From 4bbdca600494c625f41c1f4c03fa85d97fe42db4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn?= Date: Mon, 7 Nov 2022 16:16:10 -0800 Subject: [PATCH] [SPARK-41030][BUILD] Upgrade `Apache Ivy` to 2.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### What changes were proposed in this pull request? Upgrade `Apache Ivy` from 2.5.0 to 2.5.1 [Release notes](https://ant.apache.org/ivy/history/2.5.1/release-notes.html) ### Why are the changes needed? [CVE-2022-37865](https://www.cve.org/CVERecord?id=CVE-2022-37865) and [CVE-2022-37866](https://nvd.nist.gov/vuln/detail/CVE-2022-37866) ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA Closes #38539 from bjornjorgensen/ivy-2.5.1. Authored-by: Bjørn Signed-off-by: Dongjoon Hyun --- dev/deps/spark-deps-hadoop-2-hive-2.3 | 2 +- dev/deps/spark-deps-hadoop-3-hive-2.3 | 2 +- pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3 b/dev/deps/spark-deps-hadoop-2-hive-2.3 index 5bcff9adb729e..283d93a4e60a3 100644 --- a/dev/deps/spark-deps-hadoop-2-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-2-hive-2.3 @@ -109,7 +109,7 @@ htrace-core/3.1.0-incubating//htrace-core-3.1.0-incubating.jar httpclient/4.5.13//httpclient-4.5.13.jar httpcore/4.4.14//httpcore-4.4.14.jar istack-commons-runtime/3.0.8//istack-commons-runtime-3.0.8.jar -ivy/2.5.0//ivy-2.5.0.jar +ivy/2.5.1//ivy-2.5.1.jar jackson-annotations/2.14.0//jackson-annotations-2.14.0.jar jackson-core-asl/1.9.13//jackson-core-asl-1.9.13.jar jackson-core/2.14.0//jackson-core-2.14.0.jar diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3 index 4dad9be1d422c..fb9beebeaa02e 100644 --- a/dev/deps/spark-deps-hadoop-3-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-3-hive-2.3 @@ -97,7 +97,7 @@ httpclient/4.5.13//httpclient-4.5.13.jar httpcore/4.4.14//httpcore-4.4.14.jar ini4j/0.5.4//ini4j-0.5.4.jar istack-commons-runtime/3.0.8//istack-commons-runtime-3.0.8.jar -ivy/2.5.0//ivy-2.5.0.jar +ivy/2.5.1//ivy-2.5.1.jar jackson-annotations/2.14.0//jackson-annotations-2.14.0.jar jackson-core-asl/1.9.13//jackson-core-asl-1.9.13.jar jackson-core/2.14.0//jackson-core-2.14.0.jar diff --git a/pom.xml b/pom.xml index efed02d9104d8..1c4946694554e 100644 --- a/pom.xml +++ b/pom.xml @@ -139,7 +139,7 @@ 9.4.49.v20220914 4.0.3 0.10.0 - 2.5.0 + 2.5.1 2.0.8