[Snyk] Fix for 14 vulnerable dependencies #3

snyk-bot · 2018-06-17T05:35:37Z

Description

This PR fixes one or more vulnerable packages in the maven dependencies of this project.
See the Snyk test report for more details.

Snyk Project: omalley/orc:java/core/pom.xml

Snyk Organization: omalley

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- java/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

java/pom.xml
- org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected]
- org.apache.orc:[email protected] > org.apache.orc:[email protected]

You can read more about Snyk's upgrade and patch logic in Snyk's documentation.

Check the changes in this PR to ensure they won't cause issues with your project.

Stay secure,
The Snyk team

### What changes were proposed in this pull request? This PR aims to replace `mvn` with `mvnw` in `java.CMakeLists.txt`. ### Why are the changes needed? Some old OSes like CentOS7 may have the old Maven installation. Maven Wrapper will prevent build and test failures. ### How was this patch tested? Pass the CIs and manually do the following. ``` $ cd docker $ ./run-one.sh local ORC-739 centos7 ... exec: curl --silent --show-error -L https://www.apache.org/dyn/closer.lua?action=download&filename=/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz Using `mvn` from path: /root/orc/java/build/apache-maven-3.6.3/bin/mvn ... Using `mvn` from path: /root/orc/java/build/apache-maven-3.6.3/bin/mvn [INFO] Scanning for projects... ... Test project /root/build Start 1: orc-test 1/3 Test #1: orc-test ......................... Passed 6.72 sec Start 2: java-test 2/3 Test #2: java-test ........................ Passed 103.21 sec Start 3: tool-test 3/3 Test #3: tool-test ........................ Passed 19.69 sec 100% tests passed, 0 tests failed out of 3 Total Test time (real) = 129.62 sec Built target test-out Finished centos7 at Fri Jan 22 06:33:19 PM PST 2021 ```

### What changes were proposed in this pull request? This PR aims to replace `mvn` with `mvnw` in `java.CMakeLists.txt`. ### Why are the changes needed? Some old OSes like CentOS7 may have the old Maven installation. Maven Wrapper will prevent build and test failures. ### How was this patch tested? Pass the CIs and manually do the following. ``` $ cd docker $ ./run-one.sh local ORC-739 centos7 ... exec: curl --silent --show-error -L https://www.apache.org/dyn/closer.lua?action=download&filename=/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz Using `mvn` from path: /root/orc/java/build/apache-maven-3.6.3/bin/mvn ... Using `mvn` from path: /root/orc/java/build/apache-maven-3.6.3/bin/mvn [INFO] Scanning for projects... ... Test project /root/build Start 1: orc-test 1/3 Test #1: orc-test ......................... Passed 6.72 sec Start 2: java-test 2/3 Test #2: java-test ........................ Passed 103.21 sec Start 3: tool-test 3/3 Test #3: tool-test ........................ Passed 19.69 sec 100% tests passed, 0 tests failed out of 3 Total Test time (real) = 129.62 sec Built target test-out Finished centos7 at Fri Jan 22 06:33:19 PM PST 2021 ``` (cherry picked from commit f0c5f00) Signed-off-by: Dongjoon Hyun <[email protected]>

### What changes were proposed in this pull request? This PR aims the following. - Use `Java 17` instead of `Java 17 EA`. - Remove `Java 16` to save the community testing resources - Recover GitHub Action CI by using `java17` profile. - Disable dependency check on `hadoop-hdfs` of `shim` module Note that there is a TODO (ORC-1003) which fails due to some `shaded` classes. We will revisit that. ### Why are the changes needed? Java 17 is finally available. ### How was this patch tested? Pass the CIs with Java 17. When we test manually, it passed like the following. ``` $ java -version openjdk version "17" 2021-09-14 LTS OpenJDK Runtime Environment Zulu17.28+13-CA (build 17+35-LTS) OpenJDK 64-Bit Server VM Zulu17.28+13-CA (build 17+35-LTS, mixed mode, sharing) ... Test project /Users/dongjoon/APACHE/orc-merge/build Start 1: orc-test 1/7 Test #1: orc-test ......................... Passed 3.41 sec Start 2: java-test 2/7 Test #2: java-test ........................ Passed 97.92 sec Start 3: java-tools-test 3/7 Test #3: java-tools-test .................. Passed 0.11 sec Start 4: java-bench-gen-test 4/7 Test #4: java-bench-gen-test .............. Passed 0.98 sec Start 5: java-bench-scan-test 5/7 Test #5: java-bench-scan-test ............. Passed 0.67 sec Start 6: java-bench-hive-test 6/7 Test #6: java-bench-hive-test ............. Passed 12.47 sec Start 7: tool-test 7/7 Test #7: tool-test ........................ Passed 10.02 sec 100% tests passed, 0 tests failed out of 7 Total Test time (real) = 125.58 sec Built target test-out ```

omalley closed this Aug 6, 2018

omalley deleted the snyk-fix-7blrti branch August 6, 2018 16:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Fix for 14 vulnerable dependencies #3

[Snyk] Fix for 14 vulnerable dependencies #3

Uh oh!

snyk-bot commented Jun 17, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[Snyk] Fix for 14 vulnerable dependencies #3

[Snyk] Fix for 14 vulnerable dependencies #3

Uh oh!

Conversation

snyk-bot commented Jun 17, 2018

Description

Snyk Project: omalley/orc:java/core/pom.xml

Snyk Organization: omalley

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants