steveloughran commented on code in PR #47795:
URL: https://github.com/apache/spark/pull/47795#discussion_r1735200277
##########
hadoop-cloud/pom.xml:
##########
@@ -171,6 +171,41 @@
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-cos</artifactId>
</exclusion>
+ <!--
+ HADOOP-19224 / SPARK-48867:
com.huaweicloud:esdk-obs-java:jar:3.20.4.2 is
+ vulnerable due to okhttp 3.x (CVE-2023-0833, CVE-2021-0341),
+ it has to be upgraded to 3.24.3 which depends on okhttp 4.12.0
+ -->
+ <exclusion>
+ <groupId>com.huaweicloud</groupId>
+ <artifactId>esdk-obs-java</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
Review Comment:
will it actually work with this removal? if not best to stop trying to
restore it and exclude all huaweicloud support with the release note/spark docs
saying "explicitly import it"
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
