[
https://issues.apache.org/jira/browse/KYLIN-5159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518056#comment-17518056
] ASF GitHub Bot commented on KYLIN-5159: --------------------------------------- codecov-commenter commented on PR #1850: URL: https://github.com/apache/kylin/pull/1850#issuecomment-1090167496 # [Codecov](https://codecov.io/gh/apache/kylin/pull/1850?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report > :exclamation: No coverage uploaded for pull request base (`main@0fa4176`). [Click here to learn what that means](https://docs.codecov.io/docs/error-reference?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#section-missing-base-commit). > The diff coverage is `n/a`. ```diff @@ Coverage Diff @@ ## main #1850 +/- ## ======================================= Coverage ? 24.62% Complexity ? 4448 ======================================= Files ? 1097 Lines ? 61988 Branches ? 8891 ======================================= Hits ? 15266 Misses ? 45110 Partials ? 1612 ``` ------ [Continue to review full report at Codecov](https://codecov.io/gh/apache/kylin/pull/1850?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) > `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://codecov.io/gh/apache/kylin/pull/1850?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [0fa4176...1c02f15](https://codecov.io/gh/apache/kylin/pull/1850?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). > there are several dependencies in main branch with CVEs > ------------------------------------------------------- > > Key: KYLIN-5159 > URL: https://issues.apache.org/jira/browse/KYLIN-5159 > Project: Kylin > Issue Type: Improvement > Reporter: PJ Fanning > Priority: Major > > Some of the more readily addressed ones include: > * upgrade to commons-compress 1.21 - see cves in > [https://mvnrepository.com/artifact/org.apache.commons/commons-compress] > * upgrade to h2 2.1.210 - see cves in > [https://mvnrepository.com/artifact/com.h2database/h2] > * upgrade to httpclient 4.5.13 - see cves in > [https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient] > * update to commons-io 2.7 (or 2.11.0 to get latest code) - see > [https://github.com/advisories/GHSA-gwrp-pvrq-jmwv] > * upgrade to xerces 2.12.2 - see cves in > [https://mvnrepository.com/artifact/xerces/xercesImpl] > * many others - but I may be looking at the wrong branch given the large > number of vulnerable jars -- This message was sent by Atlassian Jira (v8.20.1#820001)
