HADOOP-19680. Update non-thirdparty Guava version to 32.0.1

[stoty]

same as the current thirdparty Guava version

Description of PR

Guava has been already updated to 32.0.1 in hadoop-thirdparty.
However, Hadoop also dependency manages the non-thirdparty guava version (coming from dependencies), which is still at 27.0-jre , showing up on static scanners.

Sync the non-thirdparty Guava version to the thirdparty one.

How was this patch tested?

Test suite in CI (on this PR)

For code changes:

• Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
• Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
• If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 57s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+0 🆗	xmllint	0m 1s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
+1 💚	mvninstall	45m 8s		trunk passed
+1 💚	compile	0m 23s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	compile	0m 22s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	mvnsite	0m 26s		trunk passed
+1 💚	javadoc	0m 28s		trunk passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	0m 22s		trunk passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	87m 32s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 14s		the patch passed
+1 💚	compile	0m 13s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javac	0m 13s		the patch passed
+1 💚	compile	0m 13s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	javac	0m 13s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	0m 15s		the patch passed
+1 💚	javadoc	0m 14s		the patch passed with JDK Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04
+1 💚	javadoc	0m 14s		the patch passed with JDK Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
+1 💚	shadedclient	42m 13s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	0m 17s		hadoop-project in the patch passed.
+1 💚	asflicense	0m 38s		The patch does not generate ASF License warnings.
		134m 9s

Subsystem	Report/Notes
Docker	ClientAPI=1.51 ServerAPI=1.51 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7940/1/artifact/out/Dockerfile
GITHUB PR	#7940
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname	Linux fe8aa1f6455e 5.15.0-144-generic #157-Ubuntu SMP Mon Jun 16 07:33:10 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / 8794a7e
Default Java	Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.27+6-post-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_452-8u452-gaus1-0ubuntu120.04-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7940/1/testReport/
Max. process+thread count	527 (vs. ulimit of 5500)
modules	C: hadoop-project U: hadoop-project
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7940/1/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[pan3793]

cc @cnauroth

[cnauroth]

+1 Thank you @stoty . I'm good with this change. Ideally, I would like to see at least one more committer +1, just in case there are some downstream impacts I haven't thought of.

CC: @steveloughran , @ayushtkn , @mukund-thakur

[slfan1989]

+1 Thank you @stoty . I'm good with this change. Ideally, I would like to see at least one more committer +1, just in case there are some downstream impacts I haven't thought of.

CC: @steveloughran , @ayushtkn , @mukund-thakur

@cnauroth Thanks for the review! I think we still need to carefully consider this change and should wait for Steve's confirmation before making a decision.

cc: @steveloughran

[stoty]

For what it's worth:

I've fought a LOT with guava versions in the last six years, but I haven't seen any issue (apart from Google adding new annotation libraries which throw off some shading tests) when upgrading from 27 to a newer version.

[steveloughran]

I've been away. let's do it an update in release notes that you can change the version without breaking any hadoop code.

[stoty]

I've been away. let's do it an update in release notes that you can change the version without breaking any hadoop code.

Thanks @steveloughran .
I'm not sure I understand your comment. I have added a release note that explains the change to the JIRA.

[steveloughran]

thanks...your release note is good, added something in the commit too.

can you do a backport PR to branch-3.4; I think we should be looking at a "dependency update" release there with minimal actual code changes

[stoty]

Thanks @steveloughran .
Opened #7977 for branch-3.4.