search

apache / hudi

Upserts, Deletes And Incremental Processing on Big Data.
https://hudi.apache.org/
Apache License 2.0
5.45k stars 2.43k forks source link

Upgraded avro & commons-io dependency #12138

Open infvg opened 1 month ago

infvg commented 1 month ago

Upgrade commons-io version to 1.11.4 Upgrade avro version to 1.11.4 Upgrade proto version to 3.25.5

Reference PR - https://github.com/apache/hudi/pull/11964

Change Logs This issue will address the below CVE from hudi-presto-bundle:0.14.0 jar https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47561 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47554 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254

Impact No user facing impacts

Risk level (write none, low medium or high below) Included the new changes in presto and we haven't seen any regression issues

Documentation Update None

Contributor's checklist Read through contributor's guide Change Logs and Impact were stated clearly Adequate tests were added if applicable CI passed

hudi-bot commented 1 month ago

CI report:

Bot commands @hudi-bot supports the following commands: - `@hudi-bot run azure` re-run the last Azure build
danny0405 commented 3 weeks ago

cc @yihua for the review.

infvg commented 2 weeks ago

@yihua hello, could you please review this PR?