Skip to content

Upgraded tidb parser version for vulnerability fixes.#1346

Open
pratickchokhani wants to merge 1 commit into
GoogleCloudPlatform:masterfrom
pratickchokhani:tidb-vul-fix
Open

Upgraded tidb parser version for vulnerability fixes.#1346
pratickchokhani wants to merge 1 commit into
GoogleCloudPlatform:masterfrom
pratickchokhani:tidb-vul-fix

Conversation

@pratickchokhani

Copy link
Copy Markdown
Contributor

No description provided.

@pratickchokhani pratickchokhani requested a review from a team as a code owner May 27, 2026 07:06
@pratickchokhani pratickchokhani requested review from darshan-sj and shreyakhajanchi and removed request for a team May 27, 2026 07:06
@pratickchokhani pratickchokhani force-pushed the tidb-vul-fix branch 2 times, most recently from 2d82cf5 to c1fb222 Compare May 27, 2026 07:08
@codecov

codecov Bot commented May 27, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 51.19%. Comparing base (4acccc2) to head (4c52aaf).

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #1346   +/-   ##
=======================================
  Coverage   51.19%   51.19%           
=======================================
  Files         202      202           
  Lines       22796    22796           
  Branches      552      552           
=======================================
  Hits        11671    11671           
  Misses      10437    10437           
  Partials      688      688           
Components Coverage Δ
backend-apis 46.10% <ø> (ø)
backend-library 56.84% <ø> (ø)
cli 26.65% <ø> (ø)
frontend 39.34% <ø> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Comment thread go.mod
Comment on lines -26 to -27
github.com/pingcap/tidb v1.1.0-beta.0.20251126154744-e4e814fdc0af
github.com/pingcap/tidb/pkg/parser v0.0.0-20251126154744-e4e814fdc0af

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We moved from a newer version to an older version? 202511 -> 202407? How does that fix things?

Can you please update the description with details on what we did and how we have tested that it works?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The release version with TIDB is non-linear. Earlier I choose a latest release as the CVE note shows that the fix was added in May.

With this, I am choosing the specific release mentioned in the CVE note.

Comment thread go.mod
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 // indirect
github.com/VividCortex/ewma v1.2.0 // indirect
github.com/cloudfoundry/gosigar v1.3.6 // indirect
github.com/cockroachdb/errors v1.11.1 // indirect

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is there a dependency on cockroach ?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is coming form TIDB

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants