Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Prepare 37.1.0 release (on branch-37)#10128

Merged
alamb merged 4 commits into
apache:branch-37from
alamb:alamb/prepare_37.1.0
Apr 18, 2024
Merged

Prepare 37.1.0 release (on branch-37)#10128
alamb merged 4 commits into
apache:branch-37from
alamb:alamb/prepare_37.1.0

Conversation

@alamb

@alamb alamb commented Apr 18, 2024

Copy link
Copy Markdown
Contributor

NOTE this PR targets branch-37. Once it is merged I will create a PR with a cherry-pick to main to bring the changes there

Which issue does this PR close?

Part of #9904

Rationale for this change

Patch release to fix regressions

What changes are included in this PR?

  • Update version to 37.1.0
  • Update changelog (rendered)

Are these changes tested?

Are there any user-facing changes?

@alamb alamb marked this pull request as ready for review April 18, 2024 11:28
@alamb alamb changed the title Alamb/prepare 37.1.0 Prepare 37.1.0 release (on branch-37`) Apr 18, 2024
@alamb alamb changed the title Prepare 37.1.0 release (on branch-37`) Prepare 37.1.0 release (on branch-37) Apr 18, 2024
@alamb alamb marked this pull request as draft April 18, 2024 11:29
@alamb

alamb commented Apr 18, 2024

Copy link
Copy Markdown
Contributor Author

Note that the security-audit CI check is failing

https://github.com/apache/arrow-datafusion/actions/runs/8737098473/job/23973329903?pr=10128

error: 1 vulnerability found!
Crate:     gix-transport
Version:   0.39.0
Title:     gix-transport indirect code execution via malicious username
Date:      2024-04-[13](https://github.com/apache/arrow-datafusion/actions/runs/8737098473/job/23973329903?pr=10128#step:4:14)
ID:        RUSTSEC-2024-0335
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0335
Solution:  Upgrade to >=0.42.0
Dependency tree:
gix-transport 0.39.0
├── gix-protocol 0.42.0
│   └── gix 0.56.0
│       └── cargo 0.77.0
│           └── datafusion 37.1.0
│               ├── datafusion-wasmtest 37.1.0
│               ├── datafusion-substrait 37.1.0
│               ├── datafusion-sqllogictest 37.1.0
│               ├── datafusion-proto 37.1.0
│               │   └── datafusion-benchmarks 37.1.0
│               ├── datafusion-examples 37.1.0
│               ├── datafusion-docs-tests 37.1.0
│               └── datafusion-benchmarks 37.1.0
└── gix 0.56.0

This is due to a dev dependency on cargo in datafusion for the depcheck binary

https://github.com/apache/arrow-datafusion/blob/d4eb72c30d45c0f3f359c64f41a6caed30abe750/datafusion/core/Cargo.toml#L133

We removed this dependency from main (38.0.0) but it is still on the brach-37 #9865

Two options:

  1. Merge the PR as is (with the CI check failure)
  2. Remove the depcheck binary/ci/cargo dependnecy from the branch-37 line to get CI passing cleanly

@alamb alamb self-assigned this Apr 18, 2024
@alamb alamb mentioned this pull request Apr 18, 2024
Closed
10 tasks
@alamb alamb marked this pull request as ready for review April 18, 2024 11:36
@alamb

alamb commented Apr 18, 2024

Copy link
Copy Markdown
Contributor Author

I am going to merge without fixing the security CI failure on the 37 branch. If we want to make more releases from 37 we can fix it later

@alamb alamb mentioned this pull request Apr 18, 2024
Closed
8 tasks
@alamb

alamb commented Apr 18, 2024

Copy link
Copy Markdown
Contributor Author

Hmm, I appear to have forgotten to merge this PR before sending out the vote thread 🤦

@alamb alamb merged commit aee976a into apache:branch-37 Apr 18, 2024
@alamb alamb deleted the alamb/prepare_37.1.0 branch April 18, 2024 21:06
alamb added a commit to alamb/datafusion that referenced this pull request Apr 18, 2024
@alamb
Prepare 37.1.0 release (on branch-37) (apache#10128)
f27da87 
* Add CHANGELOG for 37.1.0

* Update version to 37.1.0

* prettier

* update configs.md
@alamb alamb mentioned this pull request Apr 18, 2024
Merged
@alamb

alamb commented Apr 18, 2024

Copy link
Copy Markdown
Contributor Author

Created #10136 to port these changes to main

jackwener pushed a commit that referenced this pull request Apr 19, 2024
@alamb
Prepare 37.1.0 release (on branch-37) (#10128) (#10136)
19356b2 
* Add CHANGELOG for 37.1.0

* Update version to 37.1.0

* prettier

* update configs.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andygrove andygrove andygrove approved these changes

Assignees

@alamb alamb

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alamb @andygrove