From d5a22e8803fb3d120bfe7094d2baa720fc9cc8e1 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com>
Date: Fri, 9 May 2025 21:15:10 +0000
Subject: [PATCH 1/2] tez/0.10.4-r7: fix GHSA-4g8c-wm8x-jfhw

---
 tez.yaml              | 2 +-
 tez/pombump-deps.yaml | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/tez.yaml b/tez.yaml
index 6714fd0775c..30810da2f7c 100644
--- a/tez.yaml
+++ b/tez.yaml
@@ -1,7 +1,7 @@
 package:
   name: tez
   version: 0.10.4
-  epoch: 7
+  epoch: 8
   description: Apache Tez
   copyright:
     - license: Apache-2.0
diff --git a/tez/pombump-deps.yaml b/tez/pombump-deps.yaml
index 9f3f9b67c0b..7b7a467d368 100644
--- a/tez/pombump-deps.yaml
+++ b/tez/pombump-deps.yaml
@@ -2,3 +2,6 @@ patches:
     - groupId: org.eclipse.jetty
       artifactId: jetty-server
       version: 9.4.57.v20241219
+    - groupId: io.netty
+      artifactId: netty-handler
+      version: 4.1.118.Final

From f44d663eb35c9f9baa1099f9484e1011876b6d7b Mon Sep 17 00:00:00 2001
From: Kyle Steere <kyle.steere@chainguard.dev>
Date: Tue, 13 May 2025 15:12:16 -0500
Subject: [PATCH 2/2] fixed build errors and changed patch-file

Signed-off-by: Kyle Steere <kyle.steere@chainguard.dev>
---
 tez.yaml                    |  2 +-
 tez/patches.yaml            |  5 -----
 tez/pombump-deps.yaml       | 12 ++++++------
 tez/pombump-properties.yaml |  2 ++
 4 files changed, 9 insertions(+), 12 deletions(-)
 delete mode 100644 tez/patches.yaml

diff --git a/tez.yaml b/tez.yaml
index 30810da2f7c..7e303c0a543 100644
--- a/tez.yaml
+++ b/tez.yaml
@@ -27,7 +27,7 @@ pipeline:
 
   - uses: maven/pombump
     with:
-      patch-file: patches.yaml
+      patch-file: pombump-deps.yaml
       properties-file: pombump-properties.yaml
 
   - runs: |
diff --git a/tez/patches.yaml b/tez/patches.yaml
deleted file mode 100644
index 4a706e99425..00000000000
--- a/tez/patches.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-patches:
-# CVE-2024-7254
-- groupId: com.google.protobuf
-  artifactId: protobuf-java
-  version: 3.25.5
diff --git a/tez/pombump-deps.yaml b/tez/pombump-deps.yaml
index 7b7a467d368..d2881c63a7f 100644
--- a/tez/pombump-deps.yaml
+++ b/tez/pombump-deps.yaml
@@ -1,7 +1,7 @@
 patches:
-    - groupId: org.eclipse.jetty
-      artifactId: jetty-server
-      version: 9.4.57.v20241219
-    - groupId: io.netty
-      artifactId: netty-handler
-      version: 4.1.118.Final
+    - groupId: org.apache.avro
+      artifactId: avro
+      version: 1.11.4
+    - groupId: com.google.protobuf
+      artifactId: protobuf-java
+      version: 3.25.5
diff --git a/tez/pombump-properties.yaml b/tez/pombump-properties.yaml
index a100e041d2b..0561aca88e6 100644
--- a/tez/pombump-properties.yaml
+++ b/tez/pombump-properties.yaml
@@ -1,3 +1,5 @@
 properties:
   - property: netty.version
     value: 4.1.118.Final
+  - property: asynchttpclient.version
+    value: 2.12.4