neo4j / neo4j-spark-connector

Neo4j Connector for Apache Spark, which provides bi-directional read/write access to Neo4j from Spark, using the Spark DataSource APIs
https://neo4j.com/developer/spark/
Apache License 2.0
313 stars 112 forks source link

[Snyk] Fix for 3 vulnerabilities #644

Closed venikkin closed 3 months ago

venikkin commented 3 months ago

snyk-top-banner

Snyk has created this PR to fix 3 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-ORGXERIALSNAPPY-5918282
  169   org.apache.spark:spark-core_2.13:
3.5.1 -> 3.5.2
No Path Found Proof of Concept
high severity Out-of-bounds Read
SNYK-JAVA-IOAIRLIFT-7164637
  145   org.apache.spark:spark-sql_2.13:
3.5.1 -> 3.5.2
No Path Found No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-ORGECLIPSEJETTY-5958847
  124   org.apache.spark:spark-sql_2.13:
3.5.1 -> 3.5.2
No Path Found No Known Exploit

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report πŸ“œ Customise PR templates πŸ›  Adjust project settings πŸ“š Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

πŸ¦‰ Denial of Service (DoS) πŸ¦‰ Allocation of Resources Without Limits or Throttling

fbiville commented 3 months ago

Superseded by https://github.com/neo4j-contrib/neo4j-spark-connector/pull/646