This is an automated email from the ASF dual-hosted git repository.
ethanfeng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/celeborn.git
The following commit(s) were added to refs/heads/main by this push:
new 330b2a094 [CELEBORN-1708] Bump protobuf version from 3.21.7 to 3.25.5
330b2a094 is described below
commit 330b2a094e5ed0b35290f4d78cdfa689611a72e2
Author: Wang, Fei <[email protected]>
AuthorDate: Mon Nov 11 17:02:23 2024 +0800
[CELEBORN-1708] Bump protobuf version from 3.21.7 to 3.25.5
### What changes were proposed in this pull request?
Bump protobuf from 3.21.7 to 3.25.5.
### Why are the changes needed?
To fix CVE: https://github.com/advisories/GHSA-735f-pc8j-v9w8
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
GA.
Closes #2898 from turboFei/bump_protobuf.
Authored-by: Wang, Fei <[email protected]>
Signed-off-by: mingji <[email protected]>
---
dev/deps/dependencies-client-flink-1.14 | 2 +-
dev/deps/dependencies-client-flink-1.15 | 2 +-
dev/deps/dependencies-client-flink-1.16 | 2 +-
dev/deps/dependencies-client-flink-1.17 | 2 +-
dev/deps/dependencies-client-flink-1.18 | 2 +-
dev/deps/dependencies-client-flink-1.19 | 2 +-
dev/deps/dependencies-client-flink-1.20 | 2 +-
dev/deps/dependencies-client-mr | 2 +-
dev/deps/dependencies-client-spark-2.4 | 2 +-
dev/deps/dependencies-client-spark-3.0 | 2 +-
dev/deps/dependencies-client-spark-3.1 | 2 +-
dev/deps/dependencies-client-spark-3.2 | 2 +-
dev/deps/dependencies-client-spark-3.3 | 2 +-
dev/deps/dependencies-client-spark-3.4 | 2 +-
dev/deps/dependencies-client-spark-3.5 | 2 +-
dev/deps/dependencies-server | 2 +-
.../ha/GrpcRatisMasterStatusSystemSuiteJ.java | 36 ++++++++++++++++++++++
pom.xml | 2 +-
project/CelebornBuild.scala | 4 +--
19 files changed, 55 insertions(+), 19 deletions(-)
diff --git a/dev/deps/dependencies-client-flink-1.14
b/dev/deps/dependencies-client-flink-1.14
index 52f81337b..86ff1a6a2 100644
--- a/dev/deps/dependencies-client-flink-1.14
+++ b/dev/deps/dependencies-client-flink-1.14
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.18//scala-library-2.12.18.jar
scala-reflect/2.12.18//scala-reflect-2.12.18.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-flink-1.15
b/dev/deps/dependencies-client-flink-1.15
index 52f81337b..86ff1a6a2 100644
--- a/dev/deps/dependencies-client-flink-1.15
+++ b/dev/deps/dependencies-client-flink-1.15
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.18//scala-library-2.12.18.jar
scala-reflect/2.12.18//scala-reflect-2.12.18.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-flink-1.16
b/dev/deps/dependencies-client-flink-1.16
index 52f81337b..86ff1a6a2 100644
--- a/dev/deps/dependencies-client-flink-1.16
+++ b/dev/deps/dependencies-client-flink-1.16
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.18//scala-library-2.12.18.jar
scala-reflect/2.12.18//scala-reflect-2.12.18.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-flink-1.17
b/dev/deps/dependencies-client-flink-1.17
index 52f81337b..86ff1a6a2 100644
--- a/dev/deps/dependencies-client-flink-1.17
+++ b/dev/deps/dependencies-client-flink-1.17
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.18//scala-library-2.12.18.jar
scala-reflect/2.12.18//scala-reflect-2.12.18.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-flink-1.18
b/dev/deps/dependencies-client-flink-1.18
index 52f81337b..86ff1a6a2 100644
--- a/dev/deps/dependencies-client-flink-1.18
+++ b/dev/deps/dependencies-client-flink-1.18
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.18//scala-library-2.12.18.jar
scala-reflect/2.12.18//scala-reflect-2.12.18.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-flink-1.19
b/dev/deps/dependencies-client-flink-1.19
index 52f81337b..86ff1a6a2 100644
--- a/dev/deps/dependencies-client-flink-1.19
+++ b/dev/deps/dependencies-client-flink-1.19
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.18//scala-library-2.12.18.jar
scala-reflect/2.12.18//scala-reflect-2.12.18.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-flink-1.20
b/dev/deps/dependencies-client-flink-1.20
index 52f81337b..86ff1a6a2 100644
--- a/dev/deps/dependencies-client-flink-1.20
+++ b/dev/deps/dependencies-client-flink-1.20
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.18//scala-library-2.12.18.jar
scala-reflect/2.12.18//scala-reflect-2.12.18.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-mr b/dev/deps/dependencies-client-mr
index 0ae7d4360..467cd343e 100644
--- a/dev/deps/dependencies-client-mr
+++ b/dev/deps/dependencies-client-mr
@@ -179,7 +179,7 @@ nimbus-jose-jwt/9.8.1//nimbus-jose-jwt-9.8.1.jar
okhttp/4.9.3//okhttp-4.9.3.jar
okio/2.8.0//okio-2.8.0.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
re2j/1.1//re2j-1.1.jar
reload4j/1.2.22//reload4j-1.2.22.jar
scala-library/2.12.18//scala-library-2.12.18.jar
diff --git a/dev/deps/dependencies-client-spark-2.4
b/dev/deps/dependencies-client-spark-2.4
index 2b560d7a0..8bdccc0e4 100644
--- a/dev/deps/dependencies-client-spark-2.4
+++ b/dev/deps/dependencies-client-spark-2.4
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.11.12//scala-library-2.11.12.jar
scala-reflect/2.11.12//scala-reflect-2.11.12.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-spark-3.0
b/dev/deps/dependencies-client-spark-3.0
index 6346ecff7..4d9eee7dd 100644
--- a/dev/deps/dependencies-client-spark-3.0
+++ b/dev/deps/dependencies-client-spark-3.0
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.10//scala-library-2.12.10.jar
scala-reflect/2.12.10//scala-reflect-2.12.10.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-spark-3.1
b/dev/deps/dependencies-client-spark-3.1
index 28c50fdc7..b80448b7b 100644
--- a/dev/deps/dependencies-client-spark-3.1
+++ b/dev/deps/dependencies-client-spark-3.1
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.10//scala-library-2.12.10.jar
scala-reflect/2.12.10//scala-reflect-2.12.10.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-spark-3.2
b/dev/deps/dependencies-client-spark-3.2
index 84c40b055..4ed591e62 100644
--- a/dev/deps/dependencies-client-spark-3.2
+++ b/dev/deps/dependencies-client-spark-3.2
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.15//scala-library-2.12.15.jar
scala-reflect/2.12.15//scala-reflect-2.12.15.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-spark-3.3
b/dev/deps/dependencies-client-spark-3.3
index 612daec05..00a8ca604 100644
--- a/dev/deps/dependencies-client-spark-3.3
+++ b/dev/deps/dependencies-client-spark-3.3
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.15//scala-library-2.12.15.jar
scala-reflect/2.12.15//scala-reflect-2.12.15.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-spark-3.4
b/dev/deps/dependencies-client-spark-3.4
index d335c7825..fc5a5431a 100644
--- a/dev/deps/dependencies-client-spark-3.4
+++ b/dev/deps/dependencies-client-spark-3.4
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.17//scala-library-2.12.17.jar
scala-reflect/2.12.17//scala-reflect-2.12.17.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-client-spark-3.5
b/dev/deps/dependencies-client-spark-3.5
index 4e2219435..0a7c17134 100644
--- a/dev/deps/dependencies-client-spark-3.5
+++ b/dev/deps/dependencies-client-spark-3.5
@@ -72,7 +72,7 @@
netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar
netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
paranamer/2.8//paranamer-2.8.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.18//scala-library-2.12.18.jar
scala-reflect/2.12.18//scala-reflect-2.12.18.jar
slf4j-api/1.7.36//slf4j-api-1.7.36.jar
diff --git a/dev/deps/dependencies-server b/dev/deps/dependencies-server
index ed27eed78..f55a75385 100644
--- a/dev/deps/dependencies-server
+++ b/dev/deps/dependencies-server
@@ -121,7 +121,7 @@
netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar
osgi-resource-locator/1.0.3//osgi-resource-locator-1.0.3.jar
paranamer/2.8//paranamer-2.8.jar
picocli/4.7.6//picocli-4.7.6.jar
-protobuf-java/3.21.7//protobuf-java-3.21.7.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
ratis-client/3.1.1//ratis-client-3.1.1.jar
ratis-common/3.1.1//ratis-common-3.1.1.jar
ratis-grpc/3.1.1//ratis-grpc-3.1.1.jar
diff --git
a/master/src/test/java/org/apache/celeborn/service/deploy/master/clustermeta/ha/GrpcRatisMasterStatusSystemSuiteJ.java
b/master/src/test/java/org/apache/celeborn/service/deploy/master/clustermeta/ha/GrpcRatisMasterStatusSystemSuiteJ.java
new file mode 100644
index 000000000..369645b1b
--- /dev/null
+++
b/master/src/test/java/org/apache/celeborn/service/deploy/master/clustermeta/ha/GrpcRatisMasterStatusSystemSuiteJ.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.celeborn.service.deploy.master.clustermeta.ha;
+
+import org.junit.BeforeClass;
+
+import org.apache.celeborn.common.CelebornConf;
+
+public class GrpcRatisMasterStatusSystemSuiteJ extends
RatisMasterStatusSystemSuiteJ {
+ @BeforeClass
+ public static void init() throws Exception {
+ resetRaftServer(
+ configureServerConf(
+ new
CelebornConf().set(CelebornConf.HA_MASTER_RATIS_RPC_TYPE().key(), "grpc"), 1),
+ configureServerConf(
+ new
CelebornConf().set(CelebornConf.HA_MASTER_RATIS_RPC_TYPE().key(), "grpc"), 2),
+ configureServerConf(
+ new
CelebornConf().set(CelebornConf.HA_MASTER_RATIS_RPC_TYPE().key(), "grpc"), 3),
+ false);
+ }
+}
diff --git a/pom.xml b/pom.xml
index ba7e8cab2..813ea4655 100644
--- a/pom.xml
+++ b/pom.xml
@@ -93,7 +93,7 @@
<mockito-scalatest.version>1.17.14</mockito-scalatest.version>
<netty.version>4.1.109.Final</netty.version>
<bouncycastle.version>1.77</bouncycastle.version>
- <protobuf.version>3.21.7</protobuf.version>
+ <protobuf.version>3.25.5</protobuf.version>
<ratis.version>3.1.1</ratis.version>
<scalatest.version>3.2.16</scalatest.version>
<slf4j.version>1.7.36</slf4j.version>
diff --git a/project/CelebornBuild.scala b/project/CelebornBuild.scala
index ceb70199d..7c4613c4d 100644
--- a/project/CelebornBuild.scala
+++ b/project/CelebornBuild.scala
@@ -88,8 +88,8 @@ object Dependencies {
val bouncycastleVersion = "1.77"
// Versions for proto
- val protocVersion = "3.21.7"
- val protoVersion = "3.21.7"
+ val protocVersion = "3.25.5"
+ val protoVersion = "3.25.5"
val apLoader = "me.bechberger" % "ap-loader-all" % apLoaderVersion
val commonsCompress = "org.apache.commons" % "commons-compress" %
commonsCompressVersion
