Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DRILL-7918: Dependency Updates for CVE #2216

Merged
merged 2 commits into from
May 6, 2021
Merged

DRILL-7918: Dependency Updates for CVE #2216

merged 2 commits into from
May 6, 2021

Conversation

cgivre
Copy link
Contributor

@cgivre cgivre commented May 4, 2021

DRILL-7918: Dependency Updates for CVE

Description

This PR updates several dependencies to address outstanding CVEs.

The updates are:

  • Kudu from version 1.3 to 1.7
  • Avatica from version 1.15 to 1.17
  • HBase from 2.2.2 to 2.4.2

Documentation

N/A

Testing

(Please describe how this PR has been tested.)

@cgivre cgivre self-assigned this May 4, 2021
@cgivre cgivre requested a review from vvysotskyi May 4, 2021 16:50
vvysotskyi
vvysotskyi requested changes May 4, 2021
View reviewed changes
contrib/storage-kudu/pom.xml
@@ -57,7 +57,7 @@
<dependency>
<groupId>org.apache.kudu</groupId>
<artifactId>kudu-client</artifactId>
<version>1.3.0</version>
<version>1.14.0</version>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please confirm that with the update Drill is able to connect to Kudu? Also, there are no enabled unit tests for Kudu, existing ones are disabled and require running Kudu server.
Could you please update tests to start Kudu using testcontainers, so we will be sure that it is still working correctly?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please confirm that with the update Drill is able to connect to Kudu? Also, there are no enabled unit tests for Kudu, existing ones are disabled and require running Kudu server.
Could you please update tests to start Kudu using testcontainers, so we will be sure that it is still working correctly?

Sure! I've never really used Kudu and don't know much about how it works, but I think I can figure out testcontainers and there is a docker container for Kudu. I'll follow the examples in the Splunk plugin.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did build this and tried it out on my local machine, and successfully got it to connect to Kudu, but I didn't have any data in Kudu... so I couldn't try queries.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have two ignored test classes here, and one of them has code that creates tables in Kudu, and another one queries them. Could you please enable and update them to use the Kudu instance from test containers?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have two ignored test classes here, and one of them has code that creates tables in Kudu, and another one queries them. Could you please enable and update them to use the Kudu instance from test containers?

The unit tests for this plugin are frankly pretty poor. I'll figure out testcontainers and update. Do you think I should break that out in a separate PR? I'd really like to refactor the unit tests for Kudu if we're going to continue supporting it, and that represents a lot more work than I intended in this PR.

@cgivre cgivre changed the title CVE fixes DRILL-7918: Dependency Updates for CVE May 4, 2021
vvysotskyi
vvysotskyi approved these changes May 6, 2021
View reviewed changes
Copy link
Member

@vvysotskyi vvysotskyi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@cgivre
Copy link
Contributor Author

cgivre commented May 6, 2021

+1

Did you mean to approve this? I haven't submitted the requested updates with improved unit tests for Kudu.

@vvysotskyi
Copy link
Member

Yes, I approved it intentionally, since it is completed and the stuff with unit tests will be completed in a separate PR.

@luocooong luocooong merged commit 5b3454f into apache:master May 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vvysotskyi vvysotskyi vvysotskyi approved these changes

Assignees

@cgivre cgivre

Labels
dependencies security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@cgivre @vvysotskyi @luocooong