deps: support java 8 by default.

diegomarquezp · web-flow · commit 440ff2226d41 · 2025-07-24T16:39:40.000-04:00
Other modules depend directly on google-http-client, which will drop support for java 7 from now on.
diff --git a/README.md b/README.md
@@ -17,14 +17,7 @@ content. The JSON and XML libraries are also fully pluggable, and they include s
 
 The library supports the following Java environments:
 
-- Java 7 or higher. The following modules require Java 8 or
-    higher due to their dependencies:
-  - google-http-client (Java 7 is supported until version [1.47.1](https://github.com/googleapis/google-http-java-client/releases/tag/v1.47.1))
-	- Note that version [TBD-1] contains Guava version `30.1.1`, which contains a [known CVE](https://www.cvedetails.com/cve/CVE-2023-2976/).
-	In order to avoid scanners from flagging this vulnerability, please upgrade your project to Java 8 and use the latest version of `google-http-client`
-  - google-http-client-apache-v5 (Java 7 is supported until version [1.47.1](https://github.com/googleapis/google-http-java-client/releases/tag/v1.47.1))
-  - google-http-client-jackson2 (Java 7 is supported until version [1.40.0](https://github.com/googleapis/google-http-java-client/releases/tag/v1.40.0) via [Jackson](https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13#compatibility-jdk-requirements))
-  - google-http-client-appengine (Java 7 [not supported](https://cloud.google.com/appengine/docs/standard/deprecations/shut-down))
+- Java 8 or higher
 - Android 4.4 (Kit Kat)
 - GoogleAppEngine Google App Engine
 
diff --git a/google-http-client-apache-v5/pom.xml b/google-http-client-apache-v5/pom.xml
@@ -98,8 +98,6 @@
     <dependency>
       <groupId>com.google.guava</groupId>
       <artifactId>guava</artifactId>
-	  <!-- We use the Java 8 compatible version due to https://www.cvedetails.com/cve/CVE-2023-2976/ -->
-	  <version>33.4.8-android</version>
     </dependency>
     <dependency>
       <groupId>org.apache.httpcomponents.client5</groupId>
diff --git a/google-http-client/pom.xml b/google-http-client/pom.xml
@@ -141,8 +141,6 @@
     <dependency>
       <groupId>com.google.guava</groupId>
       <artifactId>guava</artifactId>
-	  <!-- We use the Java 8 compatible version due to https://www.cvedetails.com/cve/CVE-2023-2976/ -->
-	  <version>33.4.8-android</version>
     </dependency>
     <dependency>
       <groupId>com.google.j2objc</groupId>
diff --git a/pom.xml b/pom.xml
@@ -554,7 +554,8 @@
     <project.gson.version>2.11.0</project.gson.version>
     <project.jackson-core2.version>2.18.2</project.jackson-core2.version>
     <project.protobuf-java.version>3.21.12</project.protobuf-java.version>
-    <project.guava.version>30.1.1-android</project.guava.version>
+	<!-- We use the Java 8 compatible version due to https://www.cvedetails.com/cve/CVE-2023-2976/ -->
+    <project.guava.version>33.4.8-android</project.guava.version>
     <project.xpp3.version>1.1.4c</project.xpp3.version>
     <project.apache-httpclient-4.version>4.5.14</project.apache-httpclient-4.version>
     <project.apache-httpcore-4.version>4.4.16</project.apache-httpcore-4.version>
