Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: update Guava to 31.1 #9757

Merged
merged 1 commit into from
Apr 8, 2022
Merged

Conversation

elharo
Copy link
Contributor

@elharo elharo commented Apr 7, 2022

@elharo
Copy link
Contributor Author

elharo commented Apr 7, 2022

[Zend Modules]

++ composer update
Loading composer repositories with package information
Warning from https://repo.packagist.org/: Support for Composer 1 is deprecated and some packages will not be available. You should upgrade to Composer 2. See https://blog.packagist.com/deprecating-composer-1-support/
Info from https://repo.packagist.org/: #StandWithUkraine
Updating dependencies (including require-dev)

[Composer\Downloader\TransportException]
The "https://packagist.org/p/provider-latest%2494f82234b28c8ecfecc0fa6845468547e54e9a74a468a8f479cdb55ac78333d3.json" file could not be downloaded (HTTP/1.1 404 Not Found)

@elharo
Copy link
Contributor Author

elharo commented Apr 8, 2022

Previous failure seems to be an unrelated flake.

@elharo elharo requested a review from mkruskal-google April 8, 2022 11:00
@elharo elharo merged commit a85bbad into protocolbuffers:main Apr 8, 2022
@elharo elharo deleted the elharo-patch-3 branch April 8, 2022 18:43
copybara-service bot pushed a commit that referenced this pull request Jun 8, 2023
Updates Guava to [32.0.0](https://github.com/google/guava/releases/tag/v32.0.0) to include fixes for CVE-2020-8908 and CVE-2023-2976 (google/guava#2575) which affects certain builds with shaded usage, e.g ruby via jruby/java platform such as https://rubygems.org/gems/google-protobuf/versions/3.23.2-java

- Protobuf does not appear to (directly) use the affected `Files.createTempDir` or `FileBackedOutputStream` code which might behave differently on Windows.
- Referred to #9707 and #9757 for reference
- Updated transitive dependency versions match https://mvnrepository.com/artifact/com.google.guava/guava/32.0.0-jre (note major version change for `j2objc-annotations` from `1.3` --> `2.8`)

May need backporting to `23.x` branch if sufficiently compatible.

Closes #12953

COPYBARA_INTEGRATE_REVIEW=#12953 from chadlwilson:update-guava-32 9c396b6
PiperOrigin-RevId: 538666552
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants