Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Java] Bump org.apache.maven dependencies from 3.3.9 to 3.8.7 #40515

Closed
ianmcook opened this issue Mar 13, 2024 · 1 comment
Closed

[Java] Bump org.apache.maven dependencies from 3.3.9 to 3.8.7 #40515

ianmcook opened this issue Mar 13, 2024 · 1 comment

Comments

@ianmcook
Copy link
Member

Describe the enhancement requested

Bump /java/maven/module-info-compiler-maven-plugin/pom.xml to a higher version to address vulnerabilities identified in https://deps.dev/maven/org.apache.maven%3Amaven-core/3.3.9.

Component(s)

Java

@ianmcook ianmcook changed the title [Java] Bump org.apache.maven dependencies from 3.3.9 to a higher version [Java] Bump org.apache.maven dependencies from 3.3.9 to 3.8.7 Mar 21, 2024
kou added a commit that referenced this issue Mar 22, 2024
….7 (#40514)

- Updates the Maven version required in `/java/maven/module-info-compiler-maven-plugin` to 3.8.7 which addresses vulnerabilities identified by https://deps.dev/maven/org.apache.maven%3Amaven-core/3.3.9.
- Updates `.env` to use Maven version 3.8.7.
- Bumps older versions of Maven to 3.8.7 in `ci/docker/*.dockerfile`
- Updates the release verification instructions to say that Maven 3.8.7 is required.

-----
* GitHub Issue: #40515

Lead-authored-by: Ian Cook <ianmcook@gmail.com>
Co-authored-by: Vibhatha Abeykoon <vibhatha@gmail.com>
Co-authored-by: vibhatha <vibhatha@gmail.com>
Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
Co-authored-by: Dane Pitkin <48041712+danepitkin@users.noreply.github.com>
Signed-off-by: Sutou Kouhei <kou@clear-code.com>
@kou kou added this to the 16.0.0 milestone Mar 22, 2024
@kou
Copy link
Member

kou commented Mar 22, 2024

Issue resolved by pull request 40514
#40514

@kou kou closed this as completed Mar 22, 2024
lriggs pushed a commit to lriggs/arrow that referenced this issue Mar 22, 2024
…to 3.8.7 (apache#40514)

- Updates the Maven version required in `/java/maven/module-info-compiler-maven-plugin` to 3.8.7 which addresses vulnerabilities identified by https://deps.dev/maven/org.apache.maven%3Amaven-core/3.3.9.
- Updates `.env` to use Maven version 3.8.7.
- Bumps older versions of Maven to 3.8.7 in `ci/docker/*.dockerfile`
- Updates the release verification instructions to say that Maven 3.8.7 is required.

-----
* GitHub Issue: apache#40515

Lead-authored-by: Ian Cook <ianmcook@gmail.com>
Co-authored-by: Vibhatha Abeykoon <vibhatha@gmail.com>
Co-authored-by: vibhatha <vibhatha@gmail.com>
Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
Co-authored-by: Dane Pitkin <48041712+danepitkin@users.noreply.github.com>
Signed-off-by: Sutou Kouhei <kou@clear-code.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants