[ https://issues.apache.org/jira/browse/SPARK-40037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bjørn Jørgensen updated SPARK-40037: ------------------------------------ Description: [https://www.cve.org/CVERecord?id=CVE-2022-25647 | ] [CVE-2022-25647|https://www.cve.org/CVERecord?id=CVE-2022-25647] [https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327|Info at SNYK] [https://www.cve.org/CVERecord?id=CVE-2021-22569|CVE-2021-22569] [https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703|Info at SNYK] [https://github.com/google/tink/releases/tag/v1.7.0|releases log] was: [https://www.cve.org/CVERecord?id=CVE-2022-25647 | CVE-2022-25647] [https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327|Info at SNYK] [https://www.cve.org/CVERecord?id=CVE-2021-22569|CVE-2021-22569] [https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703|Info at SNYK] [https://github.com/google/tink/releases/tag/v1.7.0|releases log] > Upgrade com.google.crypto.tink:tink from 1.6.1 to 1.7.0 > ------------------------------------------------------- > > Key: SPARK-40037 > URL: https://issues.apache.org/jira/browse/SPARK-40037 > Project: Spark > Issue Type: Dependency upgrade > Components: Build > Affects Versions: 3.4.0 > Reporter: Bjørn Jørgensen > Priority: Major > > [https://www.cve.org/CVERecord?id=CVE-2022-25647 | ] > [CVE-2022-25647|https://www.cve.org/CVERecord?id=CVE-2022-25647] > [https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327|Info at > SNYK] > [https://www.cve.org/CVERecord?id=CVE-2021-22569|CVE-2021-22569] > [https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703|Info at > SNYK] > [https://github.com/google/tink/releases/tag/v1.7.0|releases log] -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org