From b62ff2ac31c6eadd25548d7d6996ebc3efefb6ba Mon Sep 17 00:00:00 2001
From: Julian Ladisch <julianladisch@users.noreply.github.com>
Date: Sun, 24 Sep 2023 00:56:17 +0200
Subject: [PATCH] Bump guava from 30.1.1-jre to 32.1.2-jre

This fixes insecure permissions of files created in the temporary
directory: https://nvd.nist.gov/vuln/detail/CVE-2023-2976

Version 32 is binary compatible with version 30 because only the
GWT jar has breaking changes:
https://github.com/google/guava/issues/2575#issuecomment-1594317981

I run CI for these repositories and found no regressions:

* vertx-config: https://github.com/julianladisch/vertx-config/actions/runs/6289869333
* vertx-grpc: https://github.com/julianladisch/vertx-grpc/actions/runs/6289478128
* vertx-zookeeper: https://github.com/julianladisch/vertx-zookeeper/actions/workflows/ci-5.x.yml

The failures in vertx-zookeeper are not regressions because they
exist with 30.1.1-jre.

I found no other Vert.x repository that uses Guava and hasn't
been removed for Vert.x 5.

Obsoletes #118
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c614a2d..da31995 100644
--- a/pom.xml
+++ b/pom.xml
@@ -884,7 +884,7 @@
       <dependency>
         <groupId>com.google.guava</groupId>
         <artifactId>guava</artifactId>
-        <version>30.1.1-jre</version>
+        <version>32.1.2-jre</version>
       </dependency>
 
       <!-- Snake YAML -->