From 330b2a094e5ed0b35290f4d78cdfa689611a72e2 Mon Sep 17 00:00:00 2001 From: "Wang, Fei" Date: Mon, 11 Nov 2024 17:02:23 +0800 Subject: [PATCH] [CELEBORN-1708] Bump protobuf version from 3.21.7 to 3.25.5 ### What changes were proposed in this pull request? Bump protobuf from 3.21.7 to 3.25.5. ### Why are the changes needed? To fix CVE: https://github.com/advisories/GHSA-735f-pc8j-v9w8 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? GA. Closes #2898 from turboFei/bump_protobuf. Authored-by: Wang, Fei Signed-off-by: mingji --- dev/deps/dependencies-client-flink-1.14 | 2 +- dev/deps/dependencies-client-flink-1.15 | 2 +- dev/deps/dependencies-client-flink-1.16 | 2 +- dev/deps/dependencies-client-flink-1.17 | 2 +- dev/deps/dependencies-client-flink-1.18 | 2 +- dev/deps/dependencies-client-flink-1.19 | 2 +- dev/deps/dependencies-client-flink-1.20 | 2 +- dev/deps/dependencies-client-mr | 2 +- dev/deps/dependencies-client-spark-2.4 | 2 +- dev/deps/dependencies-client-spark-3.0 | 2 +- dev/deps/dependencies-client-spark-3.1 | 2 +- dev/deps/dependencies-client-spark-3.2 | 2 +- dev/deps/dependencies-client-spark-3.3 | 2 +- dev/deps/dependencies-client-spark-3.4 | 2 +- dev/deps/dependencies-client-spark-3.5 | 2 +- dev/deps/dependencies-server | 2 +- .../ha/GrpcRatisMasterStatusSystemSuiteJ.java | 36 +++++++++++++++++++ pom.xml | 2 +- project/CelebornBuild.scala | 4 +-- 19 files changed, 55 insertions(+), 19 deletions(-) create mode 100644 master/src/test/java/org/apache/celeborn/service/deploy/master/clustermeta/ha/GrpcRatisMasterStatusSystemSuiteJ.java diff --git a/dev/deps/dependencies-client-flink-1.14 b/dev/deps/dependencies-client-flink-1.14 index 52f81337b..86ff1a6a2 100644 --- a/dev/deps/dependencies-client-flink-1.14 +++ b/dev/deps/dependencies-client-flink-1.14 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.18//scala-library-2.12.18.jar scala-reflect/2.12.18//scala-reflect-2.12.18.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-flink-1.15 b/dev/deps/dependencies-client-flink-1.15 index 52f81337b..86ff1a6a2 100644 --- a/dev/deps/dependencies-client-flink-1.15 +++ b/dev/deps/dependencies-client-flink-1.15 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.18//scala-library-2.12.18.jar scala-reflect/2.12.18//scala-reflect-2.12.18.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-flink-1.16 b/dev/deps/dependencies-client-flink-1.16 index 52f81337b..86ff1a6a2 100644 --- a/dev/deps/dependencies-client-flink-1.16 +++ b/dev/deps/dependencies-client-flink-1.16 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.18//scala-library-2.12.18.jar scala-reflect/2.12.18//scala-reflect-2.12.18.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-flink-1.17 b/dev/deps/dependencies-client-flink-1.17 index 52f81337b..86ff1a6a2 100644 --- a/dev/deps/dependencies-client-flink-1.17 +++ b/dev/deps/dependencies-client-flink-1.17 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.18//scala-library-2.12.18.jar scala-reflect/2.12.18//scala-reflect-2.12.18.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-flink-1.18 b/dev/deps/dependencies-client-flink-1.18 index 52f81337b..86ff1a6a2 100644 --- a/dev/deps/dependencies-client-flink-1.18 +++ b/dev/deps/dependencies-client-flink-1.18 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.18//scala-library-2.12.18.jar scala-reflect/2.12.18//scala-reflect-2.12.18.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-flink-1.19 b/dev/deps/dependencies-client-flink-1.19 index 52f81337b..86ff1a6a2 100644 --- a/dev/deps/dependencies-client-flink-1.19 +++ b/dev/deps/dependencies-client-flink-1.19 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.18//scala-library-2.12.18.jar scala-reflect/2.12.18//scala-reflect-2.12.18.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-flink-1.20 b/dev/deps/dependencies-client-flink-1.20 index 52f81337b..86ff1a6a2 100644 --- a/dev/deps/dependencies-client-flink-1.20 +++ b/dev/deps/dependencies-client-flink-1.20 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.18//scala-library-2.12.18.jar scala-reflect/2.12.18//scala-reflect-2.12.18.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-mr b/dev/deps/dependencies-client-mr index 0ae7d4360..467cd343e 100644 --- a/dev/deps/dependencies-client-mr +++ b/dev/deps/dependencies-client-mr @@ -179,7 +179,7 @@ nimbus-jose-jwt/9.8.1//nimbus-jose-jwt-9.8.1.jar okhttp/4.9.3//okhttp-4.9.3.jar okio/2.8.0//okio-2.8.0.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar re2j/1.1//re2j-1.1.jar reload4j/1.2.22//reload4j-1.2.22.jar scala-library/2.12.18//scala-library-2.12.18.jar diff --git a/dev/deps/dependencies-client-spark-2.4 b/dev/deps/dependencies-client-spark-2.4 index 2b560d7a0..8bdccc0e4 100644 --- a/dev/deps/dependencies-client-spark-2.4 +++ b/dev/deps/dependencies-client-spark-2.4 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.11.12//scala-library-2.11.12.jar scala-reflect/2.11.12//scala-reflect-2.11.12.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-spark-3.0 b/dev/deps/dependencies-client-spark-3.0 index 6346ecff7..4d9eee7dd 100644 --- a/dev/deps/dependencies-client-spark-3.0 +++ b/dev/deps/dependencies-client-spark-3.0 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.10//scala-library-2.12.10.jar scala-reflect/2.12.10//scala-reflect-2.12.10.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-spark-3.1 b/dev/deps/dependencies-client-spark-3.1 index 28c50fdc7..b80448b7b 100644 --- a/dev/deps/dependencies-client-spark-3.1 +++ b/dev/deps/dependencies-client-spark-3.1 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.10//scala-library-2.12.10.jar scala-reflect/2.12.10//scala-reflect-2.12.10.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-spark-3.2 b/dev/deps/dependencies-client-spark-3.2 index 84c40b055..4ed591e62 100644 --- a/dev/deps/dependencies-client-spark-3.2 +++ b/dev/deps/dependencies-client-spark-3.2 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.15//scala-library-2.12.15.jar scala-reflect/2.12.15//scala-reflect-2.12.15.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-spark-3.3 b/dev/deps/dependencies-client-spark-3.3 index 612daec05..00a8ca604 100644 --- a/dev/deps/dependencies-client-spark-3.3 +++ b/dev/deps/dependencies-client-spark-3.3 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.15//scala-library-2.12.15.jar scala-reflect/2.12.15//scala-reflect-2.12.15.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-spark-3.4 b/dev/deps/dependencies-client-spark-3.4 index d335c7825..fc5a5431a 100644 --- a/dev/deps/dependencies-client-spark-3.4 +++ b/dev/deps/dependencies-client-spark-3.4 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.17//scala-library-2.12.17.jar scala-reflect/2.12.17//scala-reflect-2.12.17.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-client-spark-3.5 b/dev/deps/dependencies-client-spark-3.5 index 4e2219435..0a7c17134 100644 --- a/dev/deps/dependencies-client-spark-3.5 +++ b/dev/deps/dependencies-client-spark-3.5 @@ -72,7 +72,7 @@ netty-transport-sctp/4.1.109.Final//netty-transport-sctp-4.1.109.Final.jar netty-transport-udt/4.1.109.Final//netty-transport-udt-4.1.109.Final.jar netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar paranamer/2.8//paranamer-2.8.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar scala-library/2.12.18//scala-library-2.12.18.jar scala-reflect/2.12.18//scala-reflect-2.12.18.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar diff --git a/dev/deps/dependencies-server b/dev/deps/dependencies-server index ed27eed78..f55a75385 100644 --- a/dev/deps/dependencies-server +++ b/dev/deps/dependencies-server @@ -121,7 +121,7 @@ netty-transport/4.1.109.Final//netty-transport-4.1.109.Final.jar osgi-resource-locator/1.0.3//osgi-resource-locator-1.0.3.jar paranamer/2.8//paranamer-2.8.jar picocli/4.7.6//picocli-4.7.6.jar -protobuf-java/3.21.7//protobuf-java-3.21.7.jar +protobuf-java/3.25.5//protobuf-java-3.25.5.jar ratis-client/3.1.1//ratis-client-3.1.1.jar ratis-common/3.1.1//ratis-common-3.1.1.jar ratis-grpc/3.1.1//ratis-grpc-3.1.1.jar diff --git a/master/src/test/java/org/apache/celeborn/service/deploy/master/clustermeta/ha/GrpcRatisMasterStatusSystemSuiteJ.java b/master/src/test/java/org/apache/celeborn/service/deploy/master/clustermeta/ha/GrpcRatisMasterStatusSystemSuiteJ.java new file mode 100644 index 000000000..369645b1b --- /dev/null +++ b/master/src/test/java/org/apache/celeborn/service/deploy/master/clustermeta/ha/GrpcRatisMasterStatusSystemSuiteJ.java @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.celeborn.service.deploy.master.clustermeta.ha; + +import org.junit.BeforeClass; + +import org.apache.celeborn.common.CelebornConf; + +public class GrpcRatisMasterStatusSystemSuiteJ extends RatisMasterStatusSystemSuiteJ { + @BeforeClass + public static void init() throws Exception { + resetRaftServer( + configureServerConf( + new CelebornConf().set(CelebornConf.HA_MASTER_RATIS_RPC_TYPE().key(), "grpc"), 1), + configureServerConf( + new CelebornConf().set(CelebornConf.HA_MASTER_RATIS_RPC_TYPE().key(), "grpc"), 2), + configureServerConf( + new CelebornConf().set(CelebornConf.HA_MASTER_RATIS_RPC_TYPE().key(), "grpc"), 3), + false); + } +} diff --git a/pom.xml b/pom.xml index ba7e8cab2..813ea4655 100644 --- a/pom.xml +++ b/pom.xml @@ -93,7 +93,7 @@ 1.17.14 4.1.109.Final 1.77 - 3.21.7 + 3.25.5 3.1.1 3.2.16 1.7.36 diff --git a/project/CelebornBuild.scala b/project/CelebornBuild.scala index ceb70199d..7c4613c4d 100644 --- a/project/CelebornBuild.scala +++ b/project/CelebornBuild.scala @@ -88,8 +88,8 @@ object Dependencies { val bouncycastleVersion = "1.77" // Versions for proto - val protocVersion = "3.21.7" - val protoVersion = "3.21.7" + val protocVersion = "3.25.5" + val protoVersion = "3.25.5" val apLoader = "me.bechberger" % "ap-loader-all" % apLoaderVersion val commonsCompress = "org.apache.commons" % "commons-compress" % commonsCompressVersion