Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/22373 )
Change subject: [thirdparty] Upgrade protobuf to 3.21.9 ...................................................................... Patch Set 2: (1 comment) > Build Failed > > http://jenkins.kudu.apache.org/job/pre_commit/968/ : FAILURE It seems you'll need to add extra IWYU mappings to address at least the following: >>> Fixing #includes in >>> '/home/jenkins-slave/workspace/build_and_test/src/kudu/tools/tool_action_test.cc' @@ -26,9 +26,9 @@ #include <string> #include <utility> +#include "net/proto2/public/repeated_field.h" #include <gflags/gflags.h> #include <glog/logging.h> -#include <google/protobuf/stubs/common.h> #include <google/protobuf/stubs/status.h> #include <google/protobuf/stubs/stringpiece.h> #include <google/protobuf/util/json_util.h> You might take a look at https://github.com/apache/kudu/commit/9a8570b9c6b3d4e24e47ca830c089ab04667ef41 as an example of introducing IWYU mappings. http://gerrit.cloudera.org:8080/#/c/22373/2//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/22373/2//COMMIT_MSG@7 PS2, Line 7: 3.21.9 Just to double-check: this version is not affected by https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h5g9-ghrj-76p5, correct? IIUC, the corresponding bug has been introduced in 4.22.0 with commit b955165, so 3.21.9 doesn't contain it, and that's good news. If that's indeed so, then from the security standpoint there isn't any need to upgrade up to newer v25.5 if the goal is addressing known CVEs in protobuf-cpp. -- To view, visit http://gerrit.cloudera.org:8080/22373 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I5274c5f4c681a864d126c51960fa3b41d4f568d7 Gerrit-Change-Number: 22373 Gerrit-PatchSet: 2 Gerrit-Owner: Abhishek Chennaka <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Tue, 28 Jan 2025 06:36:55 +0000 Gerrit-HasComments: Yes
