[spark] branch branch-3.3 updated: [SPARK-40326][BUILD] Upgrade `fasterxml.jackson.version` to 2.13.4

Mon, 05 Sep 2022 17:55:44 -0700 

This is an automated email from the ASF dual-hosted git repository.

srowen pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/branch-3.3 by this push:
     new b066561cba0 [SPARK-40326][BUILD] Upgrade `fasterxml.jackson.version` 
to 2.13.4
b066561cba0 is described below

commit b066561cba01ef1ddc2dc8c5e21ef54cc22bfe08
Author: Bjørn <bjornjorgen...@gmail.com>
AuthorDate: Mon Sep 5 19:51:40 2022 -0500

    [SPARK-40326][BUILD] Upgrade `fasterxml.jackson.version` to 2.13.4
    
    upgrade `com.fasterxml.jackson.dataformat:jackson-dataformat-yaml` and 
`fasterxml.jackson.databind.version` from 2.13.3 to 2.13.4
    
    
[CVE-2022-25857](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857)
    
    [SNYK-JAVA-ORGYAML](https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360)
    
    No.
    
    Pass GA
    
    Closes #37796 from bjornjorgensen/upgrade-fasterxml.jackson-to-2.13.4.
    
    Authored-by: Bjørn <bjornjorgen...@gmail.com>
    Signed-off-by: Sean Owen <sro...@gmail.com>
    (cherry picked from commit a82a006df80ac3aa6900d8688eb5bf77b804785d)
    Signed-off-by: Sean Owen <sro...@gmail.com>
---
 dev/deps/spark-deps-hadoop-2-hive-2.3 | 16 ++++++++--------
 dev/deps/spark-deps-hadoop-3-hive-2.3 | 16 ++++++++--------
 pom.xml                               |  4 ++--
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3 
b/dev/deps/spark-deps-hadoop-2-hive-2.3
index 8a600122b4e..8208f90efe6 100644
--- a/dev/deps/spark-deps-hadoop-2-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-2-hive-2.3
@@ -112,16 +112,16 @@ httpclient/4.5.13//httpclient-4.5.13.jar
 httpcore/4.4.14//httpcore-4.4.14.jar
 istack-commons-runtime/3.0.8//istack-commons-runtime-3.0.8.jar
 ivy/2.5.0//ivy-2.5.0.jar
-jackson-annotations/2.13.3//jackson-annotations-2.13.3.jar
+jackson-annotations/2.13.4//jackson-annotations-2.13.4.jar
 jackson-core-asl/1.9.13//jackson-core-asl-1.9.13.jar
-jackson-core/2.13.3//jackson-core-2.13.3.jar
-jackson-databind/2.13.3//jackson-databind-2.13.3.jar
-jackson-dataformat-cbor/2.13.3//jackson-dataformat-cbor-2.13.3.jar
-jackson-dataformat-yaml/2.13.3//jackson-dataformat-yaml-2.13.3.jar
-jackson-datatype-jsr310/2.13.3//jackson-datatype-jsr310-2.13.3.jar
+jackson-core/2.13.4//jackson-core-2.13.4.jar
+jackson-databind/2.13.4//jackson-databind-2.13.4.jar
+jackson-dataformat-cbor/2.13.4//jackson-dataformat-cbor-2.13.4.jar
+jackson-dataformat-yaml/2.13.4//jackson-dataformat-yaml-2.13.4.jar
+jackson-datatype-jsr310/2.13.4//jackson-datatype-jsr310-2.13.4.jar
 jackson-jaxrs/1.9.13//jackson-jaxrs-1.9.13.jar
 jackson-mapper-asl/1.9.13//jackson-mapper-asl-1.9.13.jar
-jackson-module-scala_2.12/2.13.3//jackson-module-scala_2.12-2.13.3.jar
+jackson-module-scala_2.12/2.13.4//jackson-module-scala_2.12-2.13.4.jar
 jackson-xc/1.9.13//jackson-xc-1.9.13.jar
 jakarta.annotation-api/1.3.5//jakarta.annotation-api-1.3.5.jar
 jakarta.inject/2.6.1//jakarta.inject-2.6.1.jar
@@ -245,7 +245,7 @@ scala-xml_2.12/1.2.0//scala-xml_2.12-1.2.0.jar
 shapeless_2.12/2.3.7//shapeless_2.12-2.3.7.jar
 shims/0.9.25//shims-0.9.25.jar
 slf4j-api/1.7.32//slf4j-api-1.7.32.jar
-snakeyaml/1.30//snakeyaml-1.30.jar
+snakeyaml/1.31//snakeyaml-1.31.jar
 snappy-java/1.1.8.4//snappy-java-1.1.8.4.jar
 spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar
 spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar
diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 
b/dev/deps/spark-deps-hadoop-3-hive-2.3
index e36d4f2d911..04be0c1d7d6 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -102,15 +102,15 @@ httpcore/4.4.14//httpcore-4.4.14.jar
 ini4j/0.5.4//ini4j-0.5.4.jar
 istack-commons-runtime/3.0.8//istack-commons-runtime-3.0.8.jar
 ivy/2.5.0//ivy-2.5.0.jar
-jackson-annotations/2.13.3//jackson-annotations-2.13.3.jar
+jackson-annotations/2.13.4//jackson-annotations-2.13.4.jar
 jackson-core-asl/1.9.13//jackson-core-asl-1.9.13.jar
-jackson-core/2.13.3//jackson-core-2.13.3.jar
-jackson-databind/2.13.3//jackson-databind-2.13.3.jar
-jackson-dataformat-cbor/2.13.3//jackson-dataformat-cbor-2.13.3.jar
-jackson-dataformat-yaml/2.13.3//jackson-dataformat-yaml-2.13.3.jar
-jackson-datatype-jsr310/2.13.3//jackson-datatype-jsr310-2.13.3.jar
+jackson-core/2.13.4//jackson-core-2.13.4.jar
+jackson-databind/2.13.4//jackson-databind-2.13.4.jar
+jackson-dataformat-cbor/2.13.4//jackson-dataformat-cbor-2.13.4.jar
+jackson-dataformat-yaml/2.13.4//jackson-dataformat-yaml-2.13.4.jar
+jackson-datatype-jsr310/2.13.4//jackson-datatype-jsr310-2.13.4.jar
 jackson-mapper-asl/1.9.13//jackson-mapper-asl-1.9.13.jar
-jackson-module-scala_2.12/2.13.3//jackson-module-scala_2.12-2.13.3.jar
+jackson-module-scala_2.12/2.13.4//jackson-module-scala_2.12-2.13.4.jar
 jakarta.annotation-api/1.3.5//jakarta.annotation-api-1.3.5.jar
 jakarta.inject/2.6.1//jakarta.inject-2.6.1.jar
 jakarta.servlet-api/4.0.3//jakarta.servlet-api-4.0.3.jar
@@ -234,7 +234,7 @@ scala-xml_2.12/1.2.0//scala-xml_2.12-1.2.0.jar
 shapeless_2.12/2.3.7//shapeless_2.12-2.3.7.jar
 shims/0.9.25//shims-0.9.25.jar
 slf4j-api/1.7.32//slf4j-api-1.7.32.jar
-snakeyaml/1.30//snakeyaml-1.30.jar
+snakeyaml/1.31//snakeyaml-1.31.jar
 snappy-java/1.1.8.4//snappy-java-1.1.8.4.jar
 spire-macros_2.12/0.17.0//spire-macros_2.12-0.17.0.jar
 spire-platform_2.12/0.17.0//spire-platform_2.12-0.17.0.jar
diff --git a/pom.xml b/pom.xml
index 9f4d878e229..d594fcca8c0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -171,8 +171,8 @@
     <!-- for now, not running scalafmt as part of default verify pipeline -->
     <scalafmt.skip>true</scalafmt.skip>
     <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
-    <fasterxml.jackson.version>2.13.3</fasterxml.jackson.version>
-    
<fasterxml.jackson.databind.version>2.13.3</fasterxml.jackson.databind.version>
+    <fasterxml.jackson.version>2.13.4</fasterxml.jackson.version>
+    
<fasterxml.jackson.databind.version>2.13.4</fasterxml.jackson.databind.version>
     <snappy.version>1.1.8.4</snappy.version>
     <netlib.java.version>1.1.2</netlib.java.version>
     <netlib.ludovic.dev.version>2.2.1</netlib.ludovic.dev.version>


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org

Reply via email to