Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade JSON to 20231013 to fix CVE-2023-5072 #2454

Merged
merged 1 commit into from
Dec 12, 2023

Conversation

penghuo
Copy link
Collaborator

@penghuo penghuo commented Dec 11, 2023

Description

Revert Revert #2314

Issues Resolved

Check List

  • New functionality includes testing.
    • All tests pass, including unit test, integration test and doctest
  • New functionality has been documented.
    • New functionality has javadoc added
    • New functionality has user manual doc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Copy link

codecov bot commented Dec 11, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (ddb2a21) 96.65% compared to head (8ac6981) 96.65%.

Additional details and impacted files
@@            Coverage Diff            @@
##               2.11    #2454   +/-   ##
=========================================
  Coverage     96.65%   96.65%           
  Complexity     4776     4776           
=========================================
  Files           443      443           
  Lines         12914    12914           
  Branches        879      879           
=========================================
  Hits          12482    12482           
  Misses          424      424           
  Partials          8        8           
Flag Coverage Δ
sql-engine 96.65% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@penghuo
Copy link
Collaborator Author

penghuo commented Dec 11, 2023

  • safe to ignore flaky test cases.
> Task :doctest:stopPrometheus
ImportError: Failed to import test module: test_docs
> Task :integ-test:generatePomFileForNebulaPublication
Traceback (most recent call last):
> Task :integ-test:generatePom
  File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/unittest/loader.py", line 129, in loadTestsFromName
> Task :integ-test:generateEffectiveLombokConfig
    module = __import__(module_name)
> Task :integ-test:compileJava NO-SOURCE
             ^^^^^^^^^^^^^^^^^^^^^^^
> Task :integ-test:processResources NO-SOURCE
  File "/Users/runner/work/sql/sql/doctest/test_docs.py", line 16, in <module>
> Task :integ-test:classes UP-TO-DATE
    from opensearch_sql_cli.opensearch_connection import OpenSearchConnection
  File "/Users/runner/work/sql/sql/doctest/sql-cli/src/opensearch_sql_cli/opensearch_connection.py", line 6, in <module>
    import boto3
  File "/Users/runner/work/sql/sql/doctest/.venv/lib/python3.12/site-packages/boto3/__init__.py", line 16, in <module>
    from boto3.session import Session
  File "/Users/runner/work/sql/sql/doctest/.venv/lib/python3.12/site-packages/boto3/session.py", line 17, in <module>
    import botocore.session
  File "/Users/runner/work/sql/sql/doctest/.venv/lib/python3.12/site-packages/botocore/session.py", line 29, in <module>
    import botocore.configloader
  File "/Users/runner/work/sql/sql/doctest/.venv/lib/python3.12/site-packages/botocore/configloader.py", line 19, in <module>
    from botocore.compat import six
  File "/Users/runner/work/sql/sql/doctest/.venv/lib/python3.12/site-packages/botocore/compat.py", line 33, in <module>
    from botocore.vendored.six.moves import http_client
ModuleNotFoundError: No module named 'botocore.vendored.six.moves'

@penghuo penghuo added the security fix Security fix generated by WhiteSource label Dec 12, 2023
@penghuo penghuo merged commit 2c17658 into opensearch-project:2.11 Dec 12, 2023
20 of 22 checks passed
@penghuo penghuo deleted the 211_cve_2023_5072 branch December 12, 2023 00:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants