Beam High Priority Issue Report (38)

2023-07-31 Thread beamactions
This is your daily summary of Beam's current high priority issues that may need attention. See https://beam.apache.org/contribute/issue-priorities for the meaning and expectations around issue priorities. Unassigned P1 Issues: https://github.com/apache/beam/issues/27648 [Bug]: Python SDFs

[DISCUSS] Upgrade vended guava version

2023-07-31 Thread Hong Teoh
Hi all, The current version of guava that is vended in Beam is com.google.guava:guava:26.0-jre. This version is really old, and has active vulnerabilities [1] [2] [1] https://mvnrepository.com/artifact/com.google.guava/guava/26.0-jre [2] CVE-2023-2976 https://cve.mitre.org/cgi-bin/cvename.cgi?na

Upgrade vended guava version

2023-07-31 Thread Hong Teoh
Hi all, The current version of guava that is vended in Beam is com.google.guava:guava:26.0-jre. This version is really old, and has active vulnerabilities [1] [2] [1] https://mvnrepository.com/artifact/com.google.guava/guava/26.0-jre [2] CVE-2023-2976 https://cve.mitre.org/cgi-bin/cvename.cgi?na

[DISCUSS] Upgrade vended guava version

2023-07-31 Thread Hong Teoh
Hi all, The current version of guava that is vended in Beam is com.google.guava:guava:26.0-jre. This version is really old, and has active vulnerabilities [1] [2] [1] https://mvnrepository.com/artifact/com.google.guava/guava/26.0-jre [2] CVE-2023-2976 https://cve.mitre.org/cgi-bin/cvename.cgi?na

[DISCUSS] Upgrade vended guava version

2023-07-31 Thread Hong Teoh
Hi all, The current version of guava that is vended in Beam is com.google.guava:guava:26.0-jre. This version is really old, and has active vulnerabilities [1] [2] [1] https://mvnrepository.com/artifact/com.google.guava/guava/26.0-jre [2] CVE-2023-2976 https://cve.mitre.org/cgi-bin/cvename.cgi?na

Re: [DISCUSS] Upgrade vended guava version

2023-07-31 Thread Ahmet Altay via dev
Hi Hong, Thank you for reaching out and thank you for offering to help. If you can start the PR and do the testing, one of the committers could help with the process. Thank you! Ahmet On Mon, Jul 31, 2023 at 9:13 AM Hong Teoh wrote: > Hi all, > > The current version of guava that is vended in

Re: [DISCUSS] Upgrade vended guava version

2023-07-31 Thread Byron Ellis via dev
It's not designed to be merged, but there is a PR with this change in it--- https://github.com/apache/beam/pull/27695/files#diff-0435a83a413ec063bf7e682cadcd56776cd18fc878f197cc99a65fc231ef2047 On Mon, Jul 31, 2023 at 10:07 AM Ahmet Altay via dev wrote: > Hi Hong, > > Thank you for reaching o

Re: [RFC] Throttle Time Counters

2023-07-31 Thread Chamikara Jayalath via dev
Thanks for writing this. +1 for standardizing (and documenting) these metrics. - Cham On Thu, Jul 27, 2023 at 1:51 PM Yasha Ravindra via dev wrote: > Hello everyone, > > Throttle time counters were introduced to give clients the option to self > regulate when the service is overwhelmed by reque