ipex-llm icon indicating copy to clipboard operation
ipex-llm copied to clipboard
verified publisher icon intel-analytics

Facing vulnerability issue with pyspark and ray version using bigdl-spark3==2.4.0

Open SjeYinTeoIntel opened this issue 1 year ago • 1 comments

Below result is from trivy scan where pyspark==3.1.3 and ray==2.6.3 having vulnerability issue. image

I'm trying to upgrade pyspark to 3.2.2 version but it will incompatible with bigdl-dllib-spark3 2.4.0. image

when trying to upgrade ray to latest version, bigdl-nano 2.4.0 requires protobuf==3.19.5 where only compatible to ray==2.6.3. image

Is there a new release that using updated pyspark & ray library?

SjeYinTeoIntel avatar Jan 15 '24 08:01 SjeYinTeoIntel

Hi @SjeYinTeoIntel, we do not have a release for pyspark 3.2.2 and ray 2.9.0, but you could run BigDL applications on pyspark 3.2.2. Installing BigDL will automatically install the required corresponding versions of dependencies.

sgwhat avatar Jan 16 '24 02:01 sgwhat