mirror of https://github.com/grpc/grpc-java.git
Update guava dependency to address CVE-2023-2976 (#10249)
Explicit dependencies to keep versions in step with newer Guava
This commit is contained in:
Mark S. Lewis
GitHub
parent
5754518914
commit
ae59afb5bf
|
|
@ -58,7 +58,7 @@
|
||||||
<dependency> <!-- prevent downgrade of version in protobuf-java-util from grpc-services -->
|
<dependency> <!-- prevent downgrade of version in protobuf-java-util from grpc-services -->
|
||||||
<groupId>com.google.guava</groupId>
|
<groupId>com.google.guava</groupId>
|
||||||
<artifactId>guava</artifactId>
|
<artifactId>guava</artifactId>
|
||||||
<version>31.1-jre</version>
|
<version>32.0.1-jre</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>junit</groupId>
|
<groupId>junit</groupId>
|
||||||
|
|
|
||||||
|
|
@ -58,7 +58,7 @@
|
||||||
<dependency> <!-- prevent downgrade of version in protobuf-java-util from grpc-services -->
|
<dependency> <!-- prevent downgrade of version in protobuf-java-util from grpc-services -->
|
||||||
<groupId>com.google.guava</groupId>
|
<groupId>com.google.guava</groupId>
|
||||||
<artifactId>guava</artifactId>
|
<artifactId>guava</artifactId>
|
||||||
<version>31.1-jre</version>
|
<version>32.0.1-jre</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>junit</groupId>
|
<groupId>junit</groupId>
|
||||||
|
|
|
||||||
|
|
@ -63,7 +63,12 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.google.guava</groupId>
|
<groupId>com.google.guava</groupId>
|
||||||
<artifactId>guava</artifactId>
|
<artifactId>guava</artifactId>
|
||||||
<version>31.1-jre</version> <!-- prevent downgrade of version in protobuf-java-util -->
|
<version>32.0.1-jre</version> <!-- prevent downgrade of version in protobuf-java-util -->
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.google.j2objc</groupId>
|
||||||
|
<artifactId>j2objc-annotations</artifactId>
|
||||||
|
<version>2.8</version> <!-- prevent downgrade of version in guava -->
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.tomcat</groupId>
|
<groupId>org.apache.tomcat</groupId>
|
||||||
|
|
|
||||||
|
|
@ -59,7 +59,9 @@ dependencies {
|
||||||
libraries.animalsniffer.annotations, // Use our newer version
|
libraries.animalsniffer.annotations, // Use our newer version
|
||||||
libraries.guava.jre, // Use our newer version
|
libraries.guava.jre, // Use our newer version
|
||||||
libraries.protobuf.java.util, // Use our newer version
|
libraries.protobuf.java.util, // Use our newer version
|
||||||
libraries.re2j // Use our newer version
|
libraries.re2j, // Use our newer version
|
||||||
|
libraries.checker.qual, // Explicit dependency to keep in step with version used by guava
|
||||||
|
libraries.j2objc.annotations // Explicit dependency to keep in step with version used by guava
|
||||||
|
|
||||||
testImplementation testFixtures(project(':grpc-context')),
|
testImplementation testFixtures(project(':grpc-context')),
|
||||||
project(':grpc-testing'),
|
project(':grpc-testing'),
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
# Compatibility problem with internal version getting onto 1.5.3.
|
# Compatibility problem with internal version getting onto 1.5.3.
|
||||||
# https://github.com/grpc/grpc-java/pull/9118
|
# https://github.com/grpc/grpc-java/pull/9118
|
||||||
googleauth = "1.4.0"
|
googleauth = "1.4.0"
|
||||||
guava = "31.1-android"
|
guava = "32.0.1-android"
|
||||||
netty = '4.1.87.Final'
|
netty = '4.1.87.Final'
|
||||||
# Keep the following references of tcnative version in sync whenever it's updated:
|
# Keep the following references of tcnative version in sync whenever it's updated:
|
||||||
# SECURITY.md
|
# SECURITY.md
|
||||||
|
|
@ -23,6 +23,7 @@ animalsniffer = "org.codehaus.mojo:animal-sniffer:1.23"
|
||||||
animalsniffer-annotations = "org.codehaus.mojo:animal-sniffer-annotations:1.23"
|
animalsniffer-annotations = "org.codehaus.mojo:animal-sniffer-annotations:1.23"
|
||||||
auto-value = "com.google.auto.value:auto-value:1.10.1"
|
auto-value = "com.google.auto.value:auto-value:1.10.1"
|
||||||
auto-value-annotations = "com.google.auto.value:auto-value-annotations:1.10.1"
|
auto-value-annotations = "com.google.auto.value:auto-value-annotations:1.10.1"
|
||||||
|
checker-qual = "org.checkerframework:checker-qual:3.33.0"
|
||||||
checkstyle = "com.puppycrawl.tools:checkstyle:8.28"
|
checkstyle = "com.puppycrawl.tools:checkstyle:8.28"
|
||||||
commons-math3 = "org.apache.commons:commons-math3:3.6.1"
|
commons-math3 = "org.apache.commons:commons-math3:3.6.1"
|
||||||
conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2"
|
conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2"
|
||||||
|
|
@ -38,9 +39,10 @@ gson = "com.google.code.gson:gson:2.10.1"
|
||||||
guava = { module = "com.google.guava:guava", version.ref = "guava" }
|
guava = { module = "com.google.guava:guava", version.ref = "guava" }
|
||||||
guava-betaChecker = "com.google.guava:guava-beta-checker:1.0"
|
guava-betaChecker = "com.google.guava:guava-beta-checker:1.0"
|
||||||
guava-testlib = { module = "com.google.guava:guava-testlib", version.ref = "guava" }
|
guava-testlib = { module = "com.google.guava:guava-testlib", version.ref = "guava" }
|
||||||
guava-jre = "com.google.guava:guava:31.1-jre"
|
guava-jre = "com.google.guava:guava:32.0.1-jre"
|
||||||
hdrhistogram = "org.hdrhistogram:HdrHistogram:2.1.12"
|
hdrhistogram = "org.hdrhistogram:HdrHistogram:2.1.12"
|
||||||
javax-annotation = "org.apache.tomcat:annotations-api:6.0.53"
|
javax-annotation = "org.apache.tomcat:annotations-api:6.0.53"
|
||||||
|
j2objc-annotations = " com.google.j2objc:j2objc-annotations:2.8"
|
||||||
jetty-alpn-agent = "org.mortbay.jetty.alpn:jetty-alpn-agent:2.0.10"
|
jetty-alpn-agent = "org.mortbay.jetty.alpn:jetty-alpn-agent:2.0.10"
|
||||||
jsr305 = "com.google.code.findbugs:jsr305:3.0.2"
|
jsr305 = "com.google.code.findbugs:jsr305:3.0.2"
|
||||||
junit = "junit:junit:4.13.2"
|
junit = "junit:junit:4.13.2"
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
|
||||||
"com.google.code.gson:gson:2.10.1",
|
"com.google.code.gson:gson:2.10.1",
|
||||||
"com.google.errorprone:error_prone_annotations:2.18.0",
|
"com.google.errorprone:error_prone_annotations:2.18.0",
|
||||||
"com.google.guava:failureaccess:1.0.1",
|
"com.google.guava:failureaccess:1.0.1",
|
||||||
"com.google.guava:guava:31.1-android",
|
"com.google.guava:guava:32.0.1-android",
|
||||||
"com.google.re2j:re2j:1.7",
|
"com.google.re2j:re2j:1.7",
|
||||||
"com.google.truth:truth:1.0.1",
|
"com.google.truth:truth:1.0.1",
|
||||||
"com.squareup.okhttp:okhttp:2.7.5",
|
"com.squareup.okhttp:okhttp:2.7.5",
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,8 @@ dependencies {
|
||||||
implementation libraries.protobuf.java.util,
|
implementation libraries.protobuf.java.util,
|
||||||
libraries.guava.jre // JRE required by protobuf-java-util
|
libraries.guava.jre // JRE required by protobuf-java-util
|
||||||
|
|
||||||
runtimeOnly libraries.errorprone.annotations
|
runtimeOnly libraries.errorprone.annotations,
|
||||||
|
libraries.j2objc.annotations // Explicit dependency to keep in step with version used by guava
|
||||||
|
|
||||||
compileOnly libraries.javax.annotation
|
compileOnly libraries.javax.annotation
|
||||||
testImplementation project(':grpc-testing'),
|
testImplementation project(':grpc-testing'),
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue