This is an automated email from the ASF dual-hosted git repository.
lidavidm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/main by this push:
new 0b56c67706 GH-35771: [Java] Bump Jackson to avoid CVE (#35791)
0b56c67706 is described below
commit 0b56c67706aba22bf9a88bd3c223f34590bbc863
Author: David Li <[email protected]>
AuthorDate: Fri May 26 15:26:55 2023 -0400
GH-35771: [Java] Bump Jackson to avoid CVE (#35791)
### Rationale for this change
A dependency has a reported CVE.
### What changes are included in this PR?
Bump the dependency.
### Are these changes tested?
N/A
### Are there any user-facing changes?
No.
**This PR contains a "Critical Fix".**
* Closes: #35771
Authored-by: David Li <[email protected]>
Signed-off-by: David Li <[email protected]>
---
java/flight/flight-sql-jdbc-driver/pom.xml | 2 +-
java/pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/java/flight/flight-sql-jdbc-driver/pom.xml
b/java/flight/flight-sql-jdbc-driver/pom.xml
index 8347f27b87..6ba947997d 100644
--- a/java/flight/flight-sql-jdbc-driver/pom.xml
+++ b/java/flight/flight-sql-jdbc-driver/pom.xml
@@ -164,7 +164,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <version>3.2.4</version>
+ <version>3.4.1</version>
<executions>
<execution>
<phase>package</phase>
diff --git a/java/pom.xml b/java/pom.xml
index 2a7a3b4920..ce393fed87 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -36,7 +36,7 @@
<dep.netty-bom.version>4.1.82.Final</dep.netty-bom.version>
<dep.grpc-bom.version>1.49.1</dep.grpc-bom.version>
<dep.protobuf-bom.version>3.21.6</dep.protobuf-bom.version>
- <dep.jackson-bom.version>2.13.4</dep.jackson-bom.version>
+ <dep.jackson-bom.version>2.15.1</dep.jackson-bom.version>
<dep.hadoop.version>2.7.1</dep.hadoop.version>
<dep.fbs.version>1.12.0</dep.fbs.version>
<dep.avro.version>1.10.0</dep.avro.version>
