From 3f456fe3050604436695c6d6d741f577c4293d4a Mon Sep 17 00:00:00 2001
From: Suneet Saldanha <suneet@apache.org>
Date: Mon, 26 Jul 2021 14:54:32 -0700
Subject: [PATCH] Address CVE-2021-35515 CVE-2021-36090 (#11496)

* Address CVE-2021-35515 CVE-2021-36090

Bump commons-compress to deal with new CVEs

* fix licenses
---
 licenses.yaml | 16 +---------------
 pom.xml       |  2 +-
 2 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/licenses.yaml b/licenses.yaml
index acc6470b47d..88f6bf2206d 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -621,7 +621,7 @@ name: Apache Commons Compress
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 1.18
+version: 1.21
 libraries:
   - org.apache.commons: commons-compress
 notices:
@@ -3002,20 +3002,6 @@ notices:
 
 ---
 
-name: Apache Commons Compress
-license_category: binary
-module: hadoop-client
-license_name: Apache License version 2.0
-version: 1.19
-libraries:
-  - org.apache.commons: commons-compress
-notices:
-  - commons-compress: |
-      Apache Commons Compress
-      Copyright 2002-2012 The Apache Software Foundation
-
----
-
 name: Apache Commons Math
 license_category: binary
 module: hadoop-client
diff --git a/pom.xml b/pom.xml
index eb066a43050..6313a878212 100644
--- a/pom.xml
+++ b/pom.xml
@@ -436,7 +436,7 @@
             <dependency>
                 <groupId>org.apache.commons</groupId>
                 <artifactId>commons-compress</artifactId>
-                <version>1.19</version>
+                <version>1.21</version>
             </dependency>
             <dependency>
                 <groupId>org.tukaani</groupId>