Skip to content

Force to use commons-beanutils:1.11.0 #18984

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Force to use commons-beanutils:1.11.0 #18984

wants to merge 2 commits into from

Conversation

@prudhvigodithi
Copy link
Member

@prudhvigodithi prudhvigodithi commented Aug 8, 2025

Description

The org.apache.hadoop:hadoop-minicluster:3.4.1 uses commons-beanutils:commons-beanutils:1.9.4. However as of now 3.4.1 is the latest version available https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-minicluster.

With this change now in all runtime and compile class path I can see the commons-beanutils:commons-beanutils:1.11.0
Screenshot 2025-08-07 at 8 51 21 PM

Related Issues

Related PR's and issues from past

Check List

  • Functionality includes testing.
  • API changes companion pull request created, if applicable.
  • Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@prudhvigodithi
fix cve
f641db3 
Signed-off-by: Prudhvi Godithi <[email protected]>
@prudhvigodithi prudhvigodithi requested review from a team, cwperks and peternied as code owners August 8, 2025 03:56
@prudhvigodithi prudhvigodithi requested a review from andrross August 8, 2025 03:57
@prudhvigodithi prudhvigodithi self-assigned this Aug 8, 2025
@prudhvigodithi prudhvigodithi added backport 3.2 Backport to 3.2 branch CVE Fixes a CVE labels Aug 8, 2025
@prudhvigodithi
Update changelog
ec47b26 
Signed-off-by: Prudhvi Godithi <[email protected]>
@github-actions
Copy link
Contributor

github-actions bot commented Aug 8, 2025

✅ Gradle check result for ec47b26: SUCCESS

@codecov
Copy link

codecov bot commented Aug 8, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.81%. Comparing base (9f13e37) to head (ec47b26).
⚠️ Report is 15 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff              @@
##               main   #18984      +/-   ##
============================================
- Coverage     72.88%   72.81%   -0.07%     
- Complexity    69327    69351      +24     
============================================
  Files          5643     5645       +2     
  Lines        318720   318786      +66     
  Branches      46113    46124      +11     
============================================
- Hits         232294   232131     -163     
- Misses        67595    67914     +319     
+ Partials      18831    18741      -90

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@opensearch-ci-bot opensearch-ci-bot mentioned this pull request Aug 7, 2025
Closed
@github-project-automation github-project-automation bot moved this from Todo to In Progress in Performance Roadmap Aug 8, 2025
@cwperks
Copy link
Member

cwperks commented Aug 8, 2025

FYI @prudhvigodithi on 2.19 this is solved by excluding the transitive dep: #18795

I made that PR on 2.19 without realizing that main was impacted similarly.

@peterzhuamazon
Copy link
Member

peterzhuamazon commented Aug 8, 2025

@prudhvigodithi @cwperks should we just backport that 2.19 change to main?

Thanks.

@gaiksaya
Copy link
Member

gaiksaya commented Aug 8, 2025

@cwperks @andrross @peternied Wondering if we can move forward with this or do we need to port forward the 2.19 change?

@andrross
Copy link
Member

andrross commented Aug 8, 2025

I ported the exclusion to main and 3.2 in #19001 and #19002. I think we can close this one.

@prudhvigodithi
Copy link
Member Author

prudhvigodithi commented Aug 12, 2025

Thanks, we can close this PR.

@github-project-automation github-project-automation bot moved this from In Progress to Done in Performance Roadmap Aug 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peterzhuamazon peterzhuamazon peterzhuamazon approved these changes

@peternied peternied Awaiting requested review from peternied peternied is a code owner

@cwperks cwperks Awaiting requested review from cwperks cwperks is a code owner

@andrross andrross Awaiting requested review from andrross

Assignees

@prudhvigodithi prudhvigodithi

Labels

backport 3.2 Backport to 3.2 branch CVE Fixes a CVE

Projects

Performance Roadmap
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@prudhvigodithi @cwperks @peterzhuamazon @gaiksaya @andrross