[zeppelin] branch master updated: [ZEPPELIN-5829] upgrade gson to 2.8.9 due to CVE-2022-25647 (#4476)

[pdallig]

This is an automated email from the ASF dual-hosted git repository.

pdallig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git


The following commit(s) were added to refs/heads/master by this push:
 new bf5c66672a [ZEPPELIN-5829] upgrade gson to 2.8.9 due to CVE-2022-25647 
(#4476)
bf5c66672a is described below

commit bf5c66672a31e513a2589a1d1355ffbfd420ff42
Author: Guanhua Li 
AuthorDate: Thu Oct 13 20:08:17 2022 +0800

[ZEPPELIN-5829] upgrade gson to 2.8.9 due to CVE-2022-25647 (#4476)
---
 bigquery/pom.xml | 1 -
 influxdb/pom.xml | 3 +--
 pom.xml  | 2 +-
 shell/pom.xml| 1 -
 zeppelin-distribution/src/bin_license/LICENSE| 2 +-
 .../bin_license/licenses/{LICENSE-gson-2.2 => LICENSE-gson-2.8.9}| 5 ++---
 zeppelin-integration/pom.xml | 2 +-
 7 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/bigquery/pom.xml b/bigquery/pom.xml
index c3d0f95ae3..93d6deb849 100644
--- a/bigquery/pom.xml
+++ b/bigquery/pom.xml
@@ -39,7 +39,6 @@
 
 
 v2-rev20190917-1.30.3
-2.8.9
 24.1.1-jre
 
 bigquery
diff --git a/influxdb/pom.xml b/influxdb/pom.xml
index cbeec24a23..bc4e9a3852 100644
--- a/influxdb/pom.xml
+++ b/influxdb/pom.xml
@@ -37,7 +37,6 @@
 UTF-8
 1.7.0
 3.13.1
-2.8.9
 
 
 
@@ -49,7 +48,7 @@
 
 com.google.code.gson
 gson
-${dependency.gson.version}
+${gson.version}
 
 
 com.squareup.okhttp3
diff --git a/pom.xml b/pom.xml
index 432eeb40d8..362714518d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -115,7 +115,7 @@
 1.2.17
 0.13.0
 0.62.2
-2.8.6
+2.8.9
 0.2.2
 9.4.43.v20210629
 4.4.1
diff --git a/shell/pom.xml b/shell/pom.xml
index dbc048be5e..f4d1343725 100644
--- a/shell/pom.xml
+++ b/shell/pom.xml
@@ -38,7 +38,6 @@
 0.9.3
 2.4.0
 24.1.1-jre
-2.8.9
   
 
   
diff --git a/zeppelin-distribution/src/bin_license/LICENSE 
b/zeppelin-distribution/src/bin_license/LICENSE
index bd52986b8b..7f90d43bdd 100644
--- a/zeppelin-distribution/src/bin_license/LICENSE
+++ b/zeppelin-distribution/src/bin_license/LICENSE
@@ -1,7 +1,7 @@
 The following components are provided under Apache License.
 
 (Apache 2.0) nvd3.js v1.7.1 (http://nvd3.org/) - 
https://github.com/novus/nvd3/blob/v1.7.1/LICENSE.md
-(Apache 2.0) gson v2.2 (com.google.code.gson:gson:jar:2.2 - 
https://github.com/google/gson) - 
https://github.com/google/gson/blob/gson-2.2/LICENSE
+(Apache 2.0) gson v2.8.9 (com.google.code.gson:gson:jar:2.8.9 - 
https://github.com/google/gson) - 
https://github.com/google/gson/blob/gson-parent-2.8.9/LICENSE
 (Apache 2.0) Amazon Web Services SDK for Java v1.11.736 
(https://aws.amazon.com/sdk-for-java/) - 
https://raw.githubusercontent.com/aws/aws-sdk-java/1.11.736/LICENSE.txt
 (Apache 2.0) JavaEWAH v0.7.9 (https://github.com/lemire/javaewah) - 
https://github.com/lemire/javaewah/blob/master/LICENSE-2.0.txt
 (Apache 2.0) Apache Commons Logging (commons-logging:commons-logging:1.1.1 
- http://commons.apache.org/proper/commons-logging/)
diff --git a/zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.2 
b/zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.8.9
similarity index 99%
rename from zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.2
rename to zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.8.9
index 8763058a27..7a4a3ea242 100644
--- a/zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.2
+++ b/zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.8.9
@@ -1,4 +1,3 @@
-Google Gson
 
  Apache License
Version 2.0, January 2004
@@ -188,7 +187,7 @@ Google Gson
   same "printed page" as the copyright notice for easier
   identification within third-party archives.
 
-   Copyright 2008-2011 Google Inc.
+   Copyright [] [name of copyright owner]
 
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -200,4 +199,4 @@ Google Gson
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
\ No newline at end of file
diff --git a/zeppelin-integration/pom.xml b/zeppelin-integration/pom.xml
index 9a589a716f..15d9907339 100644
--- a/zeppelin-integration/pom.xml
+++ b/zeppelin-integration/pom.xml
@@ -51,7 +51,7 @@
 
   com.google.code.gson
   

[zeppelin] branch dependabot/maven/bigquery/com.google.guava-guava-29.0-jre updated (ce654bb375 -> 561bb35ba6)

[github-bot]

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a change to branch 
dependabot/maven/bigquery/com.google.guava-guava-29.0-jre
in repository https://gitbox.apache.org/repos/asf/zeppelin.git


 discard ce654bb375 Bump guava from 24.1.1-jre to 29.0-jre in /bigquery
 add b8913a1ec3 update livy archive name (#4470)
 add bf5c66672a [ZEPPELIN-5829] upgrade gson to 2.8.9 due to CVE-2022-25647 
(#4476)
 add 561bb35ba6 Bump guava from 24.1.1-jre to 29.0-jre in /bigquery

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (ce654bb375)
\
 N -- N -- N   
refs/heads/dependabot/maven/bigquery/com.google.guava-guava-29.0-jre 
(561bb35ba6)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

No new revisions were added by this update.

Summary of changes:
 bigquery/pom.xml   |   1 -
 influxdb/pom.xml   |   3 +-
 pom.xml|   2 +-
 shell/pom.xml  |   1 -
 testing/downloadLivy.sh|   2 +-
 zeppelin-distribution/src/bin_license/LICENSE  |   2 +-
 .../src/bin_license/licenses/LICENSE-gson-2.2  | 203 -
 ...ENSE-azure-storage-4.0.0 => LICENSE-gson-2.8.9} |   0
 zeppelin-integration/pom.xml   |   2 +-
 9 files changed, 5 insertions(+), 211 deletions(-)
 delete mode 100644 
zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.2
 copy 
zeppelin-distribution/src/bin_license/licenses/{LICENSE-azure-storage-4.0.0 => 
LICENSE-gson-2.8.9} (100%)

[zeppelin] branch dependabot/maven/shell/com.google.guava-guava-29.0-jre updated (3d6788932c -> d9cf24d5bf)

[github-bot]

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a change to branch 
dependabot/maven/shell/com.google.guava-guava-29.0-jre
in repository https://gitbox.apache.org/repos/asf/zeppelin.git


 discard 3d6788932c Bump guava from 24.1.1-jre to 29.0-jre in /shell
 add b8913a1ec3 update livy archive name (#4470)
 add bf5c66672a [ZEPPELIN-5829] upgrade gson to 2.8.9 due to CVE-2022-25647 
(#4476)
 add d9cf24d5bf Bump guava from 24.1.1-jre to 29.0-jre in /shell

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (3d6788932c)
\
 N -- N -- N   
refs/heads/dependabot/maven/shell/com.google.guava-guava-29.0-jre (d9cf24d5bf)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

No new revisions were added by this update.

Summary of changes:
 bigquery/pom.xml   |   1 -
 influxdb/pom.xml   |   3 +-
 pom.xml|   2 +-
 shell/pom.xml  |   1 -
 testing/downloadLivy.sh|   2 +-
 zeppelin-distribution/src/bin_license/LICENSE  |   2 +-
 .../src/bin_license/licenses/LICENSE-gson-2.2  | 203 -
 ...ENSE-azure-storage-4.0.0 => LICENSE-gson-2.8.9} |   0
 zeppelin-integration/pom.xml   |   2 +-
 9 files changed, 5 insertions(+), 211 deletions(-)
 delete mode 100644 
zeppelin-distribution/src/bin_license/licenses/LICENSE-gson-2.2
 copy 
zeppelin-distribution/src/bin_license/licenses/{LICENSE-azure-storage-4.0.0 => 
LICENSE-gson-2.8.9} (100%)