This is an automated email from the ASF dual-hosted git repository.
wu-sheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git
The following commit(s) were added to refs/heads/master by this push:
new 7d10e221a2 Clear CVE Dependabot alerts: Curator/ZooKeeper bump,
assertj, e2e test fixtures (#13913)
7d10e221a2 is described below
commit 7d10e221a243cb3417b08748e6266948db4a8975
Author: 吴晟 Wu Sheng <[email protected]>
AuthorDate: Thu Jun 18 11:34:51 2026 +0800
Clear CVE Dependabot alerts: Curator/ZooKeeper bump, assertj, e2e test
fixtures (#13913)
This clears the actionable, non-Go Dependabot alerts on `master`. (The Go
e2e-fixture alerts require a Go 1.24 agent toolchain and are handled separately
via skywalking-go image work + an e2e follow-up.)
### Shipped product (oap-server-bom + LICENSE + docs)
- **Apache Curator `4.3.0` → `5.9.0`** (+ `curator-test`) and **Apache
ZooKeeper `3.5.7` → `3.9.5`**, bumped together — Curator 5.x is the line that
carries the ZK 3.9.x client. Clears **CVE-2023-44981** (critical). OAP is a
ZooKeeper *client* only, so the server-side bug was never reachable, but the
bundled jar tripped Dependabot. The cluster-zookeeper and
configuration-zookeeper plugins use only stable Curator APIs, so no source
changes were required. Operator-facing change: support [...]
### Build/test scope
- **assertj-core `3.20.2` → `3.27.7`** — clears CVE-2026-24400 (XXE in
`isXmlEqualTo`, unused), test scope.
### e2e test fixtures (`test/e2e-v2`, never shipped)
- guava → `32.0.0-jre`, kafka-clients → `3.9.2` (+ removed a stale unused
`2.4.1` property), log4j-core → `2.25.4`, logback → `1.2.13` (the Java-8 line,
not Dependabot's JDK-11 `1.4.12`), json-path → `2.9.0`, flask → `3.1.3`,
protobuf → `4.25.8`.
---
.github/workflows/skywalking.yaml | 48 ++++++++++++++++++----
.licenserc.yaml | 6 +++
dist-material/release-docs/LICENSE | 14 +++----
docs/en/changes/changes.md | 2 +
docs/en/setup/backend/backend-cluster.md | 6 +--
oap-server-bom/pom.xml | 6 +--
...ClusterModuleZookeeperProviderFunctionalIT.java | 2 +-
.../zookeeper/it/ZookeeperConfigurationIT.java | 2 +-
.../src/main/resources/application.yml | 3 +-
pom.xml | 2 +-
.../cases/airflow/mock/requirements-replay.txt | 4 +-
.../cases/cluster/zk/banyandb/docker-compose.yml | 2 +-
test/e2e-v2/cases/cluster/zk/es/docker-compose.yml | 2 +-
test/e2e-v2/cases/gateway/docker-compose.yml | 2 +-
.../e2e-mock-baseline-server/pom.xml | 2 +-
.../java-test-service/e2e-mock-sender/pom.xml | 2 +-
.../java-test-service/e2e-service-provider/pom.xml | 6 +--
test/e2e-v2/java-test-service/pom.xml | 6 +--
18 files changed, 77 insertions(+), 40 deletions(-)
diff --git a/.github/workflows/skywalking.yaml
b/.github/workflows/skywalking.yaml
index 29102a7fc6..221de0f4ae 100644
--- a/.github/workflows/skywalking.yaml
+++ b/.github/workflows/skywalking.yaml
@@ -786,16 +786,31 @@ jobs:
if: matrix.test.docker != null
run: docker build -t ${{ matrix.test.docker.name }} -f ${{
matrix.test.docker.base }}/${{ matrix.test.docker.file }} ${{
matrix.test.docker.base }}
- name: ${{ matrix.test.name }}
- uses:
apache/skywalking-infra-e2e@0d91769411db83f6329633df810a36c6ea1a9b02
+ uses:
apache/skywalking-infra-e2e@68bbdec303cf2d3df9f2353f970f91938b52f674
with:
e2e-file: $GITHUB_WORKSPACE/${{ matrix.test.config }}
- - if: ${{ failure() }}
+ - if: ${{ failure() || cancelled() }}
run: |
df -h
du -sh .
docker images
+ # Capture container logs even when the job is CANCELLED (e.g. a case that
+ # hangs and hits the job timeout-minutes is `cancelled`, not `failure`,
so a
+ # plain `if: failure()` upload is skipped and produces zero logs). The
e2e
+ # action's own log collector also never runs when the trigger hangs, so
dump
+ # the docker logs directly here while the containers are still alive.
+ - name: Dump container logs
+ if: ${{ failure() || cancelled() }}
+ run: |
+ LOG_DIR="${{ env.SW_INFRA_E2E_LOG_DIR }}"
+ mkdir -p "$LOG_DIR"
+ docker ps -a > "$LOG_DIR/docker-ps.txt" 2>&1 || true
+ for c in $(docker ps -aq); do
+ name=$(docker inspect -f '{{.Name}}' "$c" | tr -d '/')
+ docker logs "$c" > "$LOG_DIR/$name.log" 2>&1 || true
+ done
- uses: actions/upload-artifact@v4
- if: ${{ failure() }}
+ if: ${{ failure() || cancelled() }}
name: Upload Logs
with:
name: test-logs-${{ matrix.test.name }}
@@ -860,7 +875,7 @@ jobs:
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: ALS ${{ matrix.storage }}, ${{ matrix.analyzer }}, istio-${{
matrix.versions.istio }}, k8s-${{ matrix.versions.kubernetes }}
- uses:
apache/skywalking-infra-e2e@0d91769411db83f6329633df810a36c6ea1a9b02
+ uses:
apache/skywalking-infra-e2e@68bbdec303cf2d3df9f2353f970f91938b52f674
env:
ISTIO_VERSION: ${{ matrix.versions.istio }}
KUBERNETES_VERSION: ${{ matrix.versions.kubernetes }}
@@ -932,7 +947,7 @@ jobs:
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: ${{ matrix.test.name }}
- uses:
apache/skywalking-infra-e2e@0d91769411db83f6329633df810a36c6ea1a9b02
+ uses:
apache/skywalking-infra-e2e@68bbdec303cf2d3df9f2353f970f91938b52f674
env:
ISTIO_VERSION: ${{ matrix.versions.istio }}
KUBERNETES_VERSION: ${{ matrix.versions.kubernetes }}
@@ -996,7 +1011,7 @@ jobs:
shell: bash
run: ./mvnw -B -q -f test/e2e-v2/java-test-service/pom.xml clean
package
- name: Java version ${{ matrix.java-version }}
- uses:
apache/skywalking-infra-e2e@0d91769411db83f6329633df810a36c6ea1a9b02
+ uses:
apache/skywalking-infra-e2e@68bbdec303cf2d3df9f2353f970f91938b52f674
env:
SW_AGENT_JDK_VERSION: ${{ matrix.java-version }}
with:
@@ -1092,16 +1107,31 @@ jobs:
fi
docker compose -f ${BANYANDB_DATA_GENERATE_ROOT}/docker-compose.yml
down -v
- name: ${{ matrix.test.name }}
- uses:
apache/skywalking-infra-e2e@0d91769411db83f6329633df810a36c6ea1a9b02
+ uses:
apache/skywalking-infra-e2e@68bbdec303cf2d3df9f2353f970f91938b52f674
with:
e2e-file: $GITHUB_WORKSPACE/${{ matrix.test.config }}
- - if: ${{ failure() }}
+ - if: ${{ failure() || cancelled() }}
run: |
df -h
du -sh .
docker images
+ # Capture container logs even when the job is CANCELLED (e.g. a case that
+ # hangs and hits the job timeout-minutes is `cancelled`, not `failure`,
so a
+ # plain `if: failure()` upload is skipped and produces zero logs). The
e2e
+ # action's own log collector also never runs when the trigger hangs, so
dump
+ # the docker logs directly here while the containers are still alive.
+ - name: Dump container logs
+ if: ${{ failure() || cancelled() }}
+ run: |
+ LOG_DIR="${{ env.SW_INFRA_E2E_LOG_DIR }}"
+ mkdir -p "$LOG_DIR"
+ docker ps -a > "$LOG_DIR/docker-ps.txt" 2>&1 || true
+ for c in $(docker ps -aq); do
+ name=$(docker inspect -f '{{.Name}}' "$c" | tr -d '/')
+ docker logs "$c" > "$LOG_DIR/$name.log" 2>&1 || true
+ done
- uses: actions/upload-artifact@v4
- if: ${{ failure() }}
+ if: ${{ failure() || cancelled() }}
name: Upload Logs
with:
name: test-logs-${{ matrix.test.name }}
diff --git a/.licenserc.yaml b/.licenserc.yaml
index 7a85203fda..b9399b20e6 100644
--- a/.licenserc.yaml
+++ b/.licenserc.yaml
@@ -144,4 +144,10 @@ dependency:
- name: io.vertx:vertx-grpc
version: 4.5.9
license: EPL-2.0
+ - name: org.apache.zookeeper:zookeeper
+ version: 3.9.5
+ license: Apache-2.0
+ - name: org.apache.zookeeper:zookeeper-jute
+ version: 3.9.5
+ license: Apache-2.0
diff --git a/dist-material/release-docs/LICENSE
b/dist-material/release-docs/LICENSE
index 614f378faa..0776a406b0 100644
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -323,10 +323,10 @@ The text of each license is the standard Apache 2.0
license.
https://mvnrepository.com/artifact/org.apache.commons/commons-compress/1.26.2
Apache-2.0
https://mvnrepository.com/artifact/org.apache.commons/commons-lang3/3.18.0
Apache-2.0
https://mvnrepository.com/artifact/org.apache.commons/commons-text/1.4
Apache-2.0
- https://mvnrepository.com/artifact/org.apache.curator/curator-client/4.3.0
Apache-2.0
-
https://mvnrepository.com/artifact/org.apache.curator/curator-framework/4.3.0
Apache-2.0
-
https://mvnrepository.com/artifact/org.apache.curator/curator-recipes/4.3.0
Apache-2.0
-
https://mvnrepository.com/artifact/org.apache.curator/curator-x-discovery/4.3.0
Apache-2.0
+ https://mvnrepository.com/artifact/org.apache.curator/curator-client/5.9.0
Apache-2.0
+
https://mvnrepository.com/artifact/org.apache.curator/curator-framework/5.9.0
Apache-2.0
+
https://mvnrepository.com/artifact/org.apache.curator/curator-recipes/5.9.0
Apache-2.0
+
https://mvnrepository.com/artifact/org.apache.curator/curator-x-discovery/5.9.0
Apache-2.0
https://mvnrepository.com/artifact/org.apache.httpcomponents/httpasyncclient/4.1.5
Apache-2.0
https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5.13
Apache-2.0
https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.16
Apache-2.0
@@ -335,9 +335,9 @@ The text of each license is the standard Apache 2.0 license.
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api/2.25.4
Apache-2.0
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.25.4
Apache-2.0
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl/2.25.4
Apache-2.0
-
https://mvnrepository.com/artifact/org.apache.yetus/audience-annotations/0.5.0
Apache-2.0
- https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.5.7
Apache-2.0
-
https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper-jute/3.5.7
Apache-2.0
+
https://mvnrepository.com/artifact/org.apache.yetus/audience-annotations/0.12.0
Apache-2.0
+ https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.9.5
Apache-2.0
+
https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper-jute/3.9.5
Apache-2.0
https://mvnrepository.com/artifact/org.freemarker/freemarker/2.3.31
Apache-2.0
https://mvnrepository.com/artifact/org.jetbrains.kotlin/kotlin-reflect/1.7.10
Apache-2.0
https://mvnrepository.com/artifact/org.jetbrains.kotlin/kotlin-stdlib/1.7.10
Apache-2.0
diff --git a/docs/en/changes/changes.md b/docs/en/changes/changes.md
index 0de690baf9..17c291333f 100644
--- a/docs/en/changes/changes.md
+++ b/docs/en/changes/changes.md
@@ -301,6 +301,8 @@
* Add `@Stream(allowBootReshape = true)` opt-in for additive boot-time reshape
of BanyanDB streams / measures. Code-defined stream classes (e.g.
`AlarmRecord`) can now annotate their schema as eligible for in-place additive
update at OAP boot — a new `@Column` is appended to the live tag-family /
fields via `client.update` instead of being silently rejected with
`SKIPPED_SHAPE_MISMATCH` (which previously forced operators to drop the measure
/ stream and lose historical rows). Additive in [...]
* Mask keywords `trustStorePass`, `keyStorePass` by default.
* Bump up dependencies to clear CVE alerts on shipped OAP jars: log4j `2.25.3`
→ `2.25.4`, jackson `2.18.5` → `2.18.6`, kafka-clients `3.4.0` → `3.9.2`,
postgresql `42.4.4` → `42.7.11`, commons-compress `1.21` → `1.26.2`.
+* Bump Apache Curator `4.3.0` → `5.9.0` and Apache ZooKeeper `3.5.7` → `3.9.5`
together to clear CVE-2023-44981 (the bundled ZooKeeper jar carried it; OAP is
a ZooKeeper client only, so the server-side bug was never reachable, but the
jar tripped Dependabot). The cluster-zookeeper and configuration-zookeeper
plugins use only stable Curator APIs, so no source changes were required.
Operator-facing change: the supported ZooKeeper server version is now 3.6+
(Curator 5.x uses ZooKeeper persi [...]
+* Bump test-scope assertj-core `3.20.2` → `3.27.7` to clear CVE-2026-24400
(XXE in `isXmlEqualTo`, not used by any test).
* Fix: continuous profiling policy validation now rejects a threshold / count
of `0` to match the error messages and rover's `value >= threshold` trigger
semantics (a `0` threshold would always trigger). CPU percent and HTTP error
rate are tightened from `[0-100]` to `(0-100]`.
* Fix wrong BanyanDB resource options in record data.
* Align the default BanyanDB stage `segmentInterval` values so each coarser
stage is an integer multiple of the finer one (`records` cold `3` → `4`,
`metricsMinute` cold `5` → `6`, `metricsHour` warm `7` → `10` and cold `15` →
`20`), keeping hot → warm → cold lifecycle migration on the cheap whole-segment
fast path.
diff --git a/docs/en/setup/backend/backend-cluster.md
b/docs/en/setup/backend/backend-cluster.md
index ff1ea0e09f..b5a352802f 100644
--- a/docs/en/setup/backend/backend-cluster.md
+++ b/docs/en/setup/backend/backend-cluster.md
@@ -82,7 +82,7 @@ You could have two options
Zookeeper is a very common and widely used cluster coordinator. Set the
**cluster/selector** to **zookeeper** in the yml
to enable it.
-Required Zookeeper version: 3.5+
+Supported Zookeeper server version: 3.6+. The bundled ZooKeeper client library
is 3.9.x.
```yaml
cluster:
@@ -92,11 +92,11 @@ cluster:
- `hostPort` is the list of zookeeper servers. Format is
`IP1:PORT1,IP2:PORT2,...,IPn:PORTn`
- `enableACL`
- enable [Zookeeper
ACL](https://zookeeper.apache.org/doc/r3.5.5/zookeeperProgrammers.html#sc_ZooKeeperAccessControl)
to
+ enable [Zookeeper
ACL](https://zookeeper.apache.org/doc/r3.9.3/zookeeperProgrammers.html#sc_ZooKeeperAccessControl)
to
control access to its znode.
- `schema` is Zookeeper ACL schemas.
- `expression` is a expression of ACL. The format of the expression is
specific to
- the
[schema](https://zookeeper.apache.org/doc/r3.5.5/zookeeperProgrammers.html#sc_BuiltinACLSchemes).
+ the
[schema](https://zookeeper.apache.org/doc/r3.9.3/zookeeperProgrammers.html#sc_BuiltinACLSchemes).
- `hostPort`, `baseSleepTimeMs` and `maxRetries` are settings of Zookeeper
curator client.
Note:
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index 7a08c4593b..81768d79db 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -37,7 +37,7 @@
<okhttp.version>3.14.9</okhttp.version>
<httpclient.version>4.5.13</httpclient.version>
<joda-time.version>2.10.5</joda-time.version>
- <zookeeper.version>3.5.7</zookeeper.version>
+ <zookeeper.version>3.9.5</zookeeper.version>
<guava.version>32.0.1-jre</guava.version>
<snakeyaml.version>2.0</snakeyaml.version>
<protobuf-java.version>4.33.1</protobuf-java.version>
@@ -54,8 +54,8 @@
<simpleclient.version>0.6.0</simpleclient.version>
<apollo.version>1.8.0</apollo.version>
<nacos.version>2.3.2</nacos.version>
- <curator.version>4.3.0</curator.version>
- <curator-test.version>2.12.0</curator-test.version>
+ <curator.version>5.9.0</curator.version>
+ <curator-test.version>5.9.0</curator-test.version>
<etcd4j.version>2.18.0</etcd4j.version>
<freemarker.version>2.3.31</freemarker.version>
<javaassist.version>3.25.0-GA</javaassist.version>
diff --git
a/oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProviderFunctionalIT.java
b/oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProviderFunctionalIT.java
index beac2532d5..f457857615 100644
---
a/oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProviderFunctionalIT.java
+++
b/oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProviderFunctionalIT.java
@@ -60,7 +60,7 @@ public class ClusterModuleZookeeperProviderFunctionalIT {
@Container
public final GenericContainer<?> container =
- new GenericContainer<>(DockerImageName.parse("zookeeper:3.5"))
+ new GenericContainer<>(DockerImageName.parse("zookeeper:3.9"))
.waitingFor(Wait.forLogMessage(".*binding to port.*", 1))
.withExposedPorts(2181);
diff --git
a/oap-server/server-configuration/configuration-zookeeper/src/test/java/org/apache/skywalking/oap/server/configuration/zookeeper/it/ZookeeperConfigurationIT.java
b/oap-server/server-configuration/configuration-zookeeper/src/test/java/org/apache/skywalking/oap/server/configuration/zookeeper/it/ZookeeperConfigurationIT.java
index edad1c3b7e..a8a37886ec 100644
---
a/oap-server/server-configuration/configuration-zookeeper/src/test/java/org/apache/skywalking/oap/server/configuration/zookeeper/it/ZookeeperConfigurationIT.java
+++
b/oap-server/server-configuration/configuration-zookeeper/src/test/java/org/apache/skywalking/oap/server/configuration/zookeeper/it/ZookeeperConfigurationIT.java
@@ -57,7 +57,7 @@ public class ZookeeperConfigurationIT {
@Container
public final GenericContainer<?> container =
- new GenericContainer<>(DockerImageName.parse("zookeeper:3.5"))
+ new GenericContainer<>(DockerImageName.parse("zookeeper:3.9"))
.waitingFor(Wait.forLogMessage(".*binding to port.*", 1))
.withExposedPorts(2181);
diff --git a/oap-server/server-starter/src/main/resources/application.yml
b/oap-server/server-starter/src/main/resources/application.yml
index e02938cc8e..d38269cfd3 100644
--- a/oap-server/server-starter/src/main/resources/application.yml
+++ b/oap-server/server-starter/src/main/resources/application.yml
@@ -16,8 +16,7 @@
cluster:
selector: ${SW_CLUSTER:standalone}
standalone:
- # Please check your ZooKeeper is 3.5+, However, it is also compatible with
ZooKeeper 3.4.x. Replace the ZooKeeper 3.5+
- # library the oap-libs folder with your ZooKeeper 3.4.x library.
+ # Supported ZooKeeper server version: 3.6+. The bundled ZooKeeper client
library is 3.9.x.
zookeeper:
namespace: ${SW_NAMESPACE:""}
hostPort: ${SW_CLUSTER_ZK_HOST_PORT:localhost:2181}
diff --git a/pom.xml b/pom.xml
index 18490541ab..75696d88a4 100755
--- a/pom.xml
+++ b/pom.xml
@@ -182,7 +182,7 @@
<maven-checkstyle-plugin.version>3.1.0</maven-checkstyle-plugin.version>
<jmh.version>1.37</jmh.version>
<checkstyle.fails.on.error>true</checkstyle.fails.on.error>
- <assertj-core.version>3.20.2</assertj-core.version>
+ <assertj-core.version>3.27.7</assertj-core.version>
<cyclonedx-maven-plugin.version>2.8.0</cyclonedx-maven-plugin.version>
<flatten-plugin-version>1.6.0</flatten-plugin-version>
diff --git a/test/e2e-v2/cases/airflow/mock/requirements-replay.txt
b/test/e2e-v2/cases/airflow/mock/requirements-replay.txt
index 80c4250e3b..2e302eda69 100644
--- a/test/e2e-v2/cases/airflow/mock/requirements-replay.txt
+++ b/test/e2e-v2/cases/airflow/mock/requirements-replay.txt
@@ -1,4 +1,4 @@
-flask==3.0.3
+flask==3.1.3
grpcio==1.62.2
-protobuf==4.25.3
+protobuf==4.25.8
opentelemetry-proto==1.24.0
diff --git a/test/e2e-v2/cases/cluster/zk/banyandb/docker-compose.yml
b/test/e2e-v2/cases/cluster/zk/banyandb/docker-compose.yml
index 88d9a49119..98ae67deb9 100644
--- a/test/e2e-v2/cases/cluster/zk/banyandb/docker-compose.yml
+++ b/test/e2e-v2/cases/cluster/zk/banyandb/docker-compose.yml
@@ -15,7 +15,7 @@
services:
zk:
- image: zookeeper:3.5
+ image: zookeeper:3.9
expose:
- 2181
networks:
diff --git a/test/e2e-v2/cases/cluster/zk/es/docker-compose.yml
b/test/e2e-v2/cases/cluster/zk/es/docker-compose.yml
index 319227a124..79c019f8e7 100644
--- a/test/e2e-v2/cases/cluster/zk/es/docker-compose.yml
+++ b/test/e2e-v2/cases/cluster/zk/es/docker-compose.yml
@@ -15,7 +15,7 @@
services:
zk:
- image: zookeeper:3.5
+ image: zookeeper:3.9
expose:
- 2181
networks:
diff --git a/test/e2e-v2/cases/gateway/docker-compose.yml
b/test/e2e-v2/cases/gateway/docker-compose.yml
index e7e1b6fed5..b79d0e200a 100644
--- a/test/e2e-v2/cases/gateway/docker-compose.yml
+++ b/test/e2e-v2/cases/gateway/docker-compose.yml
@@ -15,7 +15,7 @@
services:
zk:
- image: zookeeper:3.5
+ image: zookeeper:3.9
expose:
- 2181
networks:
diff --git a/test/e2e-v2/java-test-service/e2e-mock-baseline-server/pom.xml
b/test/e2e-v2/java-test-service/e2e-mock-baseline-server/pom.xml
index e24dc67e3a..f1f91a0223 100644
--- a/test/e2e-v2/java-test-service/e2e-mock-baseline-server/pom.xml
+++ b/test/e2e-v2/java-test-service/e2e-mock-baseline-server/pom.xml
@@ -58,7 +58,7 @@
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>23.0</version>
+ <version>32.0.0-jre</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
diff --git a/test/e2e-v2/java-test-service/e2e-mock-sender/pom.xml
b/test/e2e-v2/java-test-service/e2e-mock-sender/pom.xml
index 922f7ed5e2..29dedb3b58 100644
--- a/test/e2e-v2/java-test-service/e2e-mock-sender/pom.xml
+++ b/test/e2e-v2/java-test-service/e2e-mock-sender/pom.xml
@@ -61,7 +61,7 @@
<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
- <version>2.7.0</version>
+ <version>2.9.0</version>
</dependency>
</dependencies>
<build>
diff --git a/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml
b/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml
index 2de07cc331..74b73f137c 100644
--- a/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml
+++ b/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml
@@ -35,8 +35,8 @@
<properties>
<log4j.version>1.2.17</log4j.version>
- <log4j2.version>2.17.1</log4j2.version>
- <logback.version>1.2.3</logback.version>
+ <log4j2.version>2.25.4</log4j2.version>
+ <logback.version>1.2.13</logback.version>
</properties>
<dependencies>
@@ -109,7 +109,7 @@
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>23.0</version>
+ <version>32.0.0-jre</version>
</dependency>
</dependencies>
diff --git a/test/e2e-v2/java-test-service/pom.xml
b/test/e2e-v2/java-test-service/pom.xml
index f7206b423a..1a0e04524e 100644
--- a/test/e2e-v2/java-test-service/pom.xml
+++ b/test/e2e-v2/java-test-service/pom.xml
@@ -50,11 +50,11 @@
<spring.cloud.version>2.1.2.RELEASE</spring.cloud.version>
<jupeter.version>5.6.0</jupeter.version>
<jackson.version>2.9.7</jackson.version>
- <guava.version>30.1.1-jre</guava.version>
+ <guava.version>32.0.0-jre</guava.version>
<h2.version>2.1.210</h2.version>
<mysql.version>8.0.13</mysql.version>
<lombok.version>1.18.40</lombok.version>
- <kafka-clients.version>2.4.1</kafka-clients.version>
+ <kafka-clients.version>3.9.2</kafka-clients.version>
<maven-failsafe-plugin.version>2.22.0</maven-failsafe-plugin.version>
<maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>
@@ -120,7 +120,7 @@
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
- <version>2.8.0</version>
+ <version>${kafka-clients.version}</version>
</dependency>
</dependencies>