Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix][misc] Bump GRPC version to 1.55.3 to fix CVE #21057

Merged
merged 10 commits into from
Aug 29, 2023
Merged

[fix][misc] Bump GRPC version to 1.55.3 to fix CVE #21057

merged 10 commits into from
Aug 29, 2023

Conversation

mattisonchao
Copy link
Member

@mattisonchao mattisonchao commented Aug 24, 2023
edited
Loading

Motivation

Modifications

  • Upgrade GRPC version to 1.53.0
  • Upgrade io.perfmark-perfmark-api to 0.26.0

Verifying this change

  • Make sure that the change passes the CI checks.

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

  • Dependencies (add or upgrade a dependency)
  • The public API
  • The schema
  • The default values of configurations
  • The threading model
  • The binary protocol
  • The REST endpoints
  • The admin CLI options
  • The metrics
  • Anything that affects deployment

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@github-actions
Copy link

@mattisonchao Please add the following content to your PR description and select a checkbox:

- [ ] `doc` <!-- Your PR contains doc changes -->
- [ ] `doc-required` <!-- Your PR changes impact docs and you will update later -->
- [ ] `doc-not-needed` <!-- Your PR changes do not impact docs -->
- [ ] `doc-complete` <!-- Docs have been already added -->

@mattisonchao mattisonchao self-assigned this Aug 24, 2023
@github-actions github-actions bot added doc-not-needed Your PR changes do not impact docs and removed doc-label-missing labels Aug 24, 2023
@mattisonchao mattisonchao added area/dependency Pull requests that update a dependency file doc-label-missing release/3.0.2 release/3.1.1 and removed doc-not-needed Your PR changes do not impact docs labels Aug 24, 2023
@github-actions github-actions bot added doc-not-needed Your PR changes do not impact docs and removed doc-label-missing labels Aug 24, 2023
RobertIndie
RobertIndie reviewed Aug 24, 2023
View reviewed changes
pom.xml Outdated Show resolved Hide resolved
@mattisonchao mattisonchao reopened this Aug 25, 2023
@mattisonchao mattisonchao changed the title Bump GRPC version to 1.53.0 to fix CVE [fix][misc] Bump GRPC version to 1.53.0 to fix CVE Aug 25, 2023
@mattisonchao mattisonchao changed the title [fix][misc] Bump GRPC version to 1.53.0 to fix CVE [fix][misc] Bump GRPC version to 1.55.3 to fix CVE Aug 25, 2023
@codecov-commenter
Copy link

Codecov Report

Merging #21057 (117e83c) into master (ee91edc) will increase coverage by 0.47%.
Report is 15 commits behind head on master.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #21057      +/-   ##
============================================
+ Coverage     72.67%   73.15%   +0.47%     
- Complexity    32268    32391     +123     
============================================
  Files          1863     1887      +24     
  Lines        139397   139855     +458     
  Branches      15336    15382      +46     
============================================
+ Hits         101308   102309    +1001     
+ Misses        30032    29457     -575     
- Partials       8057     8089      +32
Flag Coverage Δ
inttests 24.11% <ø> (-0.13%) ⬇️
systests 25.02% <ø> (?)
unittests 72.44% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 185 files with indirect coverage changes

@mattisonchao mattisonchao merged commit 6ff83b6 into apache:master Aug 29, 2023
44 of 45 checks passed
@mattisonchao mattisonchao deleted the cve/grpc branch August 29, 2023 11:15
mattisonchao added a commit that referenced this pull request Aug 29, 2023
@mattisonchao
[fix][misc] Bump GRPC version to 1.55.3 to fix CVE (#21057)
d422463 
(cherry picked from commit 6ff83b6)
@Technoboy- Technoboy- added this to the 3.2.0 milestone Sep 5, 2023
Technoboy- pushed a commit that referenced this pull request Sep 5, 2023
@mattisonchao @Technoboy-
[fix][misc] Bump GRPC version to 1.55.3 to fix CVE (#21057)
d02ae45
liangyepianzhou pushed a commit to streamnative/pulsar-archived that referenced this pull request Dec 12, 2023
@mattisonchao @liangyepianzhou
[fix][misc] Bump GRPC version to 1.55.3 to fix CVE (apache#21057)
83b6922 
(cherry picked from commit 6ff83b6)
liangyepianzhou pushed a commit that referenced this pull request Dec 14, 2023
@mattisonchao @liangyepianzhou
[fix][misc] Bump GRPC version to 1.55.3 to fix CVE (#21057)
969b008 
(cherry picked from commit 6ff83b6)
liangyepianzhou added a commit that referenced this pull request Jan 10, 2024
@liangyepianzhou
Revert "[fix][misc] Bump GRPC version to 1.55.3 to fix CVE (#21057)"
5c909ed 
This reverts commit 969b008.
liangyepianzhou pushed a commit that referenced this pull request Jan 11, 2024
@mattisonchao @liangyepianzhou
[fix][misc] Bump GRPC version to 1.55.3 to fix CVE (#21057)
199c65e 
(cherry picked from commit 6ff83b6)
(cherry picked from commit 969b008)
nodece pushed a commit to nodece/pulsar that referenced this pull request Feb 23, 2024
@mattisonchao @nodece
[fix][misc] Bump GRPC version to 1.55.3 to fix CVE (apache#21057)
9fb1978 
(cherry picked from commit 6ff83b6)
nodece pushed a commit to nodece/pulsar that referenced this pull request Feb 23, 2024
@liangyepianzhou @nodece
Revert "[fix][misc] Bump GRPC version to 1.55.3 to fix CVE (apache#21057
b954c40 
)"

This reverts commit 969b008.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hangc0276 hangc0276 hangc0276 approved these changes

@RobertIndie RobertIndie RobertIndie approved these changes

Assignees

@mattisonchao mattisonchao

Labels
area/dependency Pull requests that update a dependency file cherry-picked/branch-2.10 cherry-picked/branch-3.0 cherry-picked/branch-3.1 doc-not-needed Your PR changes do not impact docs release/2.10.6 release/3.0.2 release/3.1.1
Projects
None yet
Milestone
3.2.0
Development

Successfully merging this pull request may close these issues.
6 participants
@mattisonchao @codecov-commenter @hangc0276 @RobertIndie @Technoboy- @liangyepianzhou