Skip to content

[Snyk] Security upgrade com.google.cloud.bigdataoss:gcs-connector from hadoop2-2.2.7 to 1.3.2-hadoop1#46

Open
snyk-io[bot] wants to merge 1 commit intomasterfrom
snyk-fix-7c07134e9eee52ebf2c070204d596d57
Open

[Snyk] Security upgrade com.google.cloud.bigdataoss:gcs-connector from hadoop2-2.2.7 to 1.3.2-hadoop1#46
snyk-io[bot] wants to merge 1 commit intomasterfrom
snyk-fix-7c07134e9eee52ebf2c070204d596d57

Conversation

@snyk-io
Copy link

@snyk-io snyk-io bot commented Oct 31, 2025

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

  • pom.xml

Merge Risk: High

This is a major downgrade and a switch between incompatible Hadoop versions. The current version hadoop2-2.2.7 is for Hadoop 2.x, while the target version 1.3.2-hadoop1 is for the obsolete Hadoop 1.x. Highlights: API Incompatibility: Hadoop 1.x and Hadoop 2.x have different and incompatible APIs. This change will cause build failures and runtime errors for any application built against Hadoop 2.x. Unsupported Downgrade: The target version 1.3.2-hadoop1 was released in 2015 and is considered obsolete. This is not a valid upgrade path. Source: Google Cloud documentation Recommendation: This dependency change is incorrect and should be reverted. Verify the intended version for your Hadoop 2 or Hadoop 3 environment and update to a compatible GCS connector version, such as a newer hadoop2- or hadoop3- artifact.

Notice 🤖: This content was generated using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.
Was this summary helpful 👍? Not helpful 👎?

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
high severity Allocation of Resources Without Limits or Throttling
SNYK-JAVA-IOGRPC-13786834		   124   com.google.cloud.bigdataoss:gcs-connector:
hadoop2-2.2.7 -> 1.3.2-hadoop1
No Path Found No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

@snyk-io
fix: pom.xml to reduce vulnerabilities
d6a4df9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-IOGRPC-13786834
@snyk-io
Copy link
Author

snyk-io bot commented Oct 31, 2025
edited
Loading

Snyk checks have failed. 4 issues have been found so far.

Status Scanner Critical High Medium Low Total (4)
Open Source Security 1 3 0 0 4 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants