LuciferYang opened a new pull request, #55800: URL: https://github.com/apache/spark/pull/55800
### What changes were proposed in this pull request? This pr aims to ugrade `fast-uri` to 3.1.2 and `brace-expansion` to 1.1.14 in `dev/`: ``` # npm audit report brace-expansion <1.1.13 Severity: moderate brace-expansion: Zero-step sequence causes process hang and memory exhaustion - https://github.com/advisories/GHSA-f886-m6hf-6m8v fix available via `npm audit fix` node_modules/brace-expansion fast-uri <=3.1.1 Severity: high fast-uri vulnerable to path traversal via percent-encoded dot segments - https://github.com/advisories/GHSA-q3j6-qgpj-74h6 fast-uri vulnerable to host confusion via percent-encoded authority delimiters - https://github.com/advisories/GHSA-v39h-62p7-jpjc fix available via `npm audit fix` node_modules/fast-uri 2 vulnerabilities (1 moderate, 1 high) To address all issues, run: npm audit fix ``` ### Why are the changes needed? To fix https://github.com/apache/spark/security/dependabot/190 and https://github.com/apache/spark/security/dependabot/189 ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? - Pass GitHub Actions ### Was this patch authored or co-authored using generative AI tooling? No -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
