This is an automated email from the ASF dual-hosted git repository. yong pushed a commit to branch branch-4.16 in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
commit d2cacdd964da93baadb1c68da48769cf28ac6eff Author: ZhangJian He <[email protected]> AuthorDate: Mon Jul 3 11:06:28 2023 +0800 Bump guava version from 31.0.1-jre to 32.0.1-jre (#4008) ### Motivation Bump guava version from 31.0.1-jre to 32.0.1-jre, Fix CVE-2023-2976 (cherry picked from commit 52e780f326c6cb5f303b51aa6ab5363c8e94b074) --- bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 8 ++++---- bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 8 ++++---- bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 8 ++++---- pom.xml | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt index 139d7d2498..2e2bd767af 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt @@ -208,7 +208,7 @@ Apache Software License, Version 2. - lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] - lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] - lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3] -- lib/com.google.guava-guava-31.0.1-jre.jar [4] +- lib/com.google.guava-guava-32.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] - lib/commons-cli-commons-cli-1.2.jar [5] @@ -309,7 +309,7 @@ Apache Software License, Version 2. - lib/com.google.http-client-google-http-client-1.41.0.jar [43] - lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43] - lib/com.google.auto.value-auto-value-annotations-1.9.jar [44] -- lib/com.google.j2objc-j2objc-annotations-1.3.jar [45] +- lib/com.google.j2objc-j2objc-annotations-2.8.jar [45] - lib/com.google.re2j-re2j-1.6.jar [46] - lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [47] - lib/io.dropwizard.metrics-metrics-graphite-4.1.12.1.jar [47] @@ -325,7 +325,7 @@ Apache Software License, Version 2. [1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4 [2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4 [3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2 -[4] Source available at https://github.com/google/guava/tree/v31.0.1 +[4] Source available at https://github.com/google/guava/tree/v32.0.1 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2 [7] Source available at https://github.com/apache/commons-configuration/tree/CONFIGURATION_1_10 @@ -681,7 +681,7 @@ This product uses the annotations from The Checker Framework, which are licensed MIT License. For details, see deps/checker-qual-3.5.0/LICENSE Bundles as - - lib/org.checkerframework-checker-qual-3.12.0.jar + - lib/org.checkerframework-checker-qual-3.33.0.jar ------------------------------------------------------------------------------------ This product bundles the Reactive Streams library, which is licensed under Public Domain (CC0). For details, see deps/reactivestreams-1.0.3/LICENSE diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt index d48f589b77..edda66b1c7 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt @@ -208,7 +208,7 @@ Apache Software License, Version 2. - lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] - lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] - lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3] -- lib/com.google.guava-guava-31.0.1-jre.jar [4] +- lib/com.google.guava-guava-32.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] - lib/commons-cli-commons-cli-1.2.jar [5] @@ -284,7 +284,7 @@ Apache Software License, Version 2. - lib/com.google.auto.value-auto-value-annotations-1.9.jar [42] - lib/com.google.http-client-google-http-client-1.41.0.jar [43] - lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43] -- lib/com.google.j2objc-j2objc-annotations-1.3.jar [44] +- lib/com.google.j2objc-j2objc-annotations-2.8.jar [44] - lib/com.google.re2j-re2j-1.6.jar [45] - lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [46] - lib/io.perfmark-perfmark-api-0.25.0.jar [47] @@ -296,7 +296,7 @@ Apache Software License, Version 2. [1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4 [2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4 [3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2 -[4] Source available at https://github.com/google/guava/tree/v31.0.1 +[4] Source available at https://github.com/google/guava/tree/v32.0.1 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2 [7] Source available at https://github.com/apache/commons-configuration/tree/CONFIGURATION_1_10 @@ -601,7 +601,7 @@ This product uses the annotations from The Checker Framework, which are licensed MIT License. For details, see deps/checker-qual-3.5.0/LICENSE Bundles as - - lib/org.checkerframework-checker-qual-3.12.0.jar + - lib/org.checkerframework-checker-qual-3.33.0.jar ------------------------------------------------------------------------------------ This product bundles the Reactive Streams library, which is licensed under Public Domain (CC0). For details, see deps/reactivestreams-1.0.3/LICENSE diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt index 3f757a83f9..4274a00de6 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt @@ -208,7 +208,7 @@ Apache Software License, Version 2. - lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1] - lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2] - lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3] -- lib/com.google.guava-guava-31.0.1-jre.jar [4] +- lib/com.google.guava-guava-32.0.1-jre.jar [4] - lib/com.google.guava-failureaccess-1.0.1.jar [4] - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4] - lib/commons-cli-commons-cli-1.2.jar [5] @@ -309,7 +309,7 @@ Apache Software License, Version 2. - lib/com.google.http-client-google-http-client-1.41.0.jar [43] - lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43] - lib/com.google.auto.value-auto-value-annotations-1.9.jar [44] -- lib/com.google.j2objc-j2objc-annotations-1.3.jar [45] +- lib/com.google.j2objc-j2objc-annotations-2.8.jar [45] - lib/com.google.re2j-re2j-1.6.jar [46] - lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [47] - lib/io.perfmark-perfmark-api-0.25.0.jar [48] @@ -321,7 +321,7 @@ Apache Software License, Version 2. [1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4 [2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4 [3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2 -[4] Source available at https://github.com/google/guava/tree/v31.0.1 +[4] Source available at https://github.com/google/guava/tree/v32.0.1 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2 [7] Source available at https://github.com/apache/commons-configuration/tree/CONFIGURATION_1_10 @@ -670,7 +670,7 @@ This product uses the annotations from The Checker Framework, which are licensed MIT License. For details, see deps/checker-qual-3.5.0/LICENSE Bundles as - - lib/org.checkerframework-checker-qual-3.12.0.jar + - lib/org.checkerframework-checker-qual-3.33.0.jar ------------------------------------------------------------------------------------ This product bundles the Reactive Streams library, which is licensed under Public Domain (CC0). For details, see deps/reactivestreams-1.0.3/LICENSE diff --git a/pom.xml b/pom.xml index f7a4bdda8c..aa2603bbba 100644 --- a/pom.xml +++ b/pom.xml @@ -133,7 +133,7 @@ <google.code.version>3.0.2</google.code.version> <google.errorprone.version>2.9.0</google.errorprone.version> <grpc.version>1.54.1</grpc.version> - <guava.version>31.0.1-jre</guava.version> + <guava.version>32.0.1-jre</guava.version> <kerby.version>1.1.1</kerby.version> <hadoop.version>3.3.5</hadoop.version> <hamcrest.version>1.3</hamcrest.version>
