deps: Update Guava to 32.0.0 (#12953)

Updates Guava to [32.0.0](https://github.com/google/guava/releases/tag/v32.0.0) to include fixes for CVE-2020-8908 and CVE-2023-2976 (google/guava#2575) which affects certain builds with shaded usage, e.g ruby via jruby/java platform such as https://rubygems.org/gems/google-protobuf/versions/3.23.2-java - Protobuf does not appear to (directly) use the affected `Files.createTempDir` or `FileBackedOutputStream` code which might behave differently on Windows. - Referred to #9707 and #9757 for reference - Updated transitive dependency versions match https://mvnrepository.com/artifact/com.google.guava/guava/32.0.0-jre (note major version change for `j2objc-annotations` from `1.3` --> `2.8`) May need backporting to `23.x` branch if sufficiently compatible. Closes #12953 COPYBARA_INTEGRATE_REVIEW=#12953 from chadlwilson:update-guava-32 9c396b6 PiperOrigin-RevId: 538666552
protocolbuffers · Jun 8, 2023 · cd615a8 · cd615a8
1 parent 460173d
commit cd615a8
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 77 deletions.
diff --git a/java/pom.xml b/java/pom.xml
@@ -87,12 +87,12 @@
       <dependency>
         <groupId>com.google.guava</groupId>
         <artifactId>guava</artifactId>
-        <version>31.1-android</version>
+        <version>32.0.0-android</version>
       </dependency>
       <dependency>
         <groupId>com.google.guava</groupId>
         <artifactId>guava-testlib</artifactId>
-        <version>31.1-android</version>
+        <version>32.0.0-android</version>
         <scope>test</scope>
       </dependency>
       <dependency>

diff --git a/java/util/pom.xml b/java/util/pom.xml
@@ -30,7 +30,7 @@
     <dependency>
       <groupId>com.google.j2objc</groupId>
       <artifactId>j2objc-annotations</artifactId>
-      <version>1.3</version>
+      <version>2.8</version>
     </dependency>
     <dependency>
       <groupId>com.google.code.findbugs</groupId>