Skip to content

deps: update Guava to 31.1#9757

Merged
elharo merged 1 commit intoprotocolbuffers:mainfrom
elharo:elharo-patch-3
Apr 8, 2022
Merged

deps: update Guava to 31.1#9757
elharo merged 1 commit intoprotocolbuffers:mainfrom
elharo:elharo-patch-3

Conversation

@elharo
Copy link
Copy Markdown
Contributor

@elharo elharo commented Apr 7, 2022
edited
Loading

@elharo
Copy link
Copy Markdown
Contributor Author

elharo commented Apr 7, 2022

[Zend Modules]

++ composer update
Loading composer repositories with package information
Warning from https://repo.packagist.org/: Support for Composer 1 is deprecated and some packages will not be available. You should upgrade to Composer 2. See https://blog.packagist.com/deprecating-composer-1-support/
Info from https://repo.packagist.org/: #StandWithUkraine
Updating dependencies (including require-dev)

[Composer\Downloader\TransportException]
The "https://packagist.org/p/provider-latest%2494f82234b28c8ecfecc0fa6845468547e54e9a74a468a8f479cdb55ac78333d3.json" file could not be downloaded (HTTP/1.1 404 Not Found)

@elharo
Copy link
Copy Markdown
Contributor Author

elharo commented Apr 8, 2022

Previous failure seems to be an unrelated flake.

@elharo elharo requested a review from mkruskal-google April 8, 2022 11:00
@elharo elharo merged commit a85bbad into protocolbuffers:main Apr 8, 2022
@elharo elharo deleted the elharo-patch-3 branch April 8, 2022 18:43
@chadlwilson chadlwilson mentioned this pull request Jun 1, 2023
Closed
copybara-service Bot pushed a commit that referenced this pull request Jun 8, 2023
@chadlwilson @copybara-github
deps: Update Guava to 32.0.0 (#12953)
cd615a8 
Updates Guava to [32.0.0](https://github.com/google/guava/releases/tag/v32.0.0) to include fixes for CVE-2020-8908 and CVE-2023-2976 (google/guava#2575) which affects certain builds with shaded usage, e.g ruby via jruby/java platform such as https://rubygems.org/gems/google-protobuf/versions/3.23.2-java

- Protobuf does not appear to (directly) use the affected `Files.createTempDir` or `FileBackedOutputStream` code which might behave differently on Windows.
- Referred to #9707 and #9757 for reference
- Updated transitive dependency versions match https://mvnrepository.com/artifact/com.google.guava/guava/32.0.0-jre (note major version change for `j2objc-annotations` from `1.3` --> `2.8`)

May need backporting to `23.x` branch if sufficiently compatible.

Closes #12953

COPYBARA_INTEGRATE_REVIEW=#12953 from chadlwilson:update-guava-32 9c396b6
PiperOrigin-RevId: 538666552
@chadlwilson chadlwilson mentioned this pull request Jun 8, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkruskal-google mkruskal-google mkruskal-google approved these changes

Assignees

No one assigned

Labels

java

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@elharo @mkruskal-google @protobuf-kokoro