[Snyk] Fix for 1 vulnerabilities

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Insertion of Sensitive Information into Log File SNYK-JAVA-ORGAPACHEZOOKEEPER-15443353	115	org.apache.curator:curator-framework: 2.7.1 -> 2.9.0 org.apache.curator:curator-recipes: 2.7.1 -> 2.9.0 org.apache.hadoop:hadoop-client: 2.10.2 -> 3.0.0 org.apache.hive:hive-jdbc: 2.3.4 -> 4.0.0 org.apache.hive:hive-metastore: 2.3.4 -> 4.0.0 Major version upgrade No Path Found No Known Exploit

Breaking Change Risk

Notice: This assessment is enhanced by AI.

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade org.apache.hudi:hudi-common@1.0.0-SNAPSHOT to org.apache.hudi:hudi-common@1.1.0; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Insertion of Sensitive Information into Log File

[snyk-io]

This release includes several major version upgrades with significant breaking changes, requiring careful review and likely code modifications.

Highlights:

• org.apache.hadoop:hadoop-client 2.10.2 → 3.0.0 (HIGH RISK): This is a major release with several breaking changes. The minimum required Java version has been increased from 7 to 8. Default ports for several services, including the NameNode and DataNode, have been changed to move them out of the Linux ephemeral port range. Additionally, there are API changes, such as replacing com.google.com.base.Optional with java.util.Optional in ReconfigurationTaskStatus and changing some logging variables from org.apache.commons.logging.Log to org.slf4j.Logger. Shell scripts have also been rewritten.

• org.apache.hive:hive-jdbc & hive-metastore 2.3.4 → 4.0.0 (HIGH RISK): This major upgrade introduces significant changes and deprecations. Support for Hadoop 2.x is dropped, and Hadoop 3.3.6 is now required. Hive on MR and Hive on Spark have been deprecated. There are breaking changes in the ThriftHiveMetastore.Client, where older APIs like get_table have been deprecated in favor of newer ones like get_table_req. The default null collation has been changed to NULLS LAST, which will affect the results of ORDER BY clauses. The installer now requires a JRE of Java SE 11 or higher.

• org.apache.curator:curator-framework & curator-recipes 2.7.1 → 2.9.0 (LOW RISK): This is a minor update. The release notes for 2.8.0 and 2.9.0 indicate bug fixes and improvements without any documented breaking changes.

• org.apache.hudi:hudi-common 1.0.0-SNAPSHOT → 1.1.0 (MEDIUM RISK): This release introduces a pluggable table format framework and deprecates payload classes in favor of merge modes and merger APIs. While many changes are designed to be backward compatible, the introduction of a new framework and API deprecations warrant a medium risk assessment to ensure existing implementations are not affected.

Recommendation: Developers should prioritize reviewing the Hadoop and Hive upgrades. The move to Hadoop 3.0 and Hive 4.0 will require environment and code changes. Validate application compatibility with the new Java version requirement and updated APIs. Test queries for changes in ORDER BY behavior due to the new null collation in Hive.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

⛔ Snyk checks have failed. 723 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (723)
⛔	Open Source Security	104	604	0	0	708 issues
⛔	Licenses	0	15	0	0	15 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.