You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bookkeeper.apache.org by yo...@apache.org on 2023/08/29 06:47:53 UTC
[bookkeeper] 08/08: Bump guava version from 31.0.1-jre to 32.0.1-jre (#4008)
This is an automated email from the ASF dual-hosted git repository.
yong pushed a commit to branch branch-4.16
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
commit d2cacdd964da93baadb1c68da48769cf28ac6eff
Author: ZhangJian He <sh...@gmail.com>
AuthorDate: Mon Jul 3 11:06:28 2023 +0800
Bump guava version from 31.0.1-jre to 32.0.1-jre (#4008)
### Motivation
Bump guava version from 31.0.1-jre to 32.0.1-jre, Fix CVE-2023-2976
(cherry picked from commit 52e780f326c6cb5f303b51aa6ab5363c8e94b074)
---
bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 8 ++++----
bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 8 ++++----
bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 8 ++++----
pom.xml | 2 +-
4 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index 139d7d2498..2e2bd767af 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -208,7 +208,7 @@ Apache Software License, Version 2.
- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
-- lib/com.google.guava-guava-31.0.1-jre.jar [4]
+- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
- lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
- lib/commons-cli-commons-cli-1.2.jar [5]
@@ -309,7 +309,7 @@ Apache Software License, Version 2.
- lib/com.google.http-client-google-http-client-1.41.0.jar [43]
- lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43]
- lib/com.google.auto.value-auto-value-annotations-1.9.jar [44]
-- lib/com.google.j2objc-j2objc-annotations-1.3.jar [45]
+- lib/com.google.j2objc-j2objc-annotations-2.8.jar [45]
- lib/com.google.re2j-re2j-1.6.jar [46]
- lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [47]
- lib/io.dropwizard.metrics-metrics-graphite-4.1.12.1.jar [47]
@@ -325,7 +325,7 @@ Apache Software License, Version 2.
[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
-[4] Source available at https://github.com/google/guava/tree/v31.0.1
+[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
[7] Source available at https://github.com/apache/commons-configuration/tree/CONFIGURATION_1_10
@@ -681,7 +681,7 @@ This product uses the annotations from The Checker Framework, which are licensed
MIT License. For details, see deps/checker-qual-3.5.0/LICENSE
Bundles as
- - lib/org.checkerframework-checker-qual-3.12.0.jar
+ - lib/org.checkerframework-checker-qual-3.33.0.jar
------------------------------------------------------------------------------------
This product bundles the Reactive Streams library, which is licensed under
Public Domain (CC0). For details, see deps/reactivestreams-1.0.3/LICENSE
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
index d48f589b77..edda66b1c7 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
@@ -208,7 +208,7 @@ Apache Software License, Version 2.
- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
-- lib/com.google.guava-guava-31.0.1-jre.jar [4]
+- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
- lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
- lib/commons-cli-commons-cli-1.2.jar [5]
@@ -284,7 +284,7 @@ Apache Software License, Version 2.
- lib/com.google.auto.value-auto-value-annotations-1.9.jar [42]
- lib/com.google.http-client-google-http-client-1.41.0.jar [43]
- lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43]
-- lib/com.google.j2objc-j2objc-annotations-1.3.jar [44]
+- lib/com.google.j2objc-j2objc-annotations-2.8.jar [44]
- lib/com.google.re2j-re2j-1.6.jar [45]
- lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [46]
- lib/io.perfmark-perfmark-api-0.25.0.jar [47]
@@ -296,7 +296,7 @@ Apache Software License, Version 2.
[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
-[4] Source available at https://github.com/google/guava/tree/v31.0.1
+[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
[7] Source available at https://github.com/apache/commons-configuration/tree/CONFIGURATION_1_10
@@ -601,7 +601,7 @@ This product uses the annotations from The Checker Framework, which are licensed
MIT License. For details, see deps/checker-qual-3.5.0/LICENSE
Bundles as
- - lib/org.checkerframework-checker-qual-3.12.0.jar
+ - lib/org.checkerframework-checker-qual-3.33.0.jar
------------------------------------------------------------------------------------
This product bundles the Reactive Streams library, which is licensed under
Public Domain (CC0). For details, see deps/reactivestreams-1.0.3/LICENSE
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 3f757a83f9..4274a00de6 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -208,7 +208,7 @@ Apache Software License, Version 2.
- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
-- lib/com.google.guava-guava-31.0.1-jre.jar [4]
+- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
- lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar [4]
- lib/commons-cli-commons-cli-1.2.jar [5]
@@ -309,7 +309,7 @@ Apache Software License, Version 2.
- lib/com.google.http-client-google-http-client-1.41.0.jar [43]
- lib/com.google.http-client-google-http-client-gson-1.41.0.jar [43]
- lib/com.google.auto.value-auto-value-annotations-1.9.jar [44]
-- lib/com.google.j2objc-j2objc-annotations-1.3.jar [45]
+- lib/com.google.j2objc-j2objc-annotations-2.8.jar [45]
- lib/com.google.re2j-re2j-1.6.jar [46]
- lib/io.dropwizard.metrics-metrics-core-4.1.12.1.jar [47]
- lib/io.perfmark-perfmark-api-0.25.0.jar [48]
@@ -321,7 +321,7 @@ Apache Software License, Version 2.
[1] Source available at https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
[2] Source available at https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
[3] Source available at https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
-[4] Source available at https://github.com/google/guava/tree/v31.0.1
+[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
[7] Source available at https://github.com/apache/commons-configuration/tree/CONFIGURATION_1_10
@@ -670,7 +670,7 @@ This product uses the annotations from The Checker Framework, which are licensed
MIT License. For details, see deps/checker-qual-3.5.0/LICENSE
Bundles as
- - lib/org.checkerframework-checker-qual-3.12.0.jar
+ - lib/org.checkerframework-checker-qual-3.33.0.jar
------------------------------------------------------------------------------------
This product bundles the Reactive Streams library, which is licensed under
Public Domain (CC0). For details, see deps/reactivestreams-1.0.3/LICENSE
diff --git a/pom.xml b/pom.xml
index f7a4bdda8c..aa2603bbba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -133,7 +133,7 @@
<google.code.version>3.0.2</google.code.version>
<google.errorprone.version>2.9.0</google.errorprone.version>
<grpc.version>1.54.1</grpc.version>
- <guava.version>31.0.1-jre</guava.version>
+ <guava.version>32.0.1-jre</guava.version>
<kerby.version>1.1.1</kerby.version>
<hadoop.version>3.3.5</hadoop.version>
<hamcrest.version>1.3</hamcrest.version>