[
https://issues.apache.org/jira/browse/SPARK-39020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sundar updated SPARK-39020:
---------------------------
Attachment: Dependency-Track.png
> [CVE-2020-9480] Transitive dependency "unused" from spark-sql_2.12
> highlight as vulnerable in dependency tracker
> -------------------------------------------------------------------------------------------------------------------
>
> Key: SPARK-39020
> URL: https://issues.apache.org/jira/browse/SPARK-39020
> Project: Spark
> Issue Type: Question
> Components: Spark Core
> Affects Versions: 3.2.1
> Reporter: Sundar
> Priority: Minor
> Attachments: Dependency-Track.png
>
>
> I am using spark-sql_2.12 dependency version 3.2.1 in my project. My
> dependency tracker highlights the transitive dependency "unused" from
> spark-sql_2.12 as vulnerable. I check there is no update for this artifacts
> since 2014. Is the artifact used anywhere in spark ?
> To resolve this vulnerability, can I exclude this "unused" artifact from
> spark-sql_2.12 ? Will it cause any issues in my project ?
>
> !image-2022-04-26-14-50-31-521.png!
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
