-
Notifications
You must be signed in to change notification settings - Fork 28k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SPARK-44279][BUILD] Upgrade optionator
to ^0.9.3
#41955
Conversation
|
@bjornjorgensen |
|
Oh wait, ESLint @bjornjorgensen It's better to upgrade ESLint right? |
hmm.. eslint/eslint#17319 yes, eslint v8.44.0 have this fix. ok, I can try to upgrade eslint. |
|
but now we get "node_modules/@aashutoshrathi/word-wrap" witch is the forked repo. |
@bjornjorgensen The change SGTM.
I think it's no problem because Spark doesn't directly depend on the forked word-wrap and not need to maintain it. |
word-wrap
Eslint
to v8.44.0
yes, and I have updated the JIRA ticket for eslint. |
@bjornjorgensen
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Waiting for the CI.
We got an error
|
The error message ESLint 8.x requires Node.js You can check your Node.js version by running
After upgrading Node.js, try running ESLint again. If you still get errors, you might want to delete your Please make sure to update your CI/CD scripts as well to use a compatible Node.js version if they are also running ESLint. As the log seems to be from a GitHub Actions run, you might need to specify the Node.js version in your GitHub Actions configuration (the |
@bjornjorgensen |
Eslint
to v8.44.0optionator
to ^0.9.3
optionator
to ^0.9.3optionator
to ^0.9.3
optionator
to ^0.9.3optionator
to ^0.9.3
Merging to |
NOTE: Once we upgrade ESLint to +v8.44.0 in the future, we can remove this change. |
Hi @sarutak I did run docker build spark/dev/create-release/spark-rm
Should we try to upgrade node.js to version 18 for spark 4.0.0 ? also cc @dongjoon-hyun |
Thank you for ccing me, @bjornjorgensen . |
@bjornjorgensen @dongjoon-hyun |
### What changes were proposed in this pull request? This PR proposes a change in the package.json file to update the resolution for the `optionator` package to ^0.9.3. I've added a resolutions field to package.json and specified the `optionator` package version as ^0.9.3. This will ensure that our project uses `optionator` version 0.9.3 or the latest minor or patch version (due to the caret ^), regardless of any other version that may be specified in the dependencies or nested dependencies of our project. ### Why are the changes needed? [CVE-2023-26115](https://nvd.nist.gov/vuln/detail/CVE-2023-26115) ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA Closes apache#41955 from bjornjorgensen/word-wrap. Authored-by: Bjørn Jørgensen <bjornjorgensen@gmail.com> Signed-off-by: Kousuke Saruta <sarutak@oss.nttdata.com>
What changes were proposed in this pull request?
This PR proposes a change in the package.json file to update the resolution for the
optionator
package to ^0.9.3.I've added a resolutions field to package.json and specified the
optionator
package version as ^0.9.3.This will ensure that our project uses
optionator
version 0.9.3 or the latest minor or patch version (due to the caret ^), regardless of any other version that may be specified in the dependencies or nested dependencies of our project.Why are the changes needed?
CVE-2023-26115
Does this PR introduce any user-facing change?
No.
How was this patch tested?
Pass GA