This is an automated email from the ASF dual-hosted git repository.
snuyanzin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/master by this push:
new 41d474058a7 [FLINK-39580][build] Bump Flink-controlled Java
dependencies (log4j, jackson, assertj, netty)
41d474058a7 is described below
commit 41d474058a73dc8f0da51ae53c520ed4cc0f2a26
Author: Purushottam Sinha <[email protected]>
AuthorDate: Fri May 1 12:44:53 2026 +0530
[FLINK-39580][build] Bump Flink-controlled Java dependencies (log4j,
jackson, assertj, netty)
- log4j-core 2.25.3 -> 2.25.4
- jackson-bom 2.20.1 -> 2.21.3
- assertj-core 3.27.3 -> 3.27.7
- netty-bom 4.2.6.Final -> 4.2.12.Final
---
.../src/main/resources/META-INF/NOTICE | 2 +-
.../src/main/resources/META-INF/NOTICE | 6 ++---
.../src/main/resources/META-INF/NOTICE | 2 +-
.../src/main/resources/META-INF/NOTICE | 8 +++----
.../src/main/resources/META-INF/NOTICE | 28 +++++++++++-----------
.../src/main/resources/META-INF/NOTICE | 8 +++----
.../src/main/resources/META-INF/NOTICE | 6 ++---
.../src/main/resources/META-INF/NOTICE | 6 ++---
.../src/main/resources/META-INF/NOTICE | 10 ++++----
.../src/main/resources/META-INF/NOTICE | 12 +++++-----
flink-python/src/main/resources/META-INF/NOTICE | 12 +++++-----
.../src/main/resources/META-INF/NOTICE | 14 +++++------
pom.xml | 8 +++----
13 files changed, 61 insertions(+), 61 deletions(-)
diff --git
a/flink-filesystems/flink-azure-fs-hadoop/src/main/resources/META-INF/NOTICE
b/flink-filesystems/flink-azure-fs-hadoop/src/main/resources/META-INF/NOTICE
index e0fd726626d..bbe9df35909 100644
--- a/flink-filesystems/flink-azure-fs-hadoop/src/main/resources/META-INF/NOTICE
+++ b/flink-filesystems/flink-azure-fs-hadoop/src/main/resources/META-INF/NOTICE
@@ -6,7 +6,7 @@ The Apache Software Foundation (http://www.apache.org/).
This project bundles the following dependencies under the Apache Software
License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- com.fasterxml.jackson.core:jackson-core:2.20.1
+- com.fasterxml.jackson.core:jackson-core:2.21.3
- com.google.guava:guava:20.0
- commons-codec:commons-codec:1.15
- commons-logging:commons-logging:1.1.3
diff --git
a/flink-filesystems/flink-fs-hadoop-shaded/src/main/resources/META-INF/NOTICE
b/flink-filesystems/flink-fs-hadoop-shaded/src/main/resources/META-INF/NOTICE
index 36caa22a8cc..0a0cd52d519 100644
---
a/flink-filesystems/flink-fs-hadoop-shaded/src/main/resources/META-INF/NOTICE
+++
b/flink-filesystems/flink-fs-hadoop-shaded/src/main/resources/META-INF/NOTICE
@@ -6,9 +6,9 @@ The Apache Software Foundation (http://www.apache.org/).
This project bundles the following dependencies under the Apache Software
License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- com.fasterxml.jackson.core:jackson-annotations:2.20
-- com.fasterxml.jackson.core:jackson-core:2.20.1
-- com.fasterxml.jackson.core:jackson-databind:2.20.1
+- com.fasterxml.jackson.core:jackson-annotations:2.21
+- com.fasterxml.jackson.core:jackson-core:2.21.3
+- com.fasterxml.jackson.core:jackson-databind:2.21.3
- com.fasterxml.woodstox:woodstox-core:5.3.0
- com.google.guava:failureaccess:1.0
- com.google.guava:guava:27.0-jre
diff --git
a/flink-filesystems/flink-gs-fs-hadoop/src/main/resources/META-INF/NOTICE
b/flink-filesystems/flink-gs-fs-hadoop/src/main/resources/META-INF/NOTICE
index 805f3d724b2..f5ba05a5ea2 100644
--- a/flink-filesystems/flink-gs-fs-hadoop/src/main/resources/META-INF/NOTICE
+++ b/flink-filesystems/flink-gs-fs-hadoop/src/main/resources/META-INF/NOTICE
@@ -6,7 +6,7 @@ The Apache Software Foundation (http://www.apache.org/).
This project bundles the following dependencies under the Apache Software
License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- com.fasterxml.jackson.core:jackson-core:2.20.1
+- com.fasterxml.jackson.core:jackson-core:2.21.3
- com.google.android:annotations:4.1.1.4
- com.google.api-client:google-api-client-jackson2:2.0.1
- com.google.api-client:google-api-client:2.2.0
diff --git
a/flink-filesystems/flink-s3-fs-hadoop/src/main/resources/META-INF/NOTICE
b/flink-filesystems/flink-s3-fs-hadoop/src/main/resources/META-INF/NOTICE
index 38fa565fe8e..3a842d25249 100644
--- a/flink-filesystems/flink-s3-fs-hadoop/src/main/resources/META-INF/NOTICE
+++ b/flink-filesystems/flink-s3-fs-hadoop/src/main/resources/META-INF/NOTICE
@@ -9,10 +9,10 @@ This project bundles the following dependencies under the
Apache Software Licens
- com.amazonaws:aws-java-sdk-s3:1.12.779
- com.amazonaws:aws-java-sdk-sts:1.12.779
- com.amazonaws:jmespath-java:1.12.779
-- com.fasterxml.jackson.core:jackson-annotations:2.20
-- com.fasterxml.jackson.core:jackson-core:2.20.1
-- com.fasterxml.jackson.core:jackson-databind:2.20.1
-- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.20.1
+- com.fasterxml.jackson.core:jackson-annotations:2.21
+- com.fasterxml.jackson.core:jackson-core:2.21.3
+- com.fasterxml.jackson.core:jackson-databind:2.21.3
+- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.21.3
- com.fasterxml.woodstox:woodstox-core:5.3.0
- com.google.guava:failureaccess:1.0
- com.google.guava:guava:27.0-jre
diff --git
a/flink-filesystems/flink-s3-fs-native/src/main/resources/META-INF/NOTICE
b/flink-filesystems/flink-s3-fs-native/src/main/resources/META-INF/NOTICE
index 09d5ca415aa..0b5eb7ad842 100644
--- a/flink-filesystems/flink-s3-fs-native/src/main/resources/META-INF/NOTICE
+++ b/flink-filesystems/flink-s3-fs-native/src/main/resources/META-INF/NOTICE
@@ -41,20 +41,20 @@ This project bundles the following dependencies under the
Apache Software Licens
- org.apache.httpcomponents:httpclient:4.5.13
- org.apache.httpcomponents:httpcore:4.4.14
- commons-logging:commons-logging:1.1.3
-- io.netty:netty-buffer:4.2.6.Final
-- io.netty:netty-codec:4.2.6.Final
-- io.netty:netty-codec-base:4.2.6.Final
-- io.netty:netty-codec-compression:4.2.6.Final
-- io.netty:netty-codec-http:4.2.6.Final
-- io.netty:netty-codec-http2:4.2.6.Final
-- io.netty:netty-codec-marshalling:4.2.6.Final
-- io.netty:netty-codec-protobuf:4.2.6.Final
-- io.netty:netty-common:4.2.6.Final
-- io.netty:netty-handler:4.2.6.Final
-- io.netty:netty-resolver:4.2.6.Final
-- io.netty:netty-transport:4.2.6.Final
-- io.netty:netty-transport-classes-epoll:4.2.6.Final
-- io.netty:netty-transport-native-unix-common:4.2.6.Final
+- io.netty:netty-buffer:4.2.12.Final
+- io.netty:netty-codec:4.2.12.Final
+- io.netty:netty-codec-base:4.2.12.Final
+- io.netty:netty-codec-compression:4.2.12.Final
+- io.netty:netty-codec-http:4.2.12.Final
+- io.netty:netty-codec-http2:4.2.12.Final
+- io.netty:netty-codec-marshalling:4.2.12.Final
+- io.netty:netty-codec-protobuf:4.2.12.Final
+- io.netty:netty-common:4.2.12.Final
+- io.netty:netty-handler:4.2.12.Final
+- io.netty:netty-resolver:4.2.12.Final
+- io.netty:netty-transport:4.2.12.Final
+- io.netty:netty-transport-classes-epoll:4.2.12.Final
+- io.netty:netty-transport-native-unix-common:4.2.12.Final
This project bundles the following dependencies under the MIT License
(https://opensource.org/licenses/MIT)
diff --git
a/flink-filesystems/flink-s3-fs-presto/src/main/resources/META-INF/NOTICE
b/flink-filesystems/flink-s3-fs-presto/src/main/resources/META-INF/NOTICE
index d8532657f1a..e9e0893d9f0 100644
--- a/flink-filesystems/flink-s3-fs-presto/src/main/resources/META-INF/NOTICE
+++ b/flink-filesystems/flink-s3-fs-presto/src/main/resources/META-INF/NOTICE
@@ -20,10 +20,10 @@ This project bundles the following dependencies under the
Apache Software Licens
- com.facebook.presto:presto-hive-common:0.272
- com.facebook.presto:presto-hive-metastore:0.272
- com.facebook.presto:presto-hive:0.272
-- com.fasterxml.jackson.core:jackson-annotations:2.20
-- com.fasterxml.jackson.core:jackson-core:2.20.1
-- com.fasterxml.jackson.core:jackson-databind:2.20.1
-- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.20.1
+- com.fasterxml.jackson.core:jackson-annotations:2.21
+- com.fasterxml.jackson.core:jackson-core:2.21.3
+- com.fasterxml.jackson.core:jackson-databind:2.21.3
+- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.21.3
- com.fasterxml.woodstox:woodstox-core:5.3.0
- com.google.guava:guava:26.0-jre
- com.google.inject:guice:4.2.2
diff --git
a/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
b/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
index 57225c7f34b..239d7f3100f 100644
---
a/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
+++
b/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
@@ -6,9 +6,9 @@ The Apache Software Foundation (http://www.apache.org/).
This project bundles the following dependencies under the Apache Software
License 2.0. (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- com.fasterxml.jackson.core:jackson-annotations:2.20
-- com.fasterxml.jackson.core:jackson-core:2.20.1
-- com.fasterxml.jackson.core:jackson-databind:2.20.1
+- com.fasterxml.jackson.core:jackson-annotations:2.21
+- com.fasterxml.jackson.core:jackson-core:2.21.3
+- com.fasterxml.jackson.core:jackson-databind:2.21.3
- com.google.guava:guava:32.0.1-jre
- commons-io:commons-io:2.15.1
- io.confluent:common-utils:7.5.3
diff --git a/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE
b/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE
index 1b3f44eb446..e32244b07ab 100644
--- a/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE
+++ b/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE
@@ -7,7 +7,7 @@ The Apache Software Foundation (http://www.apache.org/).
This project bundles the following dependencies under the Apache Software
License 2.0. (http://www.apache.org/licenses/LICENSE-2.0.txt)
- org.apache.avro:avro:1.11.5
-- com.fasterxml.jackson.core:jackson-core:2.20.1
-- com.fasterxml.jackson.core:jackson-databind:2.20.1
-- com.fasterxml.jackson.core:jackson-annotations:2.20
+- com.fasterxml.jackson.core:jackson-core:2.21.3
+- com.fasterxml.jackson.core:jackson-databind:2.21.3
+- com.fasterxml.jackson.core:jackson-annotations:2.21
- org.apache.commons:commons-compress:1.26.0
diff --git a/flink-kubernetes/src/main/resources/META-INF/NOTICE
b/flink-kubernetes/src/main/resources/META-INF/NOTICE
index 495e24b2027..318ce6cd045 100644
--- a/flink-kubernetes/src/main/resources/META-INF/NOTICE
+++ b/flink-kubernetes/src/main/resources/META-INF/NOTICE
@@ -6,11 +6,11 @@ The Apache Software Foundation (http://www.apache.org/).
This project bundles the following dependencies under the Apache Software
License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- com.fasterxml.jackson.core:jackson-annotations:2.20
-- com.fasterxml.jackson.core:jackson-core:2.20.1
-- com.fasterxml.jackson.core:jackson-databind:2.20.1
-- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.20.1
-- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.20.1
+- com.fasterxml.jackson.core:jackson-annotations:2.21
+- com.fasterxml.jackson.core:jackson-core:2.21.3
+- com.fasterxml.jackson.core:jackson-databind:2.21.3
+- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.21.3
+- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.21.3
- com.squareup.okhttp3:logging-interceptor:3.14.9
- com.squareup.okhttp3:okhttp:3.14.9
- com.squareup.okio:okio:1.17.2
diff --git a/flink-models/flink-model-openai/src/main/resources/META-INF/NOTICE
b/flink-models/flink-model-openai/src/main/resources/META-INF/NOTICE
index 7ac6e4238a4..f245bfdfa84 100644
--- a/flink-models/flink-model-openai/src/main/resources/META-INF/NOTICE
+++ b/flink-models/flink-model-openai/src/main/resources/META-INF/NOTICE
@@ -6,12 +6,12 @@ The Apache Software Foundation (http://www.apache.org/).
This project bundles the following dependencies under the Apache Software
License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- com.fasterxml.jackson.core:jackson-annotations:2.20
-- com.fasterxml.jackson.core:jackson-core:2.20.1
-- com.fasterxml.jackson.core:jackson-databind:2.20.1
-- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.20.1
-- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.20.1
-- com.fasterxml.jackson.module:jackson-module-kotlin:2.20.1
+- com.fasterxml.jackson.core:jackson-annotations:2.21
+- com.fasterxml.jackson.core:jackson-core:2.21.3
+- com.fasterxml.jackson.core:jackson-databind:2.21.3
+- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.21.3
+- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.21.3
+- com.fasterxml.jackson.module:jackson-module-kotlin:2.21.3
- com.google.errorprone:error_prone_annotations:2.33.0
- com.openai:openai-java:1.6.1
- com.openai:openai-java-client-okhttp:1.6.1
diff --git a/flink-python/src/main/resources/META-INF/NOTICE
b/flink-python/src/main/resources/META-INF/NOTICE
index 7dc57896ff3..2f8c9a2407b 100644
--- a/flink-python/src/main/resources/META-INF/NOTICE
+++ b/flink-python/src/main/resources/META-INF/NOTICE
@@ -6,10 +6,10 @@ The Apache Software Foundation (http://www.apache.org/).
This project bundles the following dependencies under the Apache Software
License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- com.fasterxml.jackson.core:jackson-annotations:2.20
-- com.fasterxml.jackson.core:jackson-core:2.20.1
-- com.fasterxml.jackson.core:jackson-databind:2.20.1
-- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.20.1
+- com.fasterxml.jackson.core:jackson-annotations:2.21
+- com.fasterxml.jackson.core:jackson-core:2.21.3
+- com.fasterxml.jackson.core:jackson-databind:2.21.3
+- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.21.3
- com.google.flatbuffers:flatbuffers-java:25.2.10
- joda-time:joda-time:2.5
- org.apache.arrow:arrow-format:19.0.0
@@ -58,8 +58,8 @@ The bundled Apache Beam dependencies bundle the following
dependencies under the
- io.grpc:grpc-protobuf:1.59.1
- io.grpc:grpc-stub:1.59.1
- io.grpc:grpc-testing:1.59.1
-- io.netty:netty-buffer:4.2.6.Final
-- io.netty:netty-common:4.2.6.Final
+- io.netty:netty-buffer:4.2.12.Final
+- io.netty:netty-common:4.2.12.Final
- io.opencensus:opencensus-api:0.31.0
- io.opencensus:opencensus-contrib-grpc-metrics:0.31.0
- io.perfmark:perfmark-api:0.26.0
diff --git a/flink-rpc/flink-rpc-akka/src/main/resources/META-INF/NOTICE
b/flink-rpc/flink-rpc-akka/src/main/resources/META-INF/NOTICE
index 1bcacd75bd4..d0e3de5d577 100644
--- a/flink-rpc/flink-rpc-akka/src/main/resources/META-INF/NOTICE
+++ b/flink-rpc/flink-rpc-akka/src/main/resources/META-INF/NOTICE
@@ -16,13 +16,13 @@ This project bundles the following dependencies under the
Apache Software Licens
- org.apache.pekko:pekko-protobuf-v3_2.12:1.4.0
- org.apache.pekko:pekko-slf4j_2.12:1.4.0
- org.apache.pekko:pekko-stream_2.12:1.4.0
-- io.netty:netty-buffer:4.2.6.Final
-- io.netty:netty-transport-native-unix-common:4.2.6.Final
-- io.netty:netty-common:4.2.6.Final
-- io.netty:netty-codec-base:4.2.6.Final
-- io.netty:netty-handler:4.2.6.Final
-- io.netty:netty-resolver:4.2.6.Final
-- io.netty:netty-transport:4.2.6.Final
+- io.netty:netty-buffer:4.2.12.Final
+- io.netty:netty-transport-native-unix-common:4.2.12.Final
+- io.netty:netty-common:4.2.12.Final
+- io.netty:netty-codec-base:4.2.12.Final
+- io.netty:netty-handler:4.2.12.Final
+- io.netty:netty-resolver:4.2.12.Final
+- io.netty:netty-transport:4.2.12.Final
The following dependencies all share the same BSD license which you find under
licenses/LICENSE.scala.
diff --git a/pom.xml b/pom.xml
index 456a1d7b98e..9bfc70ca575 100644
--- a/pom.xml
+++ b/pom.xml
@@ -134,7 +134,7 @@ under the License.
<source.java.version>11</source.java.version>
<target.java.version>17</target.java.version>
<slf4j.version>1.7.36</slf4j.version>
- <log4j.version>2.25.3</log4j.version>
+ <log4j.version>2.25.4</log4j.version>
<!-- Overwrite default values from parent pom.
IntelliJ IDEA is (sometimes?) using those values to
choose target language level
and thus is changing back to java 1.6 on each maven
re-import -->
@@ -151,7 +151,7 @@ under the License.
<avro.version>1.11.5</avro.version>
<!-- Version for transitive Jackson dependencies that are not
used within Flink itself.-->
<jackson.mapper.asl.version>1.9.14.jdk17-redhat-00001</jackson.mapper.asl.version>
- <jackson-bom.version>2.20.1</jackson-bom.version>
+ <jackson-bom.version>2.21.3</jackson-bom.version>
<javax.activation.api.version>1.2.0</javax.activation.api.version>
<jaxb.api.version>2.3.1</jaxb.api.version>
<junit4.version>4.13.2</junit4.version>
@@ -159,7 +159,7 @@ under the License.
<archunit.version>1.4.1</archunit.version>
<mockito.version>5.19.0</mockito.version>
<hamcrest.version>1.3</hamcrest.version>
- <assertj.version>3.27.3</assertj.version>
+ <assertj.version>3.27.7</assertj.version>
<py4j.version>0.10.9.7</py4j.version>
<beam.version>2.54.0</beam.version>
<protoc.version>4.32.1</protoc.version>
@@ -914,7 +914,7 @@ under the License.
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-bom</artifactId>
- <version>4.2.6.Final</version>
+ <version>4.2.12.Final</version>
<type>pom</type>
<scope>import</scope>
</dependency>
