This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new 6add9c89855f [SPARK-50501][BUILD] Update cross-spawn to surpress a
warning in lint
6add9c89855f is described below
commit 6add9c89855f9311d5e185774ddddcbf4323beee
Author: Kousuke Saruta <[email protected]>
AuthorDate: Thu Dec 5 10:45:02 2024 -0800
[SPARK-50501][BUILD] Update cross-spawn to surpress a warning in lint
### What changes were proposed in this pull request?
This PR updates cross-spawn from 7.0.3 to 7.0.6.
### Why are the changes needed?
Recently, `./dev/lint-js` shows a warning like as follows.
```
1 high severity vulnerability
To address all issues, run:
npm audit fix
Run `npm audit` for details.
```
We can see the same message in CI.
https://github.com/apache/spark/actions/runs/12183892848/job/33986553884#step:24:20
To inspect more, I executed `npm audit` and the result is:
```
cross-spawn 7.0.0 - 7.0.4
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn -
https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix`
node_modules/cross-spawn
1 high severity vulnerability
```
`cross-spawn` is a dependency for the linter but the linter reports the
issue as `high severity vulnerability` so let's fix it just in case.
This change is done by `npm audit fix` as the warning indicates.
### Does this PR introduce _any_ user-facing change?
No
### How was this patch tested?
`./dev/lint-js` doesn't show the warning.
### Was this patch authored or co-authored using generative AI tooling?
No
Closes #49077 from sarutak/update-cross-spawn.
Authored-by: Kousuke Saruta <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
---
dev/package-lock.json | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/dev/package-lock.json b/dev/package-lock.json
index f676b9cec076..e6ec1406a762 100644
--- a/dev/package-lock.json
+++ b/dev/package-lock.json
@@ -4,6 +4,7 @@
"requires": true,
"packages": {
"": {
+ "name": "dev",
"devDependencies": {
"ansi-regex": "^5.0.1",
"eslint": "^7.25.0",
@@ -316,10 +317,11 @@
"dev": true
},
"node_modules/cross-spawn": {
- "version": "7.0.3",
- "resolved":
"https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz";,
- "integrity":
"sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+ "version": "7.0.6",
+ "resolved":
"https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz";,
+ "integrity":
"sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
"dev": true,
+ "license": "MIT",
"dependencies": {
"path-key": "^3.1.0",
"shebang-command": "^2.0.0",
@@ -1469,9 +1471,9 @@
"dev": true
},
"cross-spawn": {
- "version": "7.0.3",
- "resolved":
"https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz";,
- "integrity":
"sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+ "version": "7.0.6",
+ "resolved":
"https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz";,
+ "integrity":
"sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
"dev": true,
"requires": {
"path-key": "^3.1.0",
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
