[SPARK-39948][BUILD] Exclude hive-vector-code-gen dependency #38978
Conversation
|
cc @sunchao FYI |
|
@zhouyifan279 Title should be |
zhouyifan279
changed the title
Thanks, corrected. |
dongjoon-hyun
left a comment
dongjoon-hyun
left a comment
There was a problem hiding this comment.
+1, LGTM. (Pending CIs)
There was a problem hiding this comment.
BTW, @zhouyifan279 . The GitHub Action is not triggerred at your repository still.
@dongjoon-hyun thanks for your reminding. Several workflows were triggered by previous commits. I have cancelled them. |
|
Can one of the admins verify this patch? |
|
If we can exclude this code, then, the CVE doesn't affect Spark to begin with right? |
| "org.apache.curator:*", | ||
| "org.pentaho:pentaho-aggdesigner-algorithm")) | ||
| "org.pentaho:pentaho-aggdesigner-algorithm", | ||
| "org.apache.hive:hive-vector-code-gen")) |
There was a problem hiding this comment.
do other Hive versions like v2_2 have the same issue?
There was a problem hiding this comment.
@zhouyifan279 Could you answer @sunchao 's question?
|
Yes, right, @srowen . Apache Spark is not affected. |
dongjoon-hyun
changed the title
|
I revised the PR title and description by removing CVE info, @srowen . |
|
Merged to master branch for Apache Spark 3.4.0. |
|
What is your JIRA ID, @zhouyifan279 ? |
|
I found your JIRA ID, Also, from the commit log, I found the following three JIRAs and assigned them to you. Thank you for your contribution, @zhouyifan279 . |
I reused this issue: https://issues.apache.org/jira/browse/SPARK-39948 |
Thanks. It's my pleasure to do something for the Spark community. |
### What changes were proposed in this pull request? Remove hive-vector-code-gen and its dependent jars from spark distribution ### Why are the changes needed? hive-vector-code-gen is not used in spark Remove it to avoid vulnerability scanners's alert. ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? Passed current test cases Closes apache#38978 from zhouyifan279/SPARK-39948. Authored-by: zhouyifan279 <[email protected]> Signed-off-by: Dongjoon Hyun <[email protected]>
7 participants
What changes were proposed in this pull request?
Remove hive-vector-code-gen and its dependent jars from spark distribution
Why are the changes needed?
hive-vector-code-gen is not used in spark
Remove it to avoid vulnerability scanners's alert.
Does this PR introduce any user-facing change?
No
How was this patch tested?
Passed current test cases