You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bookkeeper.apache.org by yo...@apache.org on 2023/08/29 06:47:53 UTC
[bookkeeper] 08/08: Bump guava version from 31.0.1-jre to 32.0.1-jre (#4008)

This is an automated email from the ASF dual-hosted git repository.

yong pushed a commit to branch branch-4.16
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git

commit d2cacdd964da93baadb1c68da48769cf28ac6eff
Author: ZhangJian He <sh...@gmail.com>
AuthorDate: Mon Jul 3 11:06:28 2023 +0800

    Bump guava version from 31.0.1-jre to 32.0.1-jre (#4008)
    
    ### Motivation
    
    Bump guava version from 31.0.1-jre to 32.0.1-jre, Fix CVE-2023-2976
    
    (cherry picked from commit 52e780f326c6cb5f303b51aa6ab5363c8e94b074)
---
 bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt    | 8 ++++----
 bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt  | 8 ++++----
 bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 8 ++++----
 pom.xml                                                   | 2 +-
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index 139d7d2498..2e2bd767af 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -208,7 +208,7 @@ Apache Software License, Version 2.
 - lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
 - lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
 - lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
-- lib/com.google.guava-guava-31.0.1-jre.jar [4]
+- lib/com.google.guava-guava-32.0.1-jre.jar [4]
 - lib/com.google.guava-failureaccess-1.0.1.jar [4]
 - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
 - lib/commons-cli-commons-cli-1.2.jar [5]
@@ -309,7 +309,7 @@ Apache Software License, Version 2.
 - lib/com.google.http-client-google-http-client-1.41.0.jar [43]
 - lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43]
 - lib/com.google.auto.value-auto-value-annotations-1.9.jar [44]
-- lib/com.google.j2objc-j2objc-annotations-1.3.jar [45]
+- lib/com.google.j2objc-j2objc-annotations-2.8.jar [45]
 - lib/com.google.re2j-re2j-1.6.jar [46]
 - lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [47]
 - lib/io.dropwizard.metrics-metrics-graphite-4.1.12.1.jar [47]
@@ -325,7 +325,7 @@ Apache Software License, Version 2.
 [1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
 [2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
 [3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
-[4] Source available at https://github.com/google/guava/tree/v31.0.1
+[4] Source available at https://github.com/google/guava/tree/v32.0.1
 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
 [7] Source available at https://github.com/apache/commons-configuration/tree/CONFIGURATION_1_10
@@ -681,7 +681,7 @@ This product uses the annotations from The Checker Framework, which are licensed
 MIT License. For details, see deps/checker-qual-3.5.0/LICENSE
 
 Bundles as
-  - lib/org.checkerframework-checker-qual-3.12.0.jar
+  - lib/org.checkerframework-checker-qual-3.33.0.jar
 ------------------------------------------------------------------------------------
 This product bundles the Reactive Streams library, which is licensed under
 Public Domain (CC0). For details, see deps/reactivestreams-1.0.3/LICENSE
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
index d48f589b77..edda66b1c7 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
@@ -208,7 +208,7 @@ Apache Software License, Version 2.
 - lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
 - lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
 - lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
-- lib/com.google.guava-guava-31.0.1-jre.jar [4]
+- lib/com.google.guava-guava-32.0.1-jre.jar [4]
 - lib/com.google.guava-failureaccess-1.0.1.jar [4]
 - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
 - lib/commons-cli-commons-cli-1.2.jar [5]
@@ -284,7 +284,7 @@ Apache Software License, Version 2.
 - lib/com.google.auto.value-auto-value-annotations-1.9.jar [42]
 - lib/com.google.http-client-google-http-client-1.41.0.jar [43]
 - lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43]
-- lib/com.google.j2objc-j2objc-annotations-1.3.jar [44]
+- lib/com.google.j2objc-j2objc-annotations-2.8.jar [44]
 - lib/com.google.re2j-re2j-1.6.jar [45]
 - lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [46]
 - lib/io.perfmark-perfmark-api-0.25.0.jar [47]
@@ -296,7 +296,7 @@ Apache Software License, Version 2.
 [1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
 [2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
 [3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
-[4] Source available at https://github.com/google/guava/tree/v31.0.1
+[4] Source available at https://github.com/google/guava/tree/v32.0.1
 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
 [7] Source available at https://github.com/apache/commons-configuration/tree/CONFIGURATION_1_10
@@ -601,7 +601,7 @@ This product uses the annotations from The Checker Framework, which are licensed
 MIT License. For details, see deps/checker-qual-3.5.0/LICENSE
 
 Bundles as
-  - lib/org.checkerframework-checker-qual-3.12.0.jar
+  - lib/org.checkerframework-checker-qual-3.33.0.jar
 ------------------------------------------------------------------------------------
 This product bundles the Reactive Streams library, which is licensed under
 Public Domain (CC0). For details, see deps/reactivestreams-1.0.3/LICENSE
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 3f757a83f9..4274a00de6 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -208,7 +208,7 @@ Apache Software License, Version 2.
 - lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
 - lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
 - lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
-- lib/com.google.guava-guava-31.0.1-jre.jar [4]
+- lib/com.google.guava-guava-32.0.1-jre.jar [4]
 - lib/com.google.guava-failureaccess-1.0.1.jar [4]
 - lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
 - lib/commons-cli-commons-cli-1.2.jar [5]
@@ -309,7 +309,7 @@ Apache Software License, Version 2.
 - lib/com.google.http-client-google-http-client-1.41.0.jar [43]
 - lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43]
 - lib/com.google.auto.value-auto-value-annotations-1.9.jar [44]
-- lib/com.google.j2objc-j2objc-annotations-1.3.jar [45]
+- lib/com.google.j2objc-j2objc-annotations-2.8.jar [45]
 - lib/com.google.re2j-re2j-1.6.jar [46]
 - lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [47]
 - lib/io.perfmark-perfmark-api-0.25.0.jar [48]
@@ -321,7 +321,7 @@ Apache Software License, Version 2.
 [1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
 [2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
 [3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
-[4] Source available at https://github.com/google/guava/tree/v31.0.1
+[4] Source available at https://github.com/google/guava/tree/v32.0.1
 [5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
 [6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
 [7] Source available at https://github.com/apache/commons-configuration/tree/CONFIGURATION_1_10
@@ -670,7 +670,7 @@ This product uses the annotations from The Checker Framework, which are licensed
 MIT License. For details, see deps/checker-qual-3.5.0/LICENSE
 
 Bundles as
-  - lib/org.checkerframework-checker-qual-3.12.0.jar
+  - lib/org.checkerframework-checker-qual-3.33.0.jar
 ------------------------------------------------------------------------------------
 This product bundles the Reactive Streams library, which is licensed under
 Public Domain (CC0). For details, see deps/reactivestreams-1.0.3/LICENSE
diff --git a/pom.xml b/pom.xml
index f7a4bdda8c..aa2603bbba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -133,7 +133,7 @@
     <google.code.version>3.0.2</google.code.version>
     <google.errorprone.version>2.9.0</google.errorprone.version>
     <grpc.version>1.54.1</grpc.version>
-    <guava.version>31.0.1-jre</guava.version>
+    <guava.version>32.0.1-jre</guava.version>
     <kerby.version>1.1.1</kerby.version>
     <hadoop.version>3.3.5</hadoop.version>
     <hamcrest.version>1.3</hamcrest.version>