You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sdap.apache.org by ja...@apache.org on 2024/01/09 18:44:00 UTC

(incubator-sdap-in-situ-data-services) branch master updated: Bumped spark version

This is an automated email from the ASF dual-hosted git repository.

jasonmlkang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-sdap-in-situ-data-services.git


The following commit(s) were added to refs/heads/master by this push:
     new 5ea3c85  Bumped spark version
     new a27b9ac  Merge pull request #25 from RKuttruff/spark-bump
5ea3c85 is described below

commit 5ea3c856529b41dcefe2ba8345e2ac7e09b501ec
Author: rileykk <ri...@jpl.nasa.gov>
AuthorDate: Mon Jan 8 13:25:34 2024 -0800

    Bumped spark version
    
    https://nvd.nist.gov/vuln/detail/CVE-2022-42889
---
 CHANGELOG.md                                       |  1 +
 docker/parquet.lambda.Dockerfile                   |  4 +--
 .../parquet.spark.3.2.4-debian-11-r153.Dockerfile  | 36 ++++++++++++++++++++++
 setup.py                                           |  4 +--
 4 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e1ad6e0..fbd6d59 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 - Fixed helm chart not building/installing
 ### Security
+- Bumped Spark version to fix security vulnerability [CVE-2022-42889](https://nvd.nist.gov/vuln/detail/CVE-2022-42889)
 
 ## [0.3.0] - 2022-07-13
 ### Added
diff --git a/docker/parquet.lambda.Dockerfile b/docker/parquet.lambda.Dockerfile
index 83c8984..d6df5fc 100644
--- a/docker/parquet.lambda.Dockerfile
+++ b/docker/parquet.lambda.Dockerfile
@@ -20,7 +20,7 @@ FROM public.ecr.aws/lambda/python:3.7
 #RUN apt-get update -y && apt-get install vim -y
 
 RUN yum -y install java-1.8.0-openjdk wget curl
-RUN python3 -m pip install pyspark==3.1.2
+RUN python3 -m pip install pyspark==3.2.3
 #ENV JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto/jre
 ENV JAVA_HOME="/usr/lib/jvm/jre-1.8.0-openjdk.x86_64"
 ENV PATH=${PATH}:${JAVA_HOME}/bin
@@ -47,7 +47,7 @@ WORKDIR /usr/app
 
 COPY setup_lambda.py /usr/app
 RUN python3 /usr/app/setup_lambda.py install
-RUN python3 -m pip install pyspark==3.1.2
+RUN python3 -m pip install pyspark==3.2.3
 
 ENV PYTHONPATH="${PYTHONPATH}:/usr/app/"
 
diff --git a/docker/parquet.spark.3.2.4-debian-11-r153.Dockerfile b/docker/parquet.spark.3.2.4-debian-11-r153.Dockerfile
new file mode 100644
index 0000000..15f7611
--- /dev/null
+++ b/docker/parquet.spark.3.2.4-debian-11-r153.Dockerfile
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM bitnami/spark:3.2.4-debian-11-r153
+
+USER root
+RUN apt-get update -y && apt-get install vim -y
+RUN mkdir /usr/app
+WORKDIR /usr/app
+
+COPY setup.py /usr/app
+RUN python3 /usr/app/setup.py install
+ENV PYTHONPATH="${PYTHONPATH}:/usr/app/"
+
+RUN echo '{"auth_cred":"Mock-CDMS-Flask-Token"}' > /usr/app/cdms_flask_auth.json
+ENV authentication_key '/usr/app/cdms_flask_auth.json'
+ENV authentication_type 'FILE'
+
+COPY parquet_flask /usr/app/parquet_flask
+
+COPY in_situ_schema.json /usr/app
+ENV in_situ_schema=/usr/app/in_situ_schema.json
+
+CMD python3 -m parquet_flask
\ No newline at end of file
diff --git a/setup.py b/setup.py
index b7aa15e..4ec925c 100644
--- a/setup.py
+++ b/setup.py
@@ -29,11 +29,11 @@ from setuptools import find_packages, setup
 
 install_requires = [
     'pandas',
-    'pyspark===3.1.2',
+    'pyspark===3.2.4',
     # 'fastparquet===0.5.0',  # not using it. sticking to pyspark with spark cluster according to Nga
     'findspark===1.4.2',
     'flask===2.0.1', 'flask_restful===0.3.9', 'flask-restx===0.5.0',  # to create Flask server
-    'gevent===21.8.0', 'greenlet===1.1.1',  # to run flask server
+    'gevent===21.12.0', 'greenlet===1.1.1',  # to run flask server
     'werkzeug===2.0.1',
     'jsonschema',  # to verify json objects
     'fastjsonschema===2.15.1',