(spark) branch master updated: [SPARK-56821][INFRA] Upgrade `fast-uri` to 3.1.2 and `brace-expansion` to 1.1.14

Mon, 11 May 2026 19:56:59 -0700 

This is an automated email from the ASF dual-hosted git repository.

LuciferYang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/master by this push:
     new f16fcfa2ef89 [SPARK-56821][INFRA] Upgrade `fast-uri` to 3.1.2 and 
`brace-expansion` to 1.1.14
f16fcfa2ef89 is described below

commit f16fcfa2ef898839ad952da590c728d25a2b1f97
Author: YangJie <[email protected]>
AuthorDate: Tue May 12 10:56:35 2026 +0800

    [SPARK-56821][INFRA] Upgrade `fast-uri` to 3.1.2 and `brace-expansion` to 
1.1.14
    
    ### What changes were proposed in this pull request?
    This pr aims to ugrade `fast-uri` to 3.1.2 and `brace-expansion` to 1.1.14 
in `dev/`:
    
    ```
    # npm audit report
    
    brace-expansion  <1.1.13
    Severity: moderate
    brace-expansion: Zero-step sequence causes process hang and memory 
exhaustion - https://github.com/advisories/GHSA-f886-m6hf-6m8v
    fix available via `npm audit fix`
    node_modules/brace-expansion
    
    fast-uri  <=3.1.1
    Severity: high
    fast-uri vulnerable to path traversal via percent-encoded dot segments - 
https://github.com/advisories/GHSA-q3j6-qgpj-74h6
    fast-uri vulnerable to host confusion via percent-encoded authority 
delimiters - https://github.com/advisories/GHSA-v39h-62p7-jpjc
    fix available via `npm audit fix`
    node_modules/fast-uri
    
    2 vulnerabilities (1 moderate, 1 high)
    
    To address all issues, run:
      npm audit fix
    ```
    
    ### Why are the changes needed?
    To fix https://github.com/apache/spark/security/dependabot/190 and 
https://github.com/apache/spark/security/dependabot/189
    
    ### Does this PR introduce _any_ user-facing change?
    No
    
    ### How was this patch tested?
    - Pass GitHub Actions
    
    ### Was this patch authored or co-authored using generative AI tooling?
    No
    
    Closes #55800 from LuciferYang/SPARK-56821.
    
    Authored-by: YangJie <[email protected]>
    Signed-off-by: yangjie01 <[email protected]>
---
 dev/package-lock.json | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/dev/package-lock.json b/dev/package-lock.json
index dafd7418c498..f4497bb5ab56 100644
--- a/dev/package-lock.json
+++ b/dev/package-lock.json
@@ -239,9 +239,9 @@
       "dev": true
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": 
"https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz";,
-      "integrity": 
"sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.14",
+      "resolved": 
"https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz";,
+      "integrity": 
"sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -608,9 +608,9 @@
       "dev": true
     },
     "node_modules/fast-uri": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz";,
-      "integrity": 
"sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==",
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz";,
+      "integrity": 
"sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==",
       "dev": true,
       "funding": [
         {
@@ -1430,9 +1430,9 @@
       "dev": true
     },
     "brace-expansion": {
-      "version": "1.1.12",
-      "resolved": 
"https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz";,
-      "integrity": 
"sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.14",
+      "resolved": 
"https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz";,
+      "integrity": 
"sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
       "dev": true,
       "requires": {
         "balanced-match": "^1.0.0",
@@ -1712,9 +1712,9 @@
       "dev": true
     },
     "fast-uri": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz";,
-      "integrity": 
"sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==",
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz";,
+      "integrity": 
"sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==",
       "dev": true
     },
     "file-entry-cache": {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to