This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-2.11 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 63210385cc8eeba424836136e02ccbaff6cdea34 Author: Lari Hotari <[email protected]> AuthorDate: Thu Jun 1 22:19:49 2023 +0300 [fix][sec] Upgrade Guava to 32.0.0 to address CVE-2023-2976 (#20459) (cherry picked from commit 57f9467a8dbcd546ee9127d8dfbd000b46333f23) # Conflicts: # distribution/server/src/assemble/LICENSE.bin.txt # pom.xml # pulsar-sql/presto-distribution/LICENSE --- buildtools/pom.xml | 2 +- distribution/server/src/assemble/LICENSE.bin.txt | 4 ++-- distribution/shell/src/assemble/LICENSE.bin.txt | 4 ++-- pom.xml | 2 +- pulsar-sql/presto-distribution/LICENSE | 4 ++-- pulsar-sql/presto-distribution/pom.xml | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/buildtools/pom.xml b/buildtools/pom.xml index 564130ad7a3..7cb8e4d71e1 100644 --- a/buildtools/pom.xml +++ b/buildtools/pom.xml @@ -47,7 +47,7 @@ <puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version> <maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version> <guice.version>4.2.3</guice.version> - <guava.version>31.0.1-jre</guava.version> + <guava.version>32.0.0-jre</guava.version> <ant.version>1.10.12</ant.version> <snakeyaml.version>2.0</snakeyaml.version> <mockito.version>3.12.4</mockito.version> diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index cc069a83359..e4fd0cd139b 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -328,7 +328,7 @@ The Apache Software License, Version 2.0 - com.google.code.gson-gson-2.8.9.jar - io.gsonfire-gson-fire-1.8.5.jar * Guava - - com.google.guava-guava-31.0.1-jre.jar + - com.google.guava-guava-32.0.0-jre.jar - com.google.guava-failureaccess-1.0.1.jar - com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar * J2ObjC Annotations -- com.google.j2objc-j2objc-annotations-1.3.jar @@ -568,7 +568,7 @@ MIT License - org.slf4j-slf4j-api-1.7.32.jar - org.slf4j-jcl-over-slf4j-1.7.32.jar * The Checker Framework - - org.checkerframework-checker-qual-3.12.0.jar + - org.checkerframework-checker-qual-3.33.0.jar Protocol Buffers License * Protocol Buffers diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt b/distribution/shell/src/assemble/LICENSE.bin.txt index b043942c540..9c7532e51f3 100644 --- a/distribution/shell/src/assemble/LICENSE.bin.txt +++ b/distribution/shell/src/assemble/LICENSE.bin.txt @@ -323,7 +323,7 @@ The Apache Software License, Version 2.0 * Gson - gson-2.8.9.jar * Guava - - guava-31.0.1-jre.jar + - guava-32.0.0-jre.jar - failureaccess-1.0.1.jar - listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar * J2ObjC Annotations -- j2objc-annotations-1.3.jar @@ -413,7 +413,7 @@ MIT License * SLF4J -- ../licenses/LICENSE-SLF4J.txt - slf4j-api-1.7.32.jar * The Checker Framework - - checker-qual-3.12.0.jar + - checker-qual-3.33.0.jar CDDL-1.1 -- ../licenses/LICENSE-CDDL-1.1.txt * Java Annotations API diff --git a/pom.xml b/pom.xml index 1f16f9a9207..09dc6c2f94c 100644 --- a/pom.xml +++ b/pom.xml @@ -180,7 +180,7 @@ flexible messaging model and an intuitive client API.</description> <jsonwebtoken.version>0.11.1</jsonwebtoken.version> <opencensus.version>0.28.0</opencensus.version> <hbase.version>2.4.9</hbase.version> - <guava.version>31.0.1-jre</guava.version> + <guava.version>32.0.0-jre</guava.version> <jcip.version>1.0</jcip.version> <prometheus-jmx.version>0.16.1</prometheus-jmx.version> <confluent.version>7.0.1</confluent.version> diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index b5067e99fef..e58b034ebac 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -221,7 +221,7 @@ The Apache Software License, Version 2.0 - jackson-module-jaxb-annotations-2.14.2.jar - jackson-module-jsonSchema-2.14.2.jar * Guava - - guava-31.0.1-jre.jar + - guava-32.0.0-jre.jar - listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar - failureaccess-1.0.1.jar * Google Guice @@ -524,7 +524,7 @@ MIT License * JCL 1.2 Implemented Over SLF4J - jcl-over-slf4j-1.7.32.jar * Checker Qual - - checker-qual-3.12.0.jar + - checker-qual-3.33.0.jar * Annotations - animal-sniffer-annotations-1.19.jar - annotations-4.1.1.4.jar diff --git a/pulsar-sql/presto-distribution/pom.xml b/pulsar-sql/presto-distribution/pom.xml index 3f037b4496f..4c1c9a37228 100644 --- a/pulsar-sql/presto-distribution/pom.xml +++ b/pulsar-sql/presto-distribution/pom.xml @@ -37,7 +37,7 @@ <objenesis.version>2.6</objenesis.version> <objectsize.version>0.0.12</objectsize.version> <maven.version>3.0.5</maven.version> - <guava.version>31.0.1-jre</guava.version> + <guava.version>32.0.0-jre</guava.version> <asynchttpclient.version>2.12.1</asynchttpclient.version> <errorprone.version>2.5.1</errorprone.version> <javax.servlet-api>4.0.1</javax.servlet-api>
