This is an automated email from the ASF dual-hosted git repository. laiyingchun pushed a commit to branch branch-1.16.x in repository https://gitbox.apache.org/repos/asf/kudu.git
commit 4b287f4543cacd3e4774f59b8a51684a7e772da9 Author: Alexey Serbin <[email protected]> AuthorDate: Thu Jul 20 14:33:50 2023 -0700 KUDU-3493 upgrade Guava to 32.1.1-jre This is to address CVE-2023-2976 in 30.1-jre [1]. An update on java/build.gradle is a workaround as suggested by the Guava release notes [2] to allow for building with gradle 6.x. An update on build-support/verify_jars.pl allows for ProGuard [3] rule files to be in the result JARs: those appeared in the compiled JAR files with the new Guava version. [1] https://nvd.nist.gov/vuln/detail/CVE-2023-2976 [2] https://github.com/google/guava/releases/tag/v32.1.0 [3] https://www.guardsquare.com/en/products/proguard Change-Id: I4acf448085e2279be3ed8c77ccf3306494c6639c Reviewed-on: http://gerrit.cloudera.org:8080/20235 Reviewed-by: Abhishek Chennaka <[email protected]> Tested-by: Abhishek Chennaka <[email protected]> Tested-by: Alexey Serbin <[email protected]> (cherry picked from commit ab2f15d0dc168245d9e5adc631784f0f1be1c803) Reviewed-on: http://gerrit.cloudera.org:8080/20244 Tested-by: Kudu Jenkins Reviewed-by: Yingchun Lai <[email protected]> --- build-support/verify_jars.pl | 2 +- java/build.gradle | 8 ++++++++ java/gradle/dependencies.gradle | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/build-support/verify_jars.pl b/build-support/verify_jars.pl index 64186d223..eb6e3477d 100755 --- a/build-support/verify_jars.pl +++ b/build-support/verify_jars.pl @@ -28,7 +28,7 @@ my $pat_kudu_shaded_prefix = qr{^org/apache/kudu/shaded/}; # Allowed filenames of non-Java files in JARs. my $pat_allow_non_java = - qr{(?:\.(?:txt|xml|properties|json|proto|MF|jnilib|so|swp)| + qr{(?:\.(?:txt|xml|properties|json|proto|MF|jnilib|pro|so|swp)| LICENSE|NOTICE|DEPENDENCIES| # The kudu-spark DataSourceRegister file. DataSourceRegister| diff --git a/java/build.gradle b/java/build.gradle index 686a5d5ef..4fa917e7d 100755 --- a/java/build.gradle +++ b/java/build.gradle @@ -65,6 +65,14 @@ subprojects { exclude group: "org.checkerframework", module: "checker-compat-qual" exclude group: "org.codehaus.mojo", module: "animal-sniffer-annotations" } + + sourceSets { + all { + configurations.all { conf -> + attributes.attribute(Attribute.of("org.gradle.jvm.environment", String), "standard-jvm") + } + } + } } // A task that does nothing, but is useful to ensure the Gradle build and tasks are initialized. diff --git a/java/gradle/dependencies.gradle b/java/gradle/dependencies.gradle index 13ccabd27..9f0d9f0f1 100755 --- a/java/gradle/dependencies.gradle +++ b/java/gradle/dependencies.gradle @@ -33,7 +33,7 @@ versions += [ errorProne : "2.3.3", errorProneJavac: "9+181-r4173-1", gradle : "6.9.2", - guava : "30.1-jre", + guava : "32.1.1-jre", hadoop : "3.3.1", hamcrest : "2.2", hdrhistogram : "2.1.12",
