https://github.com/apache/spark
Revision 221fee8973ce438b089fae769dd054c47f6774ed authored by yangjie01 on 11 August 2022, 22:10:42 UTC, committed by Dongjoon Hyun on 11 August 2022, 22:10:50 UTC
### What changes were proposed in this pull request? This pr exclude `xalan` from `htmlunit` to clean warning of CVE-2022-34169: ``` Provides transitive vulnerable dependency xalan:xalan:2.7.2 CVE-2022-34169 7.5 Integer Coercion Error vulnerability with medium severity found Results powered by Checkmarx(c) ``` `xalan:xalan:2.7.2` is the latest version, the code base has not been updated for 5 years, so can't solve by upgrading `xalan`. ### Why are the changes needed? The vulnerability is described is [CVE-2022-34169](https://github.com/advisories/GHSA-9339-86wc-4qgf), better to exclude it although it's just test dependency for Spark. ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? - Pass GitHub Actions - Manual test: run `mvn dependency:tree -Phadoop-3 -Phadoop-cloud -Pmesos -Pyarn -Pkinesis-asl -Phive-thriftserver -Pspark-ganglia-lgpl -Pkubernetes -Phive | grep xalan` to check that `xalan` is not matched after this pr Closes #37481 from LuciferYang/exclude-xalan. Authored-by: yangjie01 <yangjie01@baidu.com> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org> (cherry picked from commit 7f3baa77acbf7747963a95d0f24e3b8868c7b16a) Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
1 parent 248e8b4
Tip revision: 221fee8973ce438b089fae769dd054c47f6774ed authored by yangjie01 on 11 August 2022, 22:10:42 UTC
[SPARK-40047][TEST] Exclude unused `xalan` transitive dependency from `htmlunit`
[SPARK-40047][TEST] Exclude unused `xalan` transitive dependency from `htmlunit`
Tip revision: 221fee8
| File | Mode | Size |
|---|---|---|
| .github | ||
| .idea | ||
| R | ||
| assembly | ||
| bin | ||
| binder | ||
| build | ||
| common | ||
| conf | ||
| core | ||
| data | ||
| dev | ||
| docs | ||
| examples | ||
| external | ||
| graphx | ||
| hadoop-cloud | ||
| launcher | ||
| licenses | ||
| licenses-binary | ||
| mllib | ||
| mllib-local | ||
| project | ||
| python | ||
| repl | ||
| resource-managers | ||
| sbin | ||
| sql | ||
| streaming | ||
| tools | ||
| .asf.yaml | -rw-r--r-- | 1.1 KB |
| .gitattributes | -rw-r--r-- | 130 bytes |
| .gitignore | -rw-r--r-- | 2.0 KB |
| CONTRIBUTING.md | -rw-r--r-- | 997 bytes |
| LICENSE | -rw-r--r-- | 13.1 KB |
| LICENSE-binary | -rw-r--r-- | 22.4 KB |
| NOTICE | -rw-r--r-- | 2.0 KB |
| NOTICE-binary | -rw-r--r-- | 56.5 KB |
| README.md | -rw-r--r-- | 4.4 KB |
| appveyor.yml | -rw-r--r-- | 2.7 KB |
| pom.xml | -rw-r--r-- | 137.5 KB |
| scalastyle-config.xml | -rw-r--r-- | 22.0 KB |
Computing file changes ...
