This is an automated email from the ASF dual-hosted git repository.
kazuyukitanimura pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/datafusion-comet.git
The following commit(s) were added to refs/heads/main by this push:
new 2ae040a76 chore: Update guava to 33.2.1-jre (#1435)
2ae040a76 is described below
commit 2ae040a76dbaa49d8d3c119ebae90b8ead58a25f
Author: KAZUYUKI TANIMURA <[email protected]>
AuthorDate: Fri Feb 21 09:57:41 2025 -0800
chore: Update guava to 33.2.1-jre (#1435)
## Which issue does this PR close?
## Rationale for this change
To fix
[CVE-2023-2976](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976)
[CVE-2020-8908](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908)
[CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
## What changes are included in this PR?
Update guava to 33.2.1-jre
## How are these changes tested?
CI
---
pom.xml | 3 ++-
spark/pom.xml | 10 ++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 1f20d8175..34a90264f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -64,6 +64,7 @@ under the License.
<jacoco.version>0.8.11</jacoco.version>
<semanticdb.version>4.8.8</semanticdb.version>
<slf4j.version>2.0.6</slf4j.version>
+ <guava.version>33.2.1-jre</guava.version>
<jni.dir>${project.basedir}/../native/target/debug</jni.dir>
<platform>darwin</platform>
<arch>x86_64</arch>
@@ -259,7 +260,7 @@ under the License.
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>14.0.1</version>
+ <version>${guava.version}</version>
</dependency>
<!-- End of shaded deps -->
diff --git a/spark/pom.xml b/spark/pom.xml
index 0267b66ce..46cc1c3c1 100644
--- a/spark/pom.xml
+++ b/spark/pom.xml
@@ -105,6 +105,12 @@ under the License.
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>*</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
@@ -213,6 +219,10 @@ under the License.
<pattern>com.google.common</pattern>
<shadedPattern>${comet.shade.packageName}.guava</shadedPattern>
</relocation>
+ <relocation>
+ <pattern>com.google.thirdparty</pattern>
+
<shadedPattern>${comet.shade.packageName}.guava.thirdparty</shadedPattern>
+ </relocation>
</relocations>
</configuration>
</execution>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
