Skip to content

[fix](sec)upgrade org.yaml:snakeyaml to 2.0 #24057

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yiguolei merged 1 commit into from
Sep 8, 2023
Merged

[fix](sec)upgrade org.yaml:snakeyaml to 2.0 #24057

yiguolei merged 1 commit into from
Sep 8, 2023

Conversation

@realize096
Copy link
Contributor

@realize096 realize096 commented Sep 7, 2023

What happened?

There are 1 security vulnerabilities found in org.yaml:snakeyaml 1.33

What did I do?

Upgrade org.yaml:snakeyaml from 1.33 to 2.0 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

How can we automate the detection of these types of issues?

By using the GitHub Actions configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline.

The specification of the pull request

PR Specification from OSCS

yiguolei
yiguolei approved these changes Sep 8, 2023
View reviewed changes
Copy link
Contributor

@yiguolei yiguolei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Gabriel39
Gabriel39 approved these changes Sep 8, 2023
View reviewed changes
Copy link
Contributor

@Gabriel39 Gabriel39 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

HappenLee
HappenLee approved these changes Sep 8, 2023
View reviewed changes
Copy link
Contributor

@HappenLee HappenLee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions
Copy link
Contributor

github-actions bot commented Sep 8, 2023

PR approved by at least one committer and no changes requested.

@github-actions github-actions bot added approved Indicates a PR has been approved by one committer. reviewed labels Sep 8, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Sep 8, 2023

PR approved by anyone and no changes requested.

@yiguolei
Copy link
Contributor

yiguolei commented Sep 8, 2023

run buildall

@yiguolei yiguolei changed the title fix(sec): upgrade org.yaml:snakeyaml to 2.0 [fix](sec)upgrade org.yaml:snakeyaml to 2.0 Sep 8, 2023
@doris-robot
Copy link

doris-robot commented Sep 8, 2023

(From new machine)TeamCity pipeline, clickbench performance test result:
the sum of best hot time: 45.41 seconds
stream load tsv: 534 seconds loaded 74807831229 Bytes, about 133 MB/s
stream load json: 21 seconds loaded 2358488459 Bytes, about 107 MB/s
stream load orc: 65 seconds loaded 1101869774 Bytes, about 16 MB/s
stream load parquet: 31 seconds loaded 861443392 Bytes, about 26 MB/s
insert into select: 28.8 seconds inserted 10000000 Rows, about 347K ops/s
storage size: 17162085125 Bytes

@yiguolei yiguolei merged commit 3e7f531 into apache:master Sep 8, 2023
xiaokang pushed a commit that referenced this pull request Sep 11, 2023
@realize096 @xiaokang
[fix](sec)upgrade org.yaml:snakeyaml to 2.0 #24057
9fa997b
xiaokang pushed a commit that referenced this pull request Sep 13, 2023
@realize096 @xiaokang
[fix](sec)upgrade org.yaml:snakeyaml to 2.0 #24057
4793c97
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yiguolei yiguolei yiguolei approved these changes

@HappenLee HappenLee HappenLee approved these changes

@Gabriel39 Gabriel39 Gabriel39 approved these changes

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by one committer. dev/2.0.2-merged reviewed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@realize096 @yiguolei @doris-robot @HappenLee @Gabriel39 @xiaokang