The GitHub Actions job "Fory CI" on fory.git/arrow-18.3.0 has failed. Run started by GitHub user stevenschlansker (triggered by stevenschlansker).
Head commit for run: 7513a8a040648139e4ff11bd457ee667c2f6522c / Steven Schlansker <[email protected]> chore(java): arrow 18.3.0 arrow 15.0.0 is marked as vulnerable to CVE-2024-52338 Despite this CVE only affecting the R implementation, the CPE is not scoped to R so Java checkers will report as vulnerable: ``` 13:25:42 [ERROR] One or more dependencies were identified with vulnerabilities: 13:25:42 [ERROR] arrow-memory-core-15.0.0.jar (pkg:maven/org.apache.arrow/[email protected], cpe:2.3:a:apache:arrow:15.0.0:*:*:*:*:*:*:*): CVE-2024-52338(9.8) ``` while this is really a problem with the CPE, not fory, the easiest fix by far is to simply update arrow Report URL: https://github.com/apache/fory/actions/runs/16331119513 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
