This is an automated email from the ASF dual-hosted git repository.
lidavidm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/main by this push:
new ea8b1d3c76 GH-44770: [Java] Update minor protobuf version to avoid
CVE-2024-7254 (#44775)
ea8b1d3c76 is described below
commit ea8b1d3c7666d37a2dc8b7979f88879e033f4c28
Author: Raúl Cumplido <[email protected]>
AuthorDate: Tue Nov 19 00:49:59 2024 +0100
GH-44770: [Java] Update minor protobuf version to avoid CVE-2024-7254
(#44775)
### Rationale for this change
There seems to be a CVE affecting our current dependency:
https://github.com/advisories/GHSA-735f-pc8j-v9w8
### What changes are included in this PR?
Update to latest minor which solves the issue.
### Are these changes tested?
Via CI
### Are there any user-facing changes?
No
* GitHub Issue: #44770
Authored-by: Raúl Cumplido <[email protected]>
Signed-off-by: David Li <[email protected]>
---
java/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/pom.xml b/java/pom.xml
index 9e876e302c..3666bd4440 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -98,7 +98,7 @@ under the License.
<dep.guava-bom.version>33.3.1-jre</dep.guava-bom.version>
<dep.netty-bom.version>4.1.114.Final</dep.netty-bom.version>
<dep.grpc-bom.version>1.65.0</dep.grpc-bom.version>
- <dep.protobuf-bom.version>3.25.4</dep.protobuf-bom.version>
+ <dep.protobuf-bom.version>3.25.5</dep.protobuf-bom.version>
<dep.jackson-bom.version>2.18.1</dep.jackson-bom.version>
<dep.hadoop.version>3.4.1</dep.hadoop.version>
<dep.fbs.version>24.3.25</dep.fbs.version>
