HADOOP-18721. Upgrade guava in hadoop-thirdparty to 31.1-jre (#22)
This fixes CVE-2020-8908
Contributed by Murali Krishna
diff --git a/LICENSE-binary b/LICENSE-binary
index 978d1d7..f89a6b6 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -205,7 +205,7 @@
This project bundles some components that are also licensed under the Apache
License Version 2.0:
-com.google.guava:guava:jar:30.1.1-jre
+com.google.guava:guava:jar:31.1-jre
com.google.j2objc:j2objc-annotations:1.3
com.google.errorprone:error_prone_annotations:2.5.1
@@ -222,4 +222,4 @@
MIT License
-----------
-org.checkerframework:checker-qual:jar:3.8.0
\ No newline at end of file
+org.checkerframework:checker-qual:jar:3.8.0
diff --git a/pom.xml b/pom.xml
index f3dc946..e57d198 100644
--- a/pom.xml
+++ b/pom.xml
@@ -95,7 +95,7 @@
<shaded.prefix>org.apache.hadoop.thirdparty</shaded.prefix>
<protobuf.shade.prefix>${shaded.prefix}.protobuf</protobuf.shade.prefix>
<protobuf_3_7.version>3.7.1</protobuf_3_7.version>
- <guava.version>30.1.1-jre</guava.version>
+ <guava.version>31.1-jre</guava.version>
<avro.version>1.11.1</avro.version>
<!-- maven plugin versions -->
