This is an automated email from the ASF dual-hosted git repository.
srowen pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/branch-3.3 by this push:
new 27ca30aaad4 [SPARK-40782][BUILD] Upgrade `jackson-databind` to 2.13.4.1
27ca30aaad4 is described below
commit 27ca30aaad41e4dd50834d255720fb46a36d9e6d
Author: yangjie01 <yangji...@baidu.com>
AuthorDate: Thu Oct 13 10:29:59 2022 -0500
[SPARK-40782][BUILD] Upgrade `jackson-databind` to 2.13.4.1
### What changes were proposed in this pull request?
This pr aims upgrade `jackson-databind` to 2.13.4.1.
### Why are the changes needed?
This is a bug fix version related to [CVE-2022-42003]
- https://github.com/FasterXML/jackson-databind/pull/3621
### Does this PR introduce _any_ user-facing change?
No
### How was this patch tested?
Pass GitHub Actions
Closes #38235 from LuciferYang/SPARK-40782.
Authored-by: yangjie01 <yangji...@baidu.com>
Signed-off-by: Sean Owen <sro...@gmail.com>
(cherry picked from commit 2a8b2a136d5a705526bb76697596f5ad01ce391d)
Signed-off-by: Sean Owen <sro...@gmail.com>
---
dev/deps/spark-deps-hadoop-2-hive-2.3 | 2 +-
dev/deps/spark-deps-hadoop-3-hive-2.3 | 2 +-
pom.xml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3
b/dev/deps/spark-deps-hadoop-2-hive-2.3
index fb9c36a26a1..55515614ab8 100644
--- a/dev/deps/spark-deps-hadoop-2-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-2-hive-2.3
@@ -115,7 +115,7 @@ ivy/2.5.0//ivy-2.5.0.jar
jackson-annotations/2.13.4//jackson-annotations-2.13.4.jar
jackson-core-asl/1.9.13//jackson-core-asl-1.9.13.jar
jackson-core/2.13.4//jackson-core-2.13.4.jar
-jackson-databind/2.13.4//jackson-databind-2.13.4.jar
+jackson-databind/2.13.4.1//jackson-databind-2.13.4.1.jar
jackson-dataformat-cbor/2.13.4//jackson-dataformat-cbor-2.13.4.jar
jackson-dataformat-yaml/2.13.4//jackson-dataformat-yaml-2.13.4.jar
jackson-datatype-jsr310/2.13.4//jackson-datatype-jsr310-2.13.4.jar
diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3
b/dev/deps/spark-deps-hadoop-3-hive-2.3
index f6e09eff50a..9fc9dca09b0 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -105,7 +105,7 @@ ivy/2.5.0//ivy-2.5.0.jar
jackson-annotations/2.13.4//jackson-annotations-2.13.4.jar
jackson-core-asl/1.9.13//jackson-core-asl-1.9.13.jar
jackson-core/2.13.4//jackson-core-2.13.4.jar
-jackson-databind/2.13.4//jackson-databind-2.13.4.jar
+jackson-databind/2.13.4.1//jackson-databind-2.13.4.1.jar
jackson-dataformat-cbor/2.13.4//jackson-dataformat-cbor-2.13.4.jar
jackson-dataformat-yaml/2.13.4//jackson-dataformat-yaml-2.13.4.jar
jackson-datatype-jsr310/2.13.4//jackson-datatype-jsr310-2.13.4.jar
diff --git a/pom.xml b/pom.xml
index d7ed56329fd..43f9c30422f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -172,7 +172,7 @@
<scalafmt.skip>true</scalafmt.skip>
<codehaus.jackson.version>1.9.13</codehaus.jackson.version>
<fasterxml.jackson.version>2.13.4</fasterxml.jackson.version>
-
<fasterxml.jackson.databind.version>2.13.4</fasterxml.jackson.databind.version>
+
<fasterxml.jackson.databind.version>2.13.4.1</fasterxml.jackson.databind.version>
<snappy.version>1.1.8.4</snappy.version>
<netlib.java.version>1.1.2</netlib.java.version>
<netlib.ludovic.dev.version>2.2.1</netlib.ludovic.dev.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org
