Skip to content

Commit

Permalink
Feature/lrangine master (#6)
Browse files Browse the repository at this point in the history
* Snyk scan vulnerability fixes.

Signed-off-by: lrangine <[email protected]>

* Reverting the grpc version so hoping that it will fix the java integration tests.

Signed-off-by: lrangine <[email protected]>

* Upgrading the grpc version as it didn't fix the problem

Signed-off-by: lrangine <[email protected]>

* adding grpc-api libraries as dependency to solve some of the class not found exceptions with the grpc upgrades.

Signed-off-by: lrangine <[email protected]>

* fix: sdk/python/feast/ui/package.json & sdk/python/feast/ui/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038

Signed-off-by: lrangine <[email protected]>
Signed-off-by: lrangine <[email protected]>

* [Snyk] Fix for 2 vulnerabilities (#3)

* chore: Update quickstart.md

* fix: java/serving/pom.xml & java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-2807808
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055227
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETHRIFT-1074898
- https://snyk.io/vuln/SNYK-JAVA-IONETTY-6483812
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- https://snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044
- https://snyk.io/vuln/SNYK-JAVA-IOGRPC-571957
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284
- https://snyk.io/vuln/SNYK-JAVA-JUNIT-1017047

* fix: sdk/python/feast/ui/package.json & sdk/python/feast/ui/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038

Signed-off-by: lrangine <[email protected]>

* fix: java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-5710356

Signed-off-by: lrangine <[email protected]>

* Updating the requirements files.

Signed-off-by: lrangine <[email protected]>

* Updating the requirements files.

Signed-off-by: lrangine <[email protected]>

* Changing the python httpx package to 0.27.2 because after 0.28.0 version is giving errors related to proxies which is removed.

Signed-off-by: lrangine <[email protected]>

* [Snyk] Security upgrade io.grpc:grpc-services from 1.53.0 to 1.63.0 (#4)

* chore: Update quickstart.md

* fix: java/serving/pom.xml & java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-2807808
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055227
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETHRIFT-1074898
- https://snyk.io/vuln/SNYK-JAVA-IONETTY-6483812
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- https://snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044
- https://snyk.io/vuln/SNYK-JAVA-IOGRPC-571957
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284
- https://snyk.io/vuln/SNYK-JAVA-JUNIT-1017047

* fix: sdk/python/feast/ui/package.json & sdk/python/feast/ui/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038

Signed-off-by: lrangine <[email protected]>

* fix: java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
Signed-off-by: lrangine <[email protected]>
---------

Signed-off-by: lrangine <[email protected]>
Co-authored-by: Francisco Arceo <[email protected]>
Co-authored-by: snyk-bot <[email protected]>
Signed-off-by: lrangine <[email protected]>

* [Snyk] Fix for 1 vulnerabilities (#5)

Signed-off-by: lrangine <[email protected]>

* chore: Update quickstart.md

* fix: java/serving/pom.xml & java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-2807808
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055227
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETHRIFT-1074898
- https://snyk.io/vuln/SNYK-JAVA-IONETTY-6483812
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- https://snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044
- https://snyk.io/vuln/SNYK-JAVA-IOGRPC-571957
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284
- https://snyk.io/vuln/SNYK-JAVA-JUNIT-1017047

* fix: sdk/python/feast/ui/package.json & sdk/python/feast/ui/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038

Signed-off-by: lrangine <[email protected]>

* fix: java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-5710356

---------

Signed-off-by: lrangine <[email protected]>
Co-authored-by: Francisco Arceo <[email protected]>
Co-authored-by: snyk-bot <[email protected]>
Signed-off-by: lrangine <[email protected]>

* trying to fix some vulnerabilities in the requirements.txt files.

Signed-off-by: lrangine <[email protected]>

---------

Signed-off-by: lrangine <[email protected]>
Co-authored-by: snyk-bot <[email protected]>
Co-authored-by: Francisco Arceo <[email protected]>
  • Loading branch information
3 people authored Dec 20, 2024
1 parent a14ce14 commit 47f931b
Show file tree
Hide file tree
Showing 11 changed files with 235 additions and 205 deletions.
5 changes: 5 additions & 0 deletions java/datatypes/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,11 @@
<artifactId>grpc-stub</artifactId>
<version>${grpc.version}</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-api</artifactId>
<version>${grpc.version}</version> <!-- Use a version compatible with Feast -->
</dependency>
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
Expand Down
4 changes: 2 additions & 2 deletions java/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

<grpc.version>1.53.0</grpc.version>
<grpc.version>1.63.0</grpc.version>
<protoc.version>3.12.2</protoc.version>
<protobuf.version>3.25.5</protobuf.version>
<com.google.cloud.version>1.111.1</com.google.cloud.version>
Expand All @@ -67,7 +67,7 @@
<javax.validation.version>2.0.1.Final</javax.validation.version>
<google.auth.library.oauth2.http.version>0.21.0</google.auth.library.oauth2.http.version>
<auto.value.version>1.6.6</auto.value.version>
<guava.version>30.1-jre</guava.version>
<guava.version>32.0.0-jre</guava.version>
<reactor.version>3.4.34</reactor.version>
<netty.version>4.1.101.Final</netty.version>

Expand Down
5 changes: 5 additions & 0 deletions java/serving-client/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,11 @@
<artifactId>grpc-testing</artifactId>
<version>${grpc.version}</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-api</artifactId>
<version>${grpc.version}</version> <!-- Use a version compatible with Feast -->
</dependency>
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java-util</artifactId>
Expand Down
5 changes: 5 additions & 0 deletions java/serving/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,11 @@
<artifactId>grpc-stub</artifactId>
<version>${grpc.version}</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-api</artifactId>
<version>${grpc.version}</version> <!-- Use a version compatible with Feast -->
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-netty-shaded</artifactId>
Expand Down
Loading

0 comments on commit 47f931b

Please sign in to comment.