Bump guava from 30.1.1-jre to 31.1-jre #118

dependabot · 2023-02-10T01:06:52Z

Bumps guava from 30.1.1-jre to 31.1-jre.

Release notes

31.1

Maven
<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>31.1-jre</version>
  
  <version>31.1-android</version>
</dependency>
Jar files

31.1-jre.jar

31.1-android.jar

Guava requires one runtime dependency, which you can download here:

failureaccess-1.0.1.jar

Javadoc

31.1-jre

31.1-android

JDiff

31.1-jre vs. 31.0.1-jre

31.1-android vs. 31.0.1-android

31.1-android vs. 31.1-jre

Changelog

base: Deprecated the Throwables methods lazyStackTrace and lazyStackTraceIsLazy. They are no longer useful on any current platform. (6ebd7d8648)

collect: Added a new method ImmutableMap.Builder.buildKeepingLast(), which keeps the last value for any given key rather than throwing an exception when a key appears more than once. (68500b2c09)

collect: As a side-effect of the buildKeepingLast() change, the idiom ImmutableList.copyOf(Maps.transformValues(map, function)) may produce different results if function has side-effects. (This is not recommended.) (68500b2c09)

hash: Added Hashing.fingerprint2011(). (13f703c25f)

io: Changed ByteStreams.nullOutputStream() to follow the contract of OutputStream.write by throwing an exception if the range of bytes is out of bounds. (1cd85d01c9)

net: Added @CheckReturnValue to the package (with a few exceptions). (a0e2577de6)

net: Added HttpHeaders constant for Access-Control-Allow-Private-Network. (6dabbdf9c9)

util.concurrent: Added accumulate/update methods for AtomicDouble and AtomicDoubleArray. (2d875d327a)

APIs promoted from @Beta

base: Throwables methods getCausalChain and getCauseAs (dd462afa6b)

collect: Streams methods mapWithIndex and findLast (8079a29463)

collect: the remaining methods in Comparators: min, max, lexicographical, emptiesFirst, emptiesLast, isInOrder, isInStrictOrder (a3e411c3a4)

escape: various APIs (468c68a6ac)

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [guava](https://github.com/google/guava) from 30.1.1-jre to 31.1-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

julianladisch · 2023-09-23T14:41:08Z

I support this dependency upgrade.

vietj · 2023-09-23T19:50:52Z

such upgrade need to be carefully done because it might break other dependencies as its widely used, guava is also quite famous imho for its breaking changes

This fixes insecure permissions of files created in the temporary directory: https://nvd.nist.gov/vuln/detail/CVE-2023-2976 Version 32 is binary compatible with version 30 because only the GWT jar has breaking changes: google/guava#2575 (comment) I run CI for these repositories and found no regressions: * vertx-config: https://github.com/julianladisch/vertx-config/actions/runs/6289869333 * vertx-grpc: https://github.com/julianladisch/vertx-grpc/actions/runs/6289478128 * vertx-zookeeper: https://github.com/julianladisch/vertx-zookeeper/actions/workflows/ci-5.x.yml The failures in vertx-zookeeper are not regressions because they exist with 30.1.1-jre. I found no other Vert.x repository that uses Guava and hasn't been removed for Vert.x 5. Obsoletes vert-x3#118

This fixes insecure permissions of files created in the temporary directory: https://nvd.nist.gov/vuln/detail/CVE-2023-2976 Version 32 is binary compatible with version 30 because only the GWT jar has breaking changes: google/guava#2575 (comment) I run CI for these repositories and found no regressions: * vertx-config: https://github.com/julianladisch/vertx-config/actions/runs/6289869333 * vertx-grpc: https://github.com/julianladisch/vertx-grpc/actions/runs/6289478128 * vertx-zookeeper: https://github.com/julianladisch/vertx-zookeeper/actions/workflows/ci-5.x.yml The failures in vertx-zookeeper are not regressions because they exist with 30.1.1-jre. I found no other Vert.x repository that uses Guava and hasn't been removed for Vert.x 5. Obsoletes #118

dependabot · 2023-10-06T14:18:20Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

This fixes insecure permissions of files created in the temporary directory: https://nvd.nist.gov/vuln/detail/CVE-2023-2976 Version 32 is binary compatible with version 30 because only the GWT jar has breaking changes: google/guava#2575 (comment) I run CI for these repositories and found no regressions: * vertx-config: https://github.com/julianladisch/vertx-config/actions/runs/6289869333 * vertx-grpc: https://github.com/julianladisch/vertx-grpc/actions/runs/6289478128 * vertx-zookeeper: https://github.com/julianladisch/vertx-zookeeper/actions/workflows/ci-5.x.yml The failures in vertx-zookeeper are not regressions because they exist with 30.1.1-jre. I found no other Vert.x repository that uses Guava and hasn't been removed for Vert.x 5. Obsoletes #118

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 10, 2023

julianladisch mentioned this pull request Sep 24, 2023

Bump guava from 30.1.1-jre to 32.1.2-jre #146

Merged

vietj closed this Oct 6, 2023

dependabot bot deleted the dependabot/maven/com.google.guava-guava-31.1-jre branch October 6, 2023 14:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump guava from 30.1.1-jre to 31.1-jre #118

Bump guava from 30.1.1-jre to 31.1-jre #118

dependabot bot commented on behalf of github Feb 10, 2023

julianladisch commented Sep 23, 2023

vietj commented Sep 23, 2023

dependabot bot commented on behalf of github Oct 6, 2023

Bump guava from 30.1.1-jre to 31.1-jre #118

Bump guava from 30.1.1-jre to 31.1-jre #118

Conversation

dependabot bot commented on behalf of github Feb 10, 2023

31.1

Maven

Jar files

Javadoc

JDiff

Changelog

APIs promoted from @Beta

julianladisch commented Sep 23, 2023

vietj commented Sep 23, 2023

dependabot bot commented on behalf of github Oct 6, 2023

APIs promoted from `@Beta`