This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-java.git
The following commit(s) were added to refs/heads/main by this push:
new 40cc35ec MINOR: Bump com.google.guava:guava-bom from 33.4.0-jre to
33.4.5-jre (#683)
40cc35ec is described below
commit 40cc35ecb445bbfab07c256a6a5d7a262e122de4
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Mon Mar 24 14:11:04 2025 +0100
MINOR: Bump com.google.guava:guava-bom from 33.4.0-jre to 33.4.5-jre (#683)
Bumps [com.google.guava:guava-bom](https://github.com/google/guava) from
33.4.0-jre to 33.4.5-jre.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/guava/releases";>com.google.guava:guava-bom's
releases</a>.</em></p>
<blockquote>
<h2>33.4.5</h2>
<p>Even if you're not upgrading from Guava 33.4.0 or earlier, still read
<a href="https://github.com/google/guava/releases/tag/v33.4.1";>the
release notes for Guava 33.4.1</a>. Those release notes contain
information about Guava 33.4.5's effect on the module system.</p>
<h3>Maven</h3>
<pre lang="xml"><code><dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>33.4.5-jre</version>
<!-- or, for Android: -->
<version>33.4.5-android</version>
</dependency>
</code></pre>
<h3>Jar files</h3>
<ul>
<li><a
href="https://repo1.maven.org/maven2/com/google/guava/guava/33.4.5-jre/guava-33.4.5-jre.jar";>33.4.5-jre.jar</a></li>
<li><a
href="https://repo1.maven.org/maven2/com/google/guava/guava/33.4.5-android/guava-33.4.5-android.jar";>33.4.5-android.jar</a></li>
</ul>
<p>Guava requires <a
href="https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies";>one
runtime dependency</a>, which you can download here:</p>
<ul>
<li><a
href="https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.3/failureaccess-1.0.3.jar";>failureaccess-1.0.3.jar</a></li>
</ul>
<h3>Javadoc</h3>
<ul>
<li><a
href="https://guava.dev/releases/33.4.5-jre/api/docs/";>33.4.5-jre</a></li>
<li><a
href="https://guava.dev/releases/33.4.5-android/api/docs/";>33.4.5-android</a></li>
</ul>
<h3>JDiff</h3>
<ul>
<li><a
href="https://guava.dev/releases/33.4.5-jre/api/diffs/";>33.4.5-jre vs.
33.4.4-jre</a></li>
<li><a
href="https://guava.dev/releases/33.4.5-android/api/diffs/";>33.4.5-android
vs. 33.4.4-android</a></li>
<li><a
href="https://guava.dev/releases/33.4.5-android/api/androiddiffs/";>33.4.5-android
vs. 33.4.5-jre</a></li>
</ul>
<h3>Changelog</h3>
<ul>
<li>Changed the Guava jar (plus <code>guava-testlib</code> and <a
href="https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies";><code>failureaccess</code></a>
jars) to be a modular jar. (7a71ea0bfa, 287c701a86)</li>
<li>Changed various classes to stop using <code>sun.misc.Unsafe</code>
under Java 9+. (ee63055ddd, 80aab00dc5b7a36785f5e09b6a54397388980cde,
400af25292096746ed3f6164f0ff88209acbb19f,
71d0692d418a5dd001c9b3786275a5f1f94e1971,
d1a3cd5037528a2ae990bfceed9cdd009fbc54de,
b3bb29a54b8f13d6f6630b6cb929867adbf6b9a0,
1a300f6b2f7ba03ae9bc3620a80c4d4589c65b69)
<ul>
<li>Note that, if you use <code>guava-android</code> on the JVM (instead
of using <code>guava-jre</code>), Guava will still try to use
<code>sun.misc.Unsafe</code>. We will do <a
href="https://redirect.github.com/google/guava/issues/6806#issuecomment-2738313040";>further
work</a> on this in the future.</li>
</ul>
</li>
<li>Belatedly updated the Public Suffix List data.
(ee3b9c64382037f72b3a8341915cc64b87850b53,
d25d62fc843ece1c3866859bc8639b815093eac8)</li>
</ul>
<p>Special thanks to <a
href="https://github.com/sgammon";><code>@sgammon</code></a> for <a
href="https://javamodules.dev/";>his modularization efforts</a>.</p>
<h2>33.4.4</h2>
<p>This is one of a series of releases that improve Guava's nullness
annotations. For more information, including troubleshooting help, see
<a href="https://github.com/google/guava/releases/tag/v33.4.1";>the
release notes for Guava 33.4.1</a>. Most users can update directly to
Guava 33.4.5.</p>
<h3>Maven</h3>
<pre lang="xml"><code></tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/google/guava/commits";>compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: JB Onofré <[email protected]>
---
flight/flight-integration-tests/src/shade/LICENSE.txt | 2 +-
flight/flight-sql-jdbc-driver/src/shade/LICENSE.txt | 2 +-
pom.xml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/flight/flight-integration-tests/src/shade/LICENSE.txt
b/flight/flight-integration-tests/src/shade/LICENSE.txt
index a23e96e9..484542fd 100644
--- a/flight/flight-integration-tests/src/shade/LICENSE.txt
+++ b/flight/flight-integration-tests/src/shade/LICENSE.txt
@@ -265,7 +265,7 @@ License: https://www.apache.org/licenses/LICENSE-2.0
--------------------------------------------------------------------------------
-This binary artifact contains Guava 33.4.0-jre.
+This binary artifact contains Guava 33.4.5-jre.
Home page: https://github.com/google/guava
License: https://www.apache.org/licenses/LICENSE-2.0
diff --git a/flight/flight-sql-jdbc-driver/src/shade/LICENSE.txt
b/flight/flight-sql-jdbc-driver/src/shade/LICENSE.txt
index 553fa802..1048fa8a 100644
--- a/flight/flight-sql-jdbc-driver/src/shade/LICENSE.txt
+++ b/flight/flight-sql-jdbc-driver/src/shade/LICENSE.txt
@@ -227,7 +227,7 @@ License: https://www.apache.org/licenses/LICENSE-2.0
--------------------------------------------------------------------------------
-This binary artifact contains Guava 33.4.0-jre.
+This binary artifact contains Guava 33.4.5-jre.
Home page: https://github.com/google/guava
License: https://www.apache.org/licenses/LICENSE-2.0
diff --git a/pom.xml b/pom.xml
index 6a0f06e7..8614db03 100644
--- a/pom.xml
+++ b/pom.xml
@@ -95,7 +95,7 @@ under the License.
<dep.junit.platform.version>1.9.0</dep.junit.platform.version>
<dep.junit.jupiter.version>5.12.1</dep.junit.jupiter.version>
<dep.slf4j.version>2.0.17</dep.slf4j.version>
- <dep.guava-bom.version>33.4.0-jre</dep.guava-bom.version>
+ <dep.guava-bom.version>33.4.5-jre</dep.guava-bom.version>
<dep.netty-bom.version>4.1.119.Final</dep.netty-bom.version>
<dep.grpc-bom.version>1.71.0</dep.grpc-bom.version>
<dep.protobuf-bom.version>4.30.1</dep.protobuf-bom.version>
