[
https://issues.apache.org/jira/browse/SPARK-53746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18033869#comment-18033869
]
Dongjoon Hyun commented on SPARK-53746:
---------------------------------------
Hi, [~eschcam]. Apache Spark community has a policy which manages `Fix Version`
and `Target Version` like the following. So, please don't set it when you file
a JIRA issue.
- https://spark.apache.org/contributing.html
> Do not set the following fields:
> - Fix Version. This is assigned by committers only when resolved.
> - Target Version. This is assigned by committers to indicate a PR has been
> accepted for possible fix by the target version.
> Update Python pyyaml to 5.4
> ---------------------------
>
> Key: SPARK-53746
> URL: https://issues.apache.org/jira/browse/SPARK-53746
> Project: Spark
> Issue Type: Dependency upgrade
> Components: Tests
> Affects Versions: 4.1.0
> Reporter: Cameron
> Priority: Major
> Labels: pull-request-available
>
> pyyaml 3.11 contains the following vulnerabilities:
> * CVE-2017-18342 : 9.8 Severity
> * CVE-2020-14343 : 9.8 Severity
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
