feat: Snyk vulnerability issues fix. #4867

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

franciscojavierarceo merged 11 commits into feast-dev:master from lokeshrangineni:feature/snyk-issues-fix

Dec 21, 2024

Feature/lrangine master (#6)

* Snyk scan vulnerability fixes.

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* Reverting the grpc version so hoping that it will fix the java integration tests.

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* Upgrading the grpc version as it didn't fix the problem

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* adding grpc-api libraries as dependency to solve some of the class not found exceptions with the grpc upgrades.

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* fix: sdk/python/feast/ui/package.json & sdk/python/feast/ui/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>
Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* [Snyk] Fix for 2 vulnerabilities (#3)

* chore: Update quickstart.md

* fix: java/serving/pom.xml & java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-2807808
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055227
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETHRIFT-1074898
- https://snyk.io/vuln/SNYK-JAVA-IONETTY-6483812
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- https://snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044
- https://snyk.io/vuln/SNYK-JAVA-IOGRPC-571957
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284
- https://snyk.io/vuln/SNYK-JAVA-JUNIT-1017047

* fix: sdk/python/feast/ui/package.json & sdk/python/feast/ui/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* fix: java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-5710356

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* Updating the requirements files.

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* Updating the requirements files.

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* Changing the python httpx package to 0.27.2 because after 0.28.0 version is giving errors related to proxies which is removed.

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* [Snyk] Security upgrade io.grpc:grpc-services from 1.53.0 to 1.63.0 (#4)

* chore: Update quickstart.md

* fix: java/serving/pom.xml & java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-2807808
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055227
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETHRIFT-1074898
- https://snyk.io/vuln/SNYK-JAVA-IONETTY-6483812
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- https://snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044
- https://snyk.io/vuln/SNYK-JAVA-IOGRPC-571957
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284
- https://snyk.io/vuln/SNYK-JAVA-JUNIT-1017047

* fix: sdk/python/feast/ui/package.json & sdk/python/feast/ui/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* fix: java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>
---------

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>
Co-authored-by: Francisco Arceo <arceofrancisco@gmail.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* [Snyk] Fix for 1 vulnerabilities (#5)

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* chore: Update quickstart.md

* fix: java/serving/pom.xml & java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-2807808
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055227
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETHRIFT-1074898
- https://snyk.io/vuln/SNYK-JAVA-IONETTY-6483812
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- https://snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044
- https://snyk.io/vuln/SNYK-JAVA-IOGRPC-571957
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284
- https://snyk.io/vuln/SNYK-JAVA-JUNIT-1017047

* fix: sdk/python/feast/ui/package.json & sdk/python/feast/ui/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* fix: java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-5710356

---------

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>
Co-authored-by: Francisco Arceo <arceofrancisco@gmail.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* trying to fix some vulnerabilities in the requirements.txt files.

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

---------

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Francisco Arceo <arceofrancisco@gmail.com>
Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

Loading branch information

3 people committed Dec 20, 2024

commit 7d9eeea4dcd7c104147ea4a3728afe6f5dbb9a40

java/datatypes/pom.xml

-Original file line number
+Diff line change
@@ Expand Up / @@ -118,6 +118,11 @@ @@
                 <artifactId>grpc-stub</artifactId>
                 <version>${grpc.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.grpc</groupId>
+                <artifactId>grpc-api</artifactId>
+                <version>${grpc.version}</version> <!-- Use a version compatible with Feast -->
+            </dependency>
             <dependency>
                 <groupId>javax.annotation</groupId>
                 <artifactId>javax.annotation-api</artifactId>
@@ Expand Down @@

java/pom.xml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -41,7 +41,7 @@
  
            <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

            <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

            <grpc.version>1.53.0</grpc.version>

            <grpc.version>1.63.0</grpc.version>

            <protoc.version>3.12.2</protoc.version>

            <protobuf.version>3.25.5</protobuf.version>

            <com.google.cloud.version>1.111.1</com.google.cloud.version>

    @@ -67,7 +67,7 @@
  
            <javax.validation.version>2.0.1.Final</javax.validation.version>

            <google.auth.library.oauth2.http.version>0.21.0</google.auth.library.oauth2.http.version>

            <auto.value.version>1.6.6</auto.value.version>

            <guava.version>30.1-jre</guava.version>

            <guava.version>32.0.0-jre</guava.version>

            <reactor.version>3.4.34</reactor.version>

            <netty.version>4.1.101.Final</netty.version>

java/serving-client/pom.xml

-Original file line number
+Diff line change
@@ Expand Up / @@ -50,6 +50,11 @@ @@
           <artifactId>grpc-testing</artifactId>
           <version>${grpc.version}</version>
         </dependency>
+        <dependency>
+          <groupId>io.grpc</groupId>
+          <artifactId>grpc-api</artifactId>
+          <version>${grpc.version}</version> <!-- Use a version compatible with Feast -->
+        </dependency>
         <dependency>
           <groupId>com.google.protobuf</groupId>
           <artifactId>protobuf-java-util</artifactId>
@@ Expand Down @@

java/serving/pom.xml

-Original file line number
+Diff line change
@@ Expand Up / @@ -164,6 +164,11 @@ @@
           <artifactId>grpc-stub</artifactId>
           <version>${grpc.version}</version>
         </dependency>
+        <dependency>
+          <groupId>io.grpc</groupId>
+          <artifactId>grpc-api</artifactId>
+          <version>${grpc.version}</version> <!-- Use a version compatible with Feast -->
+        </dependency>
         <dependency>
           <groupId>io.grpc</groupId>
           <artifactId>grpc-netty-shaded</artifactId>
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Snyk vulnerability issues fix. #4867

Uh oh!

Diff view

Diff view

Uh oh!

There are no files selected for viewing

Uh oh!