> > checkstyle is only used at runtime.
Sorry, I meant build time. I also opened CALCITE-6661 to update the shadow plugin and asm library, shading Jackson 2.15.4 seems to require it. Istvan On Thu, Oct 31, 2024 at 9:32 PM Francis Chuang <francischu...@apache.org> wrote: > Thank you for opening these PRs, Istvan. > > Can someone please review these changes? > > On 1/11/2024 12:28 am, Istvan Toth wrote: > > I have opened the following component update tickets with PRs: > > > > CALCITE-6656 <https://issues.apache.org/jira/browse/CALCITE-6656> Update > > owasp plugin from 5.2.2 to 10.0.4 in Avatica > > CALCITE-6657 <https://issues.apache.org/jira/browse/CALCITE-6657> Update > > checkstyle from 10.3.2 to 10.19.0 in Avatica > > CALCITE-6658 <https://issues.apache.org/jira/browse/CALCITE-6658> Update > > Jackson from 2.15.2 to 2.15.4 in Avatica > > CALCITE-6659 <https://issues.apache.org/jira/browse/CALCITE-6659> Update > > Jetty from 9.4.44.v20210927 to 9.4.56.v20240826 in Avatica > > CALCITE-6660 <https://issues.apache.org/jira/browse/CALCITE-6660> Update > > protobuf-java from 3.21.9 to 3.25.5 in Avatica > > > > This gets the OWASP plugin working, and updates some of the reported > > components. > > > > Jetty and Protobuf are possibly relevant, the Jackson CVE is disputed and > > probably invalid and checkstyle is only used at runtime. > > Even the latest Jetty has some CVEs, but there's not much we can do about > > that. > > > > Istvan > > > > > > On Fri, Oct 25, 2024 at 7:44 AM Istvan Toth <st...@cloudera.com> wrote: > > > >> Re CALCITE-6590, I think we have agreed to go with the reflection based > >> fix, but the PR <https://github.com/apache/calcite-avatica/pull/251> > has > >> not been approved yet. > >> I need a review for the PR. > >> I have updated the JIRA description to match the solution we have > chosen. > >> > >> Istvan > >> > >> > >> > >> On Fri, Oct 25, 2024 at 12:13 AM Francis Chuang < > francischu...@apache.org> > >> wrote: > >> > >>> Hey everyone, > >>> > >>> Just wanted to follow up on the open issues for Avatica 1.26.0. > >>> > >>> I would like to get the following into this release: > >>> - CALCITE-6590 - Run tests with java.security.manager=allow on JDK23+ > in > >>> Avatica > >>> -CALCITE-5136 - Avatica build (or CI) must fail if there are > deprecation > >>> warnings > >>> - CALCITE-6588 - Support JDK 23 and Guava 33.3.0 in Avatica > >>> > >>> Istvan, can you see if you can wrap up CALCITE-6590, so the other 2 > >>> issues can be worked on? > >>> > >>> Francis > >>> > >>> On 15/10/2024 3:46 pm, Francis Chuang wrote: > >>>> Now that Calcite 1.38.0 has been released, I think it's time to start > >>>> the release process for Avatica 1.26.0. > >>>> > >>>> For starters, I would like to see CALCITE-6590 [1] in this release. > >>>> > >>>> Are there any other changes the community would like to see in this > >>>> release? > >>>> > >>>> I also note that we have 12 other open PRs that could potentially be > >>>> reviewed and merged. > >>>> > >>>> Francis > >>>> > >>>> [1] https://github.com/apache/calcite-avatica/pull/251 > >>>> > >>>> On 21/09/2024 9:54 am, Julian Hyde wrote: > >>>>>> Apache Pig hasn't released a new version for a long time. > >>>>> > >>>>> We should consider removing the Pig adapter at some point. > >>>>> > >>>>> Also upgrade the Spark adapter to a version that uses Hadoop 3.x > >>>>> rather than Hadoop 2.x. > >>>> > >>> > >>> > >> > >> -- > >> *István Tóth* | Sr. Staff Software Engineer > >> *Email*: st...@cloudera.com > >> cloudera.com <https://www.cloudera.com> > >> [image: Cloudera] <https://www.cloudera.com/> > >> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > >> Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: > >> Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> > >> ------------------------------ > >> ------------------------------ > >> > > > > > > -- *István Tóth* | Sr. Staff Software Engineer *Email*: st...@cloudera.com cloudera.com <https://www.cloudera.com> [image: Cloudera] <https://www.cloudera.com/> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> ------------------------------ ------------------------------
