3.x: Update guava to 33.3.1-jre #774
Conversation
It fixes ~8 vulnurabilities that comming from guava dependency.
| // Guava < 22.0 | ||
| return hostAndPort.getHostText(); | ||
| } | ||
| // Guava >= 20.0 |
There was a problem hiding this comment.
Javadoc comment states that "driver is compatible with Guava 19.0 or higher", but the comment above contradicts it. Is Guava 19.0 supported?
| * Returns the portion of the given {@link HostAndPort} instance that should represent the | ||
| * hostname or IPv4/IPv6 literal. | ||
| * | ||
| * <p>The method {@code HostAndPort.getHostText} has been replaced with {@code |
There was a problem hiding this comment.
I think reference to removed HostAndPort.getHostText can be dropped now.
There was a problem hiding this comment.
Pull request overview
This PR updates the Guava dependency from version 19.0 to 33.3.1-jre to address approximately 8 security vulnerabilities. The update includes removing legacy compatibility code for older Guava versions (< 19.0) and migrating from deprecated APIs to their modern equivalents.
- Updates Guava dependency version from 19.0 to 33.3.1-jre
- Removes legacy compatibility layer for Guava versions below 19.0
- Migrates from deprecated
immediateCheckedFuturetoimmediateFutureAPI
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| pom.xml | Updates Guava version property and Javadoc API documentation link to 33.3.1-jre |
| driver-core/src/main/java/com/datastax/driver/core/GuavaCompatibility.java | Removes legacy Guava < 19 compatibility code, simplifies version detection, removes unused imports, and updates documentation |
| driver-core/src/test/java/com/datastax/driver/core/AbstractReconnectionHandlerTest.java | Migrates from deprecated Futures.immediateCheckedFuture() to Futures.immediateFuture() |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
It fixes ~8 vulnurabilities that comming from guava dependency.