This is an automated email from the ASF dual-hosted git repository. raulcd pushed a commit to branch maint-12.0.x in repository https://gitbox.apache.org/repos/asf/arrow.git
commit d563c0664c8afe345ae14adf358fbd3b22dd61ec Author: David Li <[email protected]> AuthorDate: Fri May 26 15:26:55 2023 -0400 GH-35771: [Java] Bump Jackson to avoid CVE (#35791) ### Rationale for this change A dependency has a reported CVE. ### What changes are included in this PR? Bump the dependency. ### Are these changes tested? N/A ### Are there any user-facing changes? No. **This PR contains a "Critical Fix".** * Closes: #35771 Authored-by: David Li <[email protected]> Signed-off-by: David Li <[email protected]> --- java/flight/flight-sql-jdbc-driver/pom.xml | 2 +- java/pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/java/flight/flight-sql-jdbc-driver/pom.xml b/java/flight/flight-sql-jdbc-driver/pom.xml index 9571f61ef7..f6cb06e626 100644 --- a/java/flight/flight-sql-jdbc-driver/pom.xml +++ b/java/flight/flight-sql-jdbc-driver/pom.xml @@ -41,7 +41,7 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-shade-plugin</artifactId> - <version>3.2.4</version> + <version>3.4.1</version> <executions> <execution> <phase>package</phase> diff --git a/java/pom.xml b/java/pom.xml index b9d22cdc58..3b67f98e3d 100644 --- a/java/pom.xml +++ b/java/pom.xml @@ -36,7 +36,7 @@ <dep.netty-bom.version>4.1.82.Final</dep.netty-bom.version> <dep.grpc-bom.version>1.49.1</dep.grpc-bom.version> <dep.protobuf-bom.version>3.21.6</dep.protobuf-bom.version> - <dep.jackson-bom.version>2.13.4</dep.jackson-bom.version> + <dep.jackson-bom.version>2.15.1</dep.jackson-bom.version> <dep.hadoop.version>2.7.1</dep.hadoop.version> <dep.fbs.version>1.12.0</dep.fbs.version> <dep.avro.version>1.10.0</dep.avro.version>
