HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile, since all jackson 1.x versions have vulnerabilities by NihalJain · Pull Request #6414 · apache/hbase

NihalJain · 2024-10-30T07:09:05Z

Backports HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile,… #6405

… since all jackson 1.x versions have vulnerabilities (apache#6405) - Building hbase with hadoop-3 profile on branch-2, still requires jackson 1.x jars, which has vulnerabilities. Ideally these should not be needed as with HADOOP-13332 hadoop has already "Remove jackson 1.9.13 and switch all jackson code to 2.x code line" for branch-3. - Also in HBASE-27148, where we worked on "Move minimum hadoop 3 support version to 3.2.3", where we had done a similar cleanup for branch-3; but somehow we missed to port the relevant changes to the branch-2 backport of same jira. This task is to take care of this so that we do not need jackson 1.x to build/run hbase with hadoop-3 profile on branch-2.x. Signed-off-by: Duo Zhang <zhangduo@apache.org> Signed-off-by: Nick Dimiduk <ndimiduk@apache.org> (cherry picked from commit 41621f0)

Apache-HBase · 2024-10-30T07:43:43Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 44s		Docker mode activated.
-0 ⚠️	yetus	0m 5s		Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
			_ Prechecks _
			_ branch-2.5 Compile Tests _
+0 🆗	mvndep	0m 10s		Maven dependency ordering for branch
+1 💚	mvninstall	2m 52s		branch-2.5 passed
+1 💚	compile	0m 58s		branch-2.5 passed
+1 💚	javadoc	0m 46s		branch-2.5 passed
+1 💚	shadedjars	4m 59s		branch has no errors when building our shaded downstream artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 18s		Maven dependency ordering for patch
+1 💚	mvninstall	2m 44s		the patch passed
+1 💚	compile	0m 58s		the patch passed
+1 💚	javac	0m 58s		the patch passed
+1 💚	javadoc	0m 46s		the patch passed
+1 💚	shadedjars	5m 1s		patch has no errors when building our shaded downstream artifacts.
			_ Other Tests _
+1 💚	unit	0m 13s		hbase-shaded-client-byo-hadoop in the patch passed.
+1 💚	unit	0m 15s		hbase-shaded-mapreduce in the patch passed.
+1 💚	unit	0m 18s		hbase-shaded-testing-util in the patch passed.
-1 ❌	unit	0m 25s	/patch-unit-hbase-shaded_hbase-shaded-testing-util-tester.txt	hbase-shaded-testing-util-tester in the patch failed.
		23m 3s

Subsystem	Report/Notes
Docker	ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR	#6414
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux 582f1a77bd98 5.4.0-195-generic #215-Ubuntu SMP Fri Aug 2 18:28:05 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	branch-2.5 / `ec72bad`
Default Java	Eclipse Adoptium-11.0.23+9
Test Results	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/testReport/
Max. process+thread count	153 (vs. ulimit of 30000)
modules	C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/console
versions	git=2.34.1 maven=3.9.8
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2024-10-30T07:43:59Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 47s		Docker mode activated.
-0 ⚠️	yetus	0m 6s		Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
			_ Prechecks _
			_ branch-2.5 Compile Tests _
+0 🆗	mvndep	0m 9s		Maven dependency ordering for branch
+1 💚	mvninstall	2m 52s		branch-2.5 passed
+1 💚	compile	0m 58s		branch-2.5 passed
+1 💚	javadoc	0m 45s		branch-2.5 passed
+1 💚	shadedjars	5m 32s		branch has no errors when building our shaded downstream artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 16s		Maven dependency ordering for patch
+1 💚	mvninstall	2m 44s		the patch passed
+1 💚	compile	0m 56s		the patch passed
+1 💚	javac	0m 56s		the patch passed
+1 💚	javadoc	0m 44s		the patch passed
+1 💚	shadedjars	4m 54s		patch has no errors when building our shaded downstream artifacts.
			_ Other Tests _
+1 💚	unit	0m 13s		hbase-shaded-client-byo-hadoop in the patch passed.
+1 💚	unit	0m 16s		hbase-shaded-mapreduce in the patch passed.
+1 💚	unit	0m 16s		hbase-shaded-testing-util in the patch passed.
-1 ❌	unit	0m 24s	/patch-unit-hbase-shaded_hbase-shaded-testing-util-tester.txt	hbase-shaded-testing-util-tester in the patch failed.
		23m 18s

Subsystem	Report/Notes
Docker	ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/artifact/yetus-jdk17-hadoop3-check/output/Dockerfile
GITHUB PR	#6414
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux 0adc8097029d 5.4.0-195-generic #215-Ubuntu SMP Fri Aug 2 18:28:05 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	branch-2.5 / `ec72bad`
Default Java	Eclipse Adoptium-17.0.11+9
Test Results	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/testReport/
Max. process+thread count	167 (vs. ulimit of 30000)
modules	C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/console
versions	git=2.34.1 maven=3.9.8
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2024-10-30T07:44:45Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 21s		Docker mode activated.
-0 ⚠️	yetus	0m 5s		Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
			_ Prechecks _
			_ branch-2.5 Compile Tests _
+0 🆗	mvndep	0m 11s		Maven dependency ordering for branch
+1 💚	mvninstall	2m 52s		branch-2.5 passed
+1 💚	compile	1m 4s		branch-2.5 passed
+1 💚	javadoc	0m 45s		branch-2.5 passed
+1 💚	shadedjars	5m 24s		branch has no errors when building our shaded downstream artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 14s		Maven dependency ordering for patch
+1 💚	mvninstall	2m 31s		the patch passed
+1 💚	compile	0m 55s		the patch passed
+1 💚	javac	0m 55s		the patch passed
+1 💚	javadoc	0m 47s		the patch passed
+1 💚	shadedjars	4m 58s		patch has no errors when building our shaded downstream artifacts.
			_ Other Tests _
+1 💚	unit	0m 12s		hbase-shaded-client-byo-hadoop in the patch passed.
+1 💚	unit	0m 16s		hbase-shaded-mapreduce in the patch passed.
+1 💚	unit	0m 19s		hbase-shaded-testing-util in the patch passed.
-1 ❌	unit	0m 30s	/patch-unit-hbase-shaded_hbase-shaded-testing-util-tester.txt	hbase-shaded-testing-util-tester in the patch failed.
		24m 2s

Subsystem	Report/Notes
Docker	ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/artifact/yetus-jdk8-hadoop2-check/output/Dockerfile
GITHUB PR	#6414
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux cd61a7008568 5.4.0-195-generic #215-Ubuntu SMP Fri Aug 2 18:28:05 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	branch-2.5 / `ec72bad`
Default Java	Temurin-1.8.0_412-b08
Test Results	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/testReport/
Max. process+thread count	135 (vs. ulimit of 30000)
modules	C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/console
versions	git=2.34.1 maven=3.9.8
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

NihalJain · 2024-10-30T07:51:54Z

Verified that with this PR dependency:tree does not have jackson 1.x for hadoop-3 profile:

hbase %  grep  1.9.13  tree_with_HBASE-28943_branch-2.5.txt
hbase %

Apache-HBase · 2024-10-30T07:54:25Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 43s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
			_ branch-2.5 Compile Tests _
+0 🆗	mvndep	0m 10s		Maven dependency ordering for branch
+1 💚	mvninstall	3m 2s		branch-2.5 passed
+1 💚	compile	0m 52s		branch-2.5 passed
+1 💚	spotless	0m 45s		branch has no errors when running spotless:check.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 14s		Maven dependency ordering for patch
+1 💚	mvninstall	2m 45s		the patch passed
+1 💚	compile	0m 50s		the patch passed
+1 💚	javac	0m 50s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	xmllint	0m 0s		No new issues.
+1 💚	hadoopcheck	21m 10s		Patch does not cause any errors with Hadoop 2.10.2 or 3.2.4 3.3.6 3.4.0.
+1 💚	spotless	0m 44s		patch has no errors when running spotless:check.
			_ Other Tests _
+1 💚	asflicense	0m 34s		The patch does not generate ASF License warnings.
		33m 42s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/artifact/yetus-general-check/output/Dockerfile
GITHUB PR	#6414
Optional Tests	dupname asflicense javac codespell detsecrets xmllint hadoopcheck spotless compile
uname	Linux 7429c1f3f50e 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	branch-2.5 / `ec72bad`
Default Java	Eclipse Adoptium-11.0.23+9
Max. process+thread count	79 (vs. ulimit of 30000)
modules	C: hbase-shaded/hbase-shaded-client-byo-hadoop hbase-shaded/hbase-shaded-mapreduce hbase-shaded/hbase-shaded-testing-util hbase-shaded/hbase-shaded-testing-util-tester U: hbase-shaded
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6414/1/console
versions	git=2.34.1 maven=3.9.8 xmllint=20913
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

NihalJain · 2024-10-30T08:24:33Z

hbase-shaded-testing-util-tester in the patch failed.

Not related to this change but is an existing issue. Need to raise bug for this. Ran with / without change the module fails to run tests

NihalJain · 2024-10-30T08:42:16Z

hbase-shaded-testing-util-tester in the patch failed.

Not related to this change but is an existing issue. Need to raise bug for this. Ran with / without change the module fails to run tests

Created https://issues.apache.org/jira/browse/HBASE-28944

NihalJain · 2024-11-04T05:39:56Z

Will merge this PR today as failures are not related and are handled with HBASE-28944!

NihalJain added the backport This PR is a back port of some issue or issues already committed to master label Oct 30, 2024

NihalJain merged commit 25bce14 into apache:branch-2.5 Nov 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile, since all jackson 1.x versions have vulnerabilities#6414

HBASE-28943 Remove all jackson 1.x dependencies for hadoop-3 profile, since all jackson 1.x versions have vulnerabilities#6414
NihalJain merged 1 commit intoapache:branch-2.5from
NihalJain:HBASE-28943_branch-2.5

NihalJain commented Oct 30, 2024

Uh oh!

Apache-HBase commented Oct 30, 2024

Uh oh!

Apache-HBase commented Oct 30, 2024

Uh oh!

Apache-HBase commented Oct 30, 2024

Uh oh!

NihalJain commented Oct 30, 2024

Uh oh!

Apache-HBase commented Oct 30, 2024

Uh oh!

NihalJain commented Oct 30, 2024

Uh oh!

NihalJain commented Oct 30, 2024

Uh oh!

NihalJain commented Nov 4, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

NihalJain commented Oct 30, 2024

Uh oh!

Apache-HBase commented Oct 30, 2024

Uh oh!

Apache-HBase commented Oct 30, 2024

Uh oh!

Apache-HBase commented Oct 30, 2024

Uh oh!

NihalJain commented Oct 30, 2024

Uh oh!

Apache-HBase commented Oct 30, 2024

Uh oh!

NihalJain commented Oct 30, 2024

Uh oh!

NihalJain commented Oct 30, 2024

Uh oh!

NihalJain commented Nov 4, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants