ODP-2049 - CVE | HSBC | Standalone Binaries for Spark (#35)

* ODP-2189 Upgrade snakeyaml version to 2.0

* [SPARK-35579][SQL] Bump janino to 3.1.7

### What changes were proposed in this pull request?

upgrade janino to 3.1.7 from 3.0.16

### Why are the changes needed?

- The proposed version contains bug fix in janino by maropu.
   - janino-compiler/janino#148
- contains `getBytecodes` method which can be used to simplify the way to get bytecodes from ClassBodyEvaluator in CodeGenerator#updateAndGetCompilationStats method. (by LuciferYang)
   - apache#32536

### Does this PR introduce _any_ user-facing change?

No

### How was this patch tested?

Existing UTs

Closes apache#37202 from singhpk234/upgrade/bump-janino.

Authored-by: Prashant Singh <[email protected]>
Signed-off-by: Sean Owen <[email protected]>

(cherry picked from commit 29ed337)

* [SPARK-40633][BUILD] Upgrade janino to 3.1.9

### What changes were proposed in this pull request?
This pr aims upgrade janino from 3.1.7 to 3.1.9

### Why are the changes needed?
This version bring some improvement and bug fix, and janino 3.1.9 will no longer test Java 12, 15, 16 because these STS versions have been EOL:

- janino-compiler/janino@v3.1.7...v3.1.9

### Does this PR introduce _any_ user-facing change?
No

### How was this patch tested?
- Pass GitHub Actions
- Manual test this pr with Scala 2.13, all test passed

Closes apache#38075 from LuciferYang/SPARK-40633.

Lead-authored-by: yangjie01 <[email protected]>
Co-authored-by: YangJie <[email protected]>
Signed-off-by: Sean Owen <[email protected]>

(cherry picked from commit 49e102b)

* ODP-2167 Upgrade janino version from 3.1.9 to 3.1.10

* ODP-2190 Upgrade guava version to 32.1.3-jre

* ODP-2193 Upgrade jettison version to 1.5.4

* ODP-2194 Upgrade wildfly-openssl version to 1.1.3

* ODP-2198 Upgrade gson version to 2.11.0

* ODP-2199 Upgrade kryo-shaded version to 4.0.3

* ODP-2200 Upgrade datanucleus-core and datanucleus-rdbms versions to 5.2.3

* ODP-2203 Upgrade Snappy and common-compress to 1.1.10.4 and 1.26.0 respectively

* ODP-2198 Excluded gson from tink library

* ODP-2205 Upgrade jdom2 to 2.0.6.1

* ODP-2198 Excluded gson from hive-exec

* ODP-2175|SPARK-47018 Upgrade libthrift version and hive version

* [SPARK-39688][K8S] `getReusablePVCs` should handle accounts with no PVC permission

### What changes were proposed in this pull request?

This PR aims to handle `KubernetesClientException` in `getReusablePVCs` method to handle gracefully the cases where accounts has no PVC permission including `listing`.

### Why are the changes needed?

To prevent a regression in Apache Spark 3.4.

### Does this PR introduce _any_ user-facing change?

No.

### How was this patch tested?

Pass the CIs with the newly added test case.

Closes apache#37095 from dongjoon-hyun/SPARK-39688.

Authored-by: Dongjoon Hyun <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>

(cherry picked from commit 79f133b)

* [SPARK-40458][K8S] Bump Kubernetes Client Version to 6.1.1

### What changes were proposed in this pull request?

Bump kubernetes-client version from 5.12.3 to 6.1.1 and clean up all the deprecations.

### Why are the changes needed?

To keep up with kubernetes-client [changes](fabric8io/kubernetes-client@v5.12.3...v6.1.1).
As this is an upgrade where the main version changed I have cleaned up all the deprecations.

### Does this PR introduce _any_ user-facing change?

No.

### How was this patch tested?

#### Unit tests

#### Manual tests for submit and application management

Started an application in a non-default namespace (`bla`):

```
➜  spark git:(SPARK-40458) ✗ ./bin/spark-submit \
    --master k8s://http://127.0.0.1:8001 \
    --deploy-mode cluster \
    --name spark-pi \
    --class org.apache.spark.examples.SparkPi \
    --conf spark.executor.instances=5 \
    --conf spark.kubernetes.namespace=bla \
    --conf spark.kubernetes.container.image=docker.io/kubespark/spark:3.4.0-SNAPSHOT_064A99CC-57AF-46D5-B743-5B12692C260D \
    local:///opt/spark/examples/jars/spark-examples_2.12-3.4.0-SNAPSHOT.jar 200000
```

Check that we cannot find it in the default namespace even with glob without the namespace definition:

```
➜  spark git:(SPARK-40458) ✗ minikube kubectl -- config set-context --current --namespace=default
Context "minikube" modified.
➜  spark git:(SPARK-40458) ✗ ./bin/spark-submit --status "spark-pi-*" --master k8s://http://127.0.0.1:8001
Submitting a request for the status of submission spark-pi-* in k8s://http://127.0.0.1:8001.
No applications found.
```

Then check we can find it by specifying the namespace:
```
➜  spark git:(SPARK-40458) ✗ ./bin/spark-submit --status "bla:spark-pi-*" --master k8s://http://127.0.0.1:8001
Submitting a request for the status of submission bla:spark-pi-* in k8s://http://127.0.0.1:8001.
Application status (driver):
         pod name: spark-pi-4c4e70837c86ae1a-driver
         namespace: bla
         labels: spark-app-name -> spark-pi, spark-app-selector -> spark-c95a9a0888214c01a286eb7ba23980a0, spark-role -> driver, spark-version -> 3.4.0-SNAPSHOT
         pod uid: 0be8952e-3e00-47a3-9082-9cb45278ed6d
         creation time: 2022-09-27T01:19:06Z
         service account name: default
         volumes: spark-local-dir-1, spark-conf-volume-driver, kube-api-access-wxnqw
         node name: minikube
         start time: 2022-09-27T01:19:06Z
         phase: Running
         container status:
                 container name: spark-kubernetes-driver
                 container image: kubespark/spark:3.4.0-SNAPSHOT_064A99CC-57AF-46D5-B743-5B12692C260D
                 container state: running
                 container started at: 2022-09-27T01:19:07Z
```

Changing the namespace to `bla` with `kubectl`:

```
➜  spark git:(SPARK-40458) ✗  minikube kubectl -- config set-context --current --namespace=bla
Context "minikube" modified.
```

Checking we can find it without specifying the namespace (and glob):
```
➜  spark git:(SPARK-40458) ✗  ./bin/spark-submit --status "spark-pi-*" --master k8s://http://127.0.0.1:8001
Submitting a request for the status of submission spark-pi-* in k8s://http://127.0.0.1:8001.
Application status (driver):
         pod name: spark-pi-4c4e70837c86ae1a-driver
         namespace: bla
         labels: spark-app-name -> spark-pi, spark-app-selector -> spark-c95a9a0888214c01a286eb7ba23980a0, spark-role -> driver, spark-version -> 3.4.0-SNAPSHOT
         pod uid: 0be8952e-3e00-47a3-9082-9cb45278ed6d
         creation time: 2022-09-27T01:19:06Z
         service account name: default
         volumes: spark-local-dir-1, spark-conf-volume-driver, kube-api-access-wxnqw
         node name: minikube
         start time: 2022-09-27T01:19:06Z
         phase: Running
         container status:
                 container name: spark-kubernetes-driver
                 container image: kubespark/spark:3.4.0-SNAPSHOT_064A99CC-57AF-46D5-B743-5B12692C260D
                 container state: running
                 container started at: 2022-09-27T01:19:07Z
```

Killing the app:
```
➜  spark git:(SPARK-40458) ✗  ./bin/spark-submit --kill "spark-pi-*" --master k8s://http://127.0.0.1:8001
Submitting a request to kill submission spark-pi-* in k8s://http://127.0.0.1:8001. Grace period in secs: not set.
Deleting driver pod: spark-pi-4c4e70837c86ae1a-driver.
```

Closes apache#37990 from attilapiros/SPARK-40458.

Authored-by: attilapiros <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>

(cherry picked from commit fa88651)

* [SPARK-36462][K8S] Add the ability to selectively disable watching or polling

### What changes were proposed in this pull request?

Add the ability to selectively disable watching or polling

Updated version of apache#34264

### Why are the changes needed?

Watching or polling for pod status on Kubernetes can place additional load on etcd, with a large number of executors and large number of jobs this can have negative impacts and executors register themselves with the driver under normal operations anyways.

### Does this PR introduce _any_ user-facing change?

Two new config flags.

### How was this patch tested?

New unit tests + manually tested a forked version of this on an internal cluster with both watching and polling disabled.

Closes apache#36433 from holdenk/SPARK-36462-allow-spark-on-kube-to-operate-without-watchers.

Lead-authored-by: Holden Karau <[email protected]>
Co-authored-by: Holden Karau <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>

(cherry picked from commit 5bffb98)

* ODP-2201|SPARK-48867 Upgrade okhttp to 4.12.0, okio to 3.9.0 and esdk-obs-java to 3.24.3

* [SPARK-41958][CORE][3.3] Disallow arbitrary custom classpath with proxy user in cluster mode

Backporting fix for SPARK-41958 to 3.3 branch from apache#39474
Below description from original PR.

--------------------------

### What changes were proposed in this pull request?

This PR proposes to disallow arbitrary custom classpath with proxy user in cluster mode by default.

### Why are the changes needed?

To avoid arbitrary classpath in spark cluster.

### Does this PR introduce _any_ user-facing change?

Yes. User should reenable this feature by `spark.submit.proxyUser.allowCustomClasspathInClusterMode`.

### How was this patch tested?

Manually tested.

Closes apache#39474 from Ngone51/dev.

Lead-authored-by: Peter Toth <peter.tothgmail.com>
Co-authored-by: Yi Wu <yi.wudatabricks.com>
Signed-off-by: Hyukjin Kwon <gurwls223apache.org>

(cherry picked from commit 909da96)

### What changes were proposed in this pull request?

### Why are the changes needed?

### Does this PR introduce _any_ user-facing change?

### How was this patch tested?

Closes apache#41428 from degant/spark-41958-3.3.

Lead-authored-by: Degant Puri <[email protected]>
Co-authored-by: Peter Toth <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>

* ODP-2049 Changing Spark3 version from 3.3.3.3.2.3.2-2 to 3.3.3.3.2.3.2-201

* ODP-2049 Changing libthrift version to 0.16 in deps files

* ODP-2049 Changing derby version to 10.14.3.0

---------

Signed-off-by: Dongjoon Hyun <[email protected]>
Co-authored-by: Prashant Singh <[email protected]>
Co-authored-by: yangjie01 <[email protected]>
Co-authored-by: Dongjoon Hyun <[email protected]>
Co-authored-by: attilapiros <[email protected]>
Co-authored-by: Holden Karau <[email protected]>
Co-authored-by: Degant Puri <[email protected]>
Co-authored-by: Peter Toth <[email protected]>

Author: 8 people

dev/deps/spark-deps-hadoop-2-hive-2.3

@@ -38,15 +38,14 @@ commons-cli/1.5.0//commons-cli-1.5.0.jar
 commons-codec/1.15//commons-codec-1.15.jar
 commons-collections/3.2.2//commons-collections-3.2.2.jar
 commons-collections4/4.4//commons-collections4-4.4.jar
-commons-compiler/3.1.7//commons-compiler-3.1.7.jar
-commons-compress/1.21//commons-compress-1.21.jar
+commons-compiler/3.1.9//commons-compiler-3.1.9.jar
+commons-compress/1.26.0//commons-compress-1.26.0.jar
 commons-configuration/1.6//commons-configuration-1.6.jar
 commons-crypto/1.1.0//commons-crypto-1.1.0.jar
 commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-digester/1.8//commons-digester-1.8.jar
 commons-httpclient/3.1//commons-httpclient-3.1.jar
 commons-io/2.4//commons-io-2.4.jar
-commons-lang/2.6//commons-lang-2.6.jar
 commons-lang3/3.12.0//commons-lang3-3.12.0.jar
 commons-logging/1.1.3//commons-logging-1.1.3.jar
 commons-math3/3.6.1//commons-math3-3.6.1.jar
@@ -58,15 +57,15 @@ curator-client/2.7.1//curator-client-2.7.1.jar
 curator-framework/2.7.1//curator-framework-2.7.1.jar
 curator-recipes/2.7.1//curator-recipes-2.7.1.jar
 datanucleus-api-jdo/4.2.4//datanucleus-api-jdo-4.2.4.jar
-datanucleus-core/4.1.17//datanucleus-core-4.1.17.jar
-datanucleus-rdbms/4.1.19//datanucleus-rdbms-4.1.19.jar
-derby/10.14.2.0//derby-10.14.2.0.jar
+datanucleus-core/5.2.3//datanucleus-core-5.2.3.jar
+datanucleus-rdbms/5.2.3//datanucleus-rdbms-5.2.3.jar
+derby/10.14.3//derby-10.14.3.jar
 dropwizard-metrics-hadoop-metrics2-reporter/0.1.2//dropwizard-metrics-hadoop-metrics2-reporter-0.1.2.jar
 flatbuffers-java/1.12.0//flatbuffers-java-1.12.0.jar
 gcs-connector/hadoop2-2.2.7/shaded/gcs-connector-hadoop2-2.2.7-shaded.jar
 gmetric4j/1.0.10//gmetric4j-1.0.10.jar
-gson/2.2.4//gson-2.2.4.jar
-guava/14.0.1//guava-14.0.1.jar
+gson/2.11.0//gson-2.11.0.jar
+guava/32.1.3-jre//guava-32.1.3-jre.jar
 guice-servlet/3.0//guice-servlet-3.0.jar
 guice/3.0//guice-3.0.jar
 hadoop-annotations/2.7.4//hadoop-annotations-2.7.4.jar
@@ -96,45 +95,45 @@ hive-llap-common/2.3.9//hive-llap-common-2.3.10.jar
 hive-metastore/2.3.9//hive-metastore-2.3.10.jar
 hive-serde/2.3.9//hive-serde-2.3.10.jar
 hive-service-rpc/3.1.3//hive-service-rpc-3.1.3.jar
-hive-shims-0.23/2.3.9//hive-shims-0.23-2.3.9.jar
-hive-shims-common/2.3.9//hive-shims-common-2.3.9.jar
-hive-shims-scheduler/2.3.9//hive-shims-scheduler-2.3.9.jar
-hive-shims/2.3.9//hive-shims-2.3.9.jar
+hive-shims-0.23/2.3.9//hive-shims-0.23-2.3.10.jar
+hive-shims-common/2.3.9//hive-shims-common-2.3.10.jar
+hive-shims-scheduler/2.3.9//hive-shims-scheduler-2.3.10.jar
+hive-shims/2.3.9//hive-shims-2.3.10.jar
 hive-storage-api/2.7.3//hive-storage-api-2.7.3.jar
-hive-vector-code-gen/2.3.9//hive-vector-code-gen-2.3.9.jar
+hive-vector-code-gen/2.3.9//hive-vector-code-gen-2.3.10.jar
 hk2-api/2.6.1//hk2-api-2.6.1.jar
 hk2-locator/2.6.1//hk2-locator-2.6.1.jar
 hk2-utils/2.6.1//hk2-utils-2.6.1.jar
 htrace-core/3.1.0-incubating//htrace-core-3.1.0-incubating.jar
 httpclient/4.5.13//httpclient-4.5.13.jar
 httpcore/4.4.14//httpcore-4.4.14.jar
 istack-commons-runtime/3.0.8//istack-commons-runtime-3.0.8.jar
-ivy/2.5.0//ivy-2.5.0.jar
-jackson-annotations/2.13.4//jackson-annotations-2.13.4.jar
+ivy/2.5.1//ivy-2.5.1.jar
+jackson-annotations/2.14.2//jackson-annotations-2.14.2.jar
 jackson-core-asl/1.9.13//jackson-core-asl-1.9.13.jar
-jackson-core/2.13.4//jackson-core-2.13.4.jar
-jackson-databind/2.13.4.1//jackson-databind-2.13.4.1.jar
-jackson-dataformat-cbor/2.13.4//jackson-dataformat-cbor-2.13.4.jar
-jackson-dataformat-yaml/2.13.4//jackson-dataformat-yaml-2.13.4.jar
-jackson-datatype-jsr310/2.13.4//jackson-datatype-jsr310-2.13.4.jar
+jackson-core/2.14.2//jackson-core-2.14.2.jar
+jackson-databind/2.14.2//jackson-databind-2.14.2.jar
+jackson-dataformat-cbor/2.14.2//jackson-dataformat-cbor-2.14.2.jar
+jackson-dataformat-yaml/2.14.2//jackson-dataformat-yaml-2.14.2.jar
+jackson-datatype-jsr310/2.14.2//jackson-datatype-jsr310-2.14.2.jar
 jackson-jaxrs/1.9.13//jackson-jaxrs-1.9.13.jar
 jackson-mapper-asl/1.9.13//jackson-mapper-asl-1.9.13.jar
-jackson-module-scala_2.12/2.13.4//jackson-module-scala_2.12-2.13.4.jar
+jackson-module-scala_2.12/2.14.2//jackson-module-scala_2.12-2.14.2.jar
 jackson-xc/1.9.13//jackson-xc-1.9.13.jar
 jakarta.annotation-api/1.3.5//jakarta.annotation-api-1.3.5.jar
 jakarta.inject/2.6.1//jakarta.inject-2.6.1.jar
 jakarta.servlet-api/4.0.3//jakarta.servlet-api-4.0.3.jar
 jakarta.validation-api/2.0.2//jakarta.validation-api-2.0.2.jar
 jakarta.ws.rs-api/2.1.6//jakarta.ws.rs-api-2.1.6.jar
 jakarta.xml.bind-api/2.3.2//jakarta.xml.bind-api-2.3.2.jar
-janino/3.1.7//janino-3.1.7.jar
+janino/3.1.10//janino-3.1.10.jar
 javassist/3.25.0-GA//javassist-3.25.0-GA.jar
 javax.inject/1//javax.inject-1.jar
 javax.jdo/3.2.0-m3//javax.jdo-3.2.0-m3.jar
 javolution/5.5.1//javolution-5.5.1.jar
 jaxb-api/2.2.11//jaxb-api-2.2.11.jar
 jaxb-runtime/2.3.2//jaxb-runtime-2.3.2.jar
-jcl-over-slf4j/2.0.3//jcl-over-slf4j-2.0.3.jar
+jcl-over-slf4j/2.0.6//jcl-over-slf4j-2.0.6.jar
 jdo-api/3.0.1//jdo-api-3.0.1.jar
 jersey-client/2.36//jersey-client-2.36.jar
 jersey-common/2.36//jersey-common-2.36.jar
@@ -158,7 +157,7 @@ json4s-scalap_2.12/3.7.0-M11//json4s-scalap_2.12-3.7.0-M11.jar
 jsp-api/2.1//jsp-api-2.1.jar
 jsr305/3.0.0//jsr305-3.0.0.jar
 jta/1.1//jta-1.1.jar
-jul-to-slf4j/2.0.3//jul-to-slf4j-2.0.3.jar
+jul-to-slf4j/1.7.36//jul-to-slf4j-1.7.36.jar
 kryo-shaded/4.0.2//kryo-shaded-4.0.2.jar
 kubernetes-client-api/6.1.1//kubernetes-client-api-6.1.1.jar
 kubernetes-client/6.1.1//kubernetes-client-6.1.1.jar
@@ -187,7 +186,7 @@ kubernetes-model-storageclass/6.1.1//kubernetes-model-storageclass-6.1.1.jar
 lapack/3.0.2//lapack-3.0.2.jar
 leveldbjni-all/1.8//leveldbjni-all-1.8.jar
 libfb303/0.9.3//libfb303-0.9.3.jar
-libthrift/0.12.0//libthrift-0.12.0.jar
+libthrift/0.16.0//libthrift-0.16.0.jar
 log4j-1.2-api/2.19.0//log4j-1.2-api-2.19.0.jar
 log4j-api/2.19.0//log4j-api-2.19.0.jar
 log4j-core/2.19.0//log4j-core-2.19.0.jar
@@ -247,10 +246,10 @@ scala-library/2.12.17//scala-library-2.12.17.jar
 scala-parser-combinators_2.12/1.1.2//scala-parser-combinators_2.12-1.1.2.jar
 scala-reflect/2.12.17//scala-reflect-2.12.17.jar
 scala-xml_2.12/2.1.0//scala-xml_2.12-2.1.0.jar
-shims/0.9.32//shims-0.9.32.jar
-slf4j-api/2.0.3//slf4j-api-2.0.3.jar
-snakeyaml/1.31//snakeyaml-1.31.jar
-snappy-java/1.1.8.4//snappy-java-1.1.8.4.jar
+shims/0.9.36//shims-0.9.36.jar
+slf4j-api/2.0.6//slf4j-api-2.0.6.jar
+snakeyaml/2.0//snakeyaml-2.0.jar
+snappy-java/1.1.10.4//snappy-java-1.1.10.4.jar
 spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar
 spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar
 spire-util_2.12/0.17.0//spire-util_2.12-0.17.0.jar

dev/deps/spark-deps-hadoop-3-hive-2.3

@@ -39,8 +39,8 @@ commons-cli/1.5.0//commons-cli-1.5.0.jar
 commons-codec/1.15//commons-codec-1.15.jar
 commons-collections/3.2.2//commons-collections-3.2.2.jar
 commons-collections4/4.4//commons-collections4-4.4.jar
-commons-compiler/3.1.7//commons-compiler-3.1.7.jar
-commons-compress/1.21//commons-compress-1.21.jar
+commons-compiler/3.1.9//commons-compiler-3.1.9.jar
+commons-compress/1.26//commons-compress-1.26.jar
 commons-crypto/1.1.0//commons-crypto-1.1.0.jar
 commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-io/2.11.0//commons-io-2.11.0.jar
@@ -55,15 +55,16 @@ curator-client/5.2.0//curator-client-5.2.0.jar
 curator-framework/5.2.0//curator-framework-5.2.0.jar
 curator-recipes/5.2.0//curator-recipes-5.2.0.jar
 datanucleus-api-jdo/4.2.4//datanucleus-api-jdo-4.2.4.jar
-datanucleus-core/4.1.17//datanucleus-core-4.1.17.jar
-datanucleus-rdbms/4.1.19//datanucleus-rdbms-4.1.19.jar
-derby/10.14.2.0//derby-10.14.2.0.jar
+datanucleus-core/5.2.3//datanucleus-core-5.2.3.jar
+datanucleus-rdbms/5.2.3//datanucleus-rdbms-5.2.3.jar
+derby/10.14.3//derby-10.14.3.jar
 dropwizard-metrics-hadoop-metrics2-reporter/0.1.2//dropwizard-metrics-hadoop-metrics2-reporter-0.1.2.jar
+esdk-obs-java/3.24.3//esdk-obs-java-3.24.3.jar
 flatbuffers-java/1.12.0//flatbuffers-java-1.12.0.jar
 gcs-connector/hadoop3-2.2.7/shaded/gcs-connector-hadoop3-2.2.7-shaded.jar
 gmetric4j/1.0.10//gmetric4j-1.0.10.jar
-gson/2.2.4//gson-2.2.4.jar
-guava/14.0.1//guava-14.0.1.jar
+gson/2.11.0//gson-2.11.0.jar
+guava/32.1.3-jre//guava-32.1.3-jre.jar
 hadoop-aliyun/3.3.4//hadoop-aliyun-3.3.4.jar
 hadoop-annotations/3.3.4//hadoop-annotations-3.3.4.jar
 hadoop-aws/3.3.4//hadoop-aws-3.3.4.jar
@@ -99,36 +100,38 @@ ini4j/0.5.4//ini4j-0.5.4.jar
 istack-commons-runtime/3.0.8//istack-commons-runtime-3.0.8.jar
 ivy/2.5.1//ivy-2.5.1.jar
 jackson-annotations/2.14.2//jackson-annotations-2.14.2.jar
+jackson-core-asl/1.9.13//jackson-core-asl-1.9.13.jar
 jackson-core/2.14.2//jackson-core-2.14.2.jar
 jackson-databind/2.14.2//jackson-databind-2.14.2.jar
 jackson-dataformat-cbor/2.14.2//jackson-dataformat-cbor-2.14.2.jar
 jackson-dataformat-yaml/2.14.2//jackson-dataformat-yaml-2.14.2.jar
 jackson-datatype-jsr310/2.14.2//jackson-datatype-jsr310-2.14.2.jar
+jackson-mapper-asl/1.9.13//jackson-mapper-asl-1.9.13.jar
 jackson-module-scala_2.12/2.14.2//jackson-module-scala_2.12-2.14.2.jar
 jakarta.annotation-api/1.3.5//jakarta.annotation-api-1.3.5.jar
 jakarta.inject/2.6.1//jakarta.inject-2.6.1.jar
 jakarta.servlet-api/4.0.3//jakarta.servlet-api-4.0.3.jar
 jakarta.validation-api/2.0.2//jakarta.validation-api-2.0.2.jar
 jakarta.ws.rs-api/2.1.6//jakarta.ws.rs-api-2.1.6.jar
 jakarta.xml.bind-api/2.3.2//jakarta.xml.bind-api-2.3.2.jar
-janino/3.1.7//janino-3.1.7.jar
+janino/3.1.10//janino-3.1.10.jar
 javassist/3.25.0-GA//javassist-3.25.0-GA.jar
 javax.jdo/3.2.0-m3//javax.jdo-3.2.0-m3.jar
 javolution/5.5.1//javolution-5.5.1.jar
 jaxb-api/2.2.11//jaxb-api-2.2.11.jar
 jaxb-runtime/2.3.2//jaxb-runtime-2.3.2.jar
 jcl-over-slf4j/2.0.3//jcl-over-slf4j-2.0.3.jar
 jdo-api/3.0.1//jdo-api-3.0.1.jar
-jdom2/2.0.6//jdom2-2.0.6.jar
+jdom2/2.0.6.1//jdom2-2.0.6.1.jar
 jersey-client/2.36//jersey-client-2.36.jar
 jersey-common/2.36//jersey-common-2.36.jar
 jersey-container-servlet-core/2.36//jersey-container-servlet-core-2.36.jar
 jersey-container-servlet/2.36//jersey-container-servlet-2.36.jar
 jersey-hk2/2.36//jersey-hk2-2.36.jar
 jersey-server/2.36//jersey-server-2.36.jar
-jettison/1.1//jettison-1.1.jar
-jetty-util-ajax/9.4.49.v20220914//jetty-util-ajax-9.4.49.v20220914.jar
-jetty-util/9.4.49.v20220914//jetty-util-9.4.49.v20220914.jar
+jettison/1.5.4//jettison-1.5.4.jar
+jetty-util-ajax/9.4.53.v20231009//jetty-util-ajax-9.4.53.v20231009.jar
+jetty-util/9.4.53.v20231009//jetty-util-9.4.53.v20231009.jar
 jline/2.14.6//jline-2.14.6.jar
 joda-time/2.11.2//joda-time-2.11.2.jar
 jodd-core/3.5.2//jodd-core-3.5.2.jar
@@ -140,8 +143,9 @@ json4s-jackson_2.12/3.7.0-M11//json4s-jackson_2.12-3.7.0-M11.jar
 json4s-scalap_2.12/3.7.0-M11//json4s-scalap_2.12-3.7.0-M11.jar
 jsr305/3.0.0//jsr305-3.0.0.jar
 jta/1.1//jta-1.1.jar
-jul-to-slf4j/2.0.3//jul-to-slf4j-2.0.3.jar
-kryo-shaded/4.0.2//kryo-shaded-4.0.2.jar
+jul-to-slf4j/2.0.6//jul-to-slf4j-2.0.6.jar
+kotlin-stdlib/2.0.10//kotlin-stdlib-2.0.10.jar
+kryo-shaded/4.0.3//kryo-shaded-4.0.3.jar
 kubernetes-client-api/6.1.1//kubernetes-client-api-6.1.1.jar
 kubernetes-client/6.1.1//kubernetes-client-6.1.1.jar
 kubernetes-httpclient-okhttp/6.1.1//kubernetes-httpclient-okhttp-6.1.1.jar
@@ -169,12 +173,12 @@ kubernetes-model-storageclass/6.1.1//kubernetes-model-storageclass-6.1.1.jar
 lapack/3.0.2//lapack-3.0.2.jar
 leveldbjni-all/1.8//leveldbjni-all-1.8.jar
 libfb303/0.9.3//libfb303-0.9.3.jar
-libthrift/0.12.0//libthrift-0.12.0.jar
+libthrift/0.16.0//libthrift-0.16.0.jar
 log4j-1.2-api/2.19.0//log4j-1.2-api-2.19.0.jar
 log4j-api/2.19.0//log4j-api-2.19.0.jar
 log4j-core/2.19.0//log4j-core-2.19.0.jar
 log4j-slf4j2-impl/2.19.0//log4j-slf4j2-impl-2.19.0.jar
-logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
+logging-interceptor/4.12.0//logging-interceptor-4.12.0.jar
 lz4-java/1.8.0//lz4-java-1.8.0.jar
 mesos/1.4.3/shaded-protobuf/mesos-1.4.3-shaded-protobuf.jar
 metrics-core/4.2.10//metrics-core-4.2.10.jar
@@ -203,8 +207,9 @@ netty-transport-native-kqueue/4.1.84.Final/osx-x86_64/netty-transport-native-kqu
 netty-transport-native-unix-common/4.1.84.Final//netty-transport-native-unix-common-4.1.84.Final.jar
 netty-transport/4.1.84.Final//netty-transport-4.1.84.Final.jar
 objenesis/3.2//objenesis-3.2.jar
-okhttp/3.12.12//okhttp-3.12.12.jar
-okio/1.15.0//okio-1.15.0.jar
+okhttp/4.12.0//okhttp-4.12.0.jar
+okio-jvm/3.9.0//okio-jvm-3.9.0.jar
+okio/3.9.0//okio-3.9.0.jar
 opencsv/2.3//opencsv-2.3.jar
 opentracing-api/0.33.0//opentracing-api-0.33.0.jar
 opentracing-noop/0.33.0//opentracing-noop-0.33.0.jar
@@ -232,10 +237,10 @@ scala-library/2.12.17//scala-library-2.12.17.jar
 scala-parser-combinators_2.12/1.1.2//scala-parser-combinators_2.12-1.1.2.jar
 scala-reflect/2.12.17//scala-reflect-2.12.17.jar
 scala-xml_2.12/2.1.0//scala-xml_2.12-2.1.0.jar
-shims/0.9.32//shims-0.9.32.jar
-slf4j-api/2.0.3//slf4j-api-2.0.3.jar
-snakeyaml/1.31//snakeyaml-1.31.jar
-snappy-java/1.1.8.4//snappy-java-1.1.8.4.jar
+shims/0.9.36//shims-0.9.36.jar
+slf4j-api/2.0.6//slf4j-api-2.0.6.jar
+snakeyaml/2.0//snakeyaml-2.0.jar
+snappy-java/1.1.10.4//snappy-java-1.1.10.4.jar
 spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar
 spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar
 spire-util_2.12/0.17.0//spire-util_2.12-0.17.0.jar
@@ -247,10 +252,9 @@ threeten-extra/1.7.1//threeten-extra-1.7.1.jar
 tink/1.7.0//tink-1.7.0.jar
 transaction-api/1.1//transaction-api-1.1.jar
 univocity-parsers/2.9.1//univocity-parsers-2.9.1.jar
-velocity/1.5//velocity-1.5.jar
-wildfly-openssl/1.0.7.Final//wildfly-openssl-1.0.7.Final.jar
-xbean-asm9-shaded/4.21//xbean-asm9-shaded-4.21.jar
-xz/1.8//xz-1.8.jar
+wildfly-openssl/1.1.3.Final//wildfly-openssl-1.1.3.Final.jar
+xbean-asm9-shaded/4.22//xbean-asm9-shaded-4.22.jar
+xz/1.9//xz-1.9.jar
 zjsonpatch/0.3.0//zjsonpatch-0.3.0.jar
 zookeeper-jute/3.6.2//zookeeper-jute-3.6.2.jar
 zookeeper/3.6.2//zookeeper-3.6.2.jar

docs/building-spark.md

@@ -87,9 +87,9 @@ If you want to build with Hadoop 2.x, enable `hadoop-2` profile:
 
 To enable Hive integration for Spark SQL along with its JDBC server and CLI,
 add the `-Phive` and `-Phive-thriftserver` profiles to your existing build options.
-By default Spark will build with Hive 2.3.9.
+By default Spark will build with Hive 2.3.10.
 
-    # With Hive 2.3.9 support
+    # With Hive 2.3.10 support
     ./build/mvn -Pyarn -Phive -Phive-thriftserver -DskipTests clean package
 
 ## Packaging without Hadoop Dependencies for YARN

docs/core-migration-guide.md

@@ -58,6 +58,8 @@ license: |
 
 - Since Spark 3.3, Spark migrates its log4j dependency from 1.x to 2.x because log4j 1.x has reached end of life and is no longer supported by the community. Vulnerabilities reported after August 2015 against log4j 1.x were not checked and will not be fixed. Users should rewrite original log4j properties files using log4j2 syntax (XML, JSON, YAML, or properties format). Spark rewrites the `conf/log4j.properties.template` which is included in Spark distribution, to `conf/log4j2.properties.template` with log4j2 properties format.
 
+- Since Spark 3.3.3, `spark.submit.proxyUser.allowCustomClasspathInClusterMode` allows users to disable custom class path in cluster mode by proxy users. It still defaults to `true` to maintain backward compatibility.  
+
 ## Upgrading from Core 3.1 to 3.2
 
 - Since Spark 3.2, `spark.scheduler.allocation.file` supports read remote file using hadoop filesystem which means if the path has no scheme Spark will respect hadoop configuration to read it. To restore the behavior before Spark 3.2, you can specify the local scheme for `spark.scheduler.allocation.file` e.g. `file:///path/to/file`.

docs/sql-data-sources-hive-tables.md

@@ -127,10 +127,10 @@ The following options can be used to configure the version of Hive that is used
   <tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
   <tr>
     <td><code>spark.sql.hive.metastore.version</code></td>
-    <td><code>2.3.9</code></td>
+    <td><code>2.3.10</code></td>
     <td>
       Version of the Hive metastore. Available
-      options are <code>0.12.0</code> through <code>2.3.9</code> and <code>3.0.0</code> through <code>3.1.2</code>.
+      options are <code>0.12.0</code> through <code>2.3.10</code> and <code>3.0.0</code> through <code>3.1.2</code>.
     </td>
     <td>1.4.0</td>
   </tr>

docs/sql-migration-guide.md

@@ -991,7 +991,7 @@ Python UDF registration is unchanged.
 Spark SQL is designed to be compatible with the Hive Metastore, SerDes and UDFs.
 Currently, Hive SerDes and UDFs are based on built-in Hive,
 and Spark SQL can be connected to different versions of Hive Metastore
-(from 0.12.0 to 2.3.9 and 3.0.0 to 3.1.2. Also see [Interacting with Different Versions of Hive Metastore](sql-data-sources-hive-tables.html#interacting-with-different-versions-of-hive-metastore)).
+(from 0.12.0 to 2.3.10 and 3.0.0 to 3.1.2. Also see [Interacting with Different Versions of Hive Metastore](sql-data-sources-hive-tables.html#interacting-with-different-versions-of-hive-metastore)).
 
 #### Deploying in Existing Hive Warehouses
 {:.no_toc}

external/kafka-0-10-assembly/pom.xml

@@ -54,11 +54,6 @@
       <artifactId>commons-codec</artifactId>
       <scope>provided</scope>
     </dependency>
-    <dependency>
-      <groupId>commons-lang</groupId>
-      <artifactId>commons-lang</artifactId>
-      <scope>provided</scope>
-    </dependency>
     <dependency>
       <groupId>com.google.protobuf</groupId>
       <artifactId>protobuf-java</artifactId>

hadoop-cloud/pom.xml

@@ -274,6 +274,41 @@
               <groupId>org.jacoco</groupId>
               <artifactId>org.jacoco.agent</artifactId>
             </exclusion>
+            <!--
+          HADOOP-19224 / SPARK-48867: com.huaweicloud:esdk-obs-java:jar:3.20.4.2 is
+          vulnerable due to okhttp 3.x (CVE-2023-0833, CVE-2021-0341),
+          it has to be upgraded to 3.24.3 which depends on okhttp 4.12.0
+        -->
+            <exclusion>
+              <groupId>com.huaweicloud</groupId>
+              <artifactId>esdk-obs-java</artifactId>
+            </exclusion>
+          </exclusions>
+        </dependency>
+        <dependency>
+          <groupId>com.huaweicloud</groupId>
+          <artifactId>esdk-obs-java</artifactId>
+          <version>${esdk.obs.java.version}</version>
+          <exclusions>
+            <exclusion>
+              <groupId>org.jetbrains.kotlin</groupId>
+              <artifactId>kotlin-stdlib-jdk8</artifactId>
+            </exclusion>
+            <exclusion>
+              <groupId>org.jetbrains.kotlin</groupId>
+              <artifactId>kotlin-stdlib</artifactId>
+            </exclusion>
+          </exclusions>
+        </dependency>
+        <dependency>
+          <groupId>org.jetbrains.kotlin</groupId>
+          <artifactId>kotlin-stdlib</artifactId>
+          <version>${kotlin-stdlib.version}</version>
+          <exclusions>
+            <exclusion>
+              <groupId>org.jetbrains</groupId>
+              <artifactId>annotations</artifactId>
+            </exclusion>
           </exclusions>
         </dependency>
         <!--