From d0bd90228f83b5d00c5088087c1b15c4100c016a Mon Sep 17 00:00:00 2001 From: panbingkun Date: Thu, 6 Jul 2023 09:19:10 -0700 Subject: [PATCH] [SPARK-44316][BUILD] Upgrade Jersey to 2.40 ### What changes were proposed in this pull request? The pr aims to upgrade Jersey from 2.36 to 2.40. ### Why are the changes needed? 1.This version adapts to ASM9.5, which is also used by Spark currently [Adopt ASM 9.5](https://github.com/eclipse-ee4j/jersey/pull/5305) 2.Also fix some bugs, eg: [Fix possible NPE in netty client](https://github.com/eclipse-ee4j/jersey/pull/5330) [Get media type fix](https://github.com/eclipse-ee4j/jersey/pull/5282) 3.Security vulnerability fix: [CVE for dependency jackson-databind](https://github.com/eclipse-ee4j/jersey/issues/5225) 4.Full Release Notes: https://github.com/eclipse-ee4j/jersey/releases/tag/2.40 https://github.com/eclipse-ee4j/jersey/releases/tag/2.39 https://github.com/eclipse-ee4j/jersey/releases/tag/2.38 https://github.com/eclipse-ee4j/jersey/releases/tag/2.37 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA. Closes #41874 from panbingkun/SPARK-44316. Authored-by: panbingkun Signed-off-by: Dongjoon Hyun --- dev/deps/spark-deps-hadoop-3-hive-2.3 | 14 +++++++------- pom.xml | 6 +++++- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3 index 1b91686ed4db0..663d4441ed8df 100644 --- a/dev/deps/spark-deps-hadoop-3-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-3-hive-2.3 @@ -112,19 +112,19 @@ jakarta.validation-api/2.0.2//jakarta.validation-api-2.0.2.jar jakarta.ws.rs-api/2.1.6//jakarta.ws.rs-api-2.1.6.jar jakarta.xml.bind-api/2.3.2//jakarta.xml.bind-api-2.3.2.jar janino/3.1.9//janino-3.1.9.jar -javassist/3.25.0-GA//javassist-3.25.0-GA.jar +javassist/3.29.2-GA//javassist-3.29.2-GA.jar javax.jdo/3.2.0-m3//javax.jdo-3.2.0-m3.jar javolution/5.5.1//javolution-5.5.1.jar jaxb-runtime/2.3.2//jaxb-runtime-2.3.2.jar jcl-over-slf4j/2.0.7//jcl-over-slf4j-2.0.7.jar jdo-api/3.0.1//jdo-api-3.0.1.jar jdom2/2.0.6//jdom2-2.0.6.jar -jersey-client/2.36//jersey-client-2.36.jar -jersey-common/2.36//jersey-common-2.36.jar -jersey-container-servlet-core/2.36//jersey-container-servlet-core-2.36.jar -jersey-container-servlet/2.36//jersey-container-servlet-2.36.jar -jersey-hk2/2.36//jersey-hk2-2.36.jar -jersey-server/2.36//jersey-server-2.36.jar +jersey-client/2.40//jersey-client-2.40.jar +jersey-common/2.40//jersey-common-2.40.jar +jersey-container-servlet-core/2.40//jersey-container-servlet-core-2.40.jar +jersey-container-servlet/2.40//jersey-container-servlet-2.40.jar +jersey-hk2/2.40//jersey-hk2-2.40.jar +jersey-server/2.40//jersey-server-2.40.jar jettison/1.5.4//jettison-1.5.4.jar jetty-util-ajax/9.4.51.v20230217//jetty-util-ajax-9.4.51.v20230217.jar jetty-util/9.4.51.v20230217//jetty-util-9.4.51.v20230217.jar diff --git a/pom.xml b/pom.xml index bc14cdd584e0e..96375ea904dd8 100644 --- a/pom.xml +++ b/pom.xml @@ -196,7 +196,11 @@ 4.1.17 14.0.1 3.1.9 - 2.36 + + 2.40 2.12.5 3.5.2 3.0.0