Skip to content

[SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23 #25437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Fokko wants to merge 2 commits into from
Closed

[SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23 #25437

Fokko wants to merge 2 commits into from

Conversation

@Fokko
Copy link
Contributor

@Fokko Fokko commented Aug 13, 2019
edited by dongjoon-hyun
Loading

What changes were proposed in this pull request?

Backport to branch-2.4 of #25432

Fixes a vulnerability from the GitHub Security Advisory Database:

Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

checkstyle/checkstyle#6474

Affected versions: < 8.18

How was this patch tested?

Ran checkstyle locally.

@Fokko
[SPARK-28713][BUILD] Bump checkstyle from 8.14 to 8.23
6206c31 
Fixes a vulnerability from the GitHub Security Advisory Database:

_Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle_
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

checkstyle/checkstyle#6474

Affected versions: < 8.18

Ran checkstyle locally.

Closes apache#25432 from Fokko/SPARK-28713.

Authored-by: Fokko Driesprong <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
(cherry picked from commit d8dd571)
@Fokko Fokko mentioned this pull request Aug 13, 2019
Closed
@Fokko
Copy link
Contributor Author

Fokko commented Aug 13, 2019

I had to update the maven plugin as well:

MacBook-Pro-van-Fokko:spark fokkodriesprong$ dev/lint-java
Using `mvn` from path: /usr/local/bin/mvn
Checkstyle checks failed at following occurrences:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-checkstyle-plugin:2.17:check (default-cli) on project spark-parent_2.11: Failed during checkstyle configuration: cannot initialize module TreeWalker - Property 'cacheFile' does not exist, please check the documentation -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

More info in checkstyle/checkstyle#2883

@dongjoon-hyun dongjoon-hyun changed the title [SPARK-28713][BUILD] Bump checkstyle from 8.14 to 8.23 [SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23 Aug 13, 2019
dongjoon-hyun
dongjoon-hyun reviewed Aug 13, 2019
View reviewed changes
pom.xml
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>2.17</version>
<version>3.0.0</version>
Copy link
Member

@dongjoon-hyun dongjoon-hyun Aug 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh. I see.

@dongjoon-hyun
Copy link
Member

dongjoon-hyun commented Aug 13, 2019

ok to test

@dongjoon-hyun
Copy link
Member

dongjoon-hyun commented Aug 13, 2019

cc @srowen

srowen
srowen approved these changes Aug 13, 2019
View reviewed changes
Copy link
Member

@srowen srowen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK pending tests

dongjoon-hyun
dongjoon-hyun approved these changes Aug 13, 2019
View reviewed changes
Copy link
Member

@dongjoon-hyun dongjoon-hyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Jenkins test passed all Java/Scala stuff and running on Python. Also, I tested this locally with maven command and dev/lint-java. I'll merge this.

Merged to branch-2.4.

Thank you, @Fokko and @srowen .

dongjoon-hyun pushed a commit that referenced this pull request Aug 13, 2019
@Fokko @dongjoon-hyun
[SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23
dfcebca 
## What changes were proposed in this pull request?

Backport to `branch-2.4` of #25432

Fixes a vulnerability from the GitHub Security Advisory Database:

_Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle_
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

checkstyle/checkstyle#6474

Affected versions: < 8.18

## How was this patch tested?

Ran checkstyle locally.

Closes #25437 from Fokko/branch-2.4.

Authored-by: Fokko Driesprong <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
@SparkQA
Copy link

SparkQA commented Aug 13, 2019

Test build #109054 has finished for PR 25437 at commit 3247fd7.

  • This patch passes all tests.
  • This patch merges cleanly.
  • This patch adds no public classes.

@Fokko Fokko deleted the branch-2.4 branch August 14, 2019 07:31
@Fokko
Copy link
Contributor Author

Fokko commented Aug 14, 2019

My pleasure @dongjoon-hyun

rluta pushed a commit to rluta/spark that referenced this pull request Sep 17, 2019
@Fokko
[SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23
928e85f 
## What changes were proposed in this pull request?

Backport to `branch-2.4` of apache#25432

Fixes a vulnerability from the GitHub Security Advisory Database:

_Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle_
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

checkstyle/checkstyle#6474

Affected versions: < 8.18

## How was this patch tested?

Ran checkstyle locally.

Closes apache#25437 from Fokko/branch-2.4.

Authored-by: Fokko Driesprong <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
kai-chi pushed a commit to kai-chi/spark that referenced this pull request Sep 26, 2019
@Fokko @kai-chi
[SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23
801e643 
## What changes were proposed in this pull request?

Backport to `branch-2.4` of apache#25432

Fixes a vulnerability from the GitHub Security Advisory Database:

_Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle_
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

checkstyle/checkstyle#6474

Affected versions: < 8.18

## How was this patch tested?

Ran checkstyle locally.

Closes apache#25437 from Fokko/branch-2.4.

Authored-by: Fokko Driesprong <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@srowen srowen srowen approved these changes

@dongjoon-hyun dongjoon-hyun dongjoon-hyun approved these changes

Assignees

No one assigned

Labels

BUILD

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Fokko @dongjoon-hyun @SparkQA @srowen