Hey all. 👋 I am working with pants

1.26.0

  (from the olden days) and I am trying to bump the thrift version that 👖 is using to thrift

0.13.0

based on this security tickethttps://www.cvedetails.com/cve/CVE-2019-0205/ It looks like pants support thrift in its https://binaries.pantsbuild.org/ endpoint up to thrift 

0.11.0

 but not greater than that version  . Does anyone have any context around how/if you can include other paths for pants to download thrift binaries like http://archive.apache.org/dist/thrift/0.13.0/? Thanks y'all 🙏 ERROR:

Invalidated 1 target.18:57:34 [INFO] Attempting to fetch thrift binary from: <https://binaries.pantsbuild.org/bin/thrift/mac/10.13/0.12.0/thrift> ...
18:57:35 [INFO] Attempting to fetch thrift binary from: /Users/eraines/dev/data-airflow-java/build-support/bin/thrift/mac/10.13/0.12.0/thrift ...

11:57:34 00:05       [execute]
FAILURE: ("Error resolving binary request BinaryRequest(supportdir='bin/thrift', version='0.12.0', name='thrift', platform_dependent=True, external_url_generator=None, archiver=None): Failed to fetch thrift binary from any source: (Failed to fetch binary from <https://binaries.pantsbuild.org/bin/thrift/mac/10.13/0.12.0/thrift>: Fetch of <https://binaries.pantsbuild.org/bin/thrift/mac/10.13/0.12.0/thrift> failed with status code 404, Failed to fetch binary from /Users/eraines/dev/data-airflow-java/build-support/bin/thrift/mac/10.13/0.12.0/thrift: Problem reading data from /Users/eraines/dev/data-airflow-java/build-support/bin/thrift/mac/10.13/0.12.0/thrift: [Errno 2] No such file or directory: '/Users/eraines/dev/data-airflow-java/build-support/bin/thrift/mac/10.13/0.12.0/thrift')", BinaryNotFound("Failed to fetch thrift binary from any source: (Failed to fetch binary from <https://binaries.pantsbuild.org/bin/thrift/mac/10.13/0.12.0/thrift>: Fetch of <https://binaries.pantsbuild.org/bin/thrift/mac/10.13/0.12.0/thrift> failed with status code 404, Failed to fetch binary from /Users/eraines/dev/data-airflow-java/build-support/bin/thrift/mac/10.13/0.12.0/thrift: Problem reading data from /Users/eraines/dev/data-airflow-java/build-support/bin/thrift/mac/10.13/0.12.0/thrift: [Errno 2] No such file or directory: '/Users/eraines/dev/data-airflow-java/build-support/bin/thrift/mac/10.13/0.12.0/thrift')"))

You can include other URLs with the

--binaries-baseurls

global option. See here under advanced options: https://v1.pantsbuild.org/options_reference.html#option_reference You can set the version with `--thrift-version`: Search under subsystem options here: https://v1.pantsbuild.org/options_reference.html#option_reference I'll see about adding an

0.13.0

though to the standard location...

Thanks! It would be great if we could get.

0.13.0

added to the normal location but if that doesn't work I will just add the apache link to the

binaries-baseurls

🙇

The apache link won't do it. The link must be to statically compiled binaries, 1 for Linux, 1 for Mac.

Thanks so much @enough-analyst-54434. I don't have any problems with jumping to 0.15. I am just worried that it might not be semver safe so I was trying to move to the lowest version possible while still meeting the security standards.

Ok. I'll stick to 0.13 to start. I'll include you on the review so if you want to do this later for higher, you know how.

Awesome thanks so much @enough-analyst-54434!