[
https://issues.apache.org/jira/browse/KYLIN-5159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17489154#comment-17489154
] ASF GitHub Bot commented on KYLIN-5159: --------------------------------------- codecov-commenter commented on pull request #1814: URL: https://github.com/apache/kylin/pull/1814#issuecomment-1033135171 # [Codecov](https://codecov.io/gh/apache/kylin/pull/1814?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report > :exclamation: No coverage uploaded for pull request base (`main@8365e66`). [Click here to learn what that means](https://docs.codecov.io/docs/error-reference?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#section-missing-base-commit). > The diff coverage is `n/a`. [](https://codecov.io/gh/apache/kylin/pull/1814?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) ```diff @@ Coverage Diff @@ ## main #1814 +/- ## ======================================= Coverage ? 24.61% Complexity ? 4437 ======================================= Files ? 1095 Lines ? 61850 Branches ? 8865 ======================================= Hits ? 15223 Misses ? 45018 Partials ? 1609 ``` ------ [Continue to review full report at Codecov](https://codecov.io/gh/apache/kylin/pull/1814?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) > `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://codecov.io/gh/apache/kylin/pull/1814?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [8365e66...9f79b54](https://codecov.io/gh/apache/kylin/pull/1814?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] > there are several dependencies in main branch with CVEs > ------------------------------------------------------- > > Key: KYLIN-5159 > URL: https://issues.apache.org/jira/browse/KYLIN-5159 > Project: Kylin > Issue Type: Improvement > Reporter: PJ Fanning > Priority: Major > > Some of the more readily addressed ones include: > * upgrade to commons-compress 1.21 - see cves in > [https://mvnrepository.com/artifact/org.apache.commons/commons-compress] > * upgrade to h2 2.1.210 - see cves in > [https://mvnrepository.com/artifact/com.h2database/h2] > * upgrade to httpclient 4.5.13 - see cves in > [https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient] > * update to commons-io 2.7 (or 2.11.0 to get latest code) - see > [https://github.com/advisories/GHSA-gwrp-pvrq-jmwv] > * upgrade to xerces 2.12.2 - see cves in > [https://mvnrepository.com/artifact/xerces/xercesImpl] > * many others - but I may be looking at the wrong branch given the large > number of vulnerable jars -- This message was sent by Atlassian Jira (v8.20.1#820001)
