Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Java] Bump org.apache.maven dependencies from 3.3.9 to 3.8.7 #40515

Closed
ianmcook opened this issue Mar 13, 2024 · 1 comment
Closed

[Java] Bump org.apache.maven dependencies from 3.3.9 to 3.8.7 #40515

ianmcook opened this issue Mar 13, 2024 · 1 comment
Assignees
@ianmcook
Labels
Component: Java Type: enhancement
Milestone
16.0.0

Comments

@ianmcook
Copy link
Member

Describe the enhancement requested

Bump /java/maven/module-info-compiler-maven-plugin/pom.xml to a higher version to address vulnerabilities identified in https://deps.dev/maven/org.apache.maven%3Amaven-core/3.3.9.

Component(s)

Java
@github-actions github-actions bot mentioned this issue Mar 13, 2024
Merged
@ianmcook ianmcook changed the title [Java] Bump org.apache.maven dependencies from 3.3.9 to a higher version [Java] Bump org.apache.maven dependencies from 3.3.9 to 3.8.7 Mar 21, 2024
@ianmcook ianmcook mentioned this issue Mar 21, 2024
Open
kou added a commit that referenced this issue Mar 22, 2024
@ianmcook @vibhatha
@kou @danepitkin
GH-40515: [Java] Bump org.apache.maven dependencies from 3.3.9 to 3.8…
5181791 
….7 (#40514)

- Updates the Maven version required in `/java/maven/module-info-compiler-maven-plugin` to 3.8.7 which addresses vulnerabilities identified by https://deps.dev/maven/org.apache.maven%3Amaven-core/3.3.9.
- Updates `.env` to use Maven version 3.8.7.
- Bumps older versions of Maven to 3.8.7 in `ci/docker/*.dockerfile`
- Updates the release verification instructions to say that Maven 3.8.7 is required.

-----
* GitHub Issue: #40515

Lead-authored-by: Ian Cook <ianmcook@gmail.com>
Co-authored-by: Vibhatha Abeykoon <vibhatha@gmail.com>
Co-authored-by: vibhatha <vibhatha@gmail.com>
Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
Co-authored-by: Dane Pitkin <48041712+danepitkin@users.noreply.github.com>
Signed-off-by: Sutou Kouhei <kou@clear-code.com>
@kou kou added this to the 16.0.0 milestone Mar 22, 2024
@kou
Copy link
Member

kou commented Mar 22, 2024

Issue resolved by pull request 40514
#40514

@kou kou closed this as completed Mar 22, 2024
lriggs pushed a commit to lriggs/arrow that referenced this issue Mar 22, 2024
@ianmcook @vibhatha
@kou @danepitkin @lriggs
apacheGH-40515: [Java] Bump org.apache.maven dependencies from 3.3.9 …
2b15982 
…to 3.8.7 (apache#40514)

- Updates the Maven version required in `/java/maven/module-info-compiler-maven-plugin` to 3.8.7 which addresses vulnerabilities identified by https://deps.dev/maven/org.apache.maven%3Amaven-core/3.3.9.
- Updates `.env` to use Maven version 3.8.7.
- Bumps older versions of Maven to 3.8.7 in `ci/docker/*.dockerfile`
- Updates the release verification instructions to say that Maven 3.8.7 is required.

-----
* GitHub Issue: apache#40515

Lead-authored-by: Ian Cook <ianmcook@gmail.com>
Co-authored-by: Vibhatha Abeykoon <vibhatha@gmail.com>
Co-authored-by: vibhatha <vibhatha@gmail.com>
Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
Co-authored-by: Dane Pitkin <48041712+danepitkin@users.noreply.github.com>
Signed-off-by: Sutou Kouhei <kou@clear-code.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ianmcook ianmcook

Labels
Component: Java Type: enhancement
Projects
None yet
Milestone
16.0.0
Development

No branches or pull requests
2 participants
@kou @ianmcook