sarutak opened a new pull request, #49077:
URL: https://github.com/apache/spark/pull/49077
### What changes were proposed in this pull request?
This PR updates cross-spawn from 7.0.3 to 7.0.6.
### Why are the changes needed?
Recently, `./dev/lint-js` shows a warning like as follows.
```
1 high severity vulnerability
To address all issues, run:
npm audit fix
Run `npm audit` for details.
```
We can see the same message in CI.
https://github.com/apache/spark/actions/runs/12183892848/job/33986553884#step:24:20
To inspect more, I executed `npm audit` and the result is:
```
cross-spawn 7.0.0 - 7.0.4
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn -
https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix`
node_modules/cross-spawn
1 high severity vulnerability
```
`cross-spawn` is a dependency for the linter but the linter reports the
issue as `high severity vulnerability` so let's fix it just in case.
This change is done by `npm audit fix` as the warning indicates.
### Does this PR introduce _any_ user-facing change?
No
### How was this patch tested?
`./dev/lint-js` doesn't show the warning.
### Was this patch authored or co-authored using generative AI tooling?
No
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
