Skip to content

chore(deps): Upgrade org.apache.thrift:libthrift versio to 0.18.1 #26398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sumi-mathew wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): Upgrade org.apache.thrift:libthrift versio to 0.18.1 #26398

sumi-mathew wants to merge 1 commit into from

Conversation

@sumi-mathew
Copy link
Contributor

@sumi-mathew sumi-mathew commented Oct 22, 2025
edited
Loading

Description

Upgrade org.apache.thrift:libthrift versio to 0.18.1

Motivation and Context

Using a more recent version helps avoid potential vulnerabilities and ensures we aren't relying on outdated or unsupported code.

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.
  • If adding new dependencies, verified they have an OpenSSF Scorecard score of 5.0 or higher (or obtained explicit TSC approval for lower scores).

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== NO RELEASE NOTE ==

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Oct 22, 2025
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Oct 22, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: sumi-mathew / name: Sumi Mathew (4f2c110)

@sumi-mathew sumi-mathew force-pushed the upgarde_libthrift branch 2 times, most recently from 9c27906 to baccadf Compare October 22, 2025 10:09
@sumi-mathew sumi-mathew changed the title Upgrade org.apache.thrift:libthrift versio to 0.22.0 chore: Upgrade org.apache.thrift:libthrift versio to 0.22.0 Oct 22, 2025
@sumi-mathew sumi-mathew marked this pull request as ready for review October 22, 2025 12:36
@prestodb-ci prestodb-ci requested review from a team, infvg and jkhaliqi and removed request for a team October 22, 2025 12:36
@sumi-mathew
Copy link
Contributor Author

sumi-mathew commented Nov 18, 2025

@ZacBlanco / @hantangwangd could you please review this PR.

jkhaliqi
jkhaliqi previously approved these changes Dec 5, 2025
View reviewed changes
agrawalreetika
agrawalreetika reviewed Dec 5, 2025
View reviewed changes
Copy link
Member

@agrawalreetika agrawalreetika left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see even the version we are upgrading to has CVEs - https://mvnrepository.com/artifact/org.apache.thrift/libthrift/0.22.0

I think we could upgrade to CVE free version instead - https://mvnrepository.com/artifact/org.apache.thrift/libthrift/0.18.1

@sumi-mathew sumi-mathew changed the title chore: Upgrade org.apache.thrift:libthrift versio to 0.22.0 chore: Upgrade org.apache.thrift:libthrift versio to 0.18.1 Dec 8, 2025
agrawalreetika
agrawalreetika reviewed Dec 10, 2025
View reviewed changes
Copy link
Member

@agrawalreetika agrawalreetika left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly lgtm. I have one question: why do we need to change the scope from test in all the places?

@sumi-mathew
Copy link
Contributor Author

sumi-mathew commented Dec 10, 2025

Mostly lgtm. I have one question: why do we need to change the scope from test in all the places?

Thanks for the comment. When I upgraded to version 0.22.0, Getting a ‘Test dependency scope issues found’ error. After changing the version to 0.18.1, the error disappeared, so I reverted the changes.

@tdcmeehan tdcmeehan changed the title chore: Upgrade org.apache.thrift:libthrift versio to 0.18.1 chore(deps): Upgrade org.apache.thrift:libthrift versio to 0.18.1 Dec 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@agrawalreetika agrawalreetika agrawalreetika approved these changes

@jkhaliqi jkhaliqi jkhaliqi left review comments

@shangxinli shangxinli Awaiting requested review from shangxinli

@hantangwangd hantangwangd Awaiting requested review from hantangwangd

@ZacBlanco ZacBlanco Awaiting requested review from ZacBlanco

@infvg infvg Awaiting requested review from infvg infvg was automatically assigned from prestodb/ibm-reviewers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

from:IBM PR from IBM

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sumi-mathew @agrawalreetika @jkhaliqi @prestodb-ci