Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-1707031 hadoop upgrade for vulnerability fix #849

Merged
merged 8 commits into from
Oct 3, 2024
Merged

SNOW-1707031 hadoop upgrade for vulnerability fix #849

merged 8 commits into from
Oct 3, 2024

Conversation

sfc-gh-japatel
Copy link
Collaborator

@sfc-gh-japatel sfc-gh-japatel commented Oct 2, 2024
edited by jira bot
Loading

SNOW-1707031

Added few exclusions. Here is how I did it: I looked at the failed command of mvn clean install and compared it with mvn dependency:tree

Mostly it's about finding which dependencies can be excluded so that the new upgrade which brought in new dependencies are used.

Other minor fixes for merge gates to pass. Ran locally and it succeeeded

mvn install -PcheckShadedContent -DskipTests=true --batch-mode --show-version

@sfc-gh-japatel sfc-gh-japatel marked this pull request as ready for review October 2, 2024 20:59
@sfc-gh-japatel sfc-gh-japatel requested review from sfc-gh-tzhang and a team as code owners October 2, 2024 20:59
@sfc-gh-japatel sfc-gh-japatel changed the title Japatel hadoop upgrade build fix NO-SNOW hadoop upgrade Oct 2, 2024
@sfc-gh-japatel sfc-gh-japatel changed the title NO-SNOW hadoop upgrade NO-SNOW hadoop upgrade for vulnerability fix Oct 2, 2024
@sfc-gh-xhuang sfc-gh-xhuang changed the title NO-SNOW hadoop upgrade for vulnerability fix SNOW-1707031 hadoop upgrade for vulnerability fix Oct 2, 2024
@sfc-gh-xhuang sfc-gh-xhuang mentioned this pull request Oct 2, 2024
Closed
sfc-gh-xhuang
sfc-gh-xhuang approved these changes Oct 2, 2024
View reviewed changes
Copy link
Contributor

@sfc-gh-xhuang sfc-gh-xhuang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this!

sfc-gh-tzhang
sfc-gh-tzhang approved these changes Oct 2, 2024
View reviewed changes
Copy link
Contributor

@sfc-gh-tzhang sfc-gh-tzhang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, @sfc-gh-lsembera do we need to check with security about the added license?

@sfc-gh-japatel
Copy link
Collaborator Author

LGTM, @sfc-gh-lsembera do we need to check with security about the added license?

I dont think so, it's existing license we are adding and it's a known one.

@sfc-gh-lsembera
Copy link
Contributor

sfc-gh-lsembera commented Oct 3, 2024
edited
Loading

Thanks, @sfc-gh-japatel. The only issue I see here is that it will further inflate the JAR size. Should we try to exclude the new dependencies and see whether tests pass? I don't see why would the SDK need Netty.

@sfc-gh-xhuang sfc-gh-xhuang enabled auto-merge (squash) October 3, 2024 15:07
@sfc-gh-xhuang sfc-gh-xhuang merged commit ef92ea9 into master Oct 3, 2024
47 checks passed
@sfc-gh-xhuang sfc-gh-xhuang deleted the japatel-hadoop branch October 3, 2024 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sfc-gh-xhuang sfc-gh-xhuang sfc-gh-xhuang approved these changes

@sfc-gh-tzhang sfc-gh-tzhang sfc-gh-tzhang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sfc-gh-japatel @sfc-gh-lsembera @sfc-gh-tzhang @sfc-gh-xhuang @snyk-bot