[Task]: Upgrade vendored guava to 32.1.2-jre #27801
Description
What needs to happen?
The last time we upgraded guava was back to 2019 (v20->v26) which is 4 years old now. There are also a few (temp file) vulnerabilities since then. In general these vulnerabilities are not exploitable in Beam, as these lib are only used by Beam code, we should upgrade the vendor dependency
A good candidate is the latest 32.1.2-jre, which is also included in Google Cloud Java lib LTS 5.0: GoogleCloudPlatform/cloud-opensource-java#2343
Issue Priority
Priority: 2 (default / most normal work should be filed as P2)
Issue Components
- Component: Python SDK
- Component: Java SDK
- Component: Go SDK
- Component: Typescript SDK
- Component: IO connector
- Component: Beam examples
- Component: Beam playground
- Component: Beam katas
- Component: Website
- Component: Spark Runner
- Component: Flink Runner
- Component: Samza Runner
- Component: Twister2 Runner
- Component: Hazelcast Jet Runner
- Component: Google Cloud Dataflow Runner