Skip to content

[Snyk] Security upgrade org.apache.spark:spark-core_2.13 from 3.5.6 to 4.1.0#410

Open
msmygit wants to merge 1 commit intomainfrom
snyk-fix-0710eb30fb60233eb09d44e567230c5e
Open

[Snyk] Security upgrade org.apache.spark:spark-core_2.13 from 3.5.6 to 4.1.0#410
msmygit wants to merge 1 commit intomainfrom
snyk-fix-0710eb30fb60233eb09d44e567230c5e

Conversation

@msmygit
Copy link
Member

@msmygit msmygit commented Dec 18, 2025

snyk-top-banner

Snyk has created this PR to fix 6 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
critical severity Race Condition
SNYK-JAVA-ORGGLASSFISHJERSEYCORE-14049172		   791   org.apache.spark:spark-core_2.13:
3.5.6 -> 4.1.0
Major version upgrade Proof of Concept
high severity HTTP Request Smuggling
SNYK-JAVA-IONETTY-12485149		   756   org.apache.spark:spark-core_2.13:
3.5.6 -> 4.1.0
Major version upgrade Proof of Concept
high severity Improper Handling of Highly Compressed Data (Data Amplification)
SNYK-JAVA-IONETTY-12485150		   756   org.apache.spark:spark-core_2.13:
3.5.6 -> 4.1.0
Major version upgrade Proof of Concept
high severity Improper Handling of Highly Compressed Data (Data Amplification)
SNYK-JAVA-IONETTY-12485151		   756   org.apache.spark:spark-core_2.13:
3.5.6 -> 4.1.0
Major version upgrade Proof of Concept
high severity Uncontrolled Recursion
SNYK-JAVA-ORGAPACHECOMMONS-10734078		   654   org.apache.spark:spark-core_2.13:
3.5.6 -> 4.1.0
Major version upgrade No Known Exploit
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-IONETTY-11799531		   649   org.apache.spark:spark-core_2.13:
3.5.6 -> 4.1.0
Major version upgrade No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling
🦉 Race Condition

@msmygit msmygit requested a review from a team as a code owner December 18, 2025 11:18
@msmygit msmygit added the do-not-merge Do not merge label Dec 18, 2025
@msmygit
Copy link
Member Author

msmygit commented Dec 18, 2025

This PR can't be merged until upstream Spark Cassandra Connector is supporting Spark 4.x. See earlier comment here, #378 (comment)

@msmygit
Copy link
Member Author

msmygit commented Dec 18, 2025

SCC doesn't support anything over Spark 3.5 as of this writing. See https://github.com/apache/cassandra-spark-connector/blob/trunk/project/Versions.scala#L35

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeromatron jeromatron Awaiting requested review from jeromatron jeromatron is a code owner automatically assigned from datastax/cdm-core

@Jeremya Jeremya Awaiting requested review from Jeremya Jeremya is a code owner automatically assigned from datastax/cdm-core

@pravinbhat pravinbhat Awaiting requested review from pravinbhat pravinbhat is a code owner automatically assigned from datastax/cdm-core

@Ankitp1342 Ankitp1342 Awaiting requested review from Ankitp1342 Ankitp1342 is a code owner automatically assigned from datastax/cdm-core

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

do-not-merge Do not merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@msmygit @snyk-bot

Comments