 2.x Backport to 2.x branch labels Oct 20, 2022
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-4790-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 fce34ce68d7f86f8550036e9a51ff58223beb130
# Push it to GitHub
git push --set-upstream origin backport/backport-4790-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-4790-to-2.x.

@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.x 1.x
# Navigate to the new working tree
cd .worktrees/backport-1.x
# Create a new branch
git switch --create backport/backport-4790-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 fce34ce68d7f86f8550036e9a51ff58223beb130
# Push it to GitHub
git push --set-upstream origin backport/backport-4790-to-1.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-4790-to-1.x.

ashking94 pushed a commit to ashking94/OpenSearch that referenced this pull request Nov 7, 2022
…pensearch-project#4790)

Signed-off-by: Marc Handalian <handalm@amazon.com>

Add missing SHAs.

Signed-off-by: Marc Handalian <handalm@amazon.com>

Signed-off-by: Marc Handalian <handalm@amazon.com>
@ryanbogan ryanbogan added the backport 1.3 Backport to 1.3 branch label Jan 25, 2023
@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-1.3 1.3
# Navigate to the new working tree
pushd ../.worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-4790-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 fce34ce68d7f86f8550036e9a51ff58223beb130
# Push it to GitHub
git push --set-upstream origin backport/backport-4790-to-1.3
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-4790-to-1.3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 1.x backport 1.3 Backport to 1.3 branch backport 2.x Backport to 2.x branch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants