search

Kyligence / spark

customized spark for KAP use, checkout kyspark branch
Apache License 2.0
4 stars 51 forks source link

[Snyk] Upgrade: com.fasterxml.jackson.core:jackson-annotations, com.fasterxml.jackson.core:jackson-databind, com.google.crypto.tink:tink, io.dropwizard.metrics:metrics-core, io.netty:netty-transport-native-epoll, io.netty:netty-transport-native-kqueue, io.netty:netty-all, org.apache.commons:commons-crypto, org.apache.commons:commons-lang3, org.apache.spark:spark-tags_2.12, org.rocksdb:rocksdbjni #777

Open shanxuecheng opened 1 month ago

shanxuecheng commented 1 month ago

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

πŸ‘―β€β™‚ The following dependencies are linked and will therefore be updated together.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

com.fasterxml.jackson.core:jackson-annotations
from 2.14.2 to 2.17.2 | 17 versions ahead of your current version | 2 months ago
on 2024-07-05 com.fasterxml.jackson.core:jackson-databind
from 2.14.2 to 2.17.2 | 17 versions ahead of your current version | 2 months ago
on 2024-07-05 com.google.crypto.tink:tink
from 1.7.0 to 1.14.1 | 8 versions ahead of your current version | a month ago
on 2024-08-05 io.dropwizard.metrics:metrics-core
from 4.2.17 to 4.2.27 | 10 versions ahead of your current version | a month ago
on 2024-08-18 io.netty:netty-transport-native-epoll
from 4.1.89.Final to 4.1.112.Final | 23 versions ahead of your current version | 2 months ago
on 2024-07-19 io.netty:netty-transport-native-kqueue
from 4.1.89.Final to 4.1.112.Final | 23 versions ahead of your current version | 2 months ago
on 2024-07-19 io.netty:netty-all
from 4.1.89.Final to 4.1.112.Final | 23 versions ahead of your current version | 2 months ago
on 2024-07-19 org.apache.commons:commons-crypto
from 1.1.0 to 1.2.0 | 1 version ahead of your current version | 2 years ago
on 2023-01-14 org.apache.commons:commons-lang3
from 3.12.0 to 3.16.0 | 4 versions ahead of your current version | 2 months ago
on 2024-08-01 org.apache.spark:spark-tags_2.12
from 3.5.0-SNAPSHOT to 3.5.2 | 36 versions ahead of your current version | a month ago
on 2024-08-06 org.rocksdb:rocksdbjni
from 8.0.0 to 8.11.4 | 15 versions ahead of your current version | 5 months ago
on 2024-04-10

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538		 586 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-IONETTY-5953332		 586 Mature
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-IONETTY-6483812		 586 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-IONETTY-5725787		 586 No Known Exploit

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: