This is an automated email from the ASF dual-hosted git repository. srowen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push: new a82a006df80 [SPARK-40326][BUILD] Upgrade `fasterxml.jackson.version` to 2.13.4 a82a006df80 is described below commit a82a006df80ac3aa6900d8688eb5bf77b804785d Author: Bjørn <bjornjorgen...@gmail.com> AuthorDate: Mon Sep 5 19:51:40 2022 -0500 [SPARK-40326][BUILD] Upgrade `fasterxml.jackson.version` to 2.13.4 ### What changes were proposed in this pull request? upgrade `com.fasterxml.jackson.dataformat:jackson-dataformat-yaml` and `fasterxml.jackson.databind.version` from 2.13.3 to 2.13.4 ### Why are the changes needed? [CVE-2022-25857](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857) [SNYK-JAVA-ORGYAML](https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360) ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA Closes #37796 from bjornjorgensen/upgrade-fasterxml.jackson-to-2.13.4. Authored-by: Bjørn <bjornjorgen...@gmail.com> Signed-off-by: Sean Owen <sro...@gmail.com> --- dev/deps/spark-deps-hadoop-2-hive-2.3 | 16 ++++++++-------- dev/deps/spark-deps-hadoop-3-hive-2.3 | 16 ++++++++-------- pom.xml | 4 ++-- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3 b/dev/deps/spark-deps-hadoop-2-hive-2.3 index 66882b2a4b4..9a78cecec90 100644 --- a/dev/deps/spark-deps-hadoop-2-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-2-hive-2.3 @@ -111,16 +111,16 @@ httpclient/4.5.13//httpclient-4.5.13.jar httpcore/4.4.14//httpcore-4.4.14.jar istack-commons-runtime/3.0.8//istack-commons-runtime-3.0.8.jar ivy/2.5.0//ivy-2.5.0.jar -jackson-annotations/2.13.3//jackson-annotations-2.13.3.jar +jackson-annotations/2.13.4//jackson-annotations-2.13.4.jar jackson-core-asl/1.9.13//jackson-core-asl-1.9.13.jar -jackson-core/2.13.3//jackson-core-2.13.3.jar -jackson-databind/2.13.3//jackson-databind-2.13.3.jar -jackson-dataformat-cbor/2.13.3//jackson-dataformat-cbor-2.13.3.jar -jackson-dataformat-yaml/2.13.3//jackson-dataformat-yaml-2.13.3.jar -jackson-datatype-jsr310/2.13.3//jackson-datatype-jsr310-2.13.3.jar +jackson-core/2.13.4//jackson-core-2.13.4.jar +jackson-databind/2.13.4//jackson-databind-2.13.4.jar +jackson-dataformat-cbor/2.13.4//jackson-dataformat-cbor-2.13.4.jar +jackson-dataformat-yaml/2.13.4//jackson-dataformat-yaml-2.13.4.jar +jackson-datatype-jsr310/2.13.4//jackson-datatype-jsr310-2.13.4.jar jackson-jaxrs/1.9.13//jackson-jaxrs-1.9.13.jar jackson-mapper-asl/1.9.13//jackson-mapper-asl-1.9.13.jar -jackson-module-scala_2.12/2.13.3//jackson-module-scala_2.12-2.13.3.jar +jackson-module-scala_2.12/2.13.4//jackson-module-scala_2.12-2.13.4.jar jackson-xc/1.9.13//jackson-xc-1.9.13.jar jakarta.annotation-api/1.3.5//jakarta.annotation-api-1.3.5.jar jakarta.inject/2.6.1//jakarta.inject-2.6.1.jar @@ -243,7 +243,7 @@ scala-reflect/2.12.16//scala-reflect-2.12.16.jar scala-xml_2.12/1.2.0//scala-xml_2.12-1.2.0.jar shims/0.9.31//shims-0.9.31.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar -snakeyaml/1.30//snakeyaml-1.30.jar +snakeyaml/1.31//snakeyaml-1.31.jar snappy-java/1.1.8.4//snappy-java-1.1.8.4.jar spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3 index 60dd8b190de..66b50c78bc1 100644 --- a/dev/deps/spark-deps-hadoop-3-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-3-hive-2.3 @@ -99,15 +99,15 @@ httpcore/4.4.14//httpcore-4.4.14.jar ini4j/0.5.4//ini4j-0.5.4.jar istack-commons-runtime/3.0.8//istack-commons-runtime-3.0.8.jar ivy/2.5.0//ivy-2.5.0.jar -jackson-annotations/2.13.3//jackson-annotations-2.13.3.jar +jackson-annotations/2.13.4//jackson-annotations-2.13.4.jar jackson-core-asl/1.9.13//jackson-core-asl-1.9.13.jar -jackson-core/2.13.3//jackson-core-2.13.3.jar -jackson-databind/2.13.3//jackson-databind-2.13.3.jar -jackson-dataformat-cbor/2.13.3//jackson-dataformat-cbor-2.13.3.jar -jackson-dataformat-yaml/2.13.3//jackson-dataformat-yaml-2.13.3.jar -jackson-datatype-jsr310/2.13.3//jackson-datatype-jsr310-2.13.3.jar +jackson-core/2.13.4//jackson-core-2.13.4.jar +jackson-databind/2.13.4//jackson-databind-2.13.4.jar +jackson-dataformat-cbor/2.13.4//jackson-dataformat-cbor-2.13.4.jar +jackson-dataformat-yaml/2.13.4//jackson-dataformat-yaml-2.13.4.jar +jackson-datatype-jsr310/2.13.4//jackson-datatype-jsr310-2.13.4.jar jackson-mapper-asl/1.9.13//jackson-mapper-asl-1.9.13.jar -jackson-module-scala_2.12/2.13.3//jackson-module-scala_2.12-2.13.3.jar +jackson-module-scala_2.12/2.13.4//jackson-module-scala_2.12-2.13.4.jar jakarta.annotation-api/1.3.5//jakarta.annotation-api-1.3.5.jar jakarta.inject/2.6.1//jakarta.inject-2.6.1.jar jakarta.servlet-api/4.0.3//jakarta.servlet-api-4.0.3.jar @@ -230,7 +230,7 @@ scala-reflect/2.12.16//scala-reflect-2.12.16.jar scala-xml_2.12/1.2.0//scala-xml_2.12-1.2.0.jar shims/0.9.31//shims-0.9.31.jar slf4j-api/1.7.36//slf4j-api-1.7.36.jar -snakeyaml/1.30//snakeyaml-1.30.jar +snakeyaml/1.31//snakeyaml-1.31.jar snappy-java/1.1.8.4//snappy-java-1.1.8.4.jar spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar diff --git a/pom.xml b/pom.xml index 1ac8dbd1d00..51005611da8 100644 --- a/pom.xml +++ b/pom.xml @@ -170,8 +170,8 @@ <!-- for now, not running scalafmt as part of default verify pipeline --> <scalafmt.skip>true</scalafmt.skip> <codehaus.jackson.version>1.9.13</codehaus.jackson.version> - <fasterxml.jackson.version>2.13.3</fasterxml.jackson.version> - <fasterxml.jackson.databind.version>2.13.3</fasterxml.jackson.databind.version> + <fasterxml.jackson.version>2.13.4</fasterxml.jackson.version> + <fasterxml.jackson.databind.version>2.13.4</fasterxml.jackson.databind.version> <snappy.version>1.1.8.4</snappy.version> <netlib.ludovic.dev.version>3.0.2</netlib.ludovic.dev.version> <commons-codec.version>1.15</commons-codec.version> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org