fix: update rocksdb version from v8.1.1 to v9.7.4 in external.cmake#35214
fix: update rocksdb version from v8.1.1 to v9.7.4 in external.cmake#35214
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the RocksDB third-party dependency download in CMake to use RocksDB v9.7.4 instead of v8.1.1, affecting external builds driven by cmake/external.cmake.
Changes:
- Bump RocksDB source tarball URL from
v8.1.1tov9.7.4. - Update the corresponding
URL_HASHvalue for the RocksDB tarball.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # URL https://github.com/facebook/rocksdb/archive/refs/tags/v9.7.4.tar.gz | ||
| # URL_HASH MD5=204ed2b16eb1850b56d8e91e24ce7c0d | ||
| get_from_local_if_exists("https://github.com/facebook/rocksdb/archive/refs/tags/v9.7.4.tar.gz") | ||
| ExternalProject_Add(ext_rocksdb | ||
| URL ${_url} | ||
| URL_HASH MD5=3b4c97ee45df9c8a5517308d31ab008b | ||
| URL_HASH MD5=204ed2b16eb1850b56d8e91e24ce7c0d |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the RocksDB dependency from version 8.1.1 to 9.7.4. It is recommended to use SHA256 instead of MD5 for the URL hash to provide better integrity assurance and maintain consistency with other modern dependencies in the project.
| ExternalProject_Add(ext_rocksdb | ||
| URL ${_url} | ||
| URL_HASH MD5=3b4c97ee45df9c8a5517308d31ab008b | ||
| URL_HASH MD5=204ed2b16eb1850b56d8e91e24ce7c0d |
There was a problem hiding this comment.
Consider using SHA256 instead of MD5 for the URL_HASH. MD5 is considered cryptographically weak and is prone to collision attacks. Using SHA256 would provide better integrity assurance and maintain consistency with other modern dependencies in this file, such as OpenSSL (line 858) and Azure SDK (line 1421).
Description
Issue(s)
Checklist
Please check the items in the checklist if applicable.