Comments (6)
/assign @lentitude2tk
could you take a look on it?
from milvus-sdk-java.
The CVE-2023-3635 is caused by okio, which is included by minio-java. minio-java is imported for BlukWriter.
+- io.minio:minio:jar:8.2.1:compile
| +- com.carrotsearch.thirdparty:simple-xml-safe:jar:2.7.1:compile
| +- (com.google.guava:guava:jar:29.0-jre:compile - omitted for conflict with 32.0.1-android)
| +- com.squareup.okhttp3:okhttp:jar:4.8.1:compile
| | +- com.squareup.okio:okio:jar:2.7.0:compile
CVE-2023-3635 is fixed in okio 3.4.0: square/okio#1280
The minio-java 8.5.7 fixed this issue by upgrading the okhttp from 4.11 to 4.12: https://github.com/minio/minio-java/releases/tag/8.5.7
from milvus-sdk-java.
Get new error after upgrading minio-java to 8.5.7, not sure the root cause.
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 1 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 1 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Detecting the operating system and CPU architecture
[INFO] ------------------------------------------------------------------------
[INFO] os.detected.name: linux
[INFO] os.detected.arch: x86_64
[INFO] os.detected.version: 5.4
[INFO] os.detected.version.major: 5
[INFO] os.detected.version.minor: 4
[INFO] os.detected.release: ubuntu
[INFO] os.detected.release.version: 20.04
[INFO] os.detected.release.like.ubuntu: true
[INFO] os.detected.release.like.debian: true
[INFO] os.detected.classifier: linux-x86_64
[INFO]
[INFO] ---------------------< io.milvus:milvus-sdk-java >----------------------
[INFO] Building io.milvus:milvus-sdk-java 2.4.0
[INFO] from pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.0.0-M2:enforce (enforce) @ milvus-sdk-java ---
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:
Failed while enforcing RequireUpperBoundDeps. The error(s) are [
Require upper bound dependencies error for com.google.guava:guava:32.0.1-android paths to dependency are:
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-netty-shaded:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-protobuf:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-stub:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.minio:minio:8.5.7
+-com.google.guava:guava:32.1.3-jre
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-netty-shaded:1.59.1
+-io.grpc:grpc-core:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-protobuf:1.59.1
+-io.grpc:grpc-api:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-protobuf:1.59.1
+-io.grpc:grpc-protobuf-lite:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.grpc:grpc-testing:1.59.1
+-io.grpc:grpc-inprocess:1.59.1
+-com.google.guava:guava:32.0.1-android
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-common:2.6.0
+-com.google.guava:guava:11.0.2
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-hdfs:2.6.0
+-com.google.guava:guava:11.0.2
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-yarn-api:2.6.0
+-com.google.guava:guava:11.0.2
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-common:2.6.0
+-org.apache.curator:curator-client:2.6.0
+-com.google.guava:guava:16.0.1
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-common:2.6.0
+-org.apache.curator:curator-recipes:2.6.0
+-com.google.guava:guava:16.0.1
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-common:2.6.0
+-org.htrace:htrace-core:3.0.4
+-com.google.guava:guava:12.0.1
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-mapreduce-client-core:2.6.0
+-org.apache.hadoop:hadoop-yarn-common:2.6.0
+-com.google.guava:guava:11.0.2
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-common:2.6.0
+-org.apache.hadoop:hadoop-auth:2.6.0
+-org.apache.curator:curator-framework:2.6.0
+-com.google.guava:guava:16.0.1
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-mapreduce-client-app:2.6.0
+-org.apache.hadoop:hadoop-mapreduce-client-common:2.6.0
+-org.apache.hadoop:hadoop-yarn-client:2.6.0
+-com.google.guava:guava:11.0.2
and
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.hadoop:hadoop-client:2.6.0
+-org.apache.hadoop:hadoop-mapreduce-client-app:2.6.0
+-org.apache.hadoop:hadoop-mapreduce-client-common:2.6.0
+-org.apache.hadoop:hadoop-yarn-server-common:2.6.0
+-com.google.guava:guava:11.0.2
,
Require upper bound dependencies error for com.squareup.okhttp3:okhttp:4.10.0 paths to dependency are:
+-io.milvus:milvus-sdk-java:2.4.0
+-com.squareup.okhttp3:okhttp:4.10.0
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.minio:minio:8.5.7
+-com.squareup.okhttp3:okhttp:4.12.0
,
Require upper bound dependencies error for org.xerial.snappy:snappy-java:1.1.8.3 paths to dependency are:
+-io.milvus:milvus-sdk-java:2.4.0
+-org.apache.parquet:parquet-hadoop:1.13.1
+-org.xerial.snappy:snappy-java:1.1.8.3
and
+-io.milvus:milvus-sdk-java:2.4.0
+-io.minio:minio:8.5.7
+-org.xerial.snappy:snappy-java:1.1.10.5
]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.537 s
[INFO] Finished at: 2024-03-25T18:39:33+08:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M2:enforce (enforce) on project milvus-sdk-java: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed. -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Process finished with exit code 1
from milvus-sdk-java.
@yhmo I'll handle it
from milvus-sdk-java.
@yhmo Could you please help review? I've completed the upgrade of the Minio Java version and resolved the conflicts arising from the upgrade.
from milvus-sdk-java.
from milvus-sdk-java.
Related Issues (20)
- version 2.3.x and 2.4.x do not support .withElementType(DataType.Int32) in the code below. Without this the collection can not be created. HOT 1
- We encountered performance issues when using milvus-sdk-java version 2.4.2 to connect to milvus v2.4.5-gpu. HOT 2
- Is there a method to switch to another database after instantiating the client in the Java SDK? HOT 3
- how connect to a milvus cluster HOT 8
- GetCollStatResponseWrapper randomly returns 0 size for collections in 2.3.x HOT 4
- MilvusClientV2 doesn't support JSON as a return type HOT 5
- 能否在SDK中增加EmbeddingModels和Rerankers相关接口,同时做好归一化,目前看只有PY的sdk存在。 HOT 9
- milvus-sdk-java 2.3.5版本后,引入了hadoop-client依赖,其中slf4j-reload4j-1.7.36.jar与logback-classic-1.2.12.jar存在冲突,有好的解决方案吗? HOT 3
- java sdk中dataType为DataType.Bool的字段无法使用STL_SORT索引,但是文档中是可以支持 HOT 2
- Java SDK中使用MilvusClientV2的search(SearchReq request)方法返回的结果中score字段名变成了distance HOT 3
- io.milvus.v2的包下载地址不清楚求解答? HOT 2
- 使用milvus java sdk的QueryIterator出现报错:id > \Q123456\, error: line 1:12 token recognition error at: '\' HOT 3
- When grouping is being released in Java sdk ? I see it's merged to main but when is the next release of sdk planned HOT 2
- milvus 增加鉴权访问之后连接报错 Failed to initialize connection. Error: DEADLINE_EXCEEDED HOT 1
- 版本对照表有点问题 HOT 2
- [Issue] Unable to connect to milvus v2.4.4 HOT 1
- Not Able to upsert document into collection with type Float16Vector. HOT 2
- No found insertIds, please check your requests HOT 7
- Unable to insert documents into milvus, float16 vector contain nan or infinity value HOT 5
- Not able to insert vectors with FLOAT16 type. HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from milvus-sdk-java.