Bump version to fix 3rd-party components' vulnerabilities

HongW2019 · HongW2019 · commit 2eeded12b6dc · 2022-03-31T17:03:35.000+08:00
diff --git a/LICENSE.txt b/LICENSE.txt
@@ -1768,7 +1768,7 @@ library in certain binary distributions, like the python wheels. In the future
 this will likely change to static linkage. zlib has the following license:
 
 zlib.h -- interface of the 'zlib' general purpose compression library
-  version 1.2.11, January 15th, 2017
+  version 1.2.12, March 27, 2022
 
   Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler
 
diff --git a/cpp/thirdparty/versions.txt b/cpp/thirdparty/versions.txt
@@ -55,7 +55,7 @@ ARROW_THRIFT_BUILD_VERSION=0.13.0
 ARROW_THRIFT_BUILD_MD5_CHECKSUM=38a27d391a2b03214b444cb13d5664f1
 ARROW_UTF8PROC_BUILD_VERSION=v2.6.1
 ARROW_XSIMD_BUILD_VERSION=e9234cd6e6f4428fc260073b2c34ffe86fda1f34
-ARROW_ZLIB_BUILD_VERSION=1.2.11
+ARROW_ZLIB_BUILD_VERSION=1.2.12
 ARROW_ZSTD_BUILD_VERSION=v1.4.8
 ARROW_FASTPFOR_BUILD_VERSION=2e836403e964708730da4e81c302939b1878c927
 
diff --git a/go/arrow/LICENSE.txt b/go/arrow/LICENSE.txt
@@ -1612,7 +1612,7 @@ library in certain binary distributions, like the python wheels. In the future
 this will likely change to static linkage. zlib has the following license:
 
 zlib.h -- interface of the 'zlib' general purpose compression library
-  version 1.2.11, January 15th, 2017
+   version 1.2.12, March 27, 2022
 
   Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler
 
diff --git a/go/parquet/LICENSE.txt b/go/parquet/LICENSE.txt
@@ -1612,7 +1612,7 @@ library in certain binary distributions, like the python wheels. In the future
 this will likely change to static linkage. zlib has the following license:
 
 zlib.h -- interface of the 'zlib' general purpose compression library
-  version 1.2.11, January 15th, 2017
+   version 1.2.12, March 27, 2022
 
   Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler
 
diff --git a/java/vector/pom.xml b/java/vector/pom.xml
@@ -77,7 +77,7 @@
     <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-compress</artifactId>
-      <version>1.20</version>
+      <version>1.21</version>
     </dependency>
   </dependencies>
 
diff --git a/python/pyarrow/tests/parquet/test_basic.py b/python/pyarrow/tests/parquet/test_basic.py
@@ -339,7 +339,7 @@ def test_compression_level(use_legacy_dataset):
     # Uncompressed, snappy, lz4 and lzo do not support specifying a compression
     # level.
     # GZIP (zlib) allows for specifying a compression level but as of up
-    # to version 1.2.11 the valid range is [-1, 9].
+    # to version 1.2.12 the valid range is [-1, 9].
     invalid_combinations = [("snappy", 4), ("lz4", 5), ("gzip", -1337),
                             ("None", 444), ("lzo", 14)]
     buf = io.BytesIO()
diff --git a/rust/ballista/docker/rust-base.dockerfile b/rust/ballista/docker/rust-base.dockerfile
@@ -59,7 +59,7 @@ RUN echo "Building OpenSSL" && \
 
 RUN echo "Building zlib" && \
     cd /tmp && \
-    ZLIB_VERSION=1.2.11 && \
+    ZLIB_VERSION=1.2.12 && \
     curl -LO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
     tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
     CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
