[
https://issues.apache.org/jira/browse/SPARK-52844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Cameron updated SPARK-52844:
----------------------------
Description:
The following dependencies contain vulnerabilities
* black 23.12.1
** CVE-2024-21503 : 5.3 Severity
* mlflow 2.3.1
** CVE-2023-6909 : 8.7 Severity
** CVE-2023-6831 : 10.0 Severity
** CVE-2023-6568 : 6.5 Severity
** CVE-2023-4033 : 8.8 Severity
** CVE-2023-6709 : 8.8 Severity
** CVE-2023-3765 : 10.0 Severity
** CVE-2023-6753 : 8.8 Severity
** CVE-2024-27134 : 7.3 Severity
** CVE-2024-0520 : 10.0 Severity
** CVE-2024-27132 : 9.6 Severity
** CVE-2024-27133 : 9.6 Severity
** CVE-2024-2928 : 7.5 Severity
** CVE-2024-3573 : 9.3 Severity
** CVE-2024-3848 : 7.5 Severity
** CVE-2025-1474 : 5.5 Severity
** CVE-2025-52967 : 5.8 Severity
** CVE-2023-6014 : 9.1 Severity
** CVE-2024-8859 : 7.5 Severity
** CVE-2023-6974 : 9.8 Severity
** CVE-2023-6018 : 10.0 Severity
** CVE-2024-3099 : 5.4 Severity
** CVE-2023-6015 : 10.0 Severity
** CVE-2024-1483 : 7.5 Severity
** CVE-2023-6975 : 9.8 Severity
** CVE-2023-6940 : 8.8 Severity
** CVE-2024-1558 : 7.5 Severity
** CVE-2024-4263 : 5.4 Severity
** CVE-2023-6977 : 7.5 Severity
** CVE-2023-43472 : 7.5 Severity
** CVE-2023-6976 : 8.8 Severity
* numpy 1.21
** CVE-2021-34141 : 5.3 Severity
* protobuf 5.29.1
** CVE-2025-4565 : 8.2 Severity
* pyarrow 11.0.0
** CVE-2023-47248 : 9.8 Severity
** CVE-2024-52338
was:
The following dependencies contain vulnerabilities
* black 23.12.1
** CVE-2024-21503 : 5.3 Severity
* mlflow 2.3.1
** CVE-2023-6909 : 8.7 Severity
** CVE-2023-6831 : 10.0 Severity
** CVE-2023-6568 : 6.5 Severity
** CVE-2023-4033 : 8.8 Severity
** CVE-2023-6709 : 8.8 Severity
** CVE-2023-3765 : 10.0 Severity
** CVE-2023-6753 : 8.8 Severity
** CVE-2024-27134 : 7.3 Severity
** CVE-2024-0520 : 10.0 Severity
* numpy 1.21
** CVE-2021-34141 : 5.3 Severity
* protobuf 5.29.1
** CVE-2025-4565 : 8.2 Severity
* pyarrow 11.0.0
** CVE-2023-47248 : 9.8 Severity
** CVE-2024-52338
> Update Python test dependencies
> --------------------------------
>
> Key: SPARK-52844
> URL: https://issues.apache.org/jira/browse/SPARK-52844
> Project: Spark
> Issue Type: Dependency upgrade
> Components: Tests
> Affects Versions: 4.0.0
> Reporter: Cameron
> Priority: Major
>
> The following dependencies contain vulnerabilities
> * black 23.12.1
> ** CVE-2024-21503 : 5.3 Severity
> * mlflow 2.3.1
> ** CVE-2023-6909 : 8.7 Severity
> ** CVE-2023-6831 : 10.0 Severity
> ** CVE-2023-6568 : 6.5 Severity
> ** CVE-2023-4033 : 8.8 Severity
> ** CVE-2023-6709 : 8.8 Severity
> ** CVE-2023-3765 : 10.0 Severity
> ** CVE-2023-6753 : 8.8 Severity
> ** CVE-2024-27134 : 7.3 Severity
> ** CVE-2024-0520 : 10.0 Severity
> ** CVE-2024-27132 : 9.6 Severity
> ** CVE-2024-27133 : 9.6 Severity
> ** CVE-2024-2928 : 7.5 Severity
> ** CVE-2024-3573 : 9.3 Severity
> ** CVE-2024-3848 : 7.5 Severity
> ** CVE-2025-1474 : 5.5 Severity
> ** CVE-2025-52967 : 5.8 Severity
> ** CVE-2023-6014 : 9.1 Severity
> ** CVE-2024-8859 : 7.5 Severity
> ** CVE-2023-6974 : 9.8 Severity
> ** CVE-2023-6018 : 10.0 Severity
> ** CVE-2024-3099 : 5.4 Severity
> ** CVE-2023-6015 : 10.0 Severity
> ** CVE-2024-1483 : 7.5 Severity
> ** CVE-2023-6975 : 9.8 Severity
> ** CVE-2023-6940 : 8.8 Severity
> ** CVE-2024-1558 : 7.5 Severity
> ** CVE-2024-4263 : 5.4 Severity
> ** CVE-2023-6977 : 7.5 Severity
> ** CVE-2023-43472 : 7.5 Severity
> ** CVE-2023-6976 : 8.8 Severity
> * numpy 1.21
> ** CVE-2021-34141 : 5.3 Severity
> * protobuf 5.29.1
> ** CVE-2025-4565 : 8.2 Severity
> * pyarrow 11.0.0
> ** CVE-2023-47248 : 9.8 Severity
> ** CVE-2024-52338
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
