[SPARK-39020] [CVE-2020-9480] Transitive dependency "unused" from spark-sql_2.12 highlight as vulnerable in dependency tracker - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Question
Status: Resolved
Priority: Minor
Resolution: Not A Problem
Affects Version/s: 3.2.1
Fix Version/s: None
Component/s: Spark Core
Labels:
None

Language:
- java

Description

I am using spark-sql_2.12 dependency version 3.2.1 in my project. My dependency tracker highlights the transitive dependency "unused" from spark-sql_2.12 as vulnerable. I check there is no update for this artifacts since 2014. Is the artifact used anywhere in spark ?

To resolve this vulnerability, can I exclude this "unused" artifact from spark-sql_2.12 ? Will it cause any issues in my project ?

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Dependency-Track.png
26/Apr/22 07:05
81 kB
Sundar

Activity

People

Assignee:: Unassigned

Reporter:: Sundar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 26/Apr/22 07:04

Updated:: 14/Jun/22 00:31

Resolved:: 14/Jun/22 00:31