Skip to content

Commit

Permalink
GH-16423 upgrade protobuf , google-cloud-storage, and fix CVE-2024-7254
Browse files Browse the repository at this point in the history
… (#16426)

* upgrade google-cloud-storage to newest

* upgarde protobuf and exclude the one from hadoop-common
  • Loading branch information
valenad1 authored Oct 21, 2024
1 parent dd44587 commit eaccd47
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 2 additions & 1 deletion h2o-assemblies/main/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ dependencies {
exclude group: "org.apache.curator"
exclude group: "org.apache.zookeeper"
exclude group: "org.eclipse.jetty"
exclude group: "org.apache.hadoop.thirdparty", module: "hadoop-shaded-protobuf_3_7"
}

// Upgrade dependencies of h2o-jetty-9
Expand All @@ -52,7 +53,7 @@ dependencies {

// Upgrade dependencies coming from Hadoop to address vulnerabilities
api "org.apache.commons:commons-compress:1.26.0"
api "com.google.protobuf:protobuf-java:3.21.7"
api "com.google.protobuf:protobuf-java:3.25.5"

constraints {
api('com.fasterxml.jackson.core:jackson-databind:2.17.2') {
Expand Down
2 changes: 1 addition & 1 deletion h2o-persist-gcs/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description = "H2O Persist GCS"

dependencies {
api project(":h2o-core")
api 'com.google.cloud:google-cloud-storage:2.13.1'
api ('com.google.cloud:google-cloud-storage:2.43.2')

testImplementation project(":h2o-test-support")
testRuntimeOnly project(":${defaultWebserverModule}")
Expand Down

0 comments on commit eaccd47

Please sign in to comment.