This is an automated email from the ASF dual-hosted git repository.
chengpan pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-celeborn.git
The following commit(s) were added to refs/heads/main by this push:
new a808c252b [CELEBORN-1184] Update the snakeyaml version from 1.33 to 2.2
a808c252b is described below
commit a808c252bad275876213b73cc5cbd84722376264
Author: pengqli <[email protected]>
AuthorDate: Wed Dec 20 21:23:22 2023 +0800
[CELEBORN-1184] Update the snakeyaml version from 1.33 to 2.2
### What changes were proposed in this pull request?
Update the snakeyaml version from 1.33 to 2.2 reducing direct CVE
vulnerabilities.
### Why are the changes needed?
The snakeyaml version has the follow CVE vulnerabilities, see
https://scout.docker.com/vulnerabilities/id/CVE-2022-1471
### Does this PR introduce _any_ user-facing change?
No any user-facing change
### How was this patch tested?
./build/make-distribution.sh to package and run test on the local.
Closes #2170 from dev-lpq/snakeyaml_version.
Authored-by: pengqli <[email protected]>
Signed-off-by: Cheng Pan <[email protected]>
---
dev/deps/dependencies-client-flink-1.14 | 2 +-
dev/deps/dependencies-client-flink-1.15 | 2 +-
dev/deps/dependencies-client-flink-1.17 | 2 +-
dev/deps/dependencies-client-flink-1.18 | 2 +-
dev/deps/dependencies-client-mr | 2 +-
dev/deps/dependencies-client-spark-2.4 | 2 +-
dev/deps/dependencies-client-spark-3.0 | 2 +-
dev/deps/dependencies-client-spark-3.1 | 2 +-
dev/deps/dependencies-client-spark-3.2 | 2 +-
dev/deps/dependencies-client-spark-3.3 | 2 +-
dev/deps/dependencies-client-spark-3.4 | 2 +-
dev/deps/dependencies-client-spark-3.5 | 2 +-
dev/deps/dependencies-server | 2 +-
pom.xml | 2 +-
project/CelebornBuild.scala | 2 +-
15 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/dev/deps/dependencies-client-flink-1.14
b/dev/deps/dependencies-client-flink-1.14
index b7fd4a1bc..6772597e6 100644
--- a/dev/deps/dependencies-client-flink-1.14
+++ b/dev/deps/dependencies-client-flink-1.14
@@ -80,6 +80,6 @@ scala-library/2.12.15//scala-library-2.12.15.jar
scala-reflect/2.12.15//scala-reflect-2.12.15.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/dev/deps/dependencies-client-flink-1.15
b/dev/deps/dependencies-client-flink-1.15
index b7fd4a1bc..6772597e6 100644
--- a/dev/deps/dependencies-client-flink-1.15
+++ b/dev/deps/dependencies-client-flink-1.15
@@ -80,6 +80,6 @@ scala-library/2.12.15//scala-library-2.12.15.jar
scala-reflect/2.12.15//scala-reflect-2.12.15.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/dev/deps/dependencies-client-flink-1.17
b/dev/deps/dependencies-client-flink-1.17
index b7fd4a1bc..6772597e6 100644
--- a/dev/deps/dependencies-client-flink-1.17
+++ b/dev/deps/dependencies-client-flink-1.17
@@ -80,6 +80,6 @@ scala-library/2.12.15//scala-library-2.12.15.jar
scala-reflect/2.12.15//scala-reflect-2.12.15.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/dev/deps/dependencies-client-flink-1.18
b/dev/deps/dependencies-client-flink-1.18
index b7fd4a1bc..6772597e6 100644
--- a/dev/deps/dependencies-client-flink-1.18
+++ b/dev/deps/dependencies-client-flink-1.18
@@ -80,6 +80,6 @@ scala-library/2.12.15//scala-library-2.12.15.jar
scala-reflect/2.12.15//scala-reflect-2.12.15.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/dev/deps/dependencies-client-mr b/dev/deps/dependencies-client-mr
index 4ea4be5f9..6165c2949 100644
--- a/dev/deps/dependencies-client-mr
+++ b/dev/deps/dependencies-client-mr
@@ -190,7 +190,7 @@ scala-reflect/2.12.15//scala-reflect-2.12.15.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
slf4j-reload4j/1.7.36//slf4j-reload4j-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
stax2-api/4.2.1//stax2-api-4.2.1.jar
token-provider/1.0.1//token-provider-1.0.1.jar
diff --git a/dev/deps/dependencies-client-spark-2.4
b/dev/deps/dependencies-client-spark-2.4
index e2476909a..912c13ec3 100644
--- a/dev/deps/dependencies-client-spark-2.4
+++ b/dev/deps/dependencies-client-spark-2.4
@@ -80,6 +80,6 @@ scala-library/2.11.12//scala-library-2.11.12.jar
scala-reflect/2.11.12//scala-reflect-2.11.12.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.4.4-3//zstd-jni-1.4.4-3.jar
diff --git a/dev/deps/dependencies-client-spark-3.0
b/dev/deps/dependencies-client-spark-3.0
index 0a3644073..1e9f1f3f1 100644
--- a/dev/deps/dependencies-client-spark-3.0
+++ b/dev/deps/dependencies-client-spark-3.0
@@ -80,6 +80,6 @@ scala-library/2.12.10//scala-library-2.12.10.jar
scala-reflect/2.12.10//scala-reflect-2.12.10.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.4.4-3//zstd-jni-1.4.4-3.jar
diff --git a/dev/deps/dependencies-client-spark-3.1
b/dev/deps/dependencies-client-spark-3.1
index bdcd5a75f..d2480a555 100644
--- a/dev/deps/dependencies-client-spark-3.1
+++ b/dev/deps/dependencies-client-spark-3.1
@@ -80,6 +80,6 @@ scala-library/2.12.10//scala-library-2.12.10.jar
scala-reflect/2.12.10//scala-reflect-2.12.10.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.4.8-1//zstd-jni-1.4.8-1.jar
diff --git a/dev/deps/dependencies-client-spark-3.2
b/dev/deps/dependencies-client-spark-3.2
index c15cca6d6..b285a37e0 100644
--- a/dev/deps/dependencies-client-spark-3.2
+++ b/dev/deps/dependencies-client-spark-3.2
@@ -80,6 +80,6 @@ scala-library/2.12.15//scala-library-2.12.15.jar
scala-reflect/2.12.15//scala-reflect-2.12.15.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.5.0-4//zstd-jni-1.5.0-4.jar
diff --git a/dev/deps/dependencies-client-spark-3.3
b/dev/deps/dependencies-client-spark-3.3
index b7fd4a1bc..6772597e6 100644
--- a/dev/deps/dependencies-client-spark-3.3
+++ b/dev/deps/dependencies-client-spark-3.3
@@ -80,6 +80,6 @@ scala-library/2.12.15//scala-library-2.12.15.jar
scala-reflect/2.12.15//scala-reflect-2.12.15.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/dev/deps/dependencies-client-spark-3.4
b/dev/deps/dependencies-client-spark-3.4
index cca4433a5..fe735721e 100644
--- a/dev/deps/dependencies-client-spark-3.4
+++ b/dev/deps/dependencies-client-spark-3.4
@@ -80,6 +80,6 @@ scala-library/2.12.17//scala-library-2.12.17.jar
scala-reflect/2.12.17//scala-reflect-2.12.17.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.5.2-5//zstd-jni-1.5.2-5.jar
diff --git a/dev/deps/dependencies-client-spark-3.5
b/dev/deps/dependencies-client-spark-3.5
index a05feafc1..14cbf3abd 100644
--- a/dev/deps/dependencies-client-spark-3.5
+++ b/dev/deps/dependencies-client-spark-3.5
@@ -80,6 +80,6 @@ scala-library/2.12.18//scala-library-2.12.18.jar
scala-reflect/2.12.18//scala-reflect-2.12.18.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.5.5-4//zstd-jni-1.5.5-4.jar
diff --git a/dev/deps/dependencies-server b/dev/deps/dependencies-server
index 758dd7102..a8324cabe 100644
--- a/dev/deps/dependencies-server
+++ b/dev/deps/dependencies-server
@@ -95,6 +95,6 @@ scala-library/2.12.15//scala-library-2.12.15.jar
scala-reflect/2.12.15//scala-reflect-2.12.15.jar
shims/0.9.32//shims-0.9.32.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
-snakeyaml/1.33//snakeyaml-1.33.jar
+snakeyaml/2.2//snakeyaml-2.2.jar
snappy-java/1.1.10.5//snappy-java-1.1.10.5.jar
zstd-jni/1.5.2-1//zstd-jni-1.5.2-1.jar
diff --git a/pom.xml b/pom.xml
index 8ad8013c1..eb9248bb1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -92,7 +92,7 @@
<scalatest.version>3.2.16</scalatest.version>
<slf4j.version>1.7.36</slf4j.version>
<roaringbitmap.version>0.9.32</roaringbitmap.version>
- <snakeyaml.version>1.33</snakeyaml.version>
+ <snakeyaml.version>2.2</snakeyaml.version>
<zstd-jni.version>1.5.2-1</zstd-jni.version>
<kubernetes-client.version>6.7.0</kubernetes-client.version>
<rocksdbjni.version>8.5.3</rocksdbjni.version>
diff --git a/project/CelebornBuild.scala b/project/CelebornBuild.scala
index 10c1a505a..c290a5bcf 100644
--- a/project/CelebornBuild.scala
+++ b/project/CelebornBuild.scala
@@ -61,7 +61,7 @@ object Dependencies {
val scalatestMockitoVersion = "1.17.14"
val scalatestVersion = "3.2.16"
val slf4jVersion = "1.7.36"
- val snakeyamlVersion = "1.33"
+ val snakeyamlVersion = "2.2"
val snappyVersion = "1.1.10.5"
// Versions for proto
