[jira] [Updated] (SPARK-52844) Update Python test dependencies

Tue, 12 Aug 2025 04:41:24 -0700 


     [ 
https://issues.apache.org/jira/browse/SPARK-52844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Cameron updated SPARK-52844:
----------------------------
    Description: 
The following dependencies contain vulnerabilities
 * black 23.12.1
 ** CVE-2024-21503 : 5.3 Severity
 * mlflow 2.3.1
 ** CVE-2023-6909 : 8.7 Severity
 ** CVE-2023-6831 : 10.0 Severity
 ** CVE-2023-6568 : 6.5 Severity
 ** CVE-2023-4033 : 8.8 Severity
 ** CVE-2023-6709 : 8.8 Severity
 ** CVE-2023-3765 : 10.0 Severity
 ** CVE-2023-6753 : 8.8 Severity
 ** CVE-2024-27134 : 7.3 Severity
 ** CVE-2024-0520 : 10.0 Severity
 ** CVE-2024-27132 : 9.6 Severity
 ** CVE-2024-27133 : 9.6 Severity
 ** CVE-2024-2928 : 7.5 Severity
 ** CVE-2024-3573 : 9.3 Severity
 ** CVE-2024-3848 : 7.5 Severity
 ** CVE-2025-1474 : 5.5 Severity
 ** CVE-2025-52967 : 5.8 Severity
 ** CVE-2023-6014 : 9.1 Severity
 ** CVE-2024-8859 : 7.5 Severity
 ** CVE-2023-6974 : 9.8 Severity
 ** CVE-2023-6018 : 10.0 Severity
 ** CVE-2024-3099 : 5.4 Severity
 ** CVE-2023-6015 : 10.0 Severity
 ** CVE-2024-1483 : 7.5 Severity
 ** CVE-2023-6975 : 9.8 Severity
 ** CVE-2023-6940 : 8.8 Severity
 ** CVE-2024-1558 : 7.5 Severity
 ** CVE-2024-4263 : 5.4 Severity
 ** CVE-2023-6977 : 7.5 Severity
 ** CVE-2023-43472 : 7.5 Severity
 ** CVE-2023-6976 : 8.8 Severity
 * numpy 1.21
 ** CVE-2021-34141 : 5.3 Severity
 * protobuf 5.29.1
 ** CVE-2025-4565 : 8.2 Severity
 * pyarrow 11.0.0
 ** CVE-2023-47248 : 9.8 Severity
 ** CVE-2024-52338
 * pyyaml 3.11
 ** CVE-2017-18342 : 9.8 Severity
 ** CVE-2020-14343 : 9.8 Severity

  was:
The following dependencies contain vulnerabilities
 * black 23.12.1
 ** CVE-2024-21503 : 5.3 Severity
 * mlflow 2.3.1
 ** CVE-2023-6909 : 8.7 Severity
 ** CVE-2023-6831 : 10.0 Severity
 ** CVE-2023-6568 : 6.5 Severity
 ** CVE-2023-4033 : 8.8 Severity
 ** CVE-2023-6709 : 8.8 Severity
 ** CVE-2023-3765 : 10.0 Severity
 ** CVE-2023-6753 : 8.8 Severity
 ** CVE-2024-27134 : 7.3 Severity
 ** CVE-2024-0520 : 10.0 Severity
 ** CVE-2024-27132 : 9.6 Severity
 ** CVE-2024-27133 : 9.6 Severity
 ** CVE-2024-2928 : 7.5 Severity
 ** CVE-2024-3573 : 9.3 Severity
 ** CVE-2024-3848 : 7.5 Severity
 ** CVE-2025-1474 : 5.5 Severity
 ** CVE-2025-52967 : 5.8 Severity
 ** CVE-2023-6014 : 9.1 Severity
 ** CVE-2024-8859 : 7.5 Severity
 ** CVE-2023-6974 : 9.8 Severity
 ** CVE-2023-6018 : 10.0 Severity
 ** CVE-2024-3099 : 5.4 Severity
 ** CVE-2023-6015 : 10.0 Severity
 ** CVE-2024-1483 : 7.5 Severity
 ** CVE-2023-6975 : 9.8 Severity
 ** CVE-2023-6940 : 8.8 Severity
 ** CVE-2024-1558 : 7.5 Severity
 ** CVE-2024-4263 : 5.4 Severity
 ** CVE-2023-6977 : 7.5 Severity
 ** CVE-2023-43472 : 7.5 Severity
 ** CVE-2023-6976 : 8.8 Severity
 * numpy 1.21
 ** CVE-2021-34141 : 5.3 Severity
 * protobuf 5.29.1
 ** CVE-2025-4565 : 8.2 Severity
 * pyarrow 11.0.0
 ** CVE-2023-47248 : 9.8 Severity
 ** CVE-2024-52338


> Update Python test dependencies 
> --------------------------------
>
>                 Key: SPARK-52844
>                 URL: https://issues.apache.org/jira/browse/SPARK-52844
>             Project: Spark
>          Issue Type: Dependency upgrade
>          Components: Tests
>    Affects Versions: 4.0.0
>            Reporter: Cameron
>            Priority: Major
>              Labels: pull-request-available
>
> The following dependencies contain vulnerabilities
>  * black 23.12.1
>  ** CVE-2024-21503 : 5.3 Severity
>  * mlflow 2.3.1
>  ** CVE-2023-6909 : 8.7 Severity
>  ** CVE-2023-6831 : 10.0 Severity
>  ** CVE-2023-6568 : 6.5 Severity
>  ** CVE-2023-4033 : 8.8 Severity
>  ** CVE-2023-6709 : 8.8 Severity
>  ** CVE-2023-3765 : 10.0 Severity
>  ** CVE-2023-6753 : 8.8 Severity
>  ** CVE-2024-27134 : 7.3 Severity
>  ** CVE-2024-0520 : 10.0 Severity
>  ** CVE-2024-27132 : 9.6 Severity
>  ** CVE-2024-27133 : 9.6 Severity
>  ** CVE-2024-2928 : 7.5 Severity
>  ** CVE-2024-3573 : 9.3 Severity
>  ** CVE-2024-3848 : 7.5 Severity
>  ** CVE-2025-1474 : 5.5 Severity
>  ** CVE-2025-52967 : 5.8 Severity
>  ** CVE-2023-6014 : 9.1 Severity
>  ** CVE-2024-8859 : 7.5 Severity
>  ** CVE-2023-6974 : 9.8 Severity
>  ** CVE-2023-6018 : 10.0 Severity
>  ** CVE-2024-3099 : 5.4 Severity
>  ** CVE-2023-6015 : 10.0 Severity
>  ** CVE-2024-1483 : 7.5 Severity
>  ** CVE-2023-6975 : 9.8 Severity
>  ** CVE-2023-6940 : 8.8 Severity
>  ** CVE-2024-1558 : 7.5 Severity
>  ** CVE-2024-4263 : 5.4 Severity
>  ** CVE-2023-6977 : 7.5 Severity
>  ** CVE-2023-43472 : 7.5 Severity
>  ** CVE-2023-6976 : 8.8 Severity
>  * numpy 1.21
>  ** CVE-2021-34141 : 5.3 Severity
>  * protobuf 5.29.1
>  ** CVE-2025-4565 : 8.2 Severity
>  * pyarrow 11.0.0
>  ** CVE-2023-47248 : 9.8 Severity
>  ** CVE-2024-52338
>  * pyyaml 3.11
>  ** CVE-2017-18342 : 9.8 Severity
>  ** CVE-2020-14343 : 9.8 Severity



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to