[spark] branch master updated: [SPARK-42780][BUILD] Upgrade `Tink` to 1.9.0

Sun, 07 May 2023 13:29:59 -0700 

This is an automated email from the ASF dual-hosted git repository.

dongjoon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/master by this push:
     new 96814da9e1a [SPARK-42780][BUILD] Upgrade `Tink` to 1.9.0
96814da9e1a is described below

commit 96814da9e1a2400acc7e31cfc6b3956f7d514031
Author: bjornjorgensen <[email protected]>
AuthorDate: Sun May 7 13:29:37 2023 -0700

    [SPARK-42780][BUILD] Upgrade `Tink` to 1.9.0
    
    ### What changes were proposed in this pull request?
    Upgrade google Tink from 1.7.0 to 1.9.0
    
    [Release note for 
1.8.0](https://github.com/tink-crypto/tink-java/releases/tag/v1.8.0)
    
    [Release note for 
1.9.0](https://github.com/tink-crypto/tink-java/releases/tag/v1.9.0)
    
    ### Why are the changes needed?
    
[SNYK-JAVA-COMGOOGLEPROTOBUF-3040284](https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284)
    
    
[SNYK-JAVA-COMGOOGLEPROTOBUF-3167772](https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772)
    
    ### Does this PR introduce _any_ user-facing change?
    No.
    
    ### How was this patch tested?
    This have be benchmarks tested
    With
    "com.google.crypto.tink" % "tink" % "1.6.1"
    (min, avg, max) = (75024163.500, 76331532.832, 77324718.069), stdev = 
652319.870
    
    With
    "com.google.crypto.tink" % "tink" % "1.9.0"
    (min, avg, max) = (76279051.841, 77512667.749, 78590966.453), stdev = 
632832.384
    
    Almost the same.. Think 1.9.0 is perhaps a bit slower.
    
    Pass GA
    
    Closes #40878 from bjornjorgensen/Tink1.9.0.
    
    Authored-by: bjornjorgensen <[email protected]>
    Signed-off-by: Dongjoon Hyun <[email protected]>
---
 dev/deps/spark-deps-hadoop-3-hive-2.3 |  2 +-
 pom.xml                               | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 
b/dev/deps/spark-deps-hadoop-3-hive-2.3
index 27df72ecaf8..5174b6b0335 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -245,7 +245,7 @@ stax-api/1.0.1//stax-api-1.0.1.jar
 stream/2.9.6//stream-2.9.6.jar
 super-csv/2.2.0//super-csv-2.2.0.jar
 threeten-extra/1.7.1//threeten-extra-1.7.1.jar
-tink/1.7.0//tink-1.7.0.jar
+tink/1.9.0//tink-1.9.0.jar
 transaction-api/1.1//transaction-api-1.1.jar
 univocity-parsers/2.9.1//univocity-parsers-2.9.1.jar
 wildfly-openssl/1.1.3.Final//wildfly-openssl-1.1.3.Final.jar
diff --git a/pom.xml b/pom.xml
index 96ee3fb5ed9..04260b51c60 100644
--- a/pom.xml
+++ b/pom.xml
@@ -215,7 +215,7 @@
     <commons-crypto.version>1.1.0</commons-crypto.version>
     <commons-cli.version>1.5.0</commons-cli.version>
     <bouncycastle.version>1.60</bouncycastle.version>
-    <tink.version>1.7.0</tink.version>
+    <tink.version>1.9.0</tink.version>
     <netty.version>4.1.89.Final</netty.version>
     <!--
     If you are changing Arrow version specification, please check
@@ -2653,6 +2653,16 @@
         <groupId>com.google.crypto.tink</groupId>
         <artifactId>tink</artifactId>
         <version>${tink.version}</version>
+        <exclusions>
+          <exclusion>
+            <groupId>com.google.errorprone</groupId>
+            <artifactId>error_prone_annotations</artifactId>
+          </exclusion>
+          <exclusion>
+            <groupId>com.google.http-client</groupId>
+            <artifactId>google-http-client</artifactId>
+          </exclusion>
+        </exclusions>
       </dependency>
       <dependency>
         <groupId>org.apache.arrow</groupId>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to