Yeah, we generally don't respond to "look at the output of my static analyzer". Some of these are already addressed in a later version. Some don't affect Spark. Some are possibly an issue but hard to change without breaking lots of things - they are really issues with upstream dependencies.
But for any you find that seem possibly relevant, that are directly fixable, yes please open a PR with the change and your reasoning. On Mon, Aug 14, 2023 at 7:42 AM Bjørn Jørgensen <bjornjorgen...@gmail.com> wrote: > I have added links to the github PR. Or comment for those that I have not > seen before. > > Apache Spark has very many dependencies, some can easily be upgraded while > others are very hard to fix. > > Please feel free to open a PR if you wanna help. > > man. 14. aug. 2023 kl. 14:06 skrev Sankavi Nagalingam > <sankavi.nagalin...@temenos.com.invalid>: > >> Hi Team, >> >> >> >> We could see there are many dependent vulnerabilities present in the >> latest spark-core:3.4.1.jar. PFA >> >> Could you please let us know when will be the fix version available for >> the users. >> >> >> >> Thanks, >> >> Sankavi >> >> >> >> The information in this e-mail and any attachments is confidential and >> may be legally privileged. It is intended solely for the addressee or >> addressees. Any use or disclosure of the contents of this >> e-mail/attachments by a not intended recipient is unauthorized and may be >> unlawful. If you have received this e-mail in error please notify the >> sender. Please note that any views or opinions presented in this e-mail are >> solely those of the author and do not necessarily represent those of >> TEMENOS. We recommend that you check this e-mail and any attachments >> against viruses. TEMENOS accepts no liability for any damage caused by any >> malicious code or virus transmitted by this e-mail. >> >> --------------------------------------------------------------------- >> To unsubscribe e-mail: user-unsubscr...@spark.apache.org >> > > > -- > Bjørn Jørgensen > Vestre Aspehaug 4, 6010 Ålesund > Norge > > +47 480 94 297 > > --------------------------------------------------------------------- > To unsubscribe e-mail: user-unsubscr...@spark.apache.org
