This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/orc.git
The following commit(s) were added to refs/heads/main by this push:
new be9e65df9 ORC-1659: Bump `guava` to 33.1.0-jre
be9e65df9 is described below
commit be9e65df9a0d396790c5def5d387cd6fcb96c117
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Mon Mar 18 09:12:45 2024 -0700
ORC-1659: Bump `guava` to 33.1.0-jre
Bumps [com.google.guava:guava](https://github.com/google/guava) from
33.0.0-jre to 33.1.0-jre.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/guava/releases";>com.google.guava:guava's
releases</a>.</em></p>
<blockquote>
<h2>33.1.0</h2>
<h3>Request for Android users</h3>
<p>If you know of Guava Android users who have not yet upgraded to at least
the previous release <a
href="https://github.com/google/guava/releases/tag/v33.0.0";>33.0.0</a>, please
encourage them to do so. Starting with that version, we are experimenting with
including Java 8+ APIs in <code>guava-android</code>. Before we commit to
adding such APIs, we want as much testing as we can get: If we later expose a
set of Java 8+ APIs and then discover that they break users, we won't want to r
[...]
<h3>Maven</h3>
<pre lang="xml"><code><dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>33.1.0-jre</version>
<!-- or, for Android: -->
<version>33.1.0-android</version>
</dependency>
</code></pre>
<h3>Jar files</h3>
<ul>
<li><a
href="https://repo1.maven.org/maven2/com/google/guava/guava/33.1.0-jre/guava-33.1.0-jre.jar";>33.1.0-jre.jar</a></li>
<li><a
href="https://repo1.maven.org/maven2/com/google/guava/guava/33.1.0-android/guava-33.1.0-android.jar";>33.1.0-android.jar</a></li>
</ul>
<p>Guava requires <a
href="https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies";>one
runtime dependency</a>, which you can download here:</p>
<ul>
<li><a
href="https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar";>failureaccess-1.0.1.jar</a></li>
</ul>
<h3>Javadoc</h3>
<ul>
<li><a
href="http://guava.dev/releases/33.1.0-jre/api/docs/";>33.1.0-jre</a></li>
<li><a
href="http://guava.dev/releases/33.1.0-android/api/docs/";>33.1.0-android</a></li>
</ul>
<h3>JDiff</h3>
<ul>
<li><a href="http://guava.dev/releases/33.1.0-jre/api/diffs/";>33.1.0-jre
vs. 33.0.0-jre</a></li>
<li><a
href="http://guava.dev/releases/33.1.0-android/api/diffs/";>33.1.0-android vs.
33.0.0-android</a></li>
<li><a
href="http://guava.dev/releases/33.1.0-android/api/androiddiffs/";>33.1.0-android
vs. 33.1.0-jre</a></li>
</ul>
<h3>Changelog</h3>
<ul>
<li>Updated our Error Prone dependency to 2.26.1, which includes a
JPMS-ready jar of annotations. If you use the Error Prone annotations in a
modular build of your own code, you may need to <a
href="https://github.com/google/error-prone/releases/tag/v2.26.1";>add a
<code>requires</code> line for them</a>. (d48c6dfbb8,
c6e91c498ced26631029d1bdfdb9154d4a217368)</li>
<li><code>base</code>: Added a <code>Duration</code> overload for
<code>Suppliers.memoizeWithExpiration</code>. (76e46ec35b)</li>
<li><code>base</code>: Deprecated the remaining two overloads of
<code>Throwables.propagateIfPossible</code>. They won't be deleted, but we
recommend migrating off them. (cf86414a87)</li>
<li><code>cache</code>: Fixed a bug that could cause <a
href="https://redirect.github.com/google/guava/pull/6851#issuecomment-1931276822";>false
"recursive load" reports during refresh</a>. (0e1aebf73e)</li>
<li><code>graph</code>: Changed the return types of
<code>transitiveClosure()</code> and <code>reachableNodes()</code> to
<code>Immutable*</code> types. <code>reachableNodes()</code> already returned
an immutable object (even though that was not reflected in the declared return
type); <code>transitiveClosure()</code> used to return a mutable object. The
old signatures remain available, so this change does not break binary
compatibility. (09e655f6c1)</li>
<li><code>graph</code>: Changed the behavior of views returned by graph
accessor methods that take a graph element as input: They now throw
<code>IllegalStateException</code> when that element is removed from the graph.
(8dca776341)</li>
<li><code>hash</code>: Optimized <code>Checksum</code>-based hash functions
for Java 9+. (afb35a5d1b)</li>
<li><code>testing</code>: Exposed <code>FakeTicker</code>
<code>Duration</code> methods to Android users. (f346bbb6a7)</li>
<li><code>util.concurrent</code>: Deprecated the constructors of
<code>UncheckedExecutionException</code> and <code>ExecutionError</code> that
don't accept a cause. We won't remove these constructors, but we recommend
migrating off them, as users of those classes often assume that instances will
contain a cause. (1bb3c4386b)</li>
<li><code>util.concurrent</code>: Improved the correctness of racy accesses
for J2ObjC users. (d3232b71ce)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/google/guava/commits";>compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that
have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI
passes on it
- `dependabot cancel merge` will cancel a previously requested merge and
block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it.
You can achieve the same result by closing it manually
- `dependabot show <dependency name> ignore conditions` will show all of
the ignore conditions of the specified dependency
- `dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the PR or
upgrade to it yourself)
</details>
Closes #1852 from
dependabot[bot]/dependabot/maven/java/com.google.guava-guava-33.1.0-jre.
Authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Dongjoon Hyun <[email protected]>
---
java/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/pom.xml b/java/pom.xml
index 4dc629962..310141e12 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -220,7 +220,7 @@
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>33.0.0-jre</version>
+ <version>33.1.0-jre</version>
<scope>test</scope>
</dependency>
<dependency>
