From 1c1032cf48194ff0e5d153ba43197f8e5dae21f7 Mon Sep 17 00:00:00 2001 From: Stephen Crawford Date: Fri, 16 Jun 2023 17:33:45 -0400 Subject: [PATCH 1/2] Update guava Signed-off-by: Stephen Crawford --- CHANGELOG.md | 1 + buildSrc/version.properties | 2 +- distribution/tools/keystore-cli/build.gradle | 2 +- distribution/tools/plugin-cli/build.gradle | 2 +- distribution/tools/upgrade-cli/build.gradle | 2 +- plugins/ingest-attachment/build.gradle | 2 +- plugins/repository-azure/build.gradle | 5 ++--- plugins/repository-gcs/build.gradle | 3 +-- plugins/repository-hdfs/build.gradle | 3 +-- 9 files changed, 10 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e1ea67944194d..fa961807a6f7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ### Dependencies - Bump `netty` from 4.1.91.Final to 4.1.93.Final ([#7901](https://github.com/opensearch-project/OpenSearch/pull/7901)) - Bump `spock-core` from 1.3-groovy-2.5 to 2.3-groovy-2.5 ([#8119](https://github.com/opensearch-project/OpenSearch/pull/8119)) +- Bump `com.google.guava:guava` from 32.0.0-jre to 32.0.1-jre ([#8107](https://github.com/opensearch-project/OpenSearch/pull/8107)) ### Changed diff --git a/buildSrc/version.properties b/buildSrc/version.properties index 3486782fcc337..e2979c478da71 100644 --- a/buildSrc/version.properties +++ b/buildSrc/version.properties @@ -18,7 +18,7 @@ asm = 9.5 jettison = 1.5.4 woodstox = 6.4.0 kotlin = 1.7.10 -guava = 31.1-jre +guava = 32.0.1-jre protobuf = 3.22.3 # when updating the JNA version, also update the version in buildSrc/build.gradle diff --git a/distribution/tools/keystore-cli/build.gradle b/distribution/tools/keystore-cli/build.gradle index 05dddbed501af..e521c0830724a 100644 --- a/distribution/tools/keystore-cli/build.gradle +++ b/distribution/tools/keystore-cli/build.gradle @@ -35,5 +35,5 @@ dependencies { compileOnly project(":libs:opensearch-cli") testImplementation project(":test:framework") testImplementation 'com.google.jimfs:jimfs:1.1' - testRuntimeOnly 'com.google.guava:guava:31.0.1-jre' + testRuntimeOnly 'com.google.guava:guava:32.0.1-jre' } diff --git a/distribution/tools/plugin-cli/build.gradle b/distribution/tools/plugin-cli/build.gradle index 714080f051186..14e75dc067476 100644 --- a/distribution/tools/plugin-cli/build.gradle +++ b/distribution/tools/plugin-cli/build.gradle @@ -39,7 +39,7 @@ dependencies { api "org.bouncycastle:bc-fips:1.0.2.3" testImplementation project(":test:framework") testImplementation 'com.google.jimfs:jimfs:1.2' - testRuntimeOnly 'com.google.guava:guava:31.0.1-jre' + testRuntimeOnly 'com.google.guava:guava:32.0.1-jre' } tasks.named("dependencyLicenses").configure { diff --git a/distribution/tools/upgrade-cli/build.gradle b/distribution/tools/upgrade-cli/build.gradle index d29c808562168..cb87faf7788fa 100644 --- a/distribution/tools/upgrade-cli/build.gradle +++ b/distribution/tools/upgrade-cli/build.gradle @@ -19,7 +19,7 @@ dependencies { implementation "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}" testImplementation project(":test:framework") testImplementation 'com.google.jimfs:jimfs:1.2' - testRuntimeOnly 'com.google.guava:guava:31.1-jre' + testRuntimeOnly 'com.google.guava:guava:32.0.1-jre' } tasks.named("dependencyLicenses").configure { diff --git a/plugins/ingest-attachment/build.gradle b/plugins/ingest-attachment/build.gradle index ee424a415bd1e..869f35613b3a6 100644 --- a/plugins/ingest-attachment/build.gradle +++ b/plugins/ingest-attachment/build.gradle @@ -54,7 +54,7 @@ dependencies { api "org.apache.tika:tika-langdetect-optimaize:${versions.tika}" // Optimaize libraries/dependencies runtimeOnly "com.optimaize.languagedetector:language-detector:0.6" - runtimeOnly 'com.google.guava:guava:18.0' + runtimeOnly 'com.google.guava:guava:32.0.1-jre' // Other dependencies api 'org.tukaani:xz:1.9' api 'commons-io:commons-io:2.11.0' diff --git a/plugins/repository-azure/build.gradle b/plugins/repository-azure/build.gradle index 42c5b9c57f8f4..1dd3e33d39a74 100644 --- a/plugins/repository-azure/build.gradle +++ b/plugins/repository-azure/build.gradle @@ -68,7 +68,7 @@ dependencies { api "com.fasterxml.jackson.module:jackson-module-jaxb-annotations:${versions.jackson}" api 'org.codehaus.woodstox:stax2-api:4.2.1' implementation "com.fasterxml.woodstox:woodstox-core:${versions.woodstox}" - runtimeOnly 'com.google.guava:guava:31.1-jre' + runtimeOnly 'com.google.guava:guava:32.0.1-jre' api 'org.apache.commons:commons-lang3:3.12.0' testImplementation project(':test:fixtures:azure-fixture') } @@ -137,7 +137,7 @@ thirdPartyAudit { 'javax.xml.bind.annotation.XmlAccessOrder', 'javax.xml.bind.annotation.XmlAccessType', 'javax.xml.bind.annotation.XmlAccessorOrder', - 'javax.xml.bind.annotation.XmlAccessorType', + 'javax.xml.bind.annotation.XmlAccessorType', 'javax.xml.bind.annotation.XmlAttribute', 'javax.xml.bind.annotation.XmlElement', 'javax.xml.bind.annotation.XmlElement$DEFAULT', @@ -188,7 +188,6 @@ thirdPartyAudit { 'com.google.common.hash.Striped64$Cell', 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$1', 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$2', - 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$3', 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper', 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1', 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray', diff --git a/plugins/repository-gcs/build.gradle b/plugins/repository-gcs/build.gradle index 9185499a4ed5a..c4e3e460fbfbb 100644 --- a/plugins/repository-gcs/build.gradle +++ b/plugins/repository-gcs/build.gradle @@ -52,7 +52,7 @@ opensearchplugin { dependencies { api 'com.google.cloud:google-cloud-storage:1.113.1' api 'com.google.cloud:google-cloud-core:1.93.3' - runtimeOnly 'com.google.guava:guava:30.1.1-jre' + runtimeOnly 'com.google.guava:guava:32.0.1-jre' api 'com.google.guava:failureaccess:1.0.1' api 'com.google.http-client:google-http-client:1.35.0' api "commons-logging:commons-logging:${versions.commonslogging}" @@ -116,7 +116,6 @@ thirdPartyAudit { 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray', 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$1', 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$2', - 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$3', 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper', 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1', 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray', diff --git a/plugins/repository-hdfs/build.gradle b/plugins/repository-hdfs/build.gradle index cd0066bfa6e08..671a218b67604 100644 --- a/plugins/repository-hdfs/build.gradle +++ b/plugins/repository-hdfs/build.gradle @@ -66,7 +66,7 @@ dependencies { api 'org.apache.avro:avro:1.10.2' api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}" api 'com.google.code.gson:gson:2.9.0' - runtimeOnly 'com.google.guava:guava:30.1.1-jre' + runtimeOnly 'com.google.guava:guava:32.0.1-jre' api 'com.google.protobuf:protobuf-java:3.21.7' api 'commons-logging:commons-logging:1.1.3' api 'commons-cli:commons-cli:1.2' @@ -363,7 +363,6 @@ thirdPartyAudit { 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray', 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$1', 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$2', - 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$3', 'com.google.common.hash.Striped64', 'com.google.common.hash.Striped64$1', 'com.google.common.hash.Striped64$Cell', From 5c5320f5793f52c560cc1894567df2b254edcecb Mon Sep 17 00:00:00 2001 From: Kartik Ganesh Date: Fri, 16 Jun 2023 15:18:43 -0700 Subject: [PATCH 2/2] update SHAs, and add ignoreViolations entries for ingest-attachment The update to ignoreViolations syncs this section with 2.x. This change also includes a minor correction to the changelog. Signed-off-by: Kartik Ganesh --- CHANGELOG.md | 2 +- plugins/ingest-attachment/build.gradle | 10 +++++++++- plugins/ingest-attachment/licenses/guava-18.0.jar.sha1 | 1 - .../licenses/guava-32.0.1-jre.jar.sha1 | 1 + .../repository-azure/licenses/guava-31.1-jre.jar.sha1 | 1 - .../licenses/guava-32.0.1-jre.jar.sha1 | 1 + .../repository-gcs/licenses/guava-30.1.1-jre.jar.sha1 | 1 - .../repository-gcs/licenses/guava-32.0.1-jre.jar.sha1 | 1 + .../repository-hdfs/licenses/guava-30.1.1-jre.jar.sha1 | 1 - .../repository-hdfs/licenses/guava-32.0.1-jre.jar.sha1 | 1 + 10 files changed, 14 insertions(+), 6 deletions(-) delete mode 100644 plugins/ingest-attachment/licenses/guava-18.0.jar.sha1 create mode 100644 plugins/ingest-attachment/licenses/guava-32.0.1-jre.jar.sha1 delete mode 100644 plugins/repository-azure/licenses/guava-31.1-jre.jar.sha1 create mode 100644 plugins/repository-azure/licenses/guava-32.0.1-jre.jar.sha1 delete mode 100644 plugins/repository-gcs/licenses/guava-30.1.1-jre.jar.sha1 create mode 100644 plugins/repository-gcs/licenses/guava-32.0.1-jre.jar.sha1 delete mode 100644 plugins/repository-hdfs/licenses/guava-30.1.1-jre.jar.sha1 create mode 100644 plugins/repository-hdfs/licenses/guava-32.0.1-jre.jar.sha1 diff --git a/CHANGELOG.md b/CHANGELOG.md index fa961807a6f7f..3237a37744ae7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ### Dependencies - Bump `netty` from 4.1.91.Final to 4.1.93.Final ([#7901](https://github.com/opensearch-project/OpenSearch/pull/7901)) - Bump `spock-core` from 1.3-groovy-2.5 to 2.3-groovy-2.5 ([#8119](https://github.com/opensearch-project/OpenSearch/pull/8119)) -- Bump `com.google.guava:guava` from 32.0.0-jre to 32.0.1-jre ([#8107](https://github.com/opensearch-project/OpenSearch/pull/8107)) +- Bump `com.google.guava:guava` from 31.0.1-jre to 32.0.1-jre ([#8107](https://github.com/opensearch-project/OpenSearch/pull/8107)) ### Changed diff --git a/plugins/ingest-attachment/build.gradle b/plugins/ingest-attachment/build.gradle index 869f35613b3a6..8838b83cf3350 100644 --- a/plugins/ingest-attachment/build.gradle +++ b/plugins/ingest-attachment/build.gradle @@ -122,8 +122,16 @@ thirdPartyAudit { 'com.google.common.cache.Striped64', 'com.google.common.cache.Striped64$1', 'com.google.common.cache.Striped64$Cell', + 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray', + 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$1', + 'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$2', + 'com.google.common.hash.Striped64', + 'com.google.common.hash.Striped64$1', + 'com.google.common.hash.Striped64$Cell', 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator', - 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1' + 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1', + 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper', + 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1' ) } diff --git a/plugins/ingest-attachment/licenses/guava-18.0.jar.sha1 b/plugins/ingest-attachment/licenses/guava-18.0.jar.sha1 deleted file mode 100644 index 87f7acb8158ec..0000000000000 --- a/plugins/ingest-attachment/licenses/guava-18.0.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -cce0823396aa693798f8882e64213b1772032b09 \ No newline at end of file diff --git a/plugins/ingest-attachment/licenses/guava-32.0.1-jre.jar.sha1 b/plugins/ingest-attachment/licenses/guava-32.0.1-jre.jar.sha1 new file mode 100644 index 0000000000000..80dc9e9308a6c --- /dev/null +++ b/plugins/ingest-attachment/licenses/guava-32.0.1-jre.jar.sha1 @@ -0,0 +1 @@ +6e5d51a72d142f2d40a57dfb897188b36a95b489 \ No newline at end of file diff --git a/plugins/repository-azure/licenses/guava-31.1-jre.jar.sha1 b/plugins/repository-azure/licenses/guava-31.1-jre.jar.sha1 deleted file mode 100644 index e57390ebe1299..0000000000000 --- a/plugins/repository-azure/licenses/guava-31.1-jre.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -60458f877d055d0c9114d9e1a2efb737b4bc282c \ No newline at end of file diff --git a/plugins/repository-azure/licenses/guava-32.0.1-jre.jar.sha1 b/plugins/repository-azure/licenses/guava-32.0.1-jre.jar.sha1 new file mode 100644 index 0000000000000..80dc9e9308a6c --- /dev/null +++ b/plugins/repository-azure/licenses/guava-32.0.1-jre.jar.sha1 @@ -0,0 +1 @@ +6e5d51a72d142f2d40a57dfb897188b36a95b489 \ No newline at end of file diff --git a/plugins/repository-gcs/licenses/guava-30.1.1-jre.jar.sha1 b/plugins/repository-gcs/licenses/guava-30.1.1-jre.jar.sha1 deleted file mode 100644 index 39e641fc7834f..0000000000000 --- a/plugins/repository-gcs/licenses/guava-30.1.1-jre.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -87e0fd1df874ea3cbe577702fe6f17068b790fd8 \ No newline at end of file diff --git a/plugins/repository-gcs/licenses/guava-32.0.1-jre.jar.sha1 b/plugins/repository-gcs/licenses/guava-32.0.1-jre.jar.sha1 new file mode 100644 index 0000000000000..80dc9e9308a6c --- /dev/null +++ b/plugins/repository-gcs/licenses/guava-32.0.1-jre.jar.sha1 @@ -0,0 +1 @@ +6e5d51a72d142f2d40a57dfb897188b36a95b489 \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/guava-30.1.1-jre.jar.sha1 b/plugins/repository-hdfs/licenses/guava-30.1.1-jre.jar.sha1 deleted file mode 100644 index 39e641fc7834f..0000000000000 --- a/plugins/repository-hdfs/licenses/guava-30.1.1-jre.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -87e0fd1df874ea3cbe577702fe6f17068b790fd8 \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/guava-32.0.1-jre.jar.sha1 b/plugins/repository-hdfs/licenses/guava-32.0.1-jre.jar.sha1 new file mode 100644 index 0000000000000..80dc9e9308a6c --- /dev/null +++ b/plugins/repository-hdfs/licenses/guava-32.0.1-jre.jar.sha1 @@ -0,0 +1 @@ +6e5d51a72d142f2d40a57dfb897188b36a95b489 \ No newline at end of file