Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23 #25437

Closed
wants to merge 2 commits into from
Closed

[SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23 #25437

wants to merge 2 commits into from

Conversation

Fokko
Copy link
Contributor

@Fokko Fokko commented Aug 13, 2019
edited by dongjoon-hyun

What changes were proposed in this pull request?

Backport to branch-2.4 of #25432

Fixes a vulnerability from the GitHub Security Advisory Database:

Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

checkstyle/checkstyle#6474

Affected versions: < 8.18

How was this patch tested?

Ran checkstyle locally.

@Fokko
[SPARK-28713][BUILD] Bump checkstyle from 8.14 to 8.23
6206c31 
Fixes a vulnerability from the GitHub Security Advisory Database:

_Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle_
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

checkstyle/checkstyle#6474

Affected versions: < 8.18

Ran checkstyle locally.

Closes apache#25432 from Fokko/SPARK-28713.

Authored-by: Fokko Driesprong <fokko@apache.org>
Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
(cherry picked from commit d8dd571)
@Fokko Fokko mentioned this pull request Aug 13, 2019
Closed
@Fokko
Copy link
Contributor Author

Fokko commented Aug 13, 2019

I had to update the maven plugin as well:

MacBook-Pro-van-Fokko:spark fokkodriesprong$ dev/lint-java
Using `mvn` from path: /usr/local/bin/mvn
Checkstyle checks failed at following occurrences:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin:2.17:check (default-cli) on project spark-parent_2.11: Failed during checkstyle configuration: cannot initialize module TreeWalker - Property 'cacheFile' does not exist, please check the documentation -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

More info in checkstyle/checkstyle#2883

@dongjoon-hyun dongjoon-hyun changed the title [SPARK-28713][BUILD] Bump checkstyle from 8.14 to 8.23 [SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23 Aug 13, 2019
dongjoon-hyun
dongjoon-hyun reviewed Aug 13, 2019
View reviewed changes
pom.xml
@@ -2550,12 +2550,17 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>2.17</version>
<version>3.0.0</version>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh. I see.

@dongjoon-hyun
Copy link
Member

ok to test

@dongjoon-hyun
Copy link
Member

cc @srowen

srowen
srowen approved these changes Aug 13, 2019
View reviewed changes
Copy link
Member

@srowen srowen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK pending tests

dongjoon-hyun
dongjoon-hyun approved these changes Aug 13, 2019
View reviewed changes
Copy link
Member

@dongjoon-hyun dongjoon-hyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Jenkins test passed all Java/Scala stuff and running on Python. Also, I tested this locally with maven command and dev/lint-java. I'll merge this.

Merged to branch-2.4.

Thank you, @Fokko and @srowen .

dongjoon-hyun pushed a commit that referenced this pull request Aug 13, 2019
@Fokko @dongjoon-hyun
[SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23
dfcebca 
## What changes were proposed in this pull request?

Backport to `branch-2.4` of #25432

Fixes a vulnerability from the GitHub Security Advisory Database:

_Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle_
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

checkstyle/checkstyle#6474

Affected versions: < 8.18

## How was this patch tested?

Ran checkstyle locally.

Closes #25437 from Fokko/branch-2.4.

Authored-by: Fokko Driesprong <fokko@apache.org>
Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
@SparkQA
Copy link

SparkQA commented Aug 13, 2019

Test build #109054 has finished for PR 25437 at commit 3247fd7.

  • This patch passes all tests.
  • This patch merges cleanly.
  • This patch adds no public classes.

@Fokko Fokko deleted the branch-2.4 branch August 14, 2019 07:31
@Fokko
Copy link
Contributor Author

Fokko commented Aug 14, 2019

My pleasure @dongjoon-hyun

rluta pushed a commit to rluta/spark that referenced this pull request Sep 17, 2019
@Fokko
[SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23
928e85f 
## What changes were proposed in this pull request?

Backport to `branch-2.4` of apache#25432

Fixes a vulnerability from the GitHub Security Advisory Database:

_Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle_
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

checkstyle/checkstyle#6474

Affected versions: < 8.18

## How was this patch tested?

Ran checkstyle locally.

Closes apache#25437 from Fokko/branch-2.4.

Authored-by: Fokko Driesprong <fokko@apache.org>
Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
kai-chi pushed a commit to kai-chi/spark that referenced this pull request Sep 26, 2019
@Fokko @kai-chi
[SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23
801e643 
## What changes were proposed in this pull request?

Backport to `branch-2.4` of apache#25432

Fixes a vulnerability from the GitHub Security Advisory Database:

_Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle_
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

checkstyle/checkstyle#6474

Affected versions: < 8.18

## How was this patch tested?

Ran checkstyle locally.

Closes apache#25437 from Fokko/branch-2.4.

Authored-by: Fokko Driesprong <fokko@apache.org>
Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srowen srowen srowen approved these changes

@dongjoon-hyun dongjoon-hyun dongjoon-hyun approved these changes

Assignees
No one assigned
Labels
BUILD
Projects
None yet
Milestone
No milestone
4 participants
@Fokko @dongjoon-hyun @SparkQA @srowen