Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependencies CVE #135

Merged

Conversation

ruospalo
Copy link
Contributor

@ruospalo ruospalo commented Mar 6, 2024

Supersed #132

Which problem is this PR solving?

  • Spark Dependencies job has dependencies towards Java libraries with several CVE associated with them. This PR will update those dependencies and fixes compilation problems
  • Decrease the CVEs from Total: 90 (UNKNOWN: 0, LOW: 5, MEDIUM: 20, HIGH: 46, CRITICAL: 19) to Total: 5 (UNKNOWN: 0, LOW: 1, MEDIUM: 2, HIGH: 2, CRITICAL: 0)

Description of the changes

  • Upgrade spark to 3.5.1, jackson libraries to 2.15.3.
  • Fix compilation problems

How was this change tested?

  • Executing tests successfully.
  • Running trivy to check the CVEs
  • Executing jaeger operator helm chart pointing to the image built, running with the following CRD:
kubectl apply  -f - <<EOF                                        
# Deploy the Jaeger instance
apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
  name: my-jaeger
spec:
  strategy: allinone
  storage:
    type: elasticsearch
    options:
      es:
        server-urls: http://elasticsearch:9200
    dependencies:
      schedule: "*/1 * * * *"
EOF

Checklist

Signed-off-by: Ruben Pardo <[email protected]>
Copy link
Member

@yurishkuro yurishkuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@yurishkuro yurishkuro merged commit e6055bf into jaegertracing:main Mar 6, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants