This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new f6e0b3906d5 [SPARK-44316][BUILD] Upgrade Jersey to 2.40
f6e0b3906d5 is described below
commit f6e0b3906d533ab719f2423bd136d79215bfa315
Author: panbingkun <[email protected]>
AuthorDate: Thu Jul 6 09:19:10 2023 -0700
[SPARK-44316][BUILD] Upgrade Jersey to 2.40
### What changes were proposed in this pull request?
The pr aims to upgrade Jersey from 2.36 to 2.40.
### Why are the changes needed?
1.This version adapts to ASM9.5, which is also used by Spark currently
[Adopt ASM 9.5](https://github.com/eclipse-ee4j/jersey/pull/5305)
2.Also fix some bugs, eg:
[Fix possible NPE in netty
client](https://github.com/eclipse-ee4j/jersey/pull/5330)
[Get media type fix](https://github.com/eclipse-ee4j/jersey/pull/5282)
3.Security vulnerability fix:
[CVE for dependency
jackson-databind](https://github.com/eclipse-ee4j/jersey/issues/5225)
4.Full Release Notes:
https://github.com/eclipse-ee4j/jersey/releases/tag/2.40
https://github.com/eclipse-ee4j/jersey/releases/tag/2.39
https://github.com/eclipse-ee4j/jersey/releases/tag/2.38
https://github.com/eclipse-ee4j/jersey/releases/tag/2.37
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
Pass GA.
Closes #41874 from panbingkun/SPARK-44316.
Authored-by: panbingkun <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
---
dev/deps/spark-deps-hadoop-3-hive-2.3 | 14 +++++++-------
pom.xml | 6 +++++-
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3
b/dev/deps/spark-deps-hadoop-3-hive-2.3
index 1b91686ed4d..663d4441ed8 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -112,19 +112,19 @@
jakarta.validation-api/2.0.2//jakarta.validation-api-2.0.2.jar
jakarta.ws.rs-api/2.1.6//jakarta.ws.rs-api-2.1.6.jar
jakarta.xml.bind-api/2.3.2//jakarta.xml.bind-api-2.3.2.jar
janino/3.1.9//janino-3.1.9.jar
-javassist/3.25.0-GA//javassist-3.25.0-GA.jar
+javassist/3.29.2-GA//javassist-3.29.2-GA.jar
javax.jdo/3.2.0-m3//javax.jdo-3.2.0-m3.jar
javolution/5.5.1//javolution-5.5.1.jar
jaxb-runtime/2.3.2//jaxb-runtime-2.3.2.jar
jcl-over-slf4j/2.0.7//jcl-over-slf4j-2.0.7.jar
jdo-api/3.0.1//jdo-api-3.0.1.jar
jdom2/2.0.6//jdom2-2.0.6.jar
-jersey-client/2.36//jersey-client-2.36.jar
-jersey-common/2.36//jersey-common-2.36.jar
-jersey-container-servlet-core/2.36//jersey-container-servlet-core-2.36.jar
-jersey-container-servlet/2.36//jersey-container-servlet-2.36.jar
-jersey-hk2/2.36//jersey-hk2-2.36.jar
-jersey-server/2.36//jersey-server-2.36.jar
+jersey-client/2.40//jersey-client-2.40.jar
+jersey-common/2.40//jersey-common-2.40.jar
+jersey-container-servlet-core/2.40//jersey-container-servlet-core-2.40.jar
+jersey-container-servlet/2.40//jersey-container-servlet-2.40.jar
+jersey-hk2/2.40//jersey-hk2-2.40.jar
+jersey-server/2.40//jersey-server-2.40.jar
jettison/1.5.4//jettison-1.5.4.jar
jetty-util-ajax/9.4.51.v20230217//jetty-util-ajax-9.4.51.v20230217.jar
jetty-util/9.4.51.v20230217//jetty-util-9.4.51.v20230217.jar
diff --git a/pom.xml b/pom.xml
index bc14cdd584e..96375ea904d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -196,7 +196,11 @@
<datanucleus-core.version>4.1.17</datanucleus-core.version>
<guava.version>14.0.1</guava.version>
<janino.version>3.1.9</janino.version>
- <jersey.version>2.36</jersey.version>
+ <!--
+ Please don't upgrade the version to 3.0.0+,
+ Because it transition Jakarta REST API from javax to jakarta package.
+ -->
+ <jersey.version>2.40</jersey.version>
<joda.version>2.12.5</joda.version>
<jodd.version>3.5.2</jodd.version>
<jsr305.version>3.0.0</jsr305.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
