search

Kyligence / spark

customized spark for KAP use, checkout kyspark branch
Apache License 2.0
4 stars 51 forks source link

[Snyk] Upgrade: org.apache.hadoop:hadoop-client-api, org.apache.hadoop:hadoop-client-runtime, org.apache.hive:hive-exec, org.apache.hive:hive-metastore, org.apache.spark:spark-core_2.12, org.apache.thrift:libthrift, org.eclipse.jetty:jetty-util, org.eclipse.jetty:jetty-http, org.eclipse.jetty:jetty-servlet, org.eclipse.jetty:jetty-plus, org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-servlets #776

Open shanxuecheng opened 1 month ago

shanxuecheng commented 1 month ago

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

org.apache.hadoop:hadoop-client-api
from 3.3.5 to 3.4.0 | 2 versions ahead of your current version | 6 months ago
on 2024-03-04 org.apache.hadoop:hadoop-client-runtime
from 3.3.5 to 3.4.0 | 2 versions ahead of your current version | 6 months ago
on 2024-03-04 org.apache.hive:hive-exec
from 2.3.9 to 2.3.10 | 1 version ahead of your current version | 4 months ago
on 2024-05-05 org.apache.hive:hive-metastore
from 2.3.9 to 2.3.10 | 1 version ahead of your current version | 4 months ago
on 2024-05-05 org.apache.spark:spark-core_2.12
from 3.5.0-SNAPSHOT to 3.5.2 | 36 versions ahead of your current version | a month ago
on 2024-08-06 org.apache.thrift:libthrift
from 0.12.0 to 0.20.0 | 11 versions ahead of your current version | 6 months ago
on 2024-03-23 org.eclipse.jetty:jetty-util
from 9.4.51.v20230217 to 9.4.55.v20240627 | 4 versions ahead of your current version | 3 months ago
on 2024-06-27 org.eclipse.jetty:jetty-http
from 9.4.51.v20230217 to 9.4.55.v20240627 | 4 versions ahead of your current version | 3 months ago
on 2024-06-27 org.eclipse.jetty:jetty-servlet
from 9.4.51.v20230217 to 9.4.55.v20240627 | 4 versions ahead of your current version | 3 months ago
on 2024-06-27 org.eclipse.jetty:jetty-plus
from 9.4.51.v20230217 to 9.4.55.v20240627 | 4 versions ahead of your current version | 3 months ago
on 2024-06-27 org.eclipse.jetty:jetty-server
from 9.4.51.v20230217 to 9.4.55.v20240627 | 4 versions ahead of your current version | 3 months ago
on 2024-06-27 org.eclipse.jetty:jetty-servlets
from 9.4.51.v20230217 to 9.4.55.v20240627 | 4 versions ahead of your current version | 3 months ago
on 2024-06-27

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETHRIFT-474610		 635 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETHRIFT-1074898		 635 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGECLIPSEJETTY-5958847		 635 No Known Exploit
medium severity Improper Handling of Length Parameter Inconsistency
SNYK-JAVA-ORGECLIPSEJETTY-5902998		 635 Proof of Concept
low severity XML External Entity (XXE) Injection
SNYK-JAVA-ORGECLIPSEJETTY-5769685		 635 No Known Exploit
low severity Arbitrary Code Execution
SNYK-JAVA-ORGECLIPSEJETTY-5903003		 635 Proof of Concept

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: