From a27da8dd5fa9e98dfdfb42c4d6995aee28e77b82 Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Tue, 6 Jun 2023 09:10:38 +0300 Subject: [PATCH] [fix][sec] Upgrade Guava to 32.0.0 to address CVE-2023-2976 (#20459) (cherry picked from commit 57f9467a8dbcd546ee9127d8dfbd000b46333f23) (cherry picked from commit 1cc99b361ffefbd88f5ce11bb3f5b58d394fa212) --- buildtools/pom.xml | 2 +- distribution/server/src/assemble/LICENSE.bin.txt | 4 ++-- pom.xml | 2 +- pulsar-sql/presto-distribution/LICENSE | 4 ++-- pulsar-sql/presto-distribution/pom.xml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/buildtools/pom.xml b/buildtools/pom.xml index 59b6eb59816c4..2fdc8bc14b80f 100644 --- a/buildtools/pom.xml +++ b/buildtools/pom.xml @@ -47,7 +47,7 @@ 8.37 3.1.2 4.2.3 - 31.0.1-jre + 32.0.0-jre 1.10.12 2.0 diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 1cd8ffb240451..d92b0cf2bf150 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -328,7 +328,7 @@ The Apache Software License, Version 2.0 - com.google.code.gson-gson-2.8.9.jar - io.gsonfire-gson-fire-1.8.5.jar * Guava - - com.google.guava-guava-31.0.1-jre.jar + - com.google.guava-guava-32.0.0-jre.jar - com.google.guava-failureaccess-1.0.1.jar - com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar * J2ObjC Annotations -- com.google.j2objc-j2objc-annotations-1.3.jar @@ -535,7 +535,7 @@ MIT License - org.slf4j-slf4j-api-1.7.32.jar - org.slf4j-jcl-over-slf4j-1.7.32.jar * The Checker Framework - - org.checkerframework-checker-qual-3.12.0.jar + - org.checkerframework-checker-qual-3.33.0.jar * Auth0, Inc. - com.auth0-java-jwt-4.3.0.jar - com.auth0-jwks-rsa-0.22.0.jar diff --git a/pom.xml b/pom.xml index 7984f4c97c318..c5999c93ef3cb 100644 --- a/pom.xml +++ b/pom.xml @@ -170,7 +170,7 @@ flexible messaging model and an intuitive client API. 0.11.1 0.28.0 2.4.9 - 31.0.1-jre + 32.0.0-jre 1.0 0.14.0 7.0.1 diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index 6385a1817f789..a9db03e1d4685 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -221,7 +221,7 @@ The Apache Software License, Version 2.0 - jackson-module-jaxb-annotations-2.14.2.jar - jackson-module-jsonSchema-2.14.2.jar * Guava - - guava-31.0.1-jre.jar + - guava-32.0.0-jre.jar - listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar - failureaccess-1.0.1.jar * Google Guice @@ -515,7 +515,7 @@ MIT License * JUL to SLF4J Bridge - jul-to-slf4j-1.7.32.jar * Checker Qual - - checker-qual-3.12.0.jar + - checker-qual-3.33.0.jar * Annotations - animal-sniffer-annotations-1.19.jar - annotations-4.1.1.4.jar diff --git a/pulsar-sql/presto-distribution/pom.xml b/pulsar-sql/presto-distribution/pom.xml index 328193f0f69af..914cfd10a412d 100644 --- a/pulsar-sql/presto-distribution/pom.xml +++ b/pulsar-sql/presto-distribution/pom.xml @@ -38,7 +38,7 @@ 2.6 0.0.12 3.0.5 - 31.0.1-jre + 32.0.0-jre 2.12.1 2.5.1 4.0.1