You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/02/01 17:30:42 UTC

[GitHub] [pulsar-adapters] dlg99 commented on a change in pull request #31: [Issue #29] [pulsar-spark] Adding SparkPulsarReliableReceiver

dlg99 commented on a change in pull request #31:
URL: https://github.com/apache/pulsar-adapters/pull/31#discussion_r796834223



##########
File path: pom.xml
##########
@@ -184,7 +184,7 @@
     <caffeine.version>2.6.2</caffeine.version>
     <java-semver.version>0.9.0</java-semver.version>
     <hppc.version>0.7.3</hppc.version>
-    <spark-streaming_2.10.version>2.1.0</spark-streaming_2.10.version>
+    <spark-streaming_2.11.version>2.4.4</spark-streaming_2.11.version>

Review comment:
       @aditiwari01 Is there a specific reason to use version 2.4.4? 
   It is quite old 2.4.8 is out and rather old too. 
   
   If we can upgrade to 3.2.1 (requires scala 2.12) we'll benefit from even newer release that includes updated dependencies with variety of CVEs patched, getting us from 
   ```
   Dependencies Scanned: 212 (145 unique)
   Vulnerable Dependencies: 22
   Vulnerabilities Found: 92
   ```
   to
   ```
   Dependencies Scanned: 265 (190 unique)
   Vulnerable Dependencies: 12
   Vulnerabilities Found: 45
   ```
   with the rest being suppressable.
   
   you'll need to use
   ```
   <scala-library.version>2.12.15</scala-library.version>
   <spark-streaming_2.12.version>3.2.1</spark-streaming_2.12.version>
   ```
   and exclude log4j:
   ```
          <dependency>
            <groupId>org.apache.spark</groupId>
   -        <artifactId>spark-streaming_2.10</artifactId>
   -        <version>${spark-streaming_2.10.version}</version>
   +        <artifactId>spark-streaming_2.12</artifactId>
   +        <version>${spark-streaming_2.12.version}</version>
            <exclusions>
   +          <exclusion>
   +            <groupId>log4j</groupId>
   +            <artifactId>log4j</artifactId>
   +          </exclusion>
              <exclusion>
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org