This is an automated email from the ASF dual-hosted git repository.
bowenliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new ad07ae9398 [KYUUBI #6743] Bump protobuf from 3.25.4 to 3.25.5
ad07ae9398 is described below
commit ad07ae93988a07d99ceb9cb5d90dd841bb18656b
Author: Bowen Liang <[email protected]>
AuthorDate: Thu Oct 17 21:32:25 2024 +0800
[KYUUBI #6743] Bump protobuf from 3.25.4 to 3.25.5
# :mag: Description
## Issue References ๐
This pull request fixes #
## Describe Your Solution ๐ง
- to fix CVE-2024-8184 reported in
https://github.com/apache/kyuubi/security/dependabot/72
## Types of changes :bookmark:
- [ ] Bugfix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
## Test Plan ๐งช
#### Behavior Without This Pull Request :coffin:
#### Behavior With This Pull Request :tada:
#### Related Unit Tests
---
# Checklist ๐
- [ ] This patch was not authored or co-authored using [Generative
Tooling](https://www.apache.org/legal/generative-tooling.html)
**Be nice. Be informative.**
Closes #6743 from bowenliang123/protobuf-3.25.5.
Closes #6743
a9a574041 [Bowen Liang] bump protobuf from 3.25.4 to 3.25.5
Authored-by: Bowen Liang <[email protected]>
Signed-off-by: Bowen Liang <[email protected]>
---
dev/dependencyList | 4 ++--
pom.xml | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/dev/dependencyList b/dev/dependencyList
index 9e8d7650b2..0f7cd9871f 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -158,8 +158,8 @@ paranamer/2.8//paranamer-2.8.jar
perfmark-api/0.26.0//perfmark-api-0.26.0.jar
postgresql/42.7.2//postgresql-42.7.2.jar
proto-google-common-protos/2.29.0//proto-google-common-protos-2.29.0.jar
-protobuf-java-util/3.25.4//protobuf-java-util-3.25.4.jar
-protobuf-java/3.25.4//protobuf-java-3.25.4.jar
+protobuf-java-util/3.25.5//protobuf-java-util-3.25.5.jar
+protobuf-java/3.25.5//protobuf-java-3.25.5.jar
scala-library/2.12.19//scala-library-2.12.19.jar
scopt_2.12/4.1.0//scopt_2.12-4.1.0.jar
simpleclient/0.16.0//simpleclient-0.16.0.jar
diff --git a/pom.xml b/pom.xml
index 6977e9cf36..e127263503 100644
--- a/pom.xml
+++ b/pom.xml
@@ -187,7 +187,7 @@
<phoenix.version>6.0.0</phoenix.version>
<postgresql.version>42.7.2</postgresql.version>
<prometheus.version>0.16.0</prometheus.version>
- <protobuf.version>3.25.4</protobuf.version>
+ <protobuf.version>3.25.5</protobuf.version>
<scalatest.version>3.2.16</scalatest.version>
<scalatestplus.version>3.2.16.0</scalatestplus.version>
<scopt.version>4.1.0</scopt.version>
