[Snyk] Security upgrade com.google.cloud.bigdataoss:gcs-connector from hadoop2-2.2.7 to 1.3.2-hadoop1

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15907551	125	com.google.cloud.bigdataoss:gcs-connector: hadoop2-2.2.7 -> 1.3.2-hadoop1 No Path Found No Known Exploit

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[snyk-io]

This is not an upgrade but a major and severe downgrade to an obsolete version of the GCS connector. The change is from a version designed for Hadoop 2 (hadoop2-2.2.7, released in 2022) to a version for Hadoop 1 (1.3.2-hadoop1, released in 2015). This will cause significant breaking changes.

Key Breaking Changes:

• Hadoop Version Incompatibility: The fundamental APIs between Hadoop 1 and Hadoop 2 are different. The hadoop2- connector is built against Hadoop 2.x libraries, while the hadoop1- connector is built for the long-obsolete Hadoop 1.x. An application environment using Hadoop 2 will fail to run with a connector designed for Hadoop 1.
• Feature and Security Regression: The target version 1.3.2-hadoop1 is from early 2015 and lacks over seven years of critical security patches, performance improvements, and features that are present in the 2.2.7 version.
• Removed Support: Support for Hadoop 1.x was officially removed in version 2.0.0 of the connector, which was released in 2019.

Recommendation: Do not proceed with this change. This dependency modification is likely a mistake. The system should be using a modern version of the connector compatible with its Hadoop environment (e.g., a newer hadoop2- or hadoop3- version).

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

⛔ Snyk checks have failed. 4 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (4)
⛔	Open Source Security	1	3	0	0	4 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.