[ https://issues.apache.org/jira/browse/HBASE-26903?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Kyle Purtell updated HBASE-26903: ---------------------------------------- Description: Dependabot auto-generated dependency upgrade: https://github.com/apache/hbase/pull/4291 We can't accept the dependabot PR as-is because it causes a unit test failure. Bump the dependency and fix the test by hand. There is a comment in our POM indicating this is a known issue: {noformat} <!-- Updating the httpclient will break hbase-rest. It writes out URLs with '//' in it especially when writing out 'no column families'. Later httpclients collapse the '//' into single '/' as double-slash is not legal in an URL. Breaks #testDelete in TestRemoteTable. --> {noformat} Staying back on a version of httpclient with CVE listed vulnerabilities just for this isn't a good option. was: Dependabot auto-generated dependency upgrade: https://github.com/apache/hbase/pull/4291 We can't accept the dependabot PR as-is because it causes a unit test failure. Bump the dependency and fix the test by hand. There is a comment in our POM indicating this is a known issue: {code} <!-- Updating the httpclient will break hbase-rest. It writes out URLs with '//' in it especially when writing out 'no column families'. Later httpclients collapse the '//' into single '/' as double-slash is not legal in an URL. Breaks #testDelete in TestRemoteTable. --> {code} Staying back on a version of httpclient with CVE listed vulnerabilities just for this isn't a good option. > Bump httpclient from 4.5.3 to 4.5.13 > ------------------------------------ > > Key: HBASE-26903 > URL: https://issues.apache.org/jira/browse/HBASE-26903 > Project: HBase > Issue Type: Task > Reporter: Andrew Kyle Purtell > Assignee: Andrew Kyle Purtell > Priority: Minor > Fix For: 2.5.0, 3.0.0-alpha-3, 2.4.12 > > > Dependabot auto-generated dependency upgrade: > https://github.com/apache/hbase/pull/4291 > We can't accept the dependabot PR as-is because it causes a unit test > failure. Bump the dependency and fix the test by hand. > There is a comment in our POM indicating this is a known issue: > {noformat} > <!-- Updating the httpclient will break hbase-rest. It writes out URLs > with '//' in it > > especially when writing out 'no column families'. Later httpclients > collapse the '//' > > into single '/' as double-slash is not legal in an URL. Breaks > #testDelete in > > TestRemoteTable. --> > {noformat} > Staying back on a version of httpclient with CVE listed vulnerabilities just > for this isn't a good option. -- This message was sent by Atlassian Jira (v8.20.1#820001)