From 5f25a2ccc1643e2c1768b50194701a503d9ad168 Mon Sep 17 00:00:00 2001
From: Maxim Lapan <maxim.lapan@exasol.com>
Date: Mon, 23 Sep 2024 14:31:44 +0200
Subject: [PATCH] Fixes in docs, scope in pom

---
 doc/changes/changes_2.0.8.md | 6 +++---
 pom.xml                      | 9 +++++++++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/doc/changes/changes_2.0.8.md b/doc/changes/changes_2.0.8.md
index 5f83287..042ae37 100644
--- a/doc/changes/changes_2.0.8.md
+++ b/doc/changes/changes_2.0.8.md
@@ -1,11 +1,11 @@
-# Spark Connector Common Java 2.0.8, released 2024-09-24
+# Spark Connector Common Java 2.0.8, released 2024-09-23
 
 Code name: Fixed vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:provided
 
 ## Summary
-This release fixes vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:provided
+This release fixes vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:provided  which could lead to unbounded recursion.
 
-## Features
+## Security
 
 * #41: CVE-2024-7254: com.google.protobuf:protobuf-java:jar:3.19.6:provided
 
diff --git a/pom.xml b/pom.xml
index a9108a4..26716f5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -80,54 +80,63 @@
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>
             <version>1.26.2</version>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <!-- Upgrade transitive dependency of org.apache.spark:spark-core_2.13 to fix CVE-2023-43642 and CVE-2022-46751 -->
             <groupId>org.xerial.snappy</groupId>
             <artifactId>snappy-java</artifactId>
             <version>1.1.10.5</version>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <!-- Upgrade transitive dependency of org.apache.spark:spark-core_2.13 to fix CVE-2022-46751 -->
             <groupId>org.apache.ivy</groupId>
             <artifactId>ivy</artifactId>
             <version>2.5.2</version>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.zookeeper</groupId>
             <!-- Upgrade transitive dependency of org.apache.spark:spark-core_2.13 to fix CVE-2023-44981 -->
             <artifactId>zookeeper</artifactId>
             <version>3.9.2</version>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.avro</groupId>
             <!-- Upgrade transitive dependency of org.apache.spark:spark-core_2.13 to fix CVE-2023-44981 -->
             <artifactId>avro</artifactId>
             <version>1.11.3</version>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <!-- Upgrade transitive dependency of org.apache.spark:spark-core_2.13 to fix CVE-2024-23080 -->
             <groupId>joda-time</groupId>
             <artifactId>joda-time</artifactId>
             <version>2.12.7</version>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <!-- Upgrade transitive dependency of org.apache.spark:spark-core_2.13 to fix CVE-2024-29025 -->
             <groupId>io.netty</groupId>
             <artifactId>netty-all</artifactId>
             <version>4.1.111.Final</version>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <!-- Upgrade transitive dependency of org.apache.spark:spark-core_2.13 to fix CVE-2023-33546 -->
             <groupId>org.codehaus.janino</groupId>
             <artifactId>janino</artifactId>
             <version>3.1.12</version>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <!-- Upgrade transitive dependency of org.apache.spark:spark-network-common_2.13 to fix CVE-2024-7254 -->
             <groupId>com.google.protobuf</groupId>
             <artifactId>protobuf-java</artifactId>
             <version>3.25.5</version>
+            <scope>provided</scope>
         </dependency>
         <!-- Test Dependencies -->
         <dependency>