Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Jackson to 2.16.1 #42576

Merged
merged 1 commit into from
Jan 23, 2024
Merged

Bump Jackson to 2.16.1 #42576

merged 1 commit into from
Jan 23, 2024

Conversation

thomasdesr
Copy link
Contributor

@thomasdesr thomasdesr commented Jan 22, 2024
edited
Loading

Why are these changes needed?

CVE scanners are triggering on CVE-2023-35116. Doesn't seem to be a real CVE so just cleaning up noise from scanners.

Related issue number

n/a

Checks

  • I've signed off every commit(by using the -s flag, i.e., git commit -s) in this PR.
  • I've run scripts/format.sh to lint the changes in this PR.
  • I've included any doc changes needed for https://docs.ray.io/en/master/.
    • I've added any new APIs to the API Reference. For example, if I added a
      method in Tune, I've added it in doc/source/tune/api/ under the
      corresponding .rst file.
  • I've made sure the tests are passing. Note that there might be a few flaky tests, see the recent failures at https://flakey-tests.ray.io/
  • Testing Strategy
    • Unit tests
    • Release tests
    • This PR is not tested :(

@thomasdesr
Bump Jackson to 2.16+
6ea933d 
Signed-off-by: Thomas Desrosiers <[email protected]>
@thomasdesr thomasdesr marked this pull request as ready for review January 22, 2024 21:30
@pcmoritz pcmoritz merged commit 525f2d7 into master Jan 23, 2024
9 checks passed
@pcmoritz pcmoritz deleted the thomas/bump-jackson-dep branch January 23, 2024 05:14
khluu pushed a commit to khluu/ray that referenced this pull request Jan 24, 2024
@thomasdesr @khluu
Bump Jackson to 2.16+ (ray-project#42576)
e4334ba 
CVE scanners are triggering on CVE-2023-35116. Doesn't seem to be a real CVE so just cleaning up noise from scanners.

Signed-off-by: Thomas Desrosiers <[email protected]>
Signed-off-by: khluu <[email protected]>
@metasyn
Copy link

metasyn commented Mar 11, 2024

When will this be released? I am seeing that it is still not part of the latest release 2.9.3:

https://github.com/ray-project/ray/blob/ray-2.9.3/java/dependencies.bzl#L7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pcmoritz pcmoritz pcmoritz approved these changes

@edoakes edoakes edoakes approved these changes

@kfstorm kfstorm Awaiting requested review from kfstorm kfstorm is a code owner

@raulchen raulchen Awaiting requested review from raulchen raulchen is a code owner

@ericl ericl Awaiting requested review from ericl ericl is a code owner

@fishbone fishbone Awaiting requested review from fishbone

@WangTaoTheTonic WangTaoTheTonic Awaiting requested review from WangTaoTheTonic WangTaoTheTonic is a code owner

@SongGuyang SongGuyang Awaiting requested review from SongGuyang SongGuyang is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@thomasdesr @metasyn @pcmoritz @edoakes