Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependencies with critical CVEs #132

Closed

Conversation

tronda
Copy link

@tronda tronda commented Nov 10, 2023

Which problem is this PR solving?

  • Spark Dependencies job has dependencies towards Java libraries with critical CVE associated with them. This PR will update those dependencies
  • The Spark Dependencies job does not work with OpenSearch with the given version of the ElasticSearch dependency. By upgrading the ElasticSearch depdency, this Spark job is able to use OpenSearch as the storage backend.

Description of the changes

  • Override the dependencies in the maven's pom files
  • Update ElasticSearch Java library

How was this change tested?

  • We have created our custom docker build of this Spark job and ran it internally for a long time with OpenSearch as the storage.
  • Also verified that our internal security scanner removed those critical CVEs from the deployment.
  • The tests are failing in this repo so I was not able to run the tests (no new tests added)

Checklist

@recena
Copy link

recena commented Mar 4, 2024

Any news here?

@ruospalo ruospalo mentioned this pull request Mar 6, 2024
4 tasks
@yurishkuro
Copy link
Member

superseded by #135

@yurishkuro yurishkuro closed this Mar 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants