This is an automated email from the ASF dual-hosted git repository. yong pushed a commit to branch branch-4.15 in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
commit 3c6125589a74c1c653bbc088cb9fbaa2eaaca933 Author: Lari Hotari <[email protected]> AuthorDate: Tue Jun 20 06:33:49 2023 +0300 Upgrade grpc and protobuf to address CVE-2023-32732 (#3992) ### Motivation OWASP dependency check fails because of CVE-2023-32732 in grpc. ### Changes * Upgrade grpc to 1.56.0 * Upgrade protobuf to 3.22.3 to match the version used in grpc 1.56.0 * Upgrade other grpc/protobuf related libs (cherry picked from commit e188ed82d39705132a2b4848a240dc60c50cd72b) --- .../src/main/resources/LICENSE-all.bin.txt | 64 +++++++++++----------- .../src/main/resources/LICENSE-bkctl.bin.txt | 64 +++++++++++----------- .../src/main/resources/LICENSE-server.bin.txt | 64 +++++++++++----------- .../src/main/resources/NOTICE-all.bin.txt | 18 +++--- .../src/main/resources/NOTICE-bkctl.bin.txt | 18 +++--- .../src/main/resources/NOTICE-server.bin.txt | 18 +++--- metadata-drivers/etcd/pom.xml | 8 +++ pom.xml | 6 +- stream/common/pom.xml | 8 +++ stream/tests-common/pom.xml | 8 +++ 10 files changed, 150 insertions(+), 126 deletions(-) diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt index 8f93a47830..dd0c4c1fcf 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt @@ -269,26 +269,26 @@ Apache Software License, Version 2. - lib/com.yahoo.datasketches-memory-0.8.3.jar [25] - lib/com.yahoo.datasketches-sketches-core-0.8.3.jar [25] - lib/net.jpountz.lz4-lz4-1.3.0.jar [26] -- lib/com.google.api.grpc-proto-google-common-protos-2.0.1.jar [28] -- lib/com.google.code.gson-gson-2.9.0.jar [29] +- lib/com.google.api.grpc-proto-google-common-protos-2.17.0.jar [28] +- lib/com.google.code.gson-gson-2.10.1.jar [29] - lib/io.opencensus-opencensus-api-0.28.0.jar [30] - lib/io.opencensus-opencensus-contrib-http-util-0.28.0.jar [30] - lib/io.opencensus-opencensus-proto-0.2.0.jar [30] -- lib/io.grpc-grpc-all-1.47.0.jar [33] -- lib/io.grpc-grpc-alts-1.47.0.jar [33] -- lib/io.grpc-grpc-api-1.47.0.jar [33] -- lib/io.grpc-grpc-auth-1.47.0.jar [33] -- lib/io.grpc-grpc-context-1.47.0.jar [33] -- lib/io.grpc-grpc-core-1.47.0.jar [33] -- lib/io.grpc-grpc-grpclb-1.47.0.jar [33] -- lib/io.grpc-grpc-netty-1.47.0.jar [33] -- lib/io.grpc-grpc-protobuf-1.47.0.jar [33] -- lib/io.grpc-grpc-protobuf-lite-1.47.0.jar [33] -- lib/io.grpc-grpc-services-1.47.0.jar [33] -- lib/io.grpc-grpc-stub-1.47.0.jar [33] -- lib/io.grpc-grpc-testing-1.47.0.jar [33] -- lib/io.grpc-grpc-xds-1.47.0.jar [33] -- lib/io.grpc-grpc-rls-1.47.0.jar[33] +- lib/io.grpc-grpc-all-1.56.0.jar [33] +- lib/io.grpc-grpc-alts-1.56.0.jar [33] +- lib/io.grpc-grpc-api-1.56.0.jar [33] +- lib/io.grpc-grpc-auth-1.56.0.jar [33] +- lib/io.grpc-grpc-context-1.56.0.jar [33] +- lib/io.grpc-grpc-core-1.56.0.jar [33] +- lib/io.grpc-grpc-grpclb-1.56.0.jar [33] +- lib/io.grpc-grpc-netty-1.56.0.jar [33] +- lib/io.grpc-grpc-protobuf-1.56.0.jar [33] +- lib/io.grpc-grpc-protobuf-lite-1.56.0.jar [33] +- lib/io.grpc-grpc-services-1.56.0.jar [33] +- lib/io.grpc-grpc-stub-1.56.0.jar [33] +- lib/io.grpc-grpc-testing-1.56.0.jar [33] +- lib/io.grpc-grpc-xds-1.56.0.jar [33] +- lib/io.grpc-grpc-rls-1.56.0.jar[33] - lib/org.apache.curator-curator-client-5.1.0.jar [34] - lib/org.apache.curator-curator-framework-5.1.0.jar [34] - lib/org.apache.curator-curator-recipes-5.1.0.jar [34] @@ -302,15 +302,15 @@ Apache Software License, Version 2. - lib/com.google.android-annotations-4.1.1.4.jar [42] - lib/com.google.http-client-google-http-client-1.41.0.jar [43] - lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43] -- lib/com.google.auto.value-auto-value-annotations-1.9.jar [44] +- lib/com.google.auto.value-auto-value-annotations-1.10.1.jar [44] - lib/com.google.j2objc-j2objc-annotations-1.3.jar [45] -- lib/com.google.re2j-re2j-1.5.jar [46] +- lib/com.google.re2j-re2j-1.7.jar [46] - lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [47] - lib/io.dropwizard.metrics-metrics-graphite-4.1.12.1.jar [47] - lib/io.dropwizard.metrics-metrics-jmx-4.1.12.1.jar [47] - lib/io.dropwizard.metrics-metrics-jvm-4.1.12.1.jar [47] -- lib/io.perfmark-perfmark-api-0.25.0.jar [48] -- lib/org.conscrypt-conscrypt-openjdk-uber-2.5.1.jar [49] +- lib/io.perfmark-perfmark-api-0.26.0.jar [48] +- lib/org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar [49] - lib/org.xerial.snappy-snappy-java-1.1.7.7.jar [50] - lib/io.reactivex.rxjava3-rxjava-3.0.1.jar [51] - lib/org.hdrhistogram-HdrHistogram-2.1.10.jar [52] @@ -341,10 +341,10 @@ Apache Software License, Version 2. [24] Source available at https://github.com/cbeust/jcommander/tree/1.82 [25] Source available at https://github.com/DataSketches/sketches-core/tree/sketches-0.8.3 [26] Source available at https://github.com/lz4/lz4-java/tree/1.3.0 -[28] Source available at https://github.com/googleapis/java-common-protos/tree/v2.0.1 -[29] Source available at https://github.com/google/gson/tree/gson-parent-2.9.0 +[28] Source available at https://github.com/googleapis/java-common-protos/tree/v2.17.0 +[29] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1 [30] Source available at https://github.com/census-instrumentation/opencensus-java/tree/v0.28.0 -[33] Source available at https://github.com/grpc/grpc-java/tree/v1.47.0 +[33] Source available at https://github.com/grpc/grpc-java/tree/v1.56.0 [34] Source available at https://github.com/apache/curator/releases/tag/apache.curator-5.1.0 [35] Source available at https://github.com/inferred/FreeBuilder/tree/v2.7.0 [36] Source available at https://github.com/google/error-prone/tree/v2.9.0 @@ -355,12 +355,12 @@ Apache Software License, Version 2. [41] Source available at https://github.com/apache/thrift/tree/0.14.2 [42] Source available at https://source.android.com/ [43] Source available at https://github.com/googleapis/google-http-java-client/releases/tag/v1.41.0 -[44] Source available at https://github.com/google/auto/releases/tag/auto-value-1.9 +[44] Source available at https://github.com/google/auto/releases/tag/auto-value-1.10.1 [45] Source available at https://github.com/google/j2objc/releases/tag/1.3 -[46] Source available at https://github.com/google/re2j/releases/tag/re2j-1.5 +[46] Source available at https://github.com/google/re2j/releases/tag/re2j-1.7 [47] Source available at https://github.com/dropwizard/metrics/releases/tag/v4.1.12.1 -[48] Source available at https://github.com/perfmark/perfmark/releases/tag/v0.25.0 -[49] Source available at https://github.com/google/conscrypt/releases/tag/2.5.1 +[48] Source available at https://github.com/perfmark/perfmark/releases/tag/v0.26.0 +[49] Source available at https://github.com/google/conscrypt/releases/tag/2.5.2 [50] Source available at https://github.com/google/snappy/releases/tag/1.1.7.7 [51] Source available at https://github.com/ReactiveX/RxJava/tree/v3.0.1 [52] Source available at https://github.com/HdrHistogram/HdrHistogram/tree/HdrHistogram-2.1.10 @@ -634,13 +634,13 @@ This product bundles Google Protocol Buffers, which is available under a "3-clau license. Bundled as - - lib/com.google.protobuf-protobuf-java-3.19.6.jar -Source available at https://github.com/google/protobuf/tree/v3.19.6 + - lib/com.google.protobuf-protobuf-java-3.22.3.jar +Source available at https://github.com/google/protobuf/tree/v3.22.3 For details, see deps/protobuf-3.14.0/LICENSE. Bundled as - - lib/com.google.protobuf-protobuf-java-util-3.19.6.jar -Source available at https://github.com/protocolbuffers/protobuf/tree/v3.19.6 + - lib/com.google.protobuf-protobuf-java-util-3.22.3.jar +Source available at https://github.com/protocolbuffers/protobuf/tree/v3.22.3 For details, see deps/protobuf-3.12.0/LICENSE. ------------------------------------------------------------------------------------ This product bundles the JCP Standard Java Servlet API, which is available under a diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt index 5416d4b1e7..0507641edd 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt @@ -248,26 +248,26 @@ Apache Software License, Version 2. - lib/org.apache.zookeeper-zookeeper-3.8.0-tests.jar [20] - lib/com.beust-jcommander-1.82.jar [23] - lib/net.jpountz.lz4-lz4-1.3.0.jar [25] -- lib/com.google.api.grpc-proto-google-common-protos-2.0.1.jar [27] -- lib/com.google.code.gson-gson-2.9.0.jar [28] +- lib/com.google.api.grpc-proto-google-common-protos-2.17.0.jar [27] +- lib/com.google.code.gson-gson-2.10.1.jar [28] - lib/io.opencensus-opencensus-api-0.28.0.jar [29] - lib/io.opencensus-opencensus-contrib-http-util-0.28.0.jar [29] - lib/io.opencensus-opencensus-proto-0.2.0.jar [29] -- lib/io.grpc-grpc-all-1.47.0.jar [32] -- lib/io.grpc-grpc-alts-1.47.0.jar [32] -- lib/io.grpc-grpc-api-1.47.0.jar [32] -- lib/io.grpc-grpc-auth-1.47.0.jar [32] -- lib/io.grpc-grpc-context-1.47.0.jar [32] -- lib/io.grpc-grpc-core-1.47.0.jar [32] -- lib/io.grpc-grpc-grpclb-1.47.0.jar [32] -- lib/io.grpc-grpc-netty-1.47.0.jar [32] -- lib/io.grpc-grpc-protobuf-1.47.0.jar [32] -- lib/io.grpc-grpc-protobuf-lite-1.47.0.jar [32] -- lib/io.grpc-grpc-services-1.47.0.jar [32] -- lib/io.grpc-grpc-stub-1.47.0.jar [32] -- lib/io.grpc-grpc-testing-1.47.0.jar [32] -- lib/io.grpc-grpc-xds-1.47.0.jar [32] -- lib/io.grpc-grpc-rls-1.47.0.jar[32] +- lib/io.grpc-grpc-all-1.56.0.jar [32] +- lib/io.grpc-grpc-alts-1.56.0.jar [32] +- lib/io.grpc-grpc-api-1.56.0.jar [32] +- lib/io.grpc-grpc-auth-1.56.0.jar [32] +- lib/io.grpc-grpc-context-1.56.0.jar [32] +- lib/io.grpc-grpc-core-1.56.0.jar [32] +- lib/io.grpc-grpc-grpclb-1.56.0.jar [32] +- lib/io.grpc-grpc-netty-1.56.0.jar [32] +- lib/io.grpc-grpc-protobuf-1.56.0.jar [32] +- lib/io.grpc-grpc-protobuf-lite-1.56.0.jar [32] +- lib/io.grpc-grpc-services-1.56.0.jar [32] +- lib/io.grpc-grpc-stub-1.56.0.jar [32] +- lib/io.grpc-grpc-testing-1.56.0.jar [32] +- lib/io.grpc-grpc-xds-1.56.0.jar [32] +- lib/io.grpc-grpc-rls-1.56.0.jar[32] - lib/org.apache.curator-curator-client-5.1.0.jar [33] - lib/org.apache.curator-curator-framework-5.1.0.jar [33] - lib/org.apache.curator-curator-recipes-5.1.0.jar [33] @@ -279,14 +279,14 @@ Apache Software License, Version 2. - lib/org.apache.httpcomponents-httpcore-4.4.15.jar [39] - lib/org.apache.thrift-libthrift-0.14.2.jar [40] - lib/com.google.android-annotations-4.1.1.4.jar [41] -- lib/com.google.auto.value-auto-value-annotations-1.9.jar [42] +- lib/com.google.auto.value-auto-value-annotations-1.10.1.jar [42] - lib/com.google.http-client-google-http-client-1.41.0.jar [43] - lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43] - lib/com.google.j2objc-j2objc-annotations-1.3.jar [44] -- lib/com.google.re2j-re2j-1.5.jar [45] +- lib/com.google.re2j-re2j-1.7.jar [45] - lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [46] -- lib/io.perfmark-perfmark-api-0.25.0.jar [47] -- lib/org.conscrypt-conscrypt-openjdk-uber-2.5.1.jar [49] +- lib/io.perfmark-perfmark-api-0.26.0.jar [47] +- lib/org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar [49] - lib/org.xerial.snappy-snappy-java-1.1.7.7.jar [50] - lib/io.reactivex.rxjava3-rxjava-3.0.1.jar [51] @@ -308,10 +308,10 @@ Apache Software License, Version 2. [20] Source available at https://github.com/apache/zookeeper/tree/release-3.8.0 [23] Source available at https://github.com/cbeust/jcommander/tree/1.82 [25] Source available at https://github.com/lz4/lz4-java/tree/1.3.0 -[27] Source available at https://github.com/googleapis/java-common-protos/tree/v2.0.1 -[28] Source available at https://github.com/google/gson/tree/gson-parent-2.9.0 +[27] Source available at https://github.com/googleapis/java-common-protos/tree/v2.17.0 +[28] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1 [29] Source available at https://github.com/census-instrumentation/opencensus-java/tree/v0.28.0 -[32] Source available at https://github.com/grpc/grpc-java/tree/v1.47.0 +[32] Source available at https://github.com/grpc/grpc-java/tree/v1.56.0 [33] Source available at https://github.com/apache/curator/tree/apache-curator-5.1.0 [34] Source available at https://github.com/inferred/FreeBuilder/tree/v2.7.0 [35] Source available at https://github.com/google/error-prone/tree/v2.9.0 @@ -321,13 +321,13 @@ Apache Software License, Version 2. [39] Source available at https://github.com/apache/httpcomponents-core/tree/rel/v4.4.15 [40] Source available at https://github.com/apache/thrift/tree/0.14.2 [41] Source available at https://source.android.com/ -[42] Source available at https://github.com/google/auto/releases/tag/auto-value-1.9 +[42] Source available at https://github.com/google/auto/releases/tag/auto-value-1.10.1 [43] Source available at https://github.com/googleapis/google-http-java-client/releases/tag/v1.41.0 [44] Source available at https://github.com/google/j2objc/releases/tag/1.3 -[45] Source available at https://github.com/google/re2j/releases/tag/re2j-1.5 +[45] Source available at https://github.com/google/re2j/releases/tag/re2j-1.7 [46] Source available at https://github.com/dropwizard/metrics/releases/tag/v4.1.12.1 -[47] Source available at https://github.com/perfmark/perfmark/releases/tag/v0.25.0 -[49] Source available at https://github.com/google/conscrypt/releases/tag/2.5.1 +[47] Source available at https://github.com/perfmark/perfmark/releases/tag/v0.26.0 +[49] Source available at https://github.com/google/conscrypt/releases/tag/2.5.2 [50] Source available at https://github.com/google/snappy/releases/tag/1.1.7.7 [51] Source available at https://github.com/ReactiveX/RxJava/tree/v3.0.1 @@ -563,13 +563,13 @@ This product bundles Google Protocol Buffers, which is available under a "3-clau license. Bundled as - - lib/com.google.protobuf-protobuf-java-3.19.6.jar -Source available at https://github.com/google/protobuf/tree/v3.19.6 + - lib/com.google.protobuf-protobuf-java-3.22.3.jar +Source available at https://github.com/google/protobuf/tree/v3.22.3 For details, see deps/protobuf-3.14.0/LICENSE. Bundled as - - lib/com.google.protobuf-protobuf-java-util-3.19.6.jar -Source available at https://github.com/protocolbuffers/protobuf/tree/v3.19.6 + - lib/com.google.protobuf-protobuf-java-util-3.22.3.jar +Source available at https://github.com/protocolbuffers/protobuf/tree/v3.22.3 For details, see deps/protobuf-3.12.0/LICENSE. ------------------------------------------------------------------------------------ This product bundles Simple Logging Facade for Java, which is available under a diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt index 6164fc2eef..8deaf1cd86 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt @@ -269,26 +269,26 @@ Apache Software License, Version 2. - lib/com.yahoo.datasketches-memory-0.8.3.jar [25] - lib/com.yahoo.datasketches-sketches-core-0.8.3.jar [25] - lib/net.jpountz.lz4-lz4-1.3.0.jar [26] -- lib/com.google.api.grpc-proto-google-common-protos-2.0.1.jar [28] -- lib/com.google.code.gson-gson-2.9.0.jar [29] +- lib/com.google.api.grpc-proto-google-common-protos-2.17.0.jar [28] +- lib/com.google.code.gson-gson-2.10.1.jar [29] - lib/io.opencensus-opencensus-api-0.28.0.jar [30] - lib/io.opencensus-opencensus-contrib-http-util-0.28.0.jar [30] - lib/io.opencensus-opencensus-proto-0.2.0.jar [30] -- lib/io.grpc-grpc-all-1.47.0.jar [33] -- lib/io.grpc-grpc-alts-1.47.0.jar [33] -- lib/io.grpc-grpc-api-1.47.0.jar [33] -- lib/io.grpc-grpc-auth-1.47.0.jar [33] -- lib/io.grpc-grpc-context-1.47.0.jar [33] -- lib/io.grpc-grpc-core-1.47.0.jar [33] -- lib/io.grpc-grpc-grpclb-1.47.0.jar [33] -- lib/io.grpc-grpc-netty-1.47.0.jar [33] -- lib/io.grpc-grpc-protobuf-1.47.0.jar [33] -- lib/io.grpc-grpc-protobuf-lite-1.47.0.jar [33] -- lib/io.grpc-grpc-services-1.47.0.jar [33] -- lib/io.grpc-grpc-stub-1.47.0.jar [33] -- lib/io.grpc-grpc-testing-1.47.0.jar [33] -- lib/io.grpc-grpc-xds-1.47.0.jar [33] -- lib/io.grpc-grpc-rls-1.47.0.jar[33] +- lib/io.grpc-grpc-all-1.56.0.jar [33] +- lib/io.grpc-grpc-alts-1.56.0.jar [33] +- lib/io.grpc-grpc-api-1.56.0.jar [33] +- lib/io.grpc-grpc-auth-1.56.0.jar [33] +- lib/io.grpc-grpc-context-1.56.0.jar [33] +- lib/io.grpc-grpc-core-1.56.0.jar [33] +- lib/io.grpc-grpc-grpclb-1.56.0.jar [33] +- lib/io.grpc-grpc-netty-1.56.0.jar [33] +- lib/io.grpc-grpc-protobuf-1.56.0.jar [33] +- lib/io.grpc-grpc-protobuf-lite-1.56.0.jar [33] +- lib/io.grpc-grpc-services-1.56.0.jar [33] +- lib/io.grpc-grpc-stub-1.56.0.jar [33] +- lib/io.grpc-grpc-testing-1.56.0.jar [33] +- lib/io.grpc-grpc-xds-1.56.0.jar [33] +- lib/io.grpc-grpc-rls-1.56.0.jar[33] - lib/org.apache.curator-curator-client-5.1.0.jar [34] - lib/org.apache.curator-curator-framework-5.1.0.jar [34] - lib/org.apache.curator-curator-recipes-5.1.0.jar [34] @@ -302,12 +302,12 @@ Apache Software License, Version 2. - lib/com.google.android-annotations-4.1.1.4.jar [42] - lib/com.google.http-client-google-http-client-1.41.0.jar [43] - lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43] -- lib/com.google.auto.value-auto-value-annotations-1.9.jar [44] +- lib/com.google.auto.value-auto-value-annotations-1.10.1.jar [44] - lib/com.google.j2objc-j2objc-annotations-1.3.jar [45] -- lib/com.google.re2j-re2j-1.5.jar [46] +- lib/com.google.re2j-re2j-1.7.jar [46] - lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [47] -- lib/io.perfmark-perfmark-api-0.25.0.jar [48] -- lib/org.conscrypt-conscrypt-openjdk-uber-2.5.1.jar [49] +- lib/io.perfmark-perfmark-api-0.26.0.jar [48] +- lib/org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar [49] - lib/org.xerial.snappy-snappy-java-1.1.7.7.jar [50] - lib/io.reactivex.rxjava3-rxjava-3.0.1.jar [51] @@ -337,10 +337,10 @@ Apache Software License, Version 2. [24] Source available at https://github.com/cbeust/jcommander/tree/1.82 [25] Source available at https://github.com/DataSketches/sketches-core/tree/sketches-0.8.3 [26] Source available at https://github.com/lz4/lz4-java/tree/1.3.0 -[28] Source available at https://github.com/googleapis/java-common-protos/tree/v2.0.1 -[29] Source available at https://github.com/google/gson/tree/gson-parent-2.9.0 +[28] Source available at https://github.com/googleapis/java-common-protos/tree/v2.17.0 +[29] Source available at https://github.com/google/gson/tree/gson-parent-2.10.1 [30] Source available at https://github.com/census-instrumentation/opencensus-java/tree/v0.28.0 -[33] Source available at https://github.com/grpc/grpc-java/tree/v1.47.0 +[33] Source available at https://github.com/grpc/grpc-java/tree/v1.56.0 [34] Source available at https://github.com/apache/curator/releases/tag/apache.curator-5.1.0 [35] Source available at https://github.com/inferred/FreeBuilder/tree/v2.7.0 [36] Source available at https://github.com/google/error-prone/tree/v2.9.0 @@ -351,12 +351,12 @@ Apache Software License, Version 2. [41] Source available at https://github.com/apache/thrift/tree/0.14.2 [42] Source available at https://source.android.com/ [43] Source available at https://github.com/googleapis/google-http-java-client/releases/tag/v1.41.0 -[44] Source available at https://github.com/google/auto/releases/tag/auto-value-1.9 +[44] Source available at https://github.com/google/auto/releases/tag/auto-value-1.10.1 [45] Source available at https://github.com/google/j2objc/releases/tag/1.3 -[46] Source available at https://github.com/google/re2j/releases/tag/re2j-1.5 +[46] Source available at https://github.com/google/re2j/releases/tag/re2j-1.7 [47] Source available at https://github.com/dropwizard/metrics/releases/tag/v4.1.12.1 -[48] Source available at https://github.com/perfmark/perfmark/releases/tag/v0.25.0 -[49] Source available at https://github.com/google/conscrypt/releases/tag/2.5.1 +[48] Source available at https://github.com/perfmark/perfmark/releases/tag/v0.26.0 +[49] Source available at https://github.com/google/conscrypt/releases/tag/2.5.2 [50] Source available at https://github.com/google/snappy/releases/tag/1.1.7.7 [51] Source available at https://github.com/ReactiveX/RxJava/tree/v3.0.1 @@ -623,13 +623,13 @@ This product bundles Google Protocol Buffers, which is available under a "3-clau license. Bundled as - - lib/com.google.protobuf-protobuf-java-3.19.6.jar -Source available at https://github.com/google/protobuf/tree/v3.19.6 + - lib/com.google.protobuf-protobuf-java-3.22.3.jar +Source available at https://github.com/google/protobuf/tree/v3.22.3 For details, see deps/protobuf-3.14.0/LICENSE. Bundled as - - lib/com.google.protobuf-protobuf-java-util-3.19.6.jar -Source available at https://github.com/protocolbuffers/protobuf/tree/v3.19.6 + - lib/com.google.protobuf-protobuf-java-util-3.22.3.jar +Source available at https://github.com/protocolbuffers/protobuf/tree/v3.22.3 For details, see deps/protobuf-3.12.0/LICENSE. ------------------------------------------------------------------------------------ This product bundles the JCP Standard Java Servlet API, which is available under a diff --git a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt index 9f8f9b2de1..5a7f2eabdc 100644 --- a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt @@ -128,15 +128,15 @@ granted provided that the copyright notice appears in all copies. Copyright 2010 Cedric Beust [email protected] ------------------------------------------------------------------------------------ -- lib/io.grpc-grpc-all-1.47.0.jar -- lib/io.grpc-grpc-auth-1.47.0.jar -- lib/io.grpc-grpc-context-1.47.0.jar -- lib/io.grpc-grpc-core-1.47.0.jar -- lib/io.grpc-grpc-netty-1.47.0.jar -- lib/io.grpc-grpc-protobuf-1.47.0.jar -- lib/io.grpc-grpc-protobuf-lite-1.47.0.jar -- lib/io.grpc-grpc-stub-1.47.0.jar -- lib/io.grpc-grpc-testing-1.47.0.jar +- lib/io.grpc-grpc-all-1.56.0.jar +- lib/io.grpc-grpc-auth-1.56.0.jar +- lib/io.grpc-grpc-context-1.56.0.jar +- lib/io.grpc-grpc-core-1.56.0.jar +- lib/io.grpc-grpc-netty-1.56.0.jar +- lib/io.grpc-grpc-protobuf-1.56.0.jar +- lib/io.grpc-grpc-protobuf-lite-1.56.0.jar +- lib/io.grpc-grpc-stub-1.56.0.jar +- lib/io.grpc-grpc-testing-1.56.0.jar Copyright 2014, gRPC Authors All rights reserved. diff --git a/bookkeeper-dist/src/main/resources/NOTICE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/NOTICE-bkctl.bin.txt index 7a53afb8e5..e80661abdb 100644 --- a/bookkeeper-dist/src/main/resources/NOTICE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/NOTICE-bkctl.bin.txt @@ -54,15 +54,15 @@ under the License. Copyright 2010 Cedric Beust [email protected] ------------------------------------------------------------------------------------ -- lib/io.grpc-grpc-all-1.47.0.jar -- lib/io.grpc-grpc-auth-1.47.0.jar -- lib/io.grpc-grpc-context-1.47.0.jar -- lib/io.grpc-grpc-core-1.47.0.jar -- lib/io.grpc-grpc-netty-1.47.0.jar -- lib/io.grpc-grpc-protobuf-1.47.0.jar -- lib/io.grpc-grpc-protobuf-lite-1.47.0.jar -- lib/io.grpc-grpc-stub-1.47.0.jar -- lib/io.grpc-grpc-testing-1.47.0.jar +- lib/io.grpc-grpc-all-1.56.0.jar +- lib/io.grpc-grpc-auth-1.56.0.jar +- lib/io.grpc-grpc-context-1.56.0.jar +- lib/io.grpc-grpc-core-1.56.0.jar +- lib/io.grpc-grpc-netty-1.56.0.jar +- lib/io.grpc-grpc-protobuf-1.56.0.jar +- lib/io.grpc-grpc-protobuf-lite-1.56.0.jar +- lib/io.grpc-grpc-stub-1.56.0.jar +- lib/io.grpc-grpc-testing-1.56.0.jar Copyright 2014, gRPC Authors All rights reserved. diff --git a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt index 6623a1443a..fe3148b3b7 100644 --- a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt @@ -110,15 +110,15 @@ granted provided that the copyright notice appears in all copies. Copyright 2010 Cedric Beust [email protected] ------------------------------------------------------------------------------------ -- lib/io.grpc-grpc-all-1.47.0.jar -- lib/io.grpc-grpc-auth-1.47.0.jar -- lib/io.grpc-grpc-context-1.47.0.jar -- lib/io.grpc-grpc-core-1.47.0.jar -- lib/io.grpc-grpc-netty-1.47.0.jar -- lib/io.grpc-grpc-protobuf-1.47.0.jar -- lib/io.grpc-grpc-protobuf-lite-1.47.0.jar -- lib/io.grpc-grpc-stub-1.47.0.jar -- lib/io.grpc-grpc-testing-1.47.0.jar +- lib/io.grpc-grpc-all-1.56.0.jar +- lib/io.grpc-grpc-auth-1.56.0.jar +- lib/io.grpc-grpc-context-1.56.0.jar +- lib/io.grpc-grpc-core-1.56.0.jar +- lib/io.grpc-grpc-netty-1.56.0.jar +- lib/io.grpc-grpc-protobuf-1.56.0.jar +- lib/io.grpc-grpc-protobuf-lite-1.56.0.jar +- lib/io.grpc-grpc-stub-1.56.0.jar +- lib/io.grpc-grpc-testing-1.56.0.jar Copyright 2014, gRPC Authors All rights reserved. diff --git a/metadata-drivers/etcd/pom.xml b/metadata-drivers/etcd/pom.xml index 398cf2bd0c..7cabfb4d00 100644 --- a/metadata-drivers/etcd/pom.xml +++ b/metadata-drivers/etcd/pom.xml @@ -58,6 +58,14 @@ <groupId>io.grpc</groupId> <artifactId>grpc-okhttp</artifactId> </exclusion> + <exclusion> + <groupId>io.grpc</groupId> + <artifactId>grpc-servlet</artifactId> + </exclusion> + <exclusion> + <groupId>io.grpc</groupId> + <artifactId>grpc-servlet-jakarta</artifactId> + </exclusion> </exclusions> </dependency> diff --git a/pom.xml b/pom.xml index fac67e34d1..86ee8da94c 100644 --- a/pom.xml +++ b/pom.xml @@ -135,7 +135,7 @@ <freebuilder.version>2.7.0</freebuilder.version> <google.code.version>3.0.2</google.code.version> <google.errorprone.version>2.9.0</google.errorprone.version> - <grpc.version>1.47.0</grpc.version> + <grpc.version>1.56.0</grpc.version> <guava.version>31.0.1-jre</guava.version> <kerby.version>1.1.1</kerby.version> <hadoop.version>3.2.4</hadoop.version> @@ -164,8 +164,8 @@ <datasketches.version>0.8.3</datasketches.version> <httpclient.version>4.5.13</httpclient.version> <httpcore.version>4.4.15</httpcore.version> - <protobuf.version>3.19.6</protobuf.version> - <protoc3.version>3.19.6</protoc3.version> + <protobuf.version>3.22.3</protobuf.version> + <protoc3.version>3.22.3</protoc3.version> <protoc-gen-grpc-java.version>${grpc.version}</protoc-gen-grpc-java.version> <reflections.version>0.9.11</reflections.version> <rocksdb.version>6.29.4.1</rocksdb.version> diff --git a/stream/common/pom.xml b/stream/common/pom.xml index c97e8a1372..90e99cbd49 100644 --- a/stream/common/pom.xml +++ b/stream/common/pom.xml @@ -52,6 +52,14 @@ <groupId>io.grpc</groupId> <artifactId>grpc-okhttp</artifactId> </exclusion> + <exclusion> + <groupId>io.grpc</groupId> + <artifactId>grpc-servlet</artifactId> + </exclusion> + <exclusion> + <groupId>io.grpc</groupId> + <artifactId>grpc-servlet-jakarta</artifactId> + </exclusion> </exclusions> </dependency> <dependency> diff --git a/stream/tests-common/pom.xml b/stream/tests-common/pom.xml index 4a76ef90b1..e7825aec84 100644 --- a/stream/tests-common/pom.xml +++ b/stream/tests-common/pom.xml @@ -44,6 +44,14 @@ <groupId>io.grpc</groupId> <artifactId>grpc-okhttp</artifactId> </exclusion> + <exclusion> + <groupId>io.grpc</groupId> + <artifactId>grpc-servlet</artifactId> + </exclusion> + <exclusion> + <groupId>io.grpc</groupId> + <artifactId>grpc-servlet-jakarta</artifactId> + </exclusion> </exclusions> </dependency> <dependency>
