JiaLiangC opened a new pull request, #1259: URL: https://github.com/apache/bigtop/pull/1259
<!-- Thanks for sending a pull request! 1. If this is your first time, please read our contributor guidelines: https://cwiki.apache.org/confluence/display/BIGTOP/How+to+Contribute 2. Make sure your PR title starts with JIRA issue id, e.g., 'BIGTOP-3638: Your PR title ...'. --> ### Description of PR fix commons-configuration2 CVE HADOOP-19123. Update to commons-configuration2 2.10.1 due to CVE #6661 https://github.com/apache/hadoop/pull/6661 fix commons-compress CVE HADOOP-19114. Upgrade to commons-compress 1.26.1 due to CVEs. #6636 https://github.com/apache/hadoop/pull/6636/files This PR is to resolve the compilation failure issue caused by the modification of a CVE. HADOOP-18929. Exclude commons-compress module-info.class #6169 https://github.com/apache/hadoop/pull/6169 This PR aims to solve the inconvenience of having to exclude dependencies every time a modification is made, such as after modifying the two CVEs above, by excluding all of them. HADOOP-18916. Exclude all module-info classes from uber jars (#6131) #6188 https://github.com/apache/hadoop/pull/6188 This is divided into two patches. The reason why the two CVEs were combined into one patch is that the code merged for the two CVEs is only separated by one line (LicenseBinary). After applying the first patch, the second patch would report a conflict. The modifications for HADOOP-18929 were reverted in HADOOP-18916, which adopted a better implementation, hence HADOOP-18916 is used. ### How was this patch tested? manual test ,smoke test tested on rocky8 ./docker-hadoop.sh -d -dcp --create 3 --image bigtop/puppet:trunk-rockylinux-8 --docker-compose-plugin --memory 8g --repo file:///bigtop-home/output --disable-gpg-check --stack hdfs,yarn,mapreduce --smoke-tests hdfs,yarn,mapreduce ![image](https://github.com/apache/bigtop/assets/18082602/757579f7-6ef8-43ae-9610-853208613b37) ### For code changes: - [ ] Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'BIGTOP-3638. Your PR title ...')? - [ ] Make sure that newly added files do not have any licensing issues. When in doubt refer to https://www.apache.org/licenses/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@bigtop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org