-
Notifications
You must be signed in to change notification settings - Fork 282
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Backport 2.x] Resolve CVE-2023-2976 by forcing use of Guava 32.0.1 (#2937) #2974
[Backport 2.x] Resolve CVE-2023-2976 by forcing use of Guava 32.0.1 (#2937) #2974
Conversation
Signed-off-by: Stephen Crawford <[email protected]> (cherry picked from commit 8ab7cb4) Signed-off-by: Darshit Chanpura <[email protected]>
04e6434
to
c334172
Compare
Codecov Report
@@ Coverage Diff @@
## 2.x #2974 +/- ##
============================================
- Coverage 62.12% 62.05% -0.07%
+ Complexity 3373 3367 -6
============================================
Files 264 264
Lines 19442 19442
Branches 3314 3314
============================================
- Hits 12078 12065 -13
- Misses 5769 5776 +7
- Partials 1595 1601 +6 |
@@ -281,6 +281,7 @@ configurations.all { | |||
force "org.apache.bcel:bcel:6.6.0" // This line should be removed once Spotbugs is upgraded to 4.7.4 | |||
force "com.github.luben:zstd-jni:${versions.zstd}" | |||
force "org.xerial.snappy:snappy-java:1.1.10.1" | |||
force 'com.google.guava:guava:32.0.1-jre' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The 32.1.1-jre
was out already, should we bump it here (and on main
)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Opened a PR to bump to 32.1.1-jre: #2976
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will create a separate PR and backports for that bump. Merging this for now to unblock CI.
Backports #2937
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.