This is an automated email from the ASF dual-hosted git repository.

wu-sheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git


The following commit(s) were added to refs/heads/master by this push:
     new 7d10e221a2 Clear CVE Dependabot alerts: Curator/ZooKeeper bump, 
assertj, e2e test fixtures (#13913)
7d10e221a2 is described below

commit 7d10e221a243cb3417b08748e6266948db4a8975
Author: 吴晟 Wu Sheng <[email protected]>
AuthorDate: Thu Jun 18 11:34:51 2026 +0800

    Clear CVE Dependabot alerts: Curator/ZooKeeper bump, assertj, e2e test 
fixtures (#13913)
    
    This clears the actionable, non-Go Dependabot alerts on `master`. (The Go 
e2e-fixture alerts require a Go 1.24 agent toolchain and are handled separately 
via skywalking-go image work + an e2e follow-up.)
    
    ### Shipped product (oap-server-bom + LICENSE + docs)
    - **Apache Curator `4.3.0` → `5.9.0`** (+ `curator-test`) and **Apache 
ZooKeeper `3.5.7` → `3.9.5`**, bumped together — Curator 5.x is the line that 
carries the ZK 3.9.x client. Clears **CVE-2023-44981** (critical). OAP is a 
ZooKeeper *client* only, so the server-side bug was never reachable, but the 
bundled jar tripped Dependabot. The cluster-zookeeper and 
configuration-zookeeper plugins use only stable Curator APIs, so no source 
changes were required. Operator-facing change: support [...]
    
    ### Build/test scope
    - **assertj-core `3.20.2` → `3.27.7`** — clears CVE-2026-24400 (XXE in 
`isXmlEqualTo`, unused), test scope.
    
    ### e2e test fixtures (`test/e2e-v2`, never shipped)
    - guava → `32.0.0-jre`, kafka-clients → `3.9.2` (+ removed a stale unused 
`2.4.1` property), log4j-core → `2.25.4`, logback → `1.2.13` (the Java-8 line, 
not Dependabot's JDK-11 `1.4.12`), json-path → `2.9.0`, flask → `3.1.3`, 
protobuf → `4.25.8`.
---
 .github/workflows/skywalking.yaml                  | 48 ++++++++++++++++++----
 .licenserc.yaml                                    |  6 +++
 dist-material/release-docs/LICENSE                 | 14 +++----
 docs/en/changes/changes.md                         |  2 +
 docs/en/setup/backend/backend-cluster.md           |  6 +--
 oap-server-bom/pom.xml                             |  6 +--
 ...ClusterModuleZookeeperProviderFunctionalIT.java |  2 +-
 .../zookeeper/it/ZookeeperConfigurationIT.java     |  2 +-
 .../src/main/resources/application.yml             |  3 +-
 pom.xml                                            |  2 +-
 .../cases/airflow/mock/requirements-replay.txt     |  4 +-
 .../cases/cluster/zk/banyandb/docker-compose.yml   |  2 +-
 test/e2e-v2/cases/cluster/zk/es/docker-compose.yml |  2 +-
 test/e2e-v2/cases/gateway/docker-compose.yml       |  2 +-
 .../e2e-mock-baseline-server/pom.xml               |  2 +-
 .../java-test-service/e2e-mock-sender/pom.xml      |  2 +-
 .../java-test-service/e2e-service-provider/pom.xml |  6 +--
 test/e2e-v2/java-test-service/pom.xml              |  6 +--
 18 files changed, 77 insertions(+), 40 deletions(-)

diff --git a/.github/workflows/skywalking.yaml 
b/.github/workflows/skywalking.yaml
index 29102a7fc6..221de0f4ae 100644
--- a/.github/workflows/skywalking.yaml
+++ b/.github/workflows/skywalking.yaml
@@ -786,16 +786,31 @@ jobs:
         if: matrix.test.docker != null
         run: docker build -t ${{ matrix.test.docker.name }} -f ${{ 
matrix.test.docker.base }}/${{ matrix.test.docker.file }} ${{ 
matrix.test.docker.base }}
       - name: ${{ matrix.test.name }}
-        uses: 
apache/skywalking-infra-e2e@0d91769411db83f6329633df810a36c6ea1a9b02
+        uses: 
apache/skywalking-infra-e2e@68bbdec303cf2d3df9f2353f970f91938b52f674
         with:
           e2e-file: $GITHUB_WORKSPACE/${{ matrix.test.config }}
-      - if: ${{ failure() }}
+      - if: ${{ failure() || cancelled() }}
         run: |
           df -h
           du -sh .
           docker images
+      # Capture container logs even when the job is CANCELLED (e.g. a case that
+      # hangs and hits the job timeout-minutes is `cancelled`, not `failure`, 
so a
+      # plain `if: failure()` upload is skipped and produces zero logs). The 
e2e
+      # action's own log collector also never runs when the trigger hangs, so 
dump
+      # the docker logs directly here while the containers are still alive.
+      - name: Dump container logs
+        if: ${{ failure() || cancelled() }}
+        run: |
+          LOG_DIR="${{ env.SW_INFRA_E2E_LOG_DIR }}"
+          mkdir -p "$LOG_DIR"
+          docker ps -a > "$LOG_DIR/docker-ps.txt" 2>&1 || true
+          for c in $(docker ps -aq); do
+            name=$(docker inspect -f '{{.Name}}' "$c" | tr -d '/')
+            docker logs "$c" > "$LOG_DIR/$name.log" 2>&1 || true
+          done
       - uses: actions/upload-artifact@v4
-        if: ${{ failure() }}
+        if: ${{ failure() || cancelled() }}
         name: Upload Logs
         with:
           name: test-logs-${{ matrix.test.name }}
@@ -860,7 +875,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: ALS ${{ matrix.storage }}, ${{ matrix.analyzer }}, istio-${{ 
matrix.versions.istio }}, k8s-${{ matrix.versions.kubernetes }}
-        uses: 
apache/skywalking-infra-e2e@0d91769411db83f6329633df810a36c6ea1a9b02
+        uses: 
apache/skywalking-infra-e2e@68bbdec303cf2d3df9f2353f970f91938b52f674
         env:
           ISTIO_VERSION: ${{ matrix.versions.istio }}
           KUBERNETES_VERSION: ${{ matrix.versions.kubernetes }}
@@ -932,7 +947,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: ${{ matrix.test.name }}
-        uses: 
apache/skywalking-infra-e2e@0d91769411db83f6329633df810a36c6ea1a9b02
+        uses: 
apache/skywalking-infra-e2e@68bbdec303cf2d3df9f2353f970f91938b52f674
         env:
           ISTIO_VERSION: ${{ matrix.versions.istio }}
           KUBERNETES_VERSION: ${{ matrix.versions.kubernetes }}
@@ -996,7 +1011,7 @@ jobs:
         shell: bash
         run: ./mvnw -B -q -f test/e2e-v2/java-test-service/pom.xml clean 
package
       - name: Java version ${{ matrix.java-version }}
-        uses: 
apache/skywalking-infra-e2e@0d91769411db83f6329633df810a36c6ea1a9b02
+        uses: 
apache/skywalking-infra-e2e@68bbdec303cf2d3df9f2353f970f91938b52f674
         env:
           SW_AGENT_JDK_VERSION: ${{ matrix.java-version }}
         with:
@@ -1092,16 +1107,31 @@ jobs:
           fi
           docker compose -f ${BANYANDB_DATA_GENERATE_ROOT}/docker-compose.yml 
down -v
       - name: ${{ matrix.test.name }}
-        uses: 
apache/skywalking-infra-e2e@0d91769411db83f6329633df810a36c6ea1a9b02
+        uses: 
apache/skywalking-infra-e2e@68bbdec303cf2d3df9f2353f970f91938b52f674
         with:
           e2e-file: $GITHUB_WORKSPACE/${{ matrix.test.config }}
-      - if: ${{ failure() }}
+      - if: ${{ failure() || cancelled() }}
         run: |
           df -h
           du -sh .
           docker images
+      # Capture container logs even when the job is CANCELLED (e.g. a case that
+      # hangs and hits the job timeout-minutes is `cancelled`, not `failure`, 
so a
+      # plain `if: failure()` upload is skipped and produces zero logs). The 
e2e
+      # action's own log collector also never runs when the trigger hangs, so 
dump
+      # the docker logs directly here while the containers are still alive.
+      - name: Dump container logs
+        if: ${{ failure() || cancelled() }}
+        run: |
+          LOG_DIR="${{ env.SW_INFRA_E2E_LOG_DIR }}"
+          mkdir -p "$LOG_DIR"
+          docker ps -a > "$LOG_DIR/docker-ps.txt" 2>&1 || true
+          for c in $(docker ps -aq); do
+            name=$(docker inspect -f '{{.Name}}' "$c" | tr -d '/')
+            docker logs "$c" > "$LOG_DIR/$name.log" 2>&1 || true
+          done
       - uses: actions/upload-artifact@v4
-        if: ${{ failure() }}
+        if: ${{ failure() || cancelled() }}
         name: Upload Logs
         with:
           name: test-logs-${{ matrix.test.name }}
diff --git a/.licenserc.yaml b/.licenserc.yaml
index 7a85203fda..b9399b20e6 100644
--- a/.licenserc.yaml
+++ b/.licenserc.yaml
@@ -144,4 +144,10 @@ dependency:
     - name: io.vertx:vertx-grpc
       version: 4.5.9
       license: EPL-2.0
+    - name: org.apache.zookeeper:zookeeper
+      version: 3.9.5
+      license: Apache-2.0
+    - name: org.apache.zookeeper:zookeeper-jute
+      version: 3.9.5
+      license: Apache-2.0
 
diff --git a/dist-material/release-docs/LICENSE 
b/dist-material/release-docs/LICENSE
index 614f378faa..0776a406b0 100644
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -323,10 +323,10 @@ The text of each license is the standard Apache 2.0 
license.
     
https://mvnrepository.com/artifact/org.apache.commons/commons-compress/1.26.2 
Apache-2.0
     https://mvnrepository.com/artifact/org.apache.commons/commons-lang3/3.18.0 
Apache-2.0
     https://mvnrepository.com/artifact/org.apache.commons/commons-text/1.4 
Apache-2.0
-    https://mvnrepository.com/artifact/org.apache.curator/curator-client/4.3.0 
Apache-2.0
-    
https://mvnrepository.com/artifact/org.apache.curator/curator-framework/4.3.0 
Apache-2.0
-    
https://mvnrepository.com/artifact/org.apache.curator/curator-recipes/4.3.0 
Apache-2.0
-    
https://mvnrepository.com/artifact/org.apache.curator/curator-x-discovery/4.3.0 
Apache-2.0
+    https://mvnrepository.com/artifact/org.apache.curator/curator-client/5.9.0 
Apache-2.0
+    
https://mvnrepository.com/artifact/org.apache.curator/curator-framework/5.9.0 
Apache-2.0
+    
https://mvnrepository.com/artifact/org.apache.curator/curator-recipes/5.9.0 
Apache-2.0
+    
https://mvnrepository.com/artifact/org.apache.curator/curator-x-discovery/5.9.0 
Apache-2.0
     
https://mvnrepository.com/artifact/org.apache.httpcomponents/httpasyncclient/4.1.5
 Apache-2.0
     
https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5.13 
Apache-2.0
     
https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.16 
Apache-2.0
@@ -335,9 +335,9 @@ The text of each license is the standard Apache 2.0 license.
     
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api/2.25.4 
Apache-2.0
     
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.25.4 
Apache-2.0
     
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl/2.25.4
 Apache-2.0
-    
https://mvnrepository.com/artifact/org.apache.yetus/audience-annotations/0.5.0 
Apache-2.0
-    https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.5.7 
Apache-2.0
-    
https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper-jute/3.5.7 
Apache-2.0
+    
https://mvnrepository.com/artifact/org.apache.yetus/audience-annotations/0.12.0 
Apache-2.0
+    https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.9.5 
Apache-2.0
+    
https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper-jute/3.9.5 
Apache-2.0
     https://mvnrepository.com/artifact/org.freemarker/freemarker/2.3.31 
Apache-2.0
     
https://mvnrepository.com/artifact/org.jetbrains.kotlin/kotlin-reflect/1.7.10 
Apache-2.0
     
https://mvnrepository.com/artifact/org.jetbrains.kotlin/kotlin-stdlib/1.7.10 
Apache-2.0
diff --git a/docs/en/changes/changes.md b/docs/en/changes/changes.md
index 0de690baf9..17c291333f 100644
--- a/docs/en/changes/changes.md
+++ b/docs/en/changes/changes.md
@@ -301,6 +301,8 @@
 * Add `@Stream(allowBootReshape = true)` opt-in for additive boot-time reshape 
of BanyanDB streams / measures. Code-defined stream classes (e.g. 
`AlarmRecord`) can now annotate their schema as eligible for in-place additive 
update at OAP boot — a new `@Column` is appended to the live tag-family / 
fields via `client.update` instead of being silently rejected with 
`SKIPPED_SHAPE_MISMATCH` (which previously forced operators to drop the measure 
/ stream and lose historical rows). Additive in [...]
 * Mask keywords `trustStorePass`, `keyStorePass` by default.
 * Bump up dependencies to clear CVE alerts on shipped OAP jars: log4j `2.25.3` 
→ `2.25.4`, jackson `2.18.5` → `2.18.6`, kafka-clients `3.4.0` → `3.9.2`, 
postgresql `42.4.4` → `42.7.11`, commons-compress `1.21` → `1.26.2`.
+* Bump Apache Curator `4.3.0` → `5.9.0` and Apache ZooKeeper `3.5.7` → `3.9.5` 
together to clear CVE-2023-44981 (the bundled ZooKeeper jar carried it; OAP is 
a ZooKeeper client only, so the server-side bug was never reachable, but the 
jar tripped Dependabot). The cluster-zookeeper and configuration-zookeeper 
plugins use only stable Curator APIs, so no source changes were required. 
Operator-facing change: the supported ZooKeeper server version is now 3.6+ 
(Curator 5.x uses ZooKeeper persi [...]
+* Bump test-scope assertj-core `3.20.2` → `3.27.7` to clear CVE-2026-24400 
(XXE in `isXmlEqualTo`, not used by any test).
 * Fix: continuous profiling policy validation now rejects a threshold / count 
of `0` to match the error messages and rover's `value >= threshold` trigger 
semantics (a `0` threshold would always trigger). CPU percent and HTTP error 
rate are tightened from `[0-100]` to `(0-100]`.
 * Fix wrong BanyanDB resource options in record data.
 * Align the default BanyanDB stage `segmentInterval` values so each coarser 
stage is an integer multiple of the finer one (`records` cold `3` → `4`, 
`metricsMinute` cold `5` → `6`, `metricsHour` warm `7` → `10` and cold `15` → 
`20`), keeping hot → warm → cold lifecycle migration on the cheap whole-segment 
fast path.
diff --git a/docs/en/setup/backend/backend-cluster.md 
b/docs/en/setup/backend/backend-cluster.md
index ff1ea0e09f..b5a352802f 100644
--- a/docs/en/setup/backend/backend-cluster.md
+++ b/docs/en/setup/backend/backend-cluster.md
@@ -82,7 +82,7 @@ You could have two options
 Zookeeper is a very common and widely used cluster coordinator. Set the 
**cluster/selector** to **zookeeper** in the yml
 to enable it.
 
-Required Zookeeper version: 3.5+
+Supported Zookeeper server version: 3.6+. The bundled ZooKeeper client library 
is 3.9.x.
 
 ```yaml
 cluster:
@@ -92,11 +92,11 @@ cluster:
 
 - `hostPort` is the list of zookeeper servers. Format is 
`IP1:PORT1,IP2:PORT2,...,IPn:PORTn`
 - `enableACL`
-  enable [Zookeeper 
ACL](https://zookeeper.apache.org/doc/r3.5.5/zookeeperProgrammers.html#sc_ZooKeeperAccessControl)
 to
+  enable [Zookeeper 
ACL](https://zookeeper.apache.org/doc/r3.9.3/zookeeperProgrammers.html#sc_ZooKeeperAccessControl)
 to
   control access to its znode.
 - `schema` is Zookeeper ACL schemas.
 - `expression` is a expression of ACL. The format of the expression is 
specific to
-  the 
[schema](https://zookeeper.apache.org/doc/r3.5.5/zookeeperProgrammers.html#sc_BuiltinACLSchemes).
+  the 
[schema](https://zookeeper.apache.org/doc/r3.9.3/zookeeperProgrammers.html#sc_BuiltinACLSchemes).
 - `hostPort`, `baseSleepTimeMs` and `maxRetries` are settings of Zookeeper 
curator client.
 
 Note:
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index 7a08c4593b..81768d79db 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -37,7 +37,7 @@
         <okhttp.version>3.14.9</okhttp.version>
         <httpclient.version>4.5.13</httpclient.version>
         <joda-time.version>2.10.5</joda-time.version>
-        <zookeeper.version>3.5.7</zookeeper.version>
+        <zookeeper.version>3.9.5</zookeeper.version>
         <guava.version>32.0.1-jre</guava.version>
         <snakeyaml.version>2.0</snakeyaml.version>
         <protobuf-java.version>4.33.1</protobuf-java.version>
@@ -54,8 +54,8 @@
         <simpleclient.version>0.6.0</simpleclient.version>
         <apollo.version>1.8.0</apollo.version>
         <nacos.version>2.3.2</nacos.version>
-        <curator.version>4.3.0</curator.version>
-        <curator-test.version>2.12.0</curator-test.version>
+        <curator.version>5.9.0</curator.version>
+        <curator-test.version>5.9.0</curator-test.version>
         <etcd4j.version>2.18.0</etcd4j.version>
         <freemarker.version>2.3.31</freemarker.version>
         <javaassist.version>3.25.0-GA</javaassist.version>
diff --git 
a/oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProviderFunctionalIT.java
 
b/oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProviderFunctionalIT.java
index beac2532d5..f457857615 100644
--- 
a/oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProviderFunctionalIT.java
+++ 
b/oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/test/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProviderFunctionalIT.java
@@ -60,7 +60,7 @@ public class ClusterModuleZookeeperProviderFunctionalIT {
 
     @Container
     public final GenericContainer<?> container =
-        new GenericContainer<>(DockerImageName.parse("zookeeper:3.5"))
+        new GenericContainer<>(DockerImageName.parse("zookeeper:3.9"))
             .waitingFor(Wait.forLogMessage(".*binding to port.*", 1))
             .withExposedPorts(2181);
 
diff --git 
a/oap-server/server-configuration/configuration-zookeeper/src/test/java/org/apache/skywalking/oap/server/configuration/zookeeper/it/ZookeeperConfigurationIT.java
 
b/oap-server/server-configuration/configuration-zookeeper/src/test/java/org/apache/skywalking/oap/server/configuration/zookeeper/it/ZookeeperConfigurationIT.java
index edad1c3b7e..a8a37886ec 100644
--- 
a/oap-server/server-configuration/configuration-zookeeper/src/test/java/org/apache/skywalking/oap/server/configuration/zookeeper/it/ZookeeperConfigurationIT.java
+++ 
b/oap-server/server-configuration/configuration-zookeeper/src/test/java/org/apache/skywalking/oap/server/configuration/zookeeper/it/ZookeeperConfigurationIT.java
@@ -57,7 +57,7 @@ public class ZookeeperConfigurationIT {
 
     @Container
     public final GenericContainer<?> container =
-        new GenericContainer<>(DockerImageName.parse("zookeeper:3.5"))
+        new GenericContainer<>(DockerImageName.parse("zookeeper:3.9"))
             .waitingFor(Wait.forLogMessage(".*binding to port.*", 1))
             .withExposedPorts(2181);
 
diff --git a/oap-server/server-starter/src/main/resources/application.yml 
b/oap-server/server-starter/src/main/resources/application.yml
index e02938cc8e..d38269cfd3 100644
--- a/oap-server/server-starter/src/main/resources/application.yml
+++ b/oap-server/server-starter/src/main/resources/application.yml
@@ -16,8 +16,7 @@
 cluster:
   selector: ${SW_CLUSTER:standalone}
   standalone:
-  # Please check your ZooKeeper is 3.5+, However, it is also compatible with 
ZooKeeper 3.4.x. Replace the ZooKeeper 3.5+
-  # library the oap-libs folder with your ZooKeeper 3.4.x library.
+  # Supported ZooKeeper server version: 3.6+. The bundled ZooKeeper client 
library is 3.9.x.
   zookeeper:
     namespace: ${SW_NAMESPACE:""}
     hostPort: ${SW_CLUSTER_ZK_HOST_PORT:localhost:2181}
diff --git a/pom.xml b/pom.xml
index 18490541ab..75696d88a4 100755
--- a/pom.xml
+++ b/pom.xml
@@ -182,7 +182,7 @@
         
<maven-checkstyle-plugin.version>3.1.0</maven-checkstyle-plugin.version>
         <jmh.version>1.37</jmh.version>
         <checkstyle.fails.on.error>true</checkstyle.fails.on.error>
-        <assertj-core.version>3.20.2</assertj-core.version>
+        <assertj-core.version>3.27.7</assertj-core.version>
         <cyclonedx-maven-plugin.version>2.8.0</cyclonedx-maven-plugin.version>
         <flatten-plugin-version>1.6.0</flatten-plugin-version>
 
diff --git a/test/e2e-v2/cases/airflow/mock/requirements-replay.txt 
b/test/e2e-v2/cases/airflow/mock/requirements-replay.txt
index 80c4250e3b..2e302eda69 100644
--- a/test/e2e-v2/cases/airflow/mock/requirements-replay.txt
+++ b/test/e2e-v2/cases/airflow/mock/requirements-replay.txt
@@ -1,4 +1,4 @@
-flask==3.0.3
+flask==3.1.3
 grpcio==1.62.2
-protobuf==4.25.3
+protobuf==4.25.8
 opentelemetry-proto==1.24.0
diff --git a/test/e2e-v2/cases/cluster/zk/banyandb/docker-compose.yml 
b/test/e2e-v2/cases/cluster/zk/banyandb/docker-compose.yml
index 88d9a49119..98ae67deb9 100644
--- a/test/e2e-v2/cases/cluster/zk/banyandb/docker-compose.yml
+++ b/test/e2e-v2/cases/cluster/zk/banyandb/docker-compose.yml
@@ -15,7 +15,7 @@
 
 services:
   zk:
-    image: zookeeper:3.5
+    image: zookeeper:3.9
     expose:
       - 2181
     networks:
diff --git a/test/e2e-v2/cases/cluster/zk/es/docker-compose.yml 
b/test/e2e-v2/cases/cluster/zk/es/docker-compose.yml
index 319227a124..79c019f8e7 100644
--- a/test/e2e-v2/cases/cluster/zk/es/docker-compose.yml
+++ b/test/e2e-v2/cases/cluster/zk/es/docker-compose.yml
@@ -15,7 +15,7 @@
 
 services:
   zk:
-    image: zookeeper:3.5
+    image: zookeeper:3.9
     expose:
       - 2181
     networks:
diff --git a/test/e2e-v2/cases/gateway/docker-compose.yml 
b/test/e2e-v2/cases/gateway/docker-compose.yml
index e7e1b6fed5..b79d0e200a 100644
--- a/test/e2e-v2/cases/gateway/docker-compose.yml
+++ b/test/e2e-v2/cases/gateway/docker-compose.yml
@@ -15,7 +15,7 @@
 
 services:
   zk:
-    image: zookeeper:3.5
+    image: zookeeper:3.9
     expose:
       - 2181
     networks:
diff --git a/test/e2e-v2/java-test-service/e2e-mock-baseline-server/pom.xml 
b/test/e2e-v2/java-test-service/e2e-mock-baseline-server/pom.xml
index e24dc67e3a..f1f91a0223 100644
--- a/test/e2e-v2/java-test-service/e2e-mock-baseline-server/pom.xml
+++ b/test/e2e-v2/java-test-service/e2e-mock-baseline-server/pom.xml
@@ -58,7 +58,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>23.0</version>
+            <version>32.0.0-jre</version>
         </dependency>
         <dependency>
             <groupId>io.grpc</groupId>
diff --git a/test/e2e-v2/java-test-service/e2e-mock-sender/pom.xml 
b/test/e2e-v2/java-test-service/e2e-mock-sender/pom.xml
index 922f7ed5e2..29dedb3b58 100644
--- a/test/e2e-v2/java-test-service/e2e-mock-sender/pom.xml
+++ b/test/e2e-v2/java-test-service/e2e-mock-sender/pom.xml
@@ -61,7 +61,7 @@
         <dependency>
             <groupId>com.jayway.jsonpath</groupId>
             <artifactId>json-path</artifactId>
-            <version>2.7.0</version>
+            <version>2.9.0</version>
         </dependency>
     </dependencies>
     <build>
diff --git a/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml 
b/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml
index 2de07cc331..74b73f137c 100644
--- a/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml
+++ b/test/e2e-v2/java-test-service/e2e-service-provider/pom.xml
@@ -35,8 +35,8 @@
 
     <properties>
         <log4j.version>1.2.17</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
-        <logback.version>1.2.3</logback.version>
+        <log4j2.version>2.25.4</log4j2.version>
+        <logback.version>1.2.13</logback.version>
     </properties>
 
     <dependencies>
@@ -109,7 +109,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>23.0</version>
+            <version>32.0.0-jre</version>
         </dependency>
 
     </dependencies>
diff --git a/test/e2e-v2/java-test-service/pom.xml 
b/test/e2e-v2/java-test-service/pom.xml
index f7206b423a..1a0e04524e 100644
--- a/test/e2e-v2/java-test-service/pom.xml
+++ b/test/e2e-v2/java-test-service/pom.xml
@@ -50,11 +50,11 @@
         <spring.cloud.version>2.1.2.RELEASE</spring.cloud.version>
         <jupeter.version>5.6.0</jupeter.version>
         <jackson.version>2.9.7</jackson.version>
-        <guava.version>30.1.1-jre</guava.version>
+        <guava.version>32.0.0-jre</guava.version>
         <h2.version>2.1.210</h2.version>
         <mysql.version>8.0.13</mysql.version>
         <lombok.version>1.18.40</lombok.version>
-        <kafka-clients.version>2.4.1</kafka-clients.version>
+        <kafka-clients.version>3.9.2</kafka-clients.version>
 
         <maven-failsafe-plugin.version>2.22.0</maven-failsafe-plugin.version>
         <maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>
@@ -120,7 +120,7 @@
         <dependency>
             <groupId>org.apache.kafka</groupId>
             <artifactId>kafka-clients</artifactId>
-            <version>2.8.0</version>
+            <version>${kafka-clients.version}</version>
         </dependency>
 
     </dependencies>

Reply via email to